Author: sectracker
Date: 2015-08-19 21:10:12 +0000 (Wed, 19 Aug 2015)
New Revision: 36201
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-19 21:04:21 UTC (rev 36200)
+++ data/CVE/list 2015-08-19 21:10:12 UTC (rev 36201)
@@ -1,3 +1,31 @@
+CVE-2015-6521
+ RESERVED
+CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote
attackers ...)
+ TODO: check
+CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in
phpLiteAdmin ...)
+ TODO: check
+CVE-2015-6517 (Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin
1.1 ...)
+ TODO: check
+CVE-2015-6516 (SQL injection vulnerability in cygnux.org sysPass 1.0.9 and
earlier ...)
+ TODO: check
+CVE-2015-6515 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk ...)
+ TODO: check
+CVE-2015-6514 (Cross-site scripting (XSS) vulnerability in the Dashboard in
Splunk ...)
+ TODO: check
+CVE-2015-6513 (Multiple SQL injection vulnerabilities in the J2Store
(com_j2store) ...)
+ TODO: check
+CVE-2015-6512 (SQL injection vulnerability in the get_messages function in ...)
+ TODO: check
+CVE-2015-6511 (Cross-site scripting (XSS) vulnerability in pfSense before
2.2.3 ...)
+ TODO: check
+CVE-2015-6510 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense
before ...)
+ TODO: check
+CVE-2015-6509 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense
before ...)
+ TODO: check
+CVE-2015-6508 (Cross-site scripting (XSS) vulnerability in pfSense before
2.2.3 ...)
+ TODO: check
+CVE-2015-6507
+ RESERVED
CVE-2015-XXXX [Files extracted from archive may be placed outside of
destination directory]
- php5 5.6.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=70019
@@ -1114,6 +1142,7 @@
RESERVED
CVE-2015-6496 [denial of service with unusual traffic]
RESERVED
+ {DLA-295-1}
- conntrack 1:1.4.2-3 (bug #796103)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/14/4
NOTE: http://bugzilla.netfilter.org/show_bug.cgi?id=910
@@ -1210,6 +1239,7 @@
CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate
attackers to ...)
NOT-FOR-US: Mozilla Firefox OS
CVE-2015-6520 [allows access to a connected USB printer via all configured
network addresses]
+ RESERVED
- ippusbxd 1.22-1 (bug #795162)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/1
NOTE:
https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
@@ -1925,8 +1955,8 @@
RESERVED
CVE-2015-5682
RESERVED
-CVE-2015-5681
- RESERVED
+CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the
Powerplay ...)
+ TODO: check
CVE-2015-5680
RESERVED
CVE-2015-5679
@@ -2113,8 +2143,8 @@
NOTE: to yes. Default for KbdInteractiveAuthentication is to use
whatever
NOTE: value ChallengeResponseAuthentication is set to, which is 'no' in
NOTE: default configurations in Debian.
-CVE-2015-5599
- RESERVED
+CVE-2015-5599 (Multiple SQL injection vulnerabilities in upload.php in the
Powerplay ...)
+ TODO: check
CVE-2015-5598
RESERVED
CVE-2015-5597
@@ -2364,105 +2394,76 @@
- ansible 1.9.2+dfsg-1 (low)
[jessie] - ansible <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
-CVE-2015-5515
- RESERVED
+CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x
before ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5514
- RESERVED
+CVE-2015-5514 (Cross-site scripting (XSS) vulnerability in the Migrate module
7.x-2.x ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5513
- RESERVED
+CVE-2015-5513 (Cross-site scripting (XSS) vulnerability in the Shibboleth ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5512
- RESERVED
+CVE-2015-5512 (The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x
before ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5511
- RESERVED
+CVE-2015-5511 (The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for
Drupal ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5510
- RESERVED
+CVE-2015-5510 (Open redirect vulnerability in the Content Construction Kit
(CCK) ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5509
- RESERVED
+CVE-2015-5509 (The Administration Views module 7.x-1.x before 7.x-1.4 for
Drupal, ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5508
- RESERVED
+CVE-2015-5508 (Cross-site request forgery (CSRF) vulnerability in the XC NCIP
...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5507
- RESERVED
+CVE-2015-5507 (Cross-site scripting (XSS) vulnerability in the Inline Entity
Form ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5506
- RESERVED
+CVE-2015-5506 (The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for
Drupal ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5505
- RESERVED
+CVE-2015-5505 (The HTTP Strict Transport Security (HSTS) module 6.x-1.x before
...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5504
- RESERVED
+CVE-2015-5504 (SQL injection vulnerability in the Novalnet Payment Module
Ubercart ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5503
- RESERVED
+CVE-2015-5503 (Open redirect vulnerability in the Chamilo integration module
7.x-1.x ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5502
- RESERVED
+CVE-2015-5502 (The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does
not ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5501
- RESERVED
+CVE-2015-5501 (The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and
7.x-3.x ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5500
- RESERVED
+CVE-2015-5500 (Cross-site scripting (XSS) vulnerability in the Navigate module
for ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5499
- RESERVED
+CVE-2015-5499 (The Navigate module for Drupal does not properly check
permissions, ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5498
- RESERVED
+CVE-2015-5498 (The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does
not ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5497
- RESERVED
+CVE-2015-5497 (Cross-site scripting (XSS) vulnerability in the Web Links
module ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5496
- RESERVED
+CVE-2015-5496 (The pass2pdf module for Drupal does not restrict access to
generated ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5495
- RESERVED
+CVE-2015-5495 (Cross-site scripting (XSS) vulnerability in the Mobile sliding
menu ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5494
- RESERVED
+CVE-2015-5494 (Cross-site scripting (XSS) vulnerability in the Webform Matrix
...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5493
- RESERVED
+CVE-2015-5493 (The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal
does not ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5492
- RESERVED
+CVE-2015-5492 (Cross-site scripting (XSS) vulnerability in the Video
Consultation ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5491
- RESERVED
+CVE-2015-5491 (The Dynamic display block module 7.x-1.x before 7.x-1.1 for
Drupal ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5490
- RESERVED
+CVE-2015-5490 (The _views_fetch_data method in includes/cache.inc in the Views
module ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5489
- RESERVED
+CVE-2015-5489 (Cross-site scripting (XSS) vulnerability in the Smart Trim
module ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5488
- RESERVED
+CVE-2015-5488 (Cross-site scripting (XSS) vulnerability in the MailChimp
Signup ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2015-5487
- RESERVED
+CVE-2015-5487 (Cross-site scripting (XSS) vulnerability in the Camtasia Relay
module ...)
NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5486
RESERVED
-CVE-2015-5485
- RESERVED
+CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import
page ...)
+ TODO: check
CVE-2015-5484
RESERVED
CVE-2015-5483
RESERVED
-CVE-2015-5482
- RESERVED
-CVE-2015-5481
- RESERVED
+CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments
plugin ...)
+ TODO: check
+CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in
the GD ...)
+ TODO: check
CVE-2015-5480
RESERVED
CVE-2015-5479
@@ -4145,7 +4146,7 @@
- mysql-5.5 <not-affected> (Only 5.6 series)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45 ...)
- {DSA-3323-1 DSA-3316-1 DLA-283-1}
+ {DSA-3339-1 DSA-3323-1 DSA-3316-1 DLA-283-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4187,7 +4188,7 @@
CVE-2015-4750 (Unspecified vulnerability in the Oracle VM Server for SPARC
component ...)
NOT-FOR-US: Oracle VM Server
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4195,7 +4196,7 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of Java."
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4237,7 +4238,7 @@
CVE-2015-4734
RESERVED
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4245,7 +4246,7 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4253,7 +4254,7 @@
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client deployment of Java only. This vulnerability
can be exploited only through sandboxed Java Web Start applications and
sandboxed Java applets."
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; Java ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -4432,8 +4433,8 @@
RESERVED
CVE-2015-4671
RESERVED
-CVE-2015-4670
- RESERVED
+CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control
in ...)
+ TODO: check
CVE-2015-4669
RESERVED
CVE-2015-4668
@@ -5051,10 +5052,10 @@
NOT-FOR-US: Adobe Flash Player
CVE-2015-4427 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Ektron CMS
-CVE-2015-4426
- RESERVED
-CVE-2015-4425
- RESERVED
+CVE-2015-4426 (SQL injection vulnerability in pimcore before build 3473 allows
remote ...)
+ TODO: check
+CVE-2015-4425 (Directory traversal vulnerability in pimcore before build 3473
allows ...)
+ TODO: check
CVE-2015-4424
RESERVED
CVE-2015-4423
@@ -6095,8 +6096,8 @@
NOT-FOR-US: Visual Mining NetChart
CVE-2015-4030
RESERVED
-CVE-2015-4029
- RESERVED
+CVE-2015-4029 (Cross-site scripting (XSS) vulnerability in the WebGUI in
pfSense ...)
+ TODO: check
CVE-2015-4028
RESERVED
CVE-2015-4027
@@ -6213,7 +6214,7 @@
NOTE: https://lkml.org/lkml/2015/5/13/744
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite
is ...)
- {DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-247-1}
+ {DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-247-1}
- openssl 1.0.2b-1
- nss 2:3.19.1-1
[experimental] - openjdk-6 6b36-1.13.8-1
@@ -7268,7 +7269,7 @@
- nvidia-graphics-drivers <unfixed> (unimportant)
[squeeze] - nvidia-graphics-drivers <not-affected> (kfreebsd not
supported in Squeeze LTS)
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- NOTE: freebsd-specific, kfreebsd not covered by security support after
jessie
+ NOTE: freebsd-specific, kfreebsd not covered by security support after
jessie
CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Ektron Content Management System
CVE-2015-3623
@@ -9708,7 +9709,7 @@
CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation
Manager ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL
protocol, does ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
NOTE: This CVE is specific to the design of the RC4 protocol and not to
its
NOTE: implementations.
[experimental] - openjdk-6 6b36-1.13.8-1
@@ -10384,7 +10385,7 @@
CVE-2015-2633
RESERVED
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45 ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10398,7 +10399,7 @@
CVE-2015-2629 (Unspecified vulnerability in the Java VM component in Oracle
Database ...)
NOT-FOR-US: Oracle Database Server
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10412,7 +10413,7 @@
CVE-2015-2626 (Unspecified vulnerability in the Data Store component in Oracle
...)
TODO: check
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10426,7 +10427,7 @@
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
NOT-FOR-US: PeopleSoft
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10456,7 +10457,7 @@
CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows
local ...)
NOT-FOR-US: Solaris (NVM Express Driver)
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and
Java SE ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
@@ -10487,7 +10488,7 @@
CVE-2015-2602 (Unspecified vulnerability in the Oracle Endeca Information
Discovery ...)
NOT-FOR-US: Oracle Fusion
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10520,7 +10521,7 @@
CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enteprise Portal -
...)
NOT-FOR-US: PeopleSoft
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
- {DSA-3316-1}
+ {DSA-3339-1 DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
@@ -10720,8 +10721,8 @@
RESERVED
CVE-2015-2503
RESERVED
-CVE-2015-2502
- RESERVED
+CVE-2015-2502 (Microsoft Internet Explorer 7 through 11 allows remote
attackers to ...)
+ TODO: check
CVE-2015-2501
RESERVED
CVE-2015-2500
@@ -88486,7 +88487,7 @@
- kfreebsd-10 <unfixed> (unimportant)
[jessie] - kfreebsd-10 <no-dsa> (Minor issue)
NOTE:
http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
- NOTE: Starting with stretch kfreebsd is no longer supported
+ NOTE: Starting with stretch kfreebsd is no longer supported
CVE-2011-2392
RESERVED
CVE-2011-2391 (The IPv6 implementation in the kernel in Apple iOS before 7
allows ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
