Author: sectracker
Date: 2015-08-21 09:10:16 +0000 (Fri, 21 Aug 2015)
New Revision: 36243
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-21 09:08:16 UTC (rev 36242)
+++ data/CVE/list 2015-08-21 09:10:16 UTC (rev 36243)
@@ -1,3 +1,7 @@
+CVE-2015-6523 (Cross-site request forgery (CSRF) vulnerability in the
Portfolio ...)
+ TODO: check
+CVE-2015-6522 (SQL injection vulnerability in the WP Symposium plugin before
15.8 for ...)
+ TODO: check
CVE-2015-XXXX [Information Disclosure in Menu Links - Access system]
- drupal7 7.39-1
- drupal6 <removed>
@@ -588,8 +592,8 @@
RESERVED
CVE-2015-6256
RESERVED
-CVE-2015-6255
- RESERVED
+CVE-2015-6255 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web
and ...)
+ TODO: check
CVE-2015-6254 (The (1) Service Provider (SP) and (2) Identity Provider (IdP)
in ...)
NOT-FOR-US: PicketLink
CVE-2015-6253
@@ -3303,8 +3307,7 @@
CVE-2015-5164
RESERVED
NOT-FOR-US: Qpid server on Satellite6
-CVE-2015-5163 [Glance v2 API host file disclosure through qcow2 backing file]
- RESERVED
+CVE-2015-5163 (The import task action in OpenStack Image Service (Glance)
2015.1.x ...)
- glance 2015.1.0-4 (bug #795453)
[jessie] - glance <not-affected> (Affects Glance 2015.1 versions trough
2015.1.1)
[wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough
2015.1.1)
@@ -4773,20 +4776,20 @@
RESERVED
CVE-2015-4537
RESERVED
-CVE-2015-4536
- RESERVED
-CVE-2015-4535
- RESERVED
-CVE-2015-4534
- RESERVED
-CVE-2015-4533
- RESERVED
-CVE-2015-4532
- RESERVED
-CVE-2015-4531
- RESERVED
-CVE-2015-4530
- RESERVED
+CVE-2015-4536 (EMC Documentum Content Server before 7.0 P20, 7.1 before P18,
and 7.2 ...)
+ TODO: check
+CVE-2015-4535 (Java Method Server (JMS) in EMC Documentum Content Server
before ...)
+ TODO: check
+CVE-2015-4534 (Java Method Server (JMS) in EMC Documentum Content Server
before ...)
+ TODO: check
+CVE-2015-4533 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before
P25, ...)
+ TODO: check
+CVE-2015-4532 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before
P25, ...)
+ TODO: check
+CVE-2015-4531 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before
P25, ...)
+ TODO: check
+CVE-2015-4530 (Cross-site request forgery (CSRF) vulnerability in EMC
Documentum ...)
+ TODO: check
CVE-2015-4529 (Open redirect vulnerability in EMC Documentum WebTop before
6.8P02, ...)
NOT-FOR-US: EMC Documentum WebTop
CVE-2015-4528 (Cross-site scripting (XSS) vulnerability in EMC Documentum
CenterStage ...)
@@ -5289,50 +5292,50 @@
RESERVED
CVE-2015-4330
RESERVED
-CVE-2015-4329
- RESERVED
-CVE-2015-4328
- RESERVED
-CVE-2015-4327
- RESERVED
+CVE-2015-4329 (The administrator web interface in Cisco TelePresence Video ...)
+ TODO: check
+CVE-2015-4328 (Cisco TelePresence Video Communication Server (VCS) Expressway
X8.5.2 ...)
+ TODO: check
+CVE-2015-4327 (The CLI in Cisco TelePresence Video Communication Server (VCS)
...)
+ TODO: check
CVE-2015-4326
RESERVED
CVE-2015-4325
RESERVED
-CVE-2015-4324
- RESERVED
-CVE-2015-4323
- RESERVED
-CVE-2015-4322
- RESERVED
-CVE-2015-4321
- RESERVED
-CVE-2015-4320
- RESERVED
-CVE-2015-4319
- RESERVED
+CVE-2015-4324 (Buffer overflow in Cisco NX-OS on Nexus 1000V devices for
VMware ...)
+ TODO: check
+CVE-2015-4323 (Buffer overflow in Cisco NX-OS on Nexus 1000V devices for
VMware ...)
+ TODO: check
+CVE-2015-4322 (Cisco Content Security Management Appliance (SMA) 8.3.6-039,
9.1.0-31, ...)
+ TODO: check
+CVE-2015-4321 (The Unicast Reverse Path Forwarding (uRPF) implementation in
Cisco ...)
+ TODO: check
+CVE-2015-4320 (The Configuration Log File component in Cisco TelePresence
Video ...)
+ TODO: check
+CVE-2015-4319 (The password-change feature in the administrative web interface
in ...)
+ TODO: check
CVE-2015-4318
RESERVED
-CVE-2015-4317
- RESERVED
-CVE-2015-4316
- RESERVED
-CVE-2015-4315
- RESERVED
-CVE-2015-4314
- RESERVED
+CVE-2015-4317 (Cisco TelePresence Video Communication Server (VCS) Expressway
X8.5.2 ...)
+ TODO: check
+CVE-2015-4316 (The Mobile and Remote Access (MRA) endpoint-validation feature
in ...)
+ TODO: check
+CVE-2015-4315 (The Call Policy Configuration page in Cisco TelePresence Video
...)
+ TODO: check
+CVE-2015-4314 (The System Snapshot feature in Cisco TelePresence Video
Communication ...)
+ TODO: check
CVE-2015-4313
RESERVED
CVE-2015-4312
RESERVED
CVE-2015-4311
RESERVED
-CVE-2015-4310
- RESERVED
+CVE-2015-4310 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Finesse ...)
+ TODO: check
CVE-2015-4309
RESERVED
-CVE-2015-4308
- RESERVED
+CVE-2015-4308 (The webGUI configuration-export feature in Cisco Edge Bluebird
...)
+ TODO: check
CVE-2015-4307
RESERVED
CVE-2015-4306
@@ -5341,22 +5344,22 @@
RESERVED
CVE-2015-4304
RESERVED
-CVE-2015-4303
- RESERVED
-CVE-2015-4302
- RESERVED
-CVE-2015-4301
- RESERVED
+CVE-2015-4303 (Cisco TelePresence Video Communication Server (VCS) X8.5.2
allows ...)
+ TODO: check
+CVE-2015-4302 (The web interface in Cisco FireSIGHT Management Center 5.3.1.4
allows ...)
+ TODO: check
+CVE-2015-4301 (Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote
authenticated ...)
+ TODO: check
CVE-2015-4300
RESERVED
-CVE-2015-4299
- RESERVED
-CVE-2015-4298
- RESERVED
-CVE-2015-4297
- RESERVED
-CVE-2015-4296
- RESERVED
+CVE-2015-4299 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2)
improperly ...)
+ TODO: check
+CVE-2015-4298 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and
11.0(1) ...)
+ TODO: check
+CVE-2015-4297 (Open redirect vulnerability in Cisco WebEx Node for Media
Convergence ...)
+ TODO: check
+CVE-2015-4296 (Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with
software ...)
+ TODO: check
CVE-2015-4295 (The Prime Collaboration Deployment component in Cisco Unified
...)
NOT-FOR-US: Cisco
CVE-2015-4294 (Cross-site scripting (XSS) vulnerability in Cisco IM and
Presence ...)
@@ -5393,8 +5396,8 @@
NOT-FOR-US: Cisco
CVE-2015-4278 (Cisco Email Security Appliance (ESA) devices with software
8.5.6-106 ...)
NOT-FOR-US: Cisco
-CVE-2015-4277
- RESERVED
+CVE-2015-4277 (The global-configuration implementation on Cisco ASR 9000
devices with ...)
+ TODO: check
CVE-2015-4276 (Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated
users ...)
NOT-FOR-US: Cisco
CVE-2015-4275 (The Packet Data Network Gateway (aka PGW) component on Cisco
ASR 5000 ...)
@@ -9205,8 +9208,7 @@
- ppp 2.4.6-3.1 (bug #782450)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
NOTE: Patch:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
-CVE-2015-5621 [net-snmp snmp_pdu_parse() function incompletely initialization
vulnerability]
- RESERVED
+CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and
...)
- net-snmp <unfixed> (bug #788964)
[jessie] - net-snmp <no-dsa> (Minor issue)
[wheezy] - net-snmp <no-dsa> (Minor issue)
@@ -12778,8 +12780,7 @@
CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts
2.3.20 ...)
- libstruts1.2-java <not-affected> (Affects only 2.3.20)
NOTE: https://struts.apache.org/docs/s2-024.html
-CVE-2015-1830 [Path traversal leading to unauthenticated RCE in ActiveMQ]
- RESERVED
+CVE-2015-1830 (Directory traversal vulnerability in the fileserver
upload/download ...)
- activemq <not-affected> (Only affects activemq on Windows)
NOTE:
http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
CVE-2015-1829
@@ -17776,8 +17777,8 @@
NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before
3.06 ...)
NOT-FOR-US: EMC Secure Remote Services Virtual Edition
-CVE-2015-0542
- RESERVED
+CVE-2015-0542 (Multiple cross-site request forgery (CSRF) vulnerabilities in
EMC RSA ...)
+ TODO: check
CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web
Threat ...)
NOT-FOR-US: RSA Web Threat Detection
CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC
Document ...)
@@ -17786,16 +17787,16 @@
RESERVED
CVE-2015-0538 (ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508
HF4 ...)
NOT-FOR-US: EMC AutoStart
-CVE-2015-0537
- RESERVED
-CVE-2015-0536
- RESERVED
-CVE-2015-0535
- RESERVED
-CVE-2015-0534
- RESERVED
-CVE-2015-0533
- RESERVED
+CVE-2015-0537 (Integer underflow in the base64-decoding implementation in EMC
RSA ...)
+ TODO: check
+CVE-2015-0536 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and
4.1.x ...)
+ TODO: check
+CVE-2015-0535 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and
4.1.x ...)
+ TODO: check
+CVE-2015-0534 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and
4.1.x ...)
+ TODO: check
+CVE-2015-0533 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and
4.1.x ...)
+ TODO: check
CVE-2015-0532 (EMC RSA Identity Management and Governance (IMG) 6.9 before P04
and ...)
NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2015-0531 (EMC SourceOne Email Management before 7.2 does not have a
lockout ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
