Author: sectracker
Date: 2015-09-21 21:10:17 +0000 (Mon, 21 Sep 2015)
New Revision: 36778
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-21 19:24:41 UTC (rev 36777)
+++ data/CVE/list 2015-09-21 21:10:17 UTC (rev 36778)
@@ -1,3 +1,121 @@
+CVE-2015-7296 (Securifi Almond devices with firmware before
AL1-R201EXP10-L304-W34 ...)
+ TODO: check
+CVE-2015-7294
+ RESERVED
+CVE-2015-7293
+ RESERVED
+CVE-2015-7292
+ RESERVED
+CVE-2015-7291
+ RESERVED
+CVE-2015-7290
+ RESERVED
+CVE-2015-7289
+ RESERVED
+CVE-2015-7288
+ RESERVED
+CVE-2015-7287
+ RESERVED
+CVE-2015-7286
+ RESERVED
+CVE-2015-7285
+ RESERVED
+CVE-2015-7284
+ RESERVED
+CVE-2015-7283
+ RESERVED
+CVE-2015-7282
+ RESERVED
+CVE-2015-7281
+ RESERVED
+CVE-2015-7280
+ RESERVED
+CVE-2015-7279
+ RESERVED
+CVE-2015-7278
+ RESERVED
+CVE-2015-7277
+ RESERVED
+CVE-2015-7276
+ RESERVED
+CVE-2015-7275
+ RESERVED
+CVE-2015-7274
+ RESERVED
+CVE-2015-7273
+ RESERVED
+CVE-2015-7272
+ RESERVED
+CVE-2015-7271
+ RESERVED
+CVE-2015-7270
+ RESERVED
+CVE-2015-7269
+ RESERVED
+CVE-2015-7268
+ RESERVED
+CVE-2015-7267
+ RESERVED
+CVE-2015-7266
+ RESERVED
+CVE-2015-7265
+ RESERVED
+CVE-2015-7264
+ RESERVED
+CVE-2015-7263
+ RESERVED
+CVE-2015-7262
+ RESERVED
+CVE-2015-7261
+ RESERVED
+CVE-2015-7260
+ RESERVED
+CVE-2015-7259
+ RESERVED
+CVE-2015-7258
+ RESERVED
+CVE-2015-7257
+ RESERVED
+CVE-2015-7256
+ RESERVED
+CVE-2015-7255
+ RESERVED
+CVE-2015-7254
+ RESERVED
+CVE-2015-7253
+ RESERVED
+CVE-2015-7252
+ RESERVED
+CVE-2015-7251
+ RESERVED
+CVE-2015-7250
+ RESERVED
+CVE-2015-7249
+ RESERVED
+CVE-2015-7248
+ RESERVED
+CVE-2015-7247
+ RESERVED
+CVE-2015-7246
+ RESERVED
+CVE-2015-7245
+ RESERVED
+CVE-2015-7244
+ RESERVED
+CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote
attackers ...)
+ TODO: check
+CVE-2015-7242
+ RESERVED
+CVE-2015-7241
+ RESERVED
+CVE-2015-7240
+ RESERVED
+CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM
function ...)
+ TODO: check
+CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE)
before ...)
+ TODO: check
+CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing ...)
+ TODO: check
CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php
in the ...)
NOT-FOR-US: CP Reservation Calendar plugin for WordPress
CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF
...)
@@ -21,6 +139,7 @@
CVE-2015-7224
RESERVED
CVE-2015-7295 [net: virtio-net possible remote DoS]
+ RESERVED
- qemu <unfixed> (bug #799452)
[jessie] - qemu <no-dsa> (Minor issue; can be fixed along in a later
DSA)
[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along in a later
DSA)
@@ -618,8 +737,8 @@
- bouncycastle <unfixed>
[experimental] - bouncycastle 1.51-1
NOTE:
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
-CVE-2015-6939
- RESERVED
+CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in
...)
+ TODO: check
CVE-2015-6936
RESERVED
CVE-2015-6935
@@ -628,8 +747,8 @@
RESERVED
CVE-2015-6933
RESERVED
-CVE-2015-6932
- RESERVED
+CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not
verify ...)
+ TODO: check
CVE-2015-6931
RESERVED
CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType
before 2.5.3 ...)
@@ -818,7 +937,7 @@
RESERVED
CVE-2015-6937 [NULL pointer dereference in net/rds/connection.c]
RESERVED
- {DLA-310-1}
+ {DSA-3364-1 DLA-310-1}
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Fixed by:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f
(v4.3-rc1)
@@ -1351,7 +1470,7 @@
[wheezy] - polarssl <not-affected> (Affects only 1.3.x series)
[squeeze] - polarssl <not-affected> (Affects only 1.3.x series)
CVE-2015-6666 [DoS]
- RESERVED
+ REJECTED
- linux <unfixed>
[jessie] - linux <not-affected> (Vulnerable code introduced later)
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
@@ -1578,10 +1697,10 @@
RESERVED
CVE-2015-6549
RESERVED
-CVE-2015-6548
- RESERVED
-CVE-2015-6547
- RESERVED
+CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the
...)
+ TODO: check
+CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances
with ...)
+ TODO: check
CVE-2015-6546
RESERVED
CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in
Cerb ...)
@@ -1835,16 +1954,16 @@
RESERVED
CVE-2015-6461
RESERVED
-CVE-2015-6460
- RESERVED
-CVE-2015-6459
- RESERVED
+CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS
Gateway ...)
+ TODO: check
+CVE-2015-6459 (Absolute path traversal vulnerability in the download feature
in ...)
+ TODO: check
CVE-2015-6458
RESERVED
CVE-2015-6457
RESERVED
-CVE-2015-6456
- RESERVED
+CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise
before ...)
+ TODO: check
CVE-2015-6455
RESERVED
CVE-2015-6454
@@ -2153,22 +2272,22 @@
RESERVED
CVE-2015-6302
RESERVED
-CVE-2015-6301
- RESERVED
-CVE-2015-6300
- RESERVED
-CVE-2015-6299
- RESERVED
+CVE-2015-6301 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with
software 5.2.0 ...)
+ TODO: check
+CVE-2015-6300 (Cisco Secure Access Control Server (ACS) Solution Engine
5.7(0.15) ...)
+ TODO: check
+CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity
...)
+ TODO: check
CVE-2015-6298
RESERVED
-CVE-2015-6297
- RESERVED
-CVE-2015-6296
- RESERVED
-CVE-2015-6295
- RESERVED
-CVE-2015-6294
- RESERVED
+CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with
software 5.2.0 ...)
+ TODO: check
+CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and
8.3(2) has ...)
+ TODO: check
+CVE-2015-6295 (Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K)
devices ...)
+ TODO: check
+CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier
allow ...)
+ TODO: check
CVE-2015-6293
RESERVED
CVE-2015-6292
@@ -2187,8 +2306,7 @@
NOT-FOR-US: Cisco
CVE-2015-6285 (Format string vulnerability in Cisco Email Security Appliance
(ESA) ...)
NOT-FOR-US: Cisco Email Security Appliance
-CVE-2015-6284
- RESERVED
+CVE-2015-6284 (Buffer overflow in the Conference Control Protocol API
implementation ...)
NOT-FOR-US: Cisco TelePresence Server
CVE-2015-6283
RESERVED
@@ -2263,6 +2381,7 @@
TODO: check which ppc64 kernel support perf
CVE-2015-6252 [linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD]
RESERVED
+ {DSA-3364-1}
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2015/8/10/375
@@ -2759,12 +2878,12 @@
RESERVED
CVE-2015-5994
RESERVED
-CVE-2015-5993
- RESERVED
-CVE-2015-5992
- RESERVED
-CVE-2015-5991
- RESERVED
+CVE-2015-5993 (Buffer overflow in form2ping.cgi on Philippine Long Distance
Telephone ...)
+ TODO: check
+CVE-2015-5992 (Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi
on ...)
+ TODO: check
+CVE-2015-5991 (Cross-site request forgery (CSRF) vulnerability in
form2WlanSetup.cgi ...)
+ TODO: check
CVE-2015-5990
RESERVED
CVE-2015-5989
@@ -3668,16 +3787,16 @@
TODO: check
CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to
cause a ...)
NOT-FOR-US: Dell Netvault Backup
-CVE-2015-5693
- RESERVED
-CVE-2015-5692
- RESERVED
-CVE-2015-5691
- RESERVED
-CVE-2015-5690
- RESERVED
-CVE-2015-5689
- RESERVED
+CVE-2015-5693 (The management console on Symantec Web Gateway (SWG) appliances
with ...)
+ TODO: check
+CVE-2015-5692 (admin_messages.php in the management console on Symantec Web
Gateway ...)
+ TODO: check
+CVE-2015-5691 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
scripts in ...)
+ TODO: check
+CVE-2015-5690 (The management console on Symantec Web Gateway (SWG) appliances
with ...)
+ TODO: check
+CVE-2015-5689 (ghostexp.exe in Ghost Explorer Utility in Symantec Ghost
Solutions ...)
+ TODO: check
CVE-2009-5148
RESERVED
CVE-2015-5695 [Quotas were being bypassed]
@@ -3800,20 +3919,20 @@
RESERVED
CVE-2015-5639
RESERVED
-CVE-2015-5638
- RESERVED
-CVE-2015-5637
- RESERVED
-CVE-2015-5636
- RESERVED
-CVE-2015-5635
- RESERVED
-CVE-2015-5634
- RESERVED
-CVE-2015-5633
- RESERVED
-CVE-2015-5632
- RESERVED
+CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x
before ...)
+ TODO: check
+CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows
...)
+ TODO: check
+CVE-2015-5636 (The Newphoria Reversi application before 1.0.3 for Android and
before ...)
+ TODO: check
+CVE-2015-5635 (The Newphoria Koritore application before 1.1 for Android and
before ...)
+ TODO: check
+CVE-2015-5634 (The Newphoria MEGAPHONE MUSIC application before 1.1 for
Android and ...)
+ TODO: check
+CVE-2015-5633 (The Newphoria Auction Camera application for iOS and before 1.2
for ...)
+ TODO: check
+CVE-2015-5632 (The runtime engine in the Newphoria applican framework before
1.12.3 ...)
+ TODO: check
CVE-2015-5631 (Cross-site request forgery (CSRF) vulnerability in the Remote
UI on ...)
TODO: check
CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband
Platform ...)
@@ -4764,8 +4883,7 @@
TODO: check gcc versions affected
CVE-2015-5275
RESERVED
-CVE-2015-5274
- RESERVED
+CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2
allows ...)
NOT-FOR-US: OpenShift
CVE-2015-5273
RESERVED
@@ -5211,7 +5329,7 @@
NOTE: Same fix as for CVE-2015-3290.
CVE-2015-5156 [virt-io max-skb-frags heap overflow]
RESERVED
- {DLA-310-1}
+ {DSA-3364-1 DLA-310-1}
- linux 4.1.5-1
- linux-2.6 <removed>
NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
@@ -6468,8 +6586,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4639
RESERVED
-CVE-2015-4638
- RESERVED
+CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM,
Analytics, APM, ...)
+ TODO: check
CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and
4.5.0 ...)
NOT-FOR-US: BIG-IQ
CVE-2015-4636
@@ -7243,17 +7361,13 @@
RESERVED
CVE-2015-4308 (The webGUI configuration-export feature in Cisco Edge Bluebird
...)
NOT-FOR-US: Cisco
-CVE-2015-4307
- RESERVED
+CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning
before ...)
NOT-FOR-US: Cisco Prime Collaboration Provisioning
-CVE-2015-4306
- RESERVED
+CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before
...)
NOT-FOR-US: Cisco Prime Collaboration Assurance
-CVE-2015-4305
- RESERVED
+CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before
...)
NOT-FOR-US: Cisco Prime Collaboration Assurance
-CVE-2015-4304
- RESERVED
+CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before
...)
NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4303 (Cisco TelePresence Video Communication Server (VCS) X8.5.2
allows ...)
NOT-FOR-US: Cisco
@@ -8308,8 +8422,8 @@
TODO: check
CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before
6.7.1.1, ...)
NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
-CVE-2015-3962
- RESERVED
+CVE-2015-3962 (Schneider Electric StruxureWare Building Expert MPM before 2.15
does ...)
+ TODO: check
CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden
GarrettCom ...)
NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K
and ...)
@@ -11366,14 +11480,14 @@
RESERVED
CVE-2015-2918
RESERVED
-CVE-2015-2917
- RESERVED
-CVE-2015-2916
- RESERVED
-CVE-2015-2915
- RESERVED
-CVE-2015-2914
- RESERVED
+CVE-2015-2917 (Securifi Almond devices with firmware before
AL1-R201EXP10-L304-W34 ...)
+ TODO: check
+CVE-2015-2916 (Cross-site request forgery (CSRF) vulnerability on Securifi
Almond ...)
+ TODO: check
+CVE-2015-2915 (Securifi Almond devices with firmware before
AL1-R201EXP10-L304-W34 ...)
+ TODO: check
+CVE-2015-2914 (Securifi Almond devices with firmware before
AL1-R201EXP10-L304-W34 ...)
+ TODO: check
CVE-2015-2913
RESERVED
CVE-2015-2912
@@ -11477,8 +11591,8 @@
NOT-FOR-US: Grandstream camera
CVE-2015-2865
REJECTED
-CVE-2015-2864
- RESERVED
+CVE-2015-2864 (Retrospect and Retrospect Client before 10.0.2.119 on Windows,
before ...)
+ TODO: check
CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System
Administrator ...)
NOT-FOR-US: Kaseya VSA
CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System ...)
@@ -12482,7 +12596,7 @@
CVE-2015-2595 (Unspecified vulnerability in the Oracle OLAP component in
Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2015-2594 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
- {DSA-3359-1}
+ {DSA-3359-1 DLA-313-1}
- virtualbox 4.3.30-dfsg-1 (bug #792446)
- virtualbox-ose <removed>
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
@@ -20772,12 +20886,12 @@
RESERVED
CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration
console ...)
NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
-CVE-2014-9229
- RESERVED
-CVE-2014-9228
- RESERVED
-CVE-2014-9227
- RESERVED
+CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts
in the ...)
+ TODO: check
+CVE-2014-9228 (sysplant.sys in the Manager component in Symantec Endpoint
Protection ...)
+ TODO: check
+CVE-2014-9227 (Multiple untrusted search path vulnerabilities in the Manager
...)
+ TODO: check
CVE-2014-9226 (The management server in Symantec Critical System Protection
(SCSP) ...)
NOT-FOR-US: Symantec Data Center Security
CVE-2014-9225 (The ajaxswing webui in the management server in Symantec
Critical ...)
@@ -21758,7 +21872,7 @@
NOTE:
http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
CVE-2015-0272 [linux: remote DoS using IPv6 RA with bogus MTU]
RESERVED
- {DLA-310-1}
+ {DSA-3364-1 DLA-310-1}
- linux 4.0.2-1
- linux-2.6 <removed>
NOTE: Patch for the kernel to harden against invalid MTUs:
http://article.gmane.org/gmane.linux.network/351269
@@ -39112,11 +39226,13 @@
- openjdk-7 7u65-2.5.1-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec
CVE-2014-2489 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
+ {DLA-313-1}
- virtualbox 4.3.12-dfsg-1 (bug #754939)
[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS
score indicates low impact)
- virtualbox-ose <removed>
[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but
CVSS score indicates low impact)
CVE-2014-2488 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
+ {DLA-313-1}
- virtualbox 4.3.12-dfsg-1 (bug #754939)
[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS
score indicates low impact)
- virtualbox-ose <removed>
@@ -39125,6 +39241,7 @@
- virtualbox <not-affected> (Only applies if VBox is running on Windows)
- virtualbox-ose <not-affected> (Only applies if VBox is running on
Windows)
CVE-2014-2486 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
+ {DLA-313-1}
- virtualbox 4.3.12-dfsg-1 (bug #754939)
[wheezy] - virtualbox <no-dsa> (Specific details withheld, but CVSS
score indicates low impact)
- virtualbox-ose <removed>
@@ -55027,6 +55144,7 @@
- mariadb-5.5 <not-affected> (Fixed before initial upload)
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3792 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
+ {DLA-313-1}
- virtualbox-ose <removed>
[squeeze] - virtualbox-ose <no-dsa> (Minor issue)
- virtualbox 4.2.16-dfsg-1 (bug #715327)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
