[Secure-testing-commits] r33407 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Apr 6 21:10:15 UTC 2015
Author: sectracker
Date: 2015-04-06 21:10:15 +0000 (Mon, 06 Apr 2015)
New Revision: 33407
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-06 21:01:22 UTC (rev 33406)
+++ data/CVE/list 2015-04-06 21:10:15 UTC (rev 33407)
@@ -1,8 +1,178 @@
+CVE-2015-2921
+ RESERVED
+CVE-2015-2920
+ RESERVED
+CVE-2015-2919
+ RESERVED
+CVE-2015-2918
+ RESERVED
+CVE-2015-2917
+ RESERVED
+CVE-2015-2916
+ RESERVED
+CVE-2015-2915
+ RESERVED
+CVE-2015-2914
+ RESERVED
+CVE-2015-2913
+ RESERVED
+CVE-2015-2912
+ RESERVED
+CVE-2015-2911
+ RESERVED
+CVE-2015-2910
+ RESERVED
+CVE-2015-2909
+ RESERVED
+CVE-2015-2908
+ RESERVED
+CVE-2015-2907
+ RESERVED
+CVE-2015-2906
+ RESERVED
+CVE-2015-2905
+ RESERVED
+CVE-2015-2904
+ RESERVED
+CVE-2015-2903
+ RESERVED
+CVE-2015-2902
+ RESERVED
+CVE-2015-2901
+ RESERVED
+CVE-2015-2900
+ RESERVED
+CVE-2015-2899
+ RESERVED
+CVE-2015-2898
+ RESERVED
+CVE-2015-2897
+ RESERVED
+CVE-2015-2896
+ RESERVED
+CVE-2015-2895
+ RESERVED
+CVE-2015-2894
+ RESERVED
+CVE-2015-2893
+ RESERVED
+CVE-2015-2892
+ RESERVED
+CVE-2015-2891
+ RESERVED
+CVE-2015-2890
+ RESERVED
+CVE-2015-2889
+ RESERVED
+CVE-2015-2888
+ RESERVED
+CVE-2015-2887
+ RESERVED
+CVE-2015-2886
+ RESERVED
+CVE-2015-2885
+ RESERVED
+CVE-2015-2884
+ RESERVED
+CVE-2015-2883
+ RESERVED
+CVE-2015-2882
+ RESERVED
+CVE-2015-2881
+ RESERVED
+CVE-2015-2880
+ RESERVED
+CVE-2015-2879
+ RESERVED
+CVE-2015-2878
+ RESERVED
+CVE-2015-2877
+ RESERVED
+CVE-2015-2876
+ RESERVED
+CVE-2015-2875
+ RESERVED
+CVE-2015-2874
+ RESERVED
+CVE-2015-2873
+ RESERVED
+CVE-2015-2872
+ RESERVED
+CVE-2015-2871
+ RESERVED
+CVE-2015-2870
+ RESERVED
+CVE-2015-2869
+ RESERVED
+CVE-2015-2868
+ RESERVED
+CVE-2015-2867
+ RESERVED
+CVE-2015-2866
+ RESERVED
+CVE-2015-2865
+ RESERVED
+CVE-2015-2864
+ RESERVED
+CVE-2015-2863
+ RESERVED
+CVE-2015-2862
+ RESERVED
+CVE-2015-2861
+ RESERVED
+CVE-2015-2860
+ RESERVED
+CVE-2015-2859
+ RESERVED
+CVE-2015-2858
+ RESERVED
+CVE-2015-2857
+ RESERVED
+CVE-2015-2856
+ RESERVED
+CVE-2015-2855
+ RESERVED
+CVE-2015-2854
+ RESERVED
+CVE-2015-2853
+ RESERVED
+CVE-2015-2852
+ RESERVED
+CVE-2015-2851
+ RESERVED
+CVE-2015-2850
+ RESERVED
+CVE-2015-2849
+ RESERVED
+CVE-2015-2848
+ RESERVED
+CVE-2015-2847
+ RESERVED
+CVE-2015-2846
+ RESERVED
+CVE-2015-2845
+ RESERVED
+CVE-2015-2844
+ RESERVED
+CVE-2015-2843
+ RESERVED
+CVE-2015-2842
+ RESERVED
+CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote ...)
+ TODO: check
+CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in help/rt/large_search.html ...)
+ TODO: check
+CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an ...)
+ TODO: check
+CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...)
+ TODO: check
CVE-2015-2929 [Dos against tor client; client to crash with an assertion failure]
+ {DSA-3216-1 DLA-187-1}
- tor 0.2.5.12-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15601
NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2928 [DoS against hidden services]
+ {DSA-3216-1 DLA-187-1}
- tor 0.2.5.12-1
NOTE: https://trac.torproject.org/projects/tor/ticket/15600
NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
@@ -39,14 +209,17 @@
NOTE: https://github.com/npm/npm/releases/tag/v2.7.5
NOTE: libv8 is not covered by security support
CVE-2015-2925 [It is possible to escape from bind mounts]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29173
NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29177
TODO: check
CVE-2015-2924 [IPv6 Hop limit lowering via RA messages]
+ RESERVED
- network-manager <unfixed>
CVE-2015-2923 [IPv6 Hop limit lowering via RA messages]
+ RESERVED
- kfreebsd-10 <unfixed>
- kfreebsd-9 <removed>
- kfreebsd-8 <removed>
@@ -54,6 +227,7 @@
[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
NOTE: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html
CVE-2015-2922 [IPv6 Hop limit lowering via RA messages]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
@@ -174,6 +348,7 @@
RESERVED
CVE-2015-2775 [Path traversal vulnerability]
RESERVED
+ {DSA-3214-1 DLA-186-1}
- mailman 1:2.1.18-2 (bug #781626)
NOTE: https://bugs.launchpad.net/mailman/+bug/1437145
NOTE: https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
@@ -243,6 +418,7 @@
NOTE: https://bugs.php.net/68976
CVE-2015-2782 [buffer overflow]
RESERVED
+ {DSA-3213-1}
- arj 3.10.22-13 (bug #774015)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...)
@@ -1409,6 +1585,7 @@
- icu 52.1-8 (bug #780503)
[wheezy] - icu <not-affected> (Incomplete patch was never applied)
CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...)
+ {DSA-3215-1}
- libgd2 2.1.0-5
- php5 5.6.5+dfsg-1 (unimportant)
NOTE: https://bugs.php.net/bug.php?id=68601
@@ -1935,8 +2112,7 @@
RESERVED
CVE-2015-2112
RESERVED
-CVE-2015-2111
- RESERVED
+CVE-2015-2111 (Unspecified vulnerability in HP Intelligent Provisioning 1.40 through ...)
NOT-FOR-US: HP Intelligent Provisioning
CVE-2015-2110
RESERVED
@@ -2463,14 +2639,14 @@
RESERVED
CVE-2015-1894
RESERVED
-CVE-2015-1893
- RESERVED
+CVE-2015-1893 (The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows ...)
+ TODO: check
CVE-2015-1892 (The Multicast DNS (mDNS) responder in IBM Security Access Manager for ...)
TODO: check
CVE-2015-1891
RESERVED
-CVE-2015-1890
- RESERVED
+CVE-2015-1890 (/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) ...)
+ TODO: check
CVE-2015-1889
RESERVED
CVE-2015-1888
@@ -3123,10 +3299,10 @@
NOT-FOR-US: Topline Opportunity Form
CVE-2015-1605 (Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset ...)
NOT-FOR-US: Dell ScriptLogic Asset Manager
-CVE-2015-1602
- RESERVED
-CVE-2015-1601
- RESERVED
+CVE-2015-1602 (Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 ...)
+ TODO: check
+CVE-2015-1601 (Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 ...)
+ TODO: check
CVE-2015-1599 (The Siemens SPCanywhere application for iOS allows physically ...)
NOT-FOR-US: Siemens SPCanywhere application for iOS
CVE-2015-1598 (The Siemens SPCanywhere application for Android does not properly ...)
@@ -3915,8 +4091,7 @@
CVE-2014-XXXX [Multiple imagemagick bugs]
- imagemagick 8:6.8.9.9-4 (bug #773834)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2014/12/24/1
-CVE-2015-1465 [net: DoS due to routing packets to too many different dsts/too fast]
- RESERVED
+CVE-2015-1465 (The IPv4 implementation in the Linux kernel before 3.18.8 does not ...)
- linux 3.16.7-ckt7-1
[wheezy] - linux <not-affected> (Introduced in 3.16)
- linux-2.6 <not-affected> (Introduced in 3.16)
@@ -5400,11 +5575,9 @@
RESERVED
CVE-2015-0952
RESERVED
-CVE-2015-0951
- RESERVED
+CVE-2015-0951 (X-Cart before 5.1.11 allows remote authenticated users to read or ...)
NOT-FOR-US: X-Cart
-CVE-2015-0950
- RESERVED
+CVE-2015-0950 (Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 ...)
NOT-FOR-US: X-Cart
CVE-2015-0949
RESERVED
@@ -5440,8 +5613,7 @@
NOT-FOR-US: ShareLaTeX
CVE-2015-0933 (Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, ...)
NOT-FOR-US: ShareLaTeX
-CVE-2015-0932
- RESERVED
+CVE-2015-0932 (The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, ...)
NOT-FOR-US: ANTlabs InnGate
CVE-2015-0931 (Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and ...)
NOT-FOR-US: Ektron CMS
@@ -5835,8 +6007,8 @@
NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d ...)
NOT-FOR-US: CREAR AL-Mail32
-CVE-2015-0877
- RESERVED
+CVE-2015-0877 (Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD ...)
+ TODO: check
CVE-2015-0876
RESERVED
CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for ...)
@@ -6132,8 +6304,7 @@
[wheezy] - osc <no-dsa> (Minor issue)
[squeeze] - osc <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=901643
-CVE-2015-0777
- RESERVED
+CVE-2015-0777 (drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen ...)
- linux <not-affected> (Addon Xen usbback patch not present)
- linux-2.6 <not-affected> (Addon Xen usbback patch not present)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=917830
@@ -6313,8 +6484,8 @@
RESERVED
CVE-2015-0689
RESERVED
-CVE-2015-0688
- RESERVED
+CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services ...)
+ TODO: check
CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 ...)
TODO: check
CVE-2015-0686 (The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 ...)
@@ -6457,20 +6628,15 @@
NOT-FOR-US: Cisco IOS
CVE-2015-0617 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
NOT-FOR-US: Cisco
-CVE-2015-0616
- RESERVED
+CVE-2015-0616 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
NOT-FOR-US: Cisco
-CVE-2015-0615
- RESERVED
+CVE-2015-0615 (The call-handling implementation in Cisco Unity Connection 8.5 before ...)
NOT-FOR-US: Cisco
-CVE-2015-0614
- RESERVED
+CVE-2015-0614 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
NOT-FOR-US: Cisco
-CVE-2015-0613
- RESERVED
+CVE-2015-0613 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
NOT-FOR-US: Cisco
-CVE-2015-0612
- RESERVED
+CVE-2015-0612 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
NOT-FOR-US: Cisco
CVE-2015-0611 (The administrative web-management portal in Cisco IX 8 (.0.1) and ...)
NOT-FOR-US: Cisco TelePresence
@@ -7135,10 +7301,12 @@
[squeeze] - arc <no-dsa> (Minor issue)
CVE-2015-0557 [directory traversal via //multiple/leading/slash]
RESERVED
+ {DSA-3213-1}
- arj 3.10.22-13 (low; bug #774435)
[squeeze] - arj <no-dsa> (Minor issue)
CVE-2015-0556 [symlink directory traversal]
RESERVED
+ {DSA-3213-1}
- arj 3.10.22-13 (low; bug #774434)
[squeeze] - arj <no-dsa> (Minor issue)
CVE-2014-9529 (Race condition in the key_gc_unused_keys function in ...)
@@ -7302,8 +7470,7 @@
RESERVED
CVE-2015-0530
RESERVED
-CVE-2015-0529
- RESERVED
+CVE-2015-0529 (EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default ...)
NOT-FOR-US: EMC PowerPath Virtual Appliance
CVE-2015-0528 (The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, ...)
NOT-FOR-US: EMC Isilon OneFS
@@ -9381,8 +9548,7 @@
- wss4j 1.6.15-2 (bug #777741)
[wheezy] - wss4j <not-affected> (Vulnerable code not present)
[squeeze] - wss4j <not-affected> (Vulnerable code not present)
-CVE-2015-0225
- RESERVED
+CVE-2015-0225 (The default configuration in Apache Cassandra 1.2.0 through 1.2.19, ...)
- cassandra <itp> (bug #585905)
CVE-2015-0224 [qpidd can be crashed by unauthenticated user]
RESERVED
@@ -9529,8 +9695,8 @@
RESERVED
CVE-2015-0180
RESERVED
-CVE-2015-0179
- RESERVED
+CVE-2015-0179 (Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 ...)
+ TODO: check
CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before ...)
NOT-FOR-US: IBM Bluemix Liberty
CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
@@ -9619,8 +9785,8 @@
NOT-FOR-US: IBM PowerVC
CVE-2015-0135
RESERVED
-CVE-2015-0134
- RESERVED
+CVE-2015-0134 (Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before ...)
+ TODO: check
CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...)
NOT-FOR-US: IBM
CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 ...)
@@ -9649,12 +9815,12 @@
RESERVED
CVE-2015-0120
RESERVED
-CVE-2015-0119
- RESERVED
+CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before ...)
+ TODO: check
CVE-2015-0118
RESERVED
-CVE-2015-0117
- RESERVED
+CVE-2015-0117 (The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x ...)
+ TODO: check
CVE-2015-0116
RESERVED
CVE-2015-0115
@@ -16837,8 +17003,8 @@
RESERVED
CVE-2014-6222
RESERVED
-CVE-2014-6221
- RESERVED
+CVE-2014-6221 (The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ...)
+ TODO: check
CVE-2014-6220
RESERVED
CVE-2014-6219
@@ -26424,6 +26590,7 @@
CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and ...)
- curl <not-affected> (Only present in code only running on Windows)
CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...)
+ {DSA-3215-1}
- php5 5.6.0~rc4+dfsg-1
[wheezy] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
[squeeze] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
More information about the Secure-testing-commits
mailing list