[Secure-testing-commits] r33769 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Apr 22 21:10:16 UTC 2015


Author: sectracker
Date: 2015-04-22 21:10:16 +0000 (Wed, 22 Apr 2015)
New Revision: 33769

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-22 21:02:51 UTC (rev 33768)
+++ data/CVE/list	2015-04-22 21:10:16 UTC (rev 33769)
@@ -1,4 +1,123 @@
+CVE-2015-3399
+	RESERVED
+CVE-2015-3398
+	RESERVED
+CVE-2015-3397
+	RESERVED
+CVE-2015-3396
+	RESERVED
+CVE-2015-3395
+	RESERVED
+CVE-2015-3394
+	RESERVED
+CVE-2015-3393 (Open redirect vulnerability in the Commerce WeDeal module before ...)
+	TODO: check
+CVE-2015-3392 (Cross-site scripting (XSS) vulnerability in the Ajax Timeline module ...)
+	TODO: check
+CVE-2015-3391 (The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote ...)
+	TODO: check
+CVE-2015-3390 (Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher ...)
+	TODO: check
+CVE-2015-3389 (Cross-site scripting (XSS) vulnerability in the Download counts report ...)
+	TODO: check
+CVE-2015-3388 (Cross-site request forgery (CSRF) vulnerability in the Commerce ...)
+	TODO: check
+CVE-2015-3387 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...)
+	TODO: check
+CVE-2015-3386 (Cross-site scripting (XSS) vulnerability in the Node Access Product ...)
+	TODO: check
+CVE-2015-3385 (Cross-site scripting (XSS) vulnerability in the Taxonomy Path module ...)
+	TODO: check
+CVE-2015-3384 (Cross-site scripting (XSS) vulnerability in the Bank Account Listing ...)
+	TODO: check
+CVE-2015-3383 (Open redirect vulnerability in the Node basket module for Drupal ...)
+	TODO: check
+CVE-2015-3382 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...)
+	TODO: check
+CVE-2015-3381 (Cross-site scripting (XSS) vulnerability in the Node basket module for ...)
+	TODO: check
+CVE-2015-3380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3379 (The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x ...)
+	TODO: check
+CVE-2015-3378 (Open redirect vulnerability in the Views module before 6.x-2.18, ...)
+	TODO: check
+CVE-2015-3377
+	RESERVED
+CVE-2015-3376 (Cross-site scripting (XSS) vulnerability in the Quizzler module before ...)
+	TODO: check
+CVE-2015-3375 (Cross-site request forgery (CSRF) vulnerability in the Shibboleth ...)
+	TODO: check
+CVE-2015-3374 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3373 (The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and ...)
+	TODO: check
+CVE-2015-3372 (Cross-site scripting (XSS) vulnerability in the Node Invite module ...)
+	TODO: check
+CVE-2015-3371 (Open redirect vulnerability in the Node Invite module before 6.x-2.5 ...)
+	TODO: check
+CVE-2015-3370 (Cross-site request forgery (CSRF) vulnerability in the Node Invite ...)
+	TODO: check
+CVE-2015-3369 (Cross-site scripting (XSS) vulnerability in the Taxonews module before ...)
+	TODO: check
+CVE-2015-3368 (Cross-site scripting (XSS) vulnerability in the administration user ...)
+	TODO: check
+CVE-2015-3367 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3366 (Cross-site request forgery (CSRF) vulnerability in the Alfresco module ...)
+	TODO: check
+CVE-2015-3365 (Cross-site scripting (XSS) vulnerability in the nodeauthor module for ...)
+	TODO: check
+CVE-2015-3364 (Cross-site scripting (XSS) vulnerability in the Content Analysis ...)
+	TODO: check
+CVE-2015-3363 (Cross-site request forgery (CSRF) vulnerability in the Contact Form ...)
+	TODO: check
+CVE-2015-3362 (Cross-site scripting (XSS) vulnerability in the Video module before ...)
+	TODO: check
+CVE-2015-3361 (Cross-site scripting (XSS) vulnerability in the Linkit module before ...)
+	TODO: check
+CVE-2015-3360 (Cross-site scripting (XSS) vulnerability in the Term Merge module ...)
+	TODO: check
+CVE-2015-3359 (Multiple cross-site scripting (XSS) vulnerabilities in the Room ...)
+	TODO: check
+CVE-2015-3358 (Multiple open redirect vulnerabilities in the Tadaa! module before ...)
+	TODO: check
+CVE-2015-3357 (Cross-site scripting (XSS) vulnerability in the Wishlist module before ...)
+	TODO: check
+CVE-2015-3356 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3355 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3354 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...)
+	TODO: check
+CVE-2015-3353 (Cross-site scripting (XSS) vulnerability in the Field Display Label ...)
+	TODO: check
+CVE-2015-3352 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3351 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Log ...)
+	TODO: check
+CVE-2015-3350 (Cross-site request forgery (CSRF) vulnerability in the Todo Filter ...)
+	TODO: check
+CVE-2015-3349 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2015-3348 (Cross-site scripting (XSS) vulnerability in the Cloudwords for ...)
+	TODO: check
+CVE-2015-3347 (Cross-site request forgery (CSRF) vulnerability in the Cloudwords for ...)
+	TODO: check
+CVE-2015-3346 (SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for ...)
+	TODO: check
+CVE-2015-3345 (SQL injection vulnerability in the PHPlist Integration Module before ...)
+	TODO: check
+CVE-2015-3344 (Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x ...)
+	TODO: check
+CVE-2015-3343 (Cross-site request forgery (CSRF) vulnerability in the OPAC module ...)
+	TODO: check
+CVE-2015-3342 (Open redirect vulnerability in the Ubercart Currency Conversion module ...)
+	TODO: check
+CVE-2015-3341
+	RESERVED
 CVE-2015-3400
+	RESERVED
 	NOT-FOR-US: ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories
 CVE-2015-3338
 	RESERVED
@@ -428,6 +547,7 @@
 	- openjdk-8 <not-affected> (defective patch not applied)
 CVE-2015-3148 [Negotiate not treated as connection-oriented]
 	RESERVED
+	{DSA-3232-1}
 	- curl 7.42.0-1
 	NOTE: http://curl.haxx.se/docs/adv_20150422B.html
 CVE-2015-3147
@@ -451,6 +571,7 @@
 	NOTE: http://curl.haxx.se/docs/adv_20150422D.html
 CVE-2015-3143 [Re-using authenticated connection when unauthenticated]
 	RESERVED
+	{DSA-3232-1}
 	- curl 7.42.0-1
 	NOTE: http://curl.haxx.se/docs/adv_20150422A.html
 CVE-2015-3142
@@ -1255,10 +1376,9 @@
 CVE-2015-2826
 	RESERVED
 	NOT-FOR-US: WordPress plugin simple-ads-manager
-CVE-2015-2825
-	RESERVED
+CVE-2015-2825 (Unrestricted file upload vulnerability in sam-ajax-admin.php in the ...)
 	NOT-FOR-US: WordPress plugin simple-ads-manager
-CVE-2015-2824 (Multiple SQL injection vulnerabilities in sam-ajax-admin.php in the ...)
+CVE-2015-2824 (Multiple SQL injection vulnerabilities in the Simple Ads Manager ...)
 	NOT-FOR-US: WordPress plugin simple-ads-manager
 CVE-2015-2823 (Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA ...)
 	NOT-FOR-US: Siemens
@@ -2381,7 +2501,7 @@
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
-CVE-2014-9718 [malicious PRDT flow from guest to host]
+CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...)
 	- qemu <unfixed> (unimportant; bug #781250)
 	- qemu-kvm <removed> (unimportant)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
@@ -3780,8 +3900,8 @@
 	RESERVED
 CVE-2015-1890 (/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) ...)
 	NOT-FOR-US: IBM General Parallel File System
-CVE-2015-1889
-	RESERVED
+CVE-2015-1889 (The Big SQL component in IBM InfoSphere BigInsights 3.0 through ...)
+	TODO: check
 CVE-2015-1888
 	RESERVED
 CVE-2015-1887
@@ -4890,8 +5010,8 @@
 	RESERVED
 CVE-2015-1485
 	RESERVED
-CVE-2015-1484
-	RESERVED
+CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec ...)
+	TODO: check
 CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
 	NOT-FOR-US: Symantec NetBackup OpsCenter
 CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
@@ -7698,10 +7818,10 @@
 	RESERVED
 CVE-2015-0706
 	RESERVED
-CVE-2015-0705
-	RESERVED
-CVE-2015-0704
-	RESERVED
+CVE-2015-0705 (Cross-site request forgery (CSRF) vulnerability in the SOAP API ...)
+	TODO: check
+CVE-2015-0704 (Multiple cross-site request forgery (CSRF) vulnerabilities in API ...)
+	TODO: check
 CVE-2015-0703 (Cross-site scripting (XSS) vulnerability in the administrative web ...)
 	TODO: check
 CVE-2015-0702 (Unrestricted file upload vulnerability in the Custom Prompts upload ...)
@@ -11108,8 +11228,8 @@
 	NOT-FOR-US: IBM PowerVC
 CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x ...)
 	NOT-FOR-US: IBM PowerVC
-CVE-2015-0135
-	RESERVED
+CVE-2015-0135 (IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 ...)
+	TODO: check
 CVE-2015-0134 (Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before ...)
 	NOT-FOR-US: IBM
 CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...)
@@ -13722,8 +13842,7 @@
 	NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=41878
 	NOTE: https://github.com/htcondor/htcondor/commit/e891cea9970496aac74caf72604475a2b7e6a0ca.patch
 	NOTE: https://github.com/htcondor/htcondor/commit/aebc6b0492acdc8b21b39ba22e33661752c2c37d.patch
-CVE-2014-8125
-	RESERVED
+CVE-2014-8125 (XML external entity (XXE) vulnerability in Drools and jBPM before ...)
 	NOT-FOR-US: jBPM
 CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before ...)
 	- horizon 2014.1.3-6 (bug #772710)
@@ -13780,8 +13899,7 @@
 	RESERVED
 CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x ...)
 	- 389-ds-base 1.3.3.5-4 (bug #779909)
-CVE-2014-8111
-	RESERVED
+CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount ...)
 	- libapache-mod-jk <unfixed>
 	NOTE: Fix: http://svn.apache.org/r1647017
 CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
@@ -20140,8 +20258,8 @@
 	RESERVED
 CVE-2014-5371
 	RESERVED
-CVE-2014-5370
-	RESERVED
+CVE-2014-5370 (Directory traversal vulnerability in the CFChart servlet ...)
+	TODO: check
 CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption ...)
 	- enigmail 2:1.7.2-1
 	[wheezy] - enigmail <not-affected> (Introduced in 1.7)
@@ -20161,8 +20279,8 @@
 	RESERVED
 CVE-2014-5362
 	RESERVED
-CVE-2014-5361
-	RESERVED
+CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk ...)
+	TODO: check
 CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
 	NOT-FOR-US: LANDESK Management Suite
 CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service ...)
@@ -24749,8 +24867,7 @@
 	NOTE: https://bugs.php.net/bug.php?id=67716
 	NOTE: https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
 	- file 1:5.19-2
-CVE-2014-3586
-	RESERVED
+CVE-2014-3586 (The default configuration for the Command Line Interface in Red Hat ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2014-3585
 	RESERVED




More information about the Secure-testing-commits mailing list