[Secure-testing-commits] r32000 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Feb 5 21:10:17 UTC 2015
Author: sectracker
Date: 2015-02-05 21:10:17 +0000 (Thu, 05 Feb 2015)
New Revision: 32000
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-05 20:58:01 UTC (rev 31999)
+++ data/CVE/list 2015-02-05 21:10:17 UTC (rev 32000)
@@ -1,3 +1,21 @@
+CVE-2015-1482 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1481 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization ...)
+ TODO: check
+CVE-2015-1480 (ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows ...)
+ TODO: check
+CVE-2015-1479 (SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ...)
+ TODO: check
+CVE-2015-1478 (Cross-site scripting (XSS) vulnerability in the CMSJunkie ...)
+ TODO: check
+CVE-2015-1477 (SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager ...)
+ TODO: check
+CVE-2015-1476 (Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor ...)
+ TODO: check
+CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my little forum ...)
+ TODO: check
+CVE-2015-1474
+ RESERVED
CVE-2015-1471
RESERVED
CVE-2015-1470
@@ -65,8 +83,8 @@
RESERVED
CVE-2015-1438
RESERVED
-CVE-2015-1437
- RESERVED
+CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 ...)
+ TODO: check
CVE-2015-1436
RESERVED
CVE-2015-1435
@@ -2595,8 +2613,8 @@
RESERVED
CVE-2014-9563
RESERVED
-CVE-2014-9562
- RESERVED
+CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
+ TODO: check
CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...)
NOT-FOR-US: SoftBB
CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB ...)
@@ -3855,6 +3873,7 @@
NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
CVE-2014-9652 [out-of-bounds memory access]
+ {DSA-3126-1 DSA-3121-1}
- file 1:5.21+15-1
[squeeze] - file <not-affected> (The code was not vulnerable, confirmed with Valgrind on the test data submitted to upstream)
[wheezy] - file 5.11-2+deb7u7
@@ -3940,8 +3959,8 @@
RESERVED
CVE-2014-9332
RESERVED
-CVE-2014-9331
- RESERVED
+CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine ...)
+ TODO: check
CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...)
- tiff 4.0.3-12 (bug #773987)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
@@ -4048,10 +4067,12 @@
NOTE: jmm coordinating with reporters wrt CVE
CVE-2014-9298
RESERVED
+ {DSA-3154-1}
- ntp 1:4.2.6.p5+dfsg-4
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)
CVE-2014-9297
RESERVED
+ {DSA-3154-1}
- ntp 1:4.2.6.p5+dfsg-4
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 ...)
@@ -4683,24 +4704,24 @@
RESERVED
CVE-2014-9051
RESERVED
-CVE-2014-9049
- RESERVED
-CVE-2014-9048
- RESERVED
-CVE-2014-9047
- RESERVED
-CVE-2014-9046
- RESERVED
-CVE-2014-9045
- RESERVED
-CVE-2014-9044
- RESERVED
-CVE-2014-9043
- RESERVED
-CVE-2014-9042
- RESERVED
-CVE-2014-9041
- RESERVED
+CVE-2014-9049 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x ...)
+ TODO: check
+CVE-2014-9048 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x ...)
+ TODO: check
+CVE-2014-9047 (Multiple unspecified vulnerabilities in the preview system in ownCloud ...)
+ TODO: check
+CVE-2014-9046 (The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, ...)
+ TODO: check
+CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 5.0.18 and ...)
+ TODO: check
+CVE-2014-9044 (Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the ...)
+ TODO: check
+CVE-2014-9043 (The user_ldap (aka LDAP user and group backend) application in ...)
+ TODO: check
+CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import functionality ...)
+ TODO: check
+CVE-2014-9041 (The import functionality in the bookmarks application in ownCloud ...)
+ TODO: check
CVE-2014-9040
RESERVED
CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) ...)
@@ -5180,8 +5201,8 @@
RESERVED
- postgresql-9.4 9.4.1-1
- postgresql-9.1 9.1.11-2
- [wheezy] - postgresql-9.1 <unfixed>
- NOTE: workaround until DSA released, remove tag and note after releasing
+ [wheezy] - postgresql-9.1 <unfixed>
+ NOTE: workaround until DSA released, remove tag and note after releasing
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0242
@@ -5192,8 +5213,8 @@
RESERVED
- postgresql-9.4 9.4.1-1
- postgresql-9.1 9.1.11-2
- [wheezy] - postgresql-9.1 <unfixed>
- NOTE: workaround until DSA released, remove tag and note after releasing
+ [wheezy] - postgresql-9.1 <unfixed>
+ NOTE: workaround until DSA released, remove tag and note after releasing
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0240
@@ -7876,8 +7897,8 @@
RESERVED
- postgresql-9.4 9.4.1-1
- postgresql-9.1 9.1.11-2
- [wheezy] - postgresql-9.1 <unfixed>
- NOTE: workaround until DSA released, remove tag and note after releasing
+ [wheezy] - postgresql-9.1 <unfixed>
+ NOTE: workaround until DSA released, remove tag and note after releasing
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2014-8160 [iptables restriction bypass if a protocol handler kernel module not loaded]
@@ -8760,8 +8781,8 @@
NOT-FOR-US: ZOHO
CVE-2014-7865
REJECTED
-CVE-2014-7864
- RESERVED
+CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet ...)
+ TODO: check
CVE-2014-7863
RESERVED
CVE-2014-7862
@@ -14520,8 +14541,8 @@
NOT-FOR-US: Feng Office
CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
NOT-FOR-US: Aruba Networks ClearPass
-CVE-2014-5341
- RESERVED
+CVE-2014-5341 (The SFTP external storage driver (files_external) in ownCloud Server ...)
+ TODO: check
CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...)
- check-mk <unfixed> (bug #758883)
[wheezy] - check-mk <not-affected> (does not use pickle, vulnerable code not present)
More information about the Secure-testing-commits
mailing list