[Secure-testing-commits] r32139 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Feb 10 21:10:24 UTC 2015
Author: sectracker
Date: 2015-02-10 21:10:24 +0000 (Tue, 10 Feb 2015)
New Revision: 32139
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-10 21:00:10 UTC (rev 32138)
+++ data/CVE/list 2015-02-10 21:10:24 UTC (rev 32139)
@@ -1,3 +1,205 @@
+CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite ...)
+ TODO: check
+CVE-2015-1567 (Cross-site scripting (XSS) vulnerability in the admin page in the GD ...)
+ TODO: check
+CVE-2015-1566 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
+ TODO: check
+CVE-2015-1565 (Cross-site scripting (XSS) vulnerability in the online help in Hitachi ...)
+ TODO: check
+CVE-2015-1564 (Cross-site scripting (XSS) vulnerability in style-underground/search ...)
+ TODO: check
+CVE-2015-1563 (The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows ...)
+ TODO: check
+CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS ...)
+ TODO: check
+CVE-2015-1561
+ RESERVED
+CVE-2015-1560
+ RESERVED
+CVE-2015-1559
+ RESERVED
+CVE-2015-1558 (Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when ...)
+ TODO: check
+CVE-2015-1557
+ RESERVED
+CVE-2015-1556
+ RESERVED
+CVE-2015-1555
+ RESERVED
+CVE-2015-1553
+ RESERVED
+CVE-2015-1552
+ RESERVED
+CVE-2015-1551
+ RESERVED
+CVE-2015-1550
+ RESERVED
+CVE-2015-1549
+ RESERVED
+CVE-2015-1548
+ RESERVED
+CVE-2015-1544
+ RESERVED
+CVE-2015-1543
+ RESERVED
+CVE-2015-1542
+ RESERVED
+CVE-2015-1541
+ RESERVED
+CVE-2015-1540
+ RESERVED
+CVE-2015-1539
+ RESERVED
+CVE-2015-1538
+ RESERVED
+CVE-2015-1537
+ RESERVED
+CVE-2015-1536
+ RESERVED
+CVE-2015-1535
+ RESERVED
+CVE-2015-1534
+ RESERVED
+CVE-2015-1533
+ RESERVED
+CVE-2015-1532
+ RESERVED
+CVE-2015-1531
+ RESERVED
+CVE-2015-1530
+ RESERVED
+CVE-2015-1529
+ RESERVED
+CVE-2015-1528
+ RESERVED
+CVE-2015-1527
+ RESERVED
+CVE-2015-1526
+ RESERVED
+CVE-2015-1525
+ RESERVED
+CVE-2015-1524
+ RESERVED
+CVE-2015-1523
+ RESERVED
+CVE-2015-1522
+ RESERVED
+CVE-2015-1521
+ RESERVED
+CVE-2015-1520
+ RESERVED
+CVE-2015-1519
+ RESERVED
+CVE-2015-1518
+ RESERVED
+CVE-2015-1517
+ RESERVED
+CVE-2015-1516
+ RESERVED
+CVE-2015-1515
+ RESERVED
+CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
+ TODO: check
+CVE-2015-1513 (SQL injection vulnerability in SIPhone Enterprise PBX allows remote ...)
+ TODO: check
+CVE-2015-1512 (Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC ...)
+ TODO: check
+CVE-2015-1511
+ RESERVED
+CVE-2015-1510
+ RESERVED
+CVE-2015-1509
+ RESERVED
+CVE-2015-1508
+ RESERVED
+CVE-2015-1507
+ RESERVED
+CVE-2015-1506
+ RESERVED
+CVE-2015-1505
+ RESERVED
+CVE-2015-1504
+ RESERVED
+CVE-2015-1503
+ RESERVED
+CVE-2015-1502
+ RESERVED
+CVE-2015-1501
+ RESERVED
+CVE-2015-1500
+ RESERVED
+CVE-2015-1499
+ RESERVED
+CVE-2015-1498
+ RESERVED
+CVE-2015-1497
+ RESERVED
+CVE-2015-1496
+ RESERVED
+CVE-2015-1495
+ RESERVED
+CVE-2015-1494
+ RESERVED
+CVE-2015-1492
+ RESERVED
+CVE-2015-1491
+ RESERVED
+CVE-2015-1490
+ RESERVED
+CVE-2015-1489
+ RESERVED
+CVE-2015-1488
+ RESERVED
+CVE-2015-1487
+ RESERVED
+CVE-2015-1486
+ RESERVED
+CVE-2015-1485
+ RESERVED
+CVE-2015-1484
+ RESERVED
+CVE-2015-1483
+ RESERVED
+CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
+ TODO: check
+CVE-2014-9674 (The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType ...)
+ TODO: check
+CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in ...)
+ TODO: check
+CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in ...)
+ TODO: check
+CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c ...)
+ TODO: check
+CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function ...)
+ TODO: check
+CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 ...)
+ TODO: check
+CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 ...)
+ TODO: check
+CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
+ TODO: check
+CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...)
+ TODO: check
+CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 ...)
+ TODO: check
+CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ...)
+ TODO: check
+CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before ...)
+ TODO: check
+CVE-2014-9662 (cff/cf2ft.c in FreeType before 2.5.4 does not validate the return ...)
+ TODO: check
+CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that ...)
+ TODO: check
+CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before ...)
+ TODO: check
+CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before ...)
+ TODO: check
+CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before ...)
+ TODO: check
+CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType ...)
+ TODO: check
+CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType ...)
+ TODO: check
CVE-2015-XXXX [cupsRasterReadPixels buffer overflow]
[experimental] - cups 2.0.2-1
NOTE: Marked with [experimental] tag as the fix is only in experimental so far
@@ -41,11 +243,13 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/09/13
TODO: check
CVE-2015-1545 [crashes on search with deref control and empty attr list]
+ RESERVED
- openldap 2.4.40-4 (bug #776988)
[wheezy] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openldap.org/its/?findid=8027
NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c
CVE-2015-1546 [crash in valueReturnFilter cleanup]
+ RESERVED
- openldap 2.4.40-4 (bug #776991)
[wheezy] - openldap <not-affected> (Regression introduced in 2.4.40)
[squeeze] - openldap <not-affected> (Regression introduced in 2.4.40)
@@ -80,6 +284,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/11
CVE-2012-6687 [Stack smashing while using a lot of connections]
+ RESERVED
- libfcgi 2.4.0-8.3 (bug #681591)
[wheezy] - libfcgi <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
@@ -97,6 +302,7 @@
- lynx-cur 2.8.8dev.4-1
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
CVE-2015-1547 [uninitialized memory in NeXTDecode]
+ RESERVED
- tiff <unfixed> (bug #777390)
- tiff3 <removed>
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
@@ -126,8 +332,8 @@
NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-1468
RESERVED
-CVE-2015-1467
- RESERVED
+CVE-2015-1467 (Multiple SQL injection vulnerabilities in Translations in Fork CMS ...)
+ TODO: check
CVE-2015-1466
RESERVED
CVE-2015-1464
@@ -173,12 +379,12 @@
RESERVED
CVE-2015-1445
RESERVED
-CVE-2015-1444
- RESERVED
+CVE-2015-1444 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
CVE-2015-1443
RESERVED
-CVE-2015-1442
- RESERVED
+CVE-2015-1442 (SQL injection vulnerability in views/zero_transact_user.php in the ...)
+ TODO: check
CVE-2015-1440
RESERVED
CVE-2015-1439
@@ -202,6 +408,7 @@
CVE-2015-1426
RESERVED
CVE-2015-1493 [MDL-48980 Security: Always clean the result from min_get_slash_argument]
+ RESERVED
- moodle 2.7.5+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
@@ -217,15 +424,18 @@
[squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
CVE-2014-9655 [access of uninitialized memory]
+ RESERVED
- tiff <unfixed> (bug #777390)
- tiff3 <removed>
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
CVE-2014-9654
+ RESERVED
- icu <unfixed> (bug #776719)
NOTE: https://ssl.icu-project.org/trac/changeset/36801
NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
CVE-2014-9653 [Malformed elf file causes access to uninitialized memory]
+ RESERVED
- file <unfixed> (bug #777585)
- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
NOTE: http://bugs.gw.com/view.php?id=409
@@ -485,6 +695,7 @@
RESERVED
NOT-FOR-US: typo3 extension
CVE-2015-1554 [can be crashed by some network traffic]
+ RESERVED
- kgb-bot <unfixed> (bug #776424)
CVE-2014-XXXX [Digest authentification never replay Ldap requests]
- squid <undetermined>
@@ -575,18 +786,18 @@
NOT-FOR-US: SAP
CVE-2015-1309 (XML external entity vulnerability in the Extended Computer Aided Test ...)
NOT-FOR-US: SAP
-CVE-2015-1305
- RESERVED
-CVE-2014-9643
- RESERVED
-CVE-2014-9642
- RESERVED
-CVE-2014-9641
- RESERVED
+CVE-2015-1305 (McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows ...)
+ TODO: check
+CVE-2014-9643 (K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and ...)
+ TODO: check
+CVE-2014-9642 (bdagent.sys in BullGuard Antivirus, Internet Security, Premium ...)
+ TODO: check
+CVE-2014-9641 (The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, ...)
+ TODO: check
CVE-2014-9633 (The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote ...)
NOT-FOR-US: COMODO Backup
-CVE-2014-9632
- RESERVED
+CVE-2014-9632 (The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 ...)
+ TODO: check
CVE-2015-1386 [directory traversal]
RESERVED
- unshield <unfixed> (low; bug #776193)
@@ -853,23 +1064,19 @@
RESERVED
CVE-2015-1213
RESERVED
-CVE-2015-1212
- RESERVED
+CVE-2015-1212 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1211
- RESERVED
+CVE-2015-1211 (The OriginCanAccessServiceWorkers function in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1210
- RESERVED
+CVE-2015-1210 (The V8ThrowException::createDOMException function in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1209
- RESERVED
+CVE-2015-1209 (Use-after-free vulnerability in the ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -1447,8 +1654,7 @@
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
- lhasa 0.2.0-1
[wheezy] - lhasa <no-dsa> (Minor issue)
-CVE-2014-9636 [OOB access (both read and write) issues in test_compr_eb]
- RESERVED
+CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service ...)
{DSA-3152-1 DLA-150-1}
- unzip 6.0-15 (bug #776589)
NOTE: http://seclists.org/oss-sec/2014/q4/489
@@ -2079,8 +2285,8 @@
RESERVED
CVE-2015-0872
RESERVED
-CVE-2015-0871
- RESERVED
+CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI ...)
+ TODO: check
CVE-2015-0870 (Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory ...)
NOT-FOR-US: Nishishi Factory
CVE-2015-0869 (I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a ...)
@@ -2613,18 +2819,18 @@
RESERVED
CVE-2015-0606
RESERVED
-CVE-2015-0605
- RESERVED
-CVE-2015-0604
- RESERVED
-CVE-2015-0603
- RESERVED
-CVE-2015-0602
- RESERVED
-CVE-2015-0601
- RESERVED
-CVE-2015-0600
- RESERVED
+CVE-2015-0605 (The uuencode inspection engine in Cisco AsyncOS on Cisco Email ...)
+ TODO: check
+CVE-2015-0604 (The web framework on Cisco Unified IP 9900 phones with firmware ...)
+ TODO: check
+CVE-2015-0603 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use ...)
+ TODO: check
+CVE-2015-0602 (The mobility extension on Cisco Unified IP 9900 phones with firmware ...)
+ TODO: check
+CVE-2015-0601 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow ...)
+ TODO: check
+CVE-2015-0600 (The mobility extension on Cisco Unified IP 9900 phones with firmware ...)
+ TODO: check
CVE-2015-0599 (The web interface in Cisco Integrated Management Controller in Cisco ...)
NOT-FOR-US: Cisco
CVE-2015-0598
@@ -2645,8 +2851,8 @@
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-0590 (Cisco WebEx Meeting Center allows remote attackers to activate ...)
NOT-FOR-US: Cisco WebEx
-CVE-2015-0589
- RESERVED
+CVE-2015-0589 (The administrative web interface in Cisco WebEx Meetings Server 1.0 ...)
+ TODO: check
CVE-2015-0588 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-0587
@@ -3155,6 +3361,7 @@
CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management ...)
NOT-FOR-US: Smoothwall
CVE-2010-5321 [v4l: videobuf: hotfix a bug on multiple calls to mmap()]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0
@@ -4024,6 +4231,7 @@
NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
CVE-2014-9652 [out-of-bounds memory access]
+ RESERVED
{DSA-3126-1 DSA-3121-1}
- file 1:5.21+15-1
[squeeze] - file <not-affected> (The code was not vulnerable, confirmed with Valgrind on the test data submitted to upstream)
@@ -4066,10 +4274,10 @@
- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9355 (Puppet Enterprise before 3.7.1 allows remote authenticated users to ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2014-9354
- RESERVED
-CVE-2014-9353
- RESERVED
+CVE-2014-9354 (NetApp OnCommand Balance before 4.2P3 allows local users to obtain ...)
+ TODO: check
+CVE-2014-9353 (NetApp OnCommand Balance before 4.2P2 contains a "default privileged ...)
+ TODO: check
CVE-2014-9352 (Cross-site scripting (XSS) vulnerability in the mail administration ...)
NOT-FOR-US: Scalix Web Access
CVE-2014-9350 (TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build ...)
@@ -4405,8 +4613,8 @@
RESERVED
CVE-2014-9204
RESERVED
-CVE-2014-9203
- RESERVED
+CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in ...)
+ TODO: check
CVE-2014-9202
RESERVED
CVE-2014-9201
@@ -4533,58 +4741,41 @@
RESERVED
CVE-2015-0331
RESERVED
-CVE-2015-0330
- RESERVED
+CVE-2015-0330 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0329
- RESERVED
+CVE-2015-0329 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0328
- RESERVED
+CVE-2015-0328 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0327
- RESERVED
+CVE-2015-0327 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0326
- RESERVED
+CVE-2015-0326 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0325
- RESERVED
+CVE-2015-0325 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0324
- RESERVED
+CVE-2015-0324 (Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0323
- RESERVED
+CVE-2015-0323 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0322
- RESERVED
+CVE-2015-0322 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0321
- RESERVED
+CVE-2015-0321 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0320
- RESERVED
+CVE-2015-0320 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0319
- RESERVED
+CVE-2015-0319 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0318
- RESERVED
+CVE-2015-0318 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0317
- RESERVED
+CVE-2015-0317 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0316
- RESERVED
+CVE-2015-0316 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0315
- RESERVED
+CVE-2015-0315 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0314
- RESERVED
+CVE-2015-0314 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash
-CVE-2015-0313 (Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and ...)
+CVE-2015-0313 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
NOT-FOR-US: Adobe Flash
CVE-2015-0312 (Double free vulnerability in Adobe Flash Player before 13.0.0.264 and ...)
NOT-FOR-US: Adobe Flash
@@ -5365,7 +5556,7 @@
- e2fsprogs 1.42.12-1
NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
CVE-2015-0246
- RESERVED
+ REJECTED
CVE-2015-0245 [denial of service in dbus >= 1.4 systemd activation]
RESERVED
- dbus 1.8.16-1 (bug #777545)
@@ -5806,8 +5997,8 @@
RESERVED
CVE-2015-0073
RESERVED
-CVE-2015-0072
- RESERVED
+CVE-2015-0072 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+ TODO: check
CVE-2015-0071
RESERVED
CVE-2015-0070
@@ -6718,9 +6909,9 @@
CVE-2014-8616
RESERVED
CVE-2014-8615
- RESERVED
+ REJECTED
CVE-2014-8614
- RESERVED
+ REJECTED
CVE-2014-8613 (The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before ...)
- kfreebsd-10 10.1~svn274115-2 (bug #776416)
- kfreebsd-9 <removed>
@@ -8370,7 +8561,7 @@
{DSA-3095-1 DLA-120-1}
- xorg-server 2:1.16.2.901-1
CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x ...)
- {DSA-3157-1 DLA-88-1}
+ {DSA-3159-1 DSA-3157-1 DLA-88-1}
- ruby1.8 <not-affected> (Incomplete fix never relesed for 1.9)
- ruby1.9.1 <not-affected> (Incomplete fix never relesed for 1.9)
- ruby2.0 <not-affected> (Incomplete fix never relesed for 1.9)
@@ -8390,7 +8581,7 @@
CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote ...)
NOT-FOR-US: TestLink
CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before ...)
- {DSA-3157-1 DLA-88-1}
+ {DSA-3159-1 DSA-3157-1 DLA-88-1}
- ruby1.8 <removed>
- ruby1.9.1 <removed>
- ruby2.0 <removed>
@@ -14746,8 +14937,8 @@
NOT-FOR-US: innovaphone PBX
CVE-2014-5334
RESERVED
-CVE-2014-5332
- RESERVED
+CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows ...)
+ TODO: check
CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote ...)
NOT-FOR-US: Aflax
CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows remote ...)
@@ -27254,13 +27445,13 @@
CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream ...)
NOT-FOR-US: Attachmate Verastream Process Designer
CVE-2014-0606
- RESERVED
-CVE-2014-0605
- RESERVED
-CVE-2014-0604
- RESERVED
-CVE-2014-0603
- RESERVED
+ REJECTED
+CVE-2014-0605 (Directory traversal vulnerability in the rftpcom.dll ActiveX control ...)
+ TODO: check
+CVE-2014-0604 (Directory traversal vulnerability in the rftpcom.dll ActiveX control ...)
+ TODO: check
+CVE-2014-0603 (The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client ...)
+ TODO: check
CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in the ...)
NOT-FOR-US: NetIQ Security Manager
CVE-2014-0601
@@ -33676,8 +33867,8 @@
NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 ...)
NOT-FOR-US: Cisco
-CVE-2013-5557
- RESERVED
+CVE-2013-5557 (The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in ...)
+ TODO: check
CVE-2013-5556 (The license-installation module on the Cisco Nexus 1000V switch ...)
NOT-FOR-US: Cisco
CVE-2013-5555 (Cisco Unified Communications Manager (aka CUCM or Unified CM) allows ...)
@@ -37289,7 +37480,7 @@
RESERVED
NOT-FOR-US: Flippy Contributed Drupal module
CVE-2013-4186
- RESERVED
+ REJECTED
CVE-2013-4185 (Algorithmic complexity vulnerability in OpenStack Compute (Nova) ...)
- nova 2013.1.2-3 (low; bug #718907)
[wheezy] - nova <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list