[Secure-testing-commits] r32176 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Feb 12 09:10:22 UTC 2015
Author: sectracker
Date: 2015-02-12 09:10:22 +0000 (Thu, 12 Feb 2015)
New Revision: 32176
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-12 06:56:30 UTC (rev 32175)
+++ data/CVE/list 2015-02-12 09:10:22 UTC (rev 32176)
@@ -1,3 +1,11 @@
+CVE-2015-1572
+ RESERVED
+CVE-2015-1571 (The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch ...)
+ TODO: check
+CVE-2015-1570 (The Endpoint Control protocol implementation in Fortinet FortiClient ...)
+ TODO: check
+CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
+ TODO: check
CVE-2015-XXXX [command injection vulnerability]
- xdg-utils <unfixed> (bug #777722)
CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite ...)
@@ -16,8 +24,8 @@
RESERVED
CVE-2015-1560
RESERVED
-CVE-2015-1559
- RESERVED
+CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2015-1557
RESERVED
CVE-2015-1556
@@ -34,8 +42,8 @@
RESERVED
CVE-2015-1549
RESERVED
-CVE-2015-1548
- RESERVED
+CVE-2015-1548 (mini_httpd 1.21 and earlier allows remote attackers to obtain ...)
+ TODO: check
CVE-2015-1544
RESERVED
CVE-2015-1543
@@ -252,6 +260,7 @@
NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/10/15
CVE-2015-1573 [nft flush ruleset crashes kernel]
+ RESERVED
- linux <unfixed>
[wheezy] - linux <not-affected> (nftables introduced in 3.13)
- linux-2.6 <not-affected> (nftables introduced in 3.13)
@@ -544,14 +553,12 @@
- roundcube 0.9.5+dfsg1-4.2 (low; bug #776700)
[wheezy] - roundcube <no-dsa> (Minor issue)
[squeeze] - roundcube <no-dsa> (Minor issue)
-CVE-2015-1432 [phpbb3: CSRF]
- RESERVED
+CVE-2015-1432 (The message_options function in includes/ucp/ucp_pm_options.php in ...)
- phpbb3 3.0.12-4 (low; bug #776699)
[wheezy] - phpbb3 <no-dsa> (Minor issue)
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
-CVE-2015-1431 [phpbb3: css injection]
- RESERVED
+CVE-2015-1431 (Cross-site scripting (XSS) vulnerability in includes/startup.php in ...)
- phpbb3 3.0.12-4 (low; bug #776699)
[wheezy] - phpbb3 <no-dsa> (Minor issue)
[squeeze] - phpbb3 <no-dsa> (Minor issue)
@@ -889,8 +896,7 @@
[jessie] - grml-debootstrap <no-dsa> (Minor issue)
[wheezy] - grml-debootstrap <no-dsa> (Minor issue)
NOTE: https://github.com/grml/grml-debootstrap/issues/59
-CVE-2015-1377 [Read Mail Module Vulnerability]
- RESERVED
+CVE-2015-1377 (The Read Mail module in Webmin 1.720 allows local users to read ...)
NOT-FOR-US: Webmin
CVE-2015-1395 [directory traversal via file rename]
RESERVED
@@ -1187,8 +1193,8 @@
RESERVED
CVE-2015-1170
RESERVED
-CVE-2015-1169
- RESERVED
+CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
+ TODO: check
CVE-2015-1168
RESERVED
CVE-2015-1167
@@ -3116,15 +3122,13 @@
CVE-2015-XXXX [insecure keyring handling]
- weboob 1.0-3 (low; bug #774838)
[wheezy] - weboob <no-dsa> (Minor issue)
-CVE-2015-1042 [Incomplete fix for CVE-2014-6316 in 1.2.18]
- RESERVED
+CVE-2015-1042 (The string_sanitize_url function in core/string_api.php in MantisBT ...)
- mantis <removed>
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <not-affected> (Incomplete fix not applied)
NOTE: https://www.mantisbt.org/bugs/view.php?id=17997
NOTE: http://github.com/mantisbt/mantisbt/commit/d95f070d
-CVE-2015-1031 [use-after-free]
- RESERVED
+CVE-2015-1031 (Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow ...)
{DSA-3133-1 DLA-142-1}
- privoxy 3.0.21-5 (bug #775167)
NOTE: http://www.privoxy.org/announce.txt
@@ -6062,116 +6066,116 @@
RESERVED
CVE-2015-0072 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
TODO: check
-CVE-2015-0071
- RESERVED
-CVE-2015-0070
- RESERVED
-CVE-2015-0069
- RESERVED
-CVE-2015-0068
- RESERVED
-CVE-2015-0067
- RESERVED
-CVE-2015-0066
- RESERVED
-CVE-2015-0065
- RESERVED
-CVE-2015-0064
- RESERVED
-CVE-2015-0063
- RESERVED
-CVE-2015-0062
- RESERVED
-CVE-2015-0061
- RESERVED
-CVE-2015-0060
- RESERVED
-CVE-2015-0059
- RESERVED
-CVE-2015-0058
- RESERVED
-CVE-2015-0057
- RESERVED
+CVE-2015-0071 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0070 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0069 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0068 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0067 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0066 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0065 (Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2015-0064 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word ...)
+ TODO: check
+CVE-2015-0063 (Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel ...)
+ TODO: check
+CVE-2015-0062 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, ...)
+ TODO: check
+CVE-2015-0061 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2015-0060 (The font mapper in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2015-0059 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
+ TODO: check
+CVE-2015-0058 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...)
+ TODO: check
+CVE-2015-0057 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2015-0056
RESERVED
-CVE-2015-0055
- RESERVED
-CVE-2015-0054
- RESERVED
-CVE-2015-0053
- RESERVED
-CVE-2015-0052
- RESERVED
-CVE-2015-0051
- RESERVED
-CVE-2015-0050
- RESERVED
-CVE-2015-0049
- RESERVED
-CVE-2015-0048
- RESERVED
+CVE-2015-0055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
+ TODO: check
+CVE-2015-0054 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0053 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0052 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0051 (Microsoft Internet Explorer 8 allows remote attackers to bypass the ...)
+ TODO: check
+CVE-2015-0050 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0049 (Microsoft Internet Explorer 8 and 10 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0048 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-0047
RESERVED
-CVE-2015-0046
- RESERVED
-CVE-2015-0045
- RESERVED
-CVE-2015-0044
- RESERVED
-CVE-2015-0043
- RESERVED
-CVE-2015-0042
- RESERVED
-CVE-2015-0041
- RESERVED
-CVE-2015-0040
- RESERVED
-CVE-2015-0039
- RESERVED
-CVE-2015-0038
- RESERVED
-CVE-2015-0037
- RESERVED
-CVE-2015-0036
- RESERVED
-CVE-2015-0035
- RESERVED
+CVE-2015-0046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0045 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0044 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0043 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0042 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0041 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0040 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0039 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0038 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0037 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0036 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0035 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-0034
RESERVED
CVE-2015-0033
RESERVED
CVE-2015-0032
RESERVED
-CVE-2015-0031
- RESERVED
-CVE-2015-0030
- RESERVED
-CVE-2015-0029
- RESERVED
-CVE-2015-0028
- RESERVED
-CVE-2015-0027
- RESERVED
-CVE-2015-0026
- RESERVED
-CVE-2015-0025
- RESERVED
+CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0030 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0029 (Microsoft Internet Explorer 6 and 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0028 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0027 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0026 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0025 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-0024
RESERVED
-CVE-2015-0023
- RESERVED
-CVE-2015-0022
- RESERVED
-CVE-2015-0021
- RESERVED
-CVE-2015-0020
- RESERVED
-CVE-2015-0019
- RESERVED
-CVE-2015-0018
- RESERVED
-CVE-2015-0017
- RESERVED
+CVE-2015-0023 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0022 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0021 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0020 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0019 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
+CVE-2015-0018 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-0017 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-0016 (Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) ...)
NOT-FOR-US: Microsoft Windows
CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and ...)
@@ -6180,16 +6184,16 @@
NOT-FOR-US: Microsoft Windows
CVE-2015-0013
RESERVED
-CVE-2015-0012
- RESERVED
+CVE-2015-0012 (Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update ...)
+ TODO: check
CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in ...)
NOT-FOR-US: Microsoft Windows
-CVE-2015-0010
- RESERVED
-CVE-2015-0009
- RESERVED
-CVE-2015-0008
- RESERVED
+CVE-2015-0010 (The CryptProtectMemory function in cng.sys (aka the Cryptography Next ...)
+ TODO: check
+CVE-2015-0009 (The Group Policy Security Configuration policy implementation in ...)
+ TODO: check
+CVE-2015-0008 (The UNC implementation in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
CVE-2015-0007
RESERVED
CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows ...)
@@ -6198,8 +6202,8 @@
RESERVED
CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2015-0003
- RESERVED
+CVE-2015-0003 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application ...)
NOT-FOR-US: Microsoft Windows
CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, ...)
@@ -6738,8 +6742,8 @@
NOT-FOR-US: Drupal module Bad Behavior
CVE-2014-8734 (The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal ...)
NOT-FOR-US: Drupal module Organic Groups Menu
-CVE-2014-8733
- RESERVED
+CVE-2014-8733 (Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password ...)
+ TODO: check
CVE-2014-8730 (The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 ...)
NOT-FOR-US: SSL/TLS implementation error in F5 products (and historic NSS releases)
CVE-2014-8729
@@ -12746,8 +12750,8 @@
NOT-FOR-US: Microsoft Office
CVE-2014-6363 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-6362
- RESERVED
+CVE-2014-6362 (Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, ...)
+ TODO: check
CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, ...)
NOT-FOR-US: Microsoft Excel
CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility ...)
More information about the Secure-testing-commits
mailing list