[Secure-testing-commits] r32223 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Feb 13 21:10:16 UTC 2015
Author: sectracker
Date: 2015-02-13 21:10:16 +0000 (Fri, 13 Feb 2015)
New Revision: 32223
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-13 19:17:35 UTC (rev 32222)
+++ data/CVE/list 2015-02-13 21:10:16 UTC (rev 32223)
@@ -1,3 +1,7 @@
+CVE-2014-9679
+ RESERVED
+CVE-2014-9676
+ RESERVED
CVE-2015-1588
RESERVED
CVE-2015-1587
@@ -31,10 +35,13 @@
CVE-2013-7425
RESERVED
CVE-2014-9678
+ RESERVED
NOT-FOR-US: FlexPaper
CVE-2014-9677
+ RESERVED
NOT-FOR-US: FlexPaper
CVE-2015-1592 [local file inclusion or inauthenticated arbitrary remote code execution]
+ RESERVED
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
@@ -333,9 +340,11 @@
[squeeze] - suricata <no-dsa> (Minor issue)
NOTE: https://redmine.openinfosecfoundation.org/issues/1364
CVE-2014-9681 [preserves TZ by default]
+ RESERVED
- procmail <unfixed> (bug #778341)
NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
CVE-2014-9680 [preserves TZ by default]
+ RESERVED
- sudo <unfixed> (bug #772707)
NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
NOTE: http://www.sudo.ws/repos/sudo/rev/33b545d19c03
@@ -346,14 +355,12 @@
NOTE: https://github.com/jabberd2/jabberd2/issues/85
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/09/13
TODO: check
-CVE-2015-1545 [crashes on search with deref control and empty attr list]
- RESERVED
+CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...)
- openldap 2.4.40-4 (bug #776988)
[wheezy] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openldap.org/its/?findid=8027
NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c
-CVE-2015-1546 [crash in valueReturnFilter cleanup]
- RESERVED
+CVE-2015-1546 (Double free vulnerability in the get_vrFilter function in ...)
- openldap 2.4.40-4 (bug #776991)
[wheezy] - openldap <not-affected> (Regression introduced in 2.4.40)
[squeeze] - openldap <not-affected> (Regression introduced in 2.4.40)
@@ -433,8 +440,8 @@
NOT-FOR-US: My Little Forum
CVE-2015-1474
RESERVED
-CVE-2015-1471
- RESERVED
+CVE-2015-1471 (SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 ...)
+ TODO: check
CVE-2015-1470
RESERVED
CVE-2015-1469 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
@@ -528,14 +535,14 @@
NOTE: http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
CVE-2015-XXXX [Invalid read in ensure_filepath]
- libmspack 0.5-1
- - cabextract 1.4-5
+ - cabextract 1.4-5
[wheezy] - cabextract <no-dsa> (Minor issue)
[squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2015-XXXX [Invalid read in create_output_name]
- libmspack 0.5-1
- - cabextract 1.4-5
+ - cabextract 1.4-5
[wheezy] - cabextract <no-dsa> (Minor issue)
[squeeze] - cabextract <no-dsa> (Minor issue)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
@@ -639,6 +646,7 @@
NOTE: https://github.com/chjj/marked/issues/497
NOTE: libv8 is not covered by security support
CVE-2015-1589 [directory traversal]
+ RESERVED
- archmage 1:0.2.4-4 (bug #776164)
[squeeze] - archmage <no-dsa> (Minor issue)
[wheezy] - archmage <no-dsa> (Minor issue)
@@ -783,6 +791,7 @@
NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/29/23
CVE-2013-7426 [insecure default fifo path /tmp/kamailio_fifo]
+ RESERVED
- kamailio 4.0.2-1 (bug #712083)
CVE-2013-7424 [Invalid-free when using getaddrinfo()]
RESERVED
@@ -1318,9 +1327,11 @@
- libmspack 0.5-1 (bug #775687)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-1591
+ RESERVED
- kamailio 4.2.0-2 (bug #775681)
NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-1590
+ RESERVED
- kamailio 4.2.0-2 (bug #775681)
NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-XXXX [insecure configuration permissions]
@@ -1345,8 +1356,7 @@
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
-CVE-2015-1345 [heap buffer overrun]
- RESERVED
+CVE-2015-1345 (The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows ...)
- grep <unfixed> (low; bug #776039)
[squeeze] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
[wheezy] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
@@ -2398,8 +2408,8 @@
RESERVED
CVE-2015-0874
RESERVED
-CVE-2015-0873
- RESERVED
+CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
+ TODO: check
CVE-2015-0872
RESERVED
CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI ...)
@@ -2960,8 +2970,8 @@
NOT-FOR-US: Cisco
CVE-2015-0594
RESERVED
-CVE-2015-0593
- RESERVED
+CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ...)
+ TODO: check
CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and ...)
TODO: check
CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote ...)
@@ -3281,8 +3291,7 @@
RESERVED
CVE-2014-9514
RESERVED
-CVE-2014-9512 [path spoofing attack vulnerability]
- RESERVED
+CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...)
- rsync <unfixed> (low; bug #778333)
[wheezy] - rsync <not-affected> (Affected sanitising functionality not yet present)
[squeeze] - rsync <not-affected> (Affected sanitising functionality not yet present)
@@ -5764,8 +5773,7 @@
RESERVED
CVE-2015-0228
RESERVED
-CVE-2015-0227
- RESERVED
+CVE-2015-0227 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote ...)
- wss4j 1.6.15-2 (bug #777741)
CVE-2015-0226
RESERVED
@@ -6457,8 +6465,8 @@
RESERVED
CVE-2014-8910
RESERVED
-CVE-2014-8909
- RESERVED
+CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
+ TODO: check
CVE-2014-8908
RESERVED
CVE-2014-8907
@@ -7840,8 +7848,8 @@
NOT-FOR-US: Advantech EKI-6340
CVE-2014-8386 (Multiple stack-based buffer overflows in Advantech AdamView 4.3 and ...)
NOT-FOR-US: Advantech AdamView
-CVE-2014-8385
- RESERVED
+CVE-2014-8385 (Buffer overflow on Advantech EKI-1200 gateways with firmware before ...)
+ TODO: check
CVE-2014-8384
RESERVED
CVE-2014-8383
@@ -8631,8 +8639,7 @@
RESERVED
CVE-2014-8111
RESERVED
-CVE-2014-8110
- RESERVED
+CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and ...)
@@ -13250,8 +13257,7 @@
NOT-FOR-US: IBM
CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before ...)
NOT-FOR-US: IBM
-CVE-2014-6185 [Tivoli Storage Manager Arbitrary DSO Load Elevation of Privileges]
- RESERVED
+CVE-2014-6185 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before ...)
NOT-FOR-US: IBM
NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715
CVE-2014-6184
@@ -13314,8 +13320,8 @@
RESERVED
CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...)
NOT-FOR-US: IBM
-CVE-2014-6154
- RESERVED
+CVE-2014-6154 (Directory traversal vulnerability in IBM Optim Performance Manager for ...)
+ TODO: check
CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) ...)
NOT-FOR-US: IBM
CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
@@ -13344,8 +13350,8 @@
NOT-FOR-US: IBM
CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before ...)
NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
-CVE-2014-6139
- RESERVED
+CVE-2014-6139 (The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, ...)
+ TODO: check
CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
NOT-FOR-US: IBM
CVE-2014-6137
@@ -16452,8 +16458,8 @@
NOT-FOR-US: IBM
CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-4813
- RESERVED
+CVE-2014-4813 (Race condition in the client in IBM Tivoli Storage Manager (TSM) ...)
+ TODO: check
CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...)
NOT-FOR-US: IBM Security AppScan Source
CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...)
@@ -16472,8 +16478,8 @@
NOT-FOR-US: IBM DB2
CVE-2014-4804
RESERVED
-CVE-2014-4803
- RESERVED
+CVE-2014-4803 (CRLF injection vulnerability in the Universal Access implementation in ...)
+ TODO: check
CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
@@ -16516,8 +16522,8 @@
NOT-FOR-US: IBM
CVE-2014-4782
RESERVED
-CVE-2014-4781
- RESERVED
+CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before ...)
+ TODO: check
CVE-2014-4780
RESERVED
CVE-2014-4779
@@ -16536,8 +16542,8 @@
RESERVED
CVE-2014-4772
RESERVED
-CVE-2014-4771
- RESERVED
+CVE-2014-4771 (IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before ...)
+ TODO: check
CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
More information about the Secure-testing-commits
mailing list