[Secure-testing-commits] r32503 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Feb 25 21:10:16 UTC 2015
Author: sectracker
Date: 2015-02-25 21:10:16 +0000 (Wed, 25 Feb 2015)
New Revision: 32503
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-25 21:07:22 UTC (rev 32502)
+++ data/CVE/list 2015-02-25 21:10:16 UTC (rev 32503)
@@ -1,4 +1,37 @@
+CVE-2015-2079
+ RESERVED
+CVE-2015-2078 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
+ TODO: check
+CVE-2015-2077 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
+ TODO: check
+CVE-2015-2076
+ RESERVED
+CVE-2015-2075
+ RESERVED
+CVE-2015-2074
+ RESERVED
+CVE-2015-2073
+ RESERVED
+CVE-2015-2072
+ RESERVED
+CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in ...)
+ TODO: check
+CVE-2015-2070 (SQL injection vulnerability in eTouch SamePage Enterprise Edition ...)
+ TODO: check
+CVE-2015-2069 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
+ TODO: check
+CVE-2015-2068 (Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka ...)
+ TODO: check
+CVE-2015-2067 (Directory traversal vulnerability in web/ajax_pluginconf.php in the ...)
+ TODO: check
+CVE-2015-2066 (SQL injection vulnerability in DLGuard 4.5 allows remote attackers to ...)
+ TODO: check
+CVE-2015-2065 (SQL injection vulnerability in videogalleryrss.php in the Apptha ...)
+ TODO: check
+CVE-2015-2064 (Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, ...)
+ TODO: check
CVE-2015-2080 [Jetty remote unauthenticated credential exposure]
+ RESERVED
- jetty <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
- jetty8 <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
@@ -931,8 +964,8 @@
RESERVED
CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
NOT-FOR-US: Topline Opportunity Form
-CVE-2015-1605
- RESERVED
+CVE-2015-1605 (Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset ...)
+ TODO: check
CVE-2015-1602
RESERVED
CVE-2015-1601
@@ -978,8 +1011,7 @@
CVE-2015-XXXX [Vulnerabilities in nanohttp]
- libcsoap <unfixed> (bug #778599)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/17/2
-CVE-2014-9684 [Glance import task leaks image in backend]
- RESERVED
+CVE-2014-9684 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through ...)
- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: https://review.openstack.org/#/c/122427/
@@ -1078,8 +1110,7 @@
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
-CVE-2015-1572 [potential buffer overflow in closefs()]
- RESERVED
+CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in ...)
{DSA-3166-1}
- e2fsprogs 1.42.12-1.1 (bug #778948)
NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
@@ -1135,8 +1166,7 @@
- nut 2.7.2-2 (low; bug #777706)
[wheezy] - nut <no-dsa> (Minor issue)
[squeeze] - nut <no-dsa> (Minor issue)
-CVE-2015-1881 [Glance import task leaks image in backend]
- RESERVED
+CVE-2015-1881 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through ...)
- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: https://review.openstack.org/#/c/156553
@@ -1398,6 +1428,7 @@
NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...)
+ {DSA-3172-1}
[experimental] - cups 2.0.2-1
- cups 1.7.5-11 (bug #778387)
NOTE: Marked with [experimental] tag as the fix is only in experimental so far
@@ -1778,6 +1809,7 @@
RESERVED
CVE-2015-1414 [DoS via IGMP packet]
RESERVED
+ {DSA-3175-1}
- kfreebsd-10 <unfixed> (bug #779195)
- kfreebsd-9 <removed> (bug #779201)
- kfreebsd-8 <removed> (bug #779202)
@@ -2092,8 +2124,7 @@
NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
NOTE: https://github.com/chjj/marked/issues/492
NOTE: libv8 is not covered by security support
-CVE-2013-7423 [getaddrinfo() writes DNS queries to random file descriptors under high load]
- RESERVED
+CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...)
- glibc 2.19-1 (bug #722075)
[wheezy] - eglibc 2.13-38+deb7u5
- eglibc <removed>
@@ -3609,89 +3640,75 @@
RESERVED
CVE-2015-0837
RESERVED
-CVE-2015-0836
- RESERVED
+CVE-2015-0836 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-3174-1}
- iceweasel 31.5.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
-CVE-2015-0835
- RESERVED
+CVE-2015-0835 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
-CVE-2015-0834
- RESERVED
+CVE-2015-0834 (The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
-CVE-2015-0833
- RESERVED
+CVE-2015-0833 (Multiple untrusted search path vulnerabilities in updater.exe in ...)
- iceweasel <not-affected> (Specific to Firefox on Windows)
- icedove <not-affected> (Specific to Thunderbird on Windows)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
-CVE-2015-0832
- RESERVED
+CVE-2015-0832 (Mozilla Firefox before 36.0 does not properly recognize the ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
-CVE-2015-0831
- RESERVED
+CVE-2015-0831 (Use-after-free vulnerability in the ...)
+ {DSA-3174-1}
- iceweasel 31.5.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
-CVE-2015-0830
- RESERVED
+CVE-2015-0830 (The WebGL implementation in Mozilla Firefox before 36.0 does not ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
-CVE-2015-0829
- RESERVED
+CVE-2015-0829 (Buffer overflow in libstagefright in Mozilla Firefox before 36.0 ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
-CVE-2015-0828
- RESERVED
+CVE-2015-0828 (Double free vulnerability in the nsXMLHttpRequest::GetResponse ...)
- iceweasel <not-affected> (Doesn't affect the memory allocator used in the Debian builds)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
-CVE-2015-0827
- RESERVED
+CVE-2015-0827 (Heap-based buffer overflow in the mozilla::gfx::CopyRect function in ...)
+ {DSA-3174-1}
- iceweasel 31.5.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
-CVE-2015-0826
- RESERVED
+CVE-2015-0826 (The nsTransformedTextRun::SetCapitalization function in Mozilla ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
-CVE-2015-0825
- RESERVED
+CVE-2015-0825 (Stack-based buffer underflow in the ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
-CVE-2015-0824
- RESERVED
+CVE-2015-0824 (The mozilla::layers::BufferTextureClient::AllocateForSurface function ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
-CVE-2015-0823
- RESERVED
+CVE-2015-0823 (Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
-CVE-2015-0822
- RESERVED
+CVE-2015-0822 (The Form Autocompletion feature in Mozilla Firefox before 36.0, ...)
+ {DSA-3174-1}
- iceweasel 31.5.0esr-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
-CVE-2015-0821
- RESERVED
+CVE-2015-0821 (Mozilla Firefox before 36.0 allows user-assisted remote attackers to ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
-CVE-2015-0820
- RESERVED
+CVE-2015-0820 (Mozilla Firefox before 36.0 does not properly restrict transitions of ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
-CVE-2015-0819
- RESERVED
+CVE-2015-0819 (The UITour::onPageEvent function in Mozilla Firefox before 36.0 does ...)
- iceweasel <not-affected> (Does not affect ESR version)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
CVE-2015-0818
@@ -4435,8 +4452,8 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0558
RESERVED
-CVE-2015-0555
- RESERVED
+CVE-2015-0555 (Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in ...)
+ TODO: check
CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with ...)
NOT-FOR-US: ADB router
CVE-2015-0553 (Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in ...)
@@ -5543,8 +5560,7 @@
NOTE: http://bugs.gw.com/view.php?id=398
NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
NOTE: https://bugs.php.net/bug.php?id=68735
-CVE-2014-9402 [endless loop in getaddr_r]
- RESERVED
+CVE-2014-9402 (The nss_dns implementation of getnetbyname in GNU C Library (aka ...)
{DSA-3169-1 DLA-122-1}
- glibc 2.19-14 (bug #775572)
- eglibc <removed>
@@ -5770,8 +5786,8 @@
RESERVED
CVE-2014-9283
RESERVED
-CVE-2014-9282
- RESERVED
+CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer ...)
+ TODO: check
CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) ...)
NOT-FOR-US: Autodesk Design Review
CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows ...)
@@ -8770,8 +8786,8 @@
NOT-FOR-US: PingFederate SP Endpoints
CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
NOT-FOR-US: yourls
-CVE-2014-8487
- RESERVED
+CVE-2014-8487 (Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and ...)
+ TODO: check
CVE-2014-8486
RESERVED
CVE-2014-8482
@@ -14603,8 +14619,8 @@
RESERVED
CVE-2014-6116 (The Telemetry Component in WebSphere MQ 8.0.0.1 before ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-6115
- RESERVED
+CVE-2014-6115 (IBM Rational Insight 1.1.1.5 allows remote attackers to bypass ...)
+ TODO: check
CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Server ...)
NOT-FOR-US: IBM WebSphere
CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports component ...)
@@ -17656,8 +17672,8 @@
NOT-FOR-US: IBM
CVE-2014-4819 (The web user interface in IBM WebSphere Message Broker 8.0 before ...)
NOT-FOR-US: IBM
-CVE-2014-4818
- RESERVED
+CVE-2014-4818 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, ...)
+ TODO: check
CVE-2014-4817 (The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before ...)
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2014-4816 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
More information about the Secure-testing-commits
mailing list