[Secure-testing-commits] r31227 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jan 9 21:10:18 UTC 2015
Author: sectracker
Date: 2015-01-09 21:10:18 +0000 (Fri, 09 Jan 2015)
New Revision: 31227
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-09 21:07:40 UTC (rev 31226)
+++ data/CVE/list 2015-01-09 21:10:18 UTC (rev 31227)
@@ -1,3 +1,825 @@
+CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner Effect ...)
+ TODO: check
+CVE-2015-0919 (Multiple SQL injection vulnerabilities in the administrative backend ...)
+ TODO: check
+CVE-2015-0918 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
+ TODO: check
+CVE-2015-0917 (Cross-site scripting (XSS) vulnerability in the backend in Kajona ...)
+ TODO: check
+CVE-2015-0916
+ RESERVED
+CVE-2015-0915
+ RESERVED
+CVE-2015-0914
+ RESERVED
+CVE-2015-0913
+ RESERVED
+CVE-2015-0912
+ RESERVED
+CVE-2015-0911
+ RESERVED
+CVE-2015-0910
+ RESERVED
+CVE-2015-0909
+ RESERVED
+CVE-2015-0908
+ RESERVED
+CVE-2015-0907
+ RESERVED
+CVE-2015-0906
+ RESERVED
+CVE-2015-0905
+ RESERVED
+CVE-2015-0904
+ RESERVED
+CVE-2015-0903
+ RESERVED
+CVE-2015-0902
+ RESERVED
+CVE-2015-0901
+ RESERVED
+CVE-2015-0900
+ RESERVED
+CVE-2015-0899
+ RESERVED
+CVE-2015-0898
+ RESERVED
+CVE-2015-0897
+ RESERVED
+CVE-2015-0896
+ RESERVED
+CVE-2015-0895
+ RESERVED
+CVE-2015-0894
+ RESERVED
+CVE-2015-0893
+ RESERVED
+CVE-2015-0892
+ RESERVED
+CVE-2015-0891
+ RESERVED
+CVE-2015-0890
+ RESERVED
+CVE-2015-0889
+ RESERVED
+CVE-2015-0888
+ RESERVED
+CVE-2015-0887
+ RESERVED
+CVE-2015-0886
+ RESERVED
+CVE-2015-0885
+ RESERVED
+CVE-2015-0884
+ RESERVED
+CVE-2015-0883
+ RESERVED
+CVE-2015-0882
+ RESERVED
+CVE-2015-0881
+ RESERVED
+CVE-2015-0880
+ RESERVED
+CVE-2015-0879
+ RESERVED
+CVE-2015-0878
+ RESERVED
+CVE-2015-0877
+ RESERVED
+CVE-2015-0876
+ RESERVED
+CVE-2015-0875
+ RESERVED
+CVE-2015-0874
+ RESERVED
+CVE-2015-0873
+ RESERVED
+CVE-2015-0872
+ RESERVED
+CVE-2015-0871
+ RESERVED
+CVE-2015-0870
+ RESERVED
+CVE-2015-0869
+ RESERVED
+CVE-2015-0868
+ RESERVED
+CVE-2015-0867
+ RESERVED
+CVE-2015-0866
+ RESERVED
+CVE-2015-0865
+ RESERVED
+CVE-2015-0864
+ RESERVED
+CVE-2015-0863
+ RESERVED
+CVE-2015-0862
+ RESERVED
+CVE-2015-0861
+ RESERVED
+CVE-2015-0860
+ RESERVED
+CVE-2015-0859
+ RESERVED
+CVE-2015-0858
+ RESERVED
+CVE-2015-0857
+ RESERVED
+CVE-2015-0856
+ RESERVED
+CVE-2015-0855
+ RESERVED
+CVE-2015-0854
+ RESERVED
+CVE-2015-0853
+ RESERVED
+CVE-2015-0852
+ RESERVED
+CVE-2015-0851
+ RESERVED
+CVE-2015-0850
+ RESERVED
+CVE-2015-0849
+ RESERVED
+CVE-2015-0848
+ RESERVED
+CVE-2015-0847
+ RESERVED
+CVE-2015-0846
+ RESERVED
+CVE-2015-0845
+ RESERVED
+CVE-2015-0844
+ RESERVED
+CVE-2015-0843
+ RESERVED
+CVE-2015-0842
+ RESERVED
+CVE-2015-0841
+ RESERVED
+CVE-2015-0840
+ RESERVED
+CVE-2015-0839
+ RESERVED
+CVE-2015-0838
+ RESERVED
+CVE-2015-0837
+ RESERVED
+CVE-2015-0836
+ RESERVED
+CVE-2015-0835
+ RESERVED
+CVE-2015-0834
+ RESERVED
+CVE-2015-0833
+ RESERVED
+CVE-2015-0832
+ RESERVED
+CVE-2015-0831
+ RESERVED
+CVE-2015-0830
+ RESERVED
+CVE-2015-0829
+ RESERVED
+CVE-2015-0828
+ RESERVED
+CVE-2015-0827
+ RESERVED
+CVE-2015-0826
+ RESERVED
+CVE-2015-0825
+ RESERVED
+CVE-2015-0824
+ RESERVED
+CVE-2015-0823
+ RESERVED
+CVE-2015-0822
+ RESERVED
+CVE-2015-0821
+ RESERVED
+CVE-2015-0820
+ RESERVED
+CVE-2015-0819
+ RESERVED
+CVE-2015-0818
+ RESERVED
+CVE-2015-0817
+ RESERVED
+CVE-2015-0816
+ RESERVED
+CVE-2015-0815
+ RESERVED
+CVE-2015-0814
+ RESERVED
+CVE-2015-0813
+ RESERVED
+CVE-2015-0812
+ RESERVED
+CVE-2015-0811
+ RESERVED
+CVE-2015-0810
+ RESERVED
+CVE-2015-0809
+ RESERVED
+CVE-2015-0808
+ RESERVED
+CVE-2015-0807
+ RESERVED
+CVE-2015-0806
+ RESERVED
+CVE-2015-0805
+ RESERVED
+CVE-2015-0804
+ RESERVED
+CVE-2015-0803
+ RESERVED
+CVE-2015-0802
+ RESERVED
+CVE-2015-0801
+ RESERVED
+CVE-2015-0800
+ RESERVED
+CVE-2015-0799
+ RESERVED
+CVE-2015-0798
+ RESERVED
+CVE-2015-0797
+ RESERVED
+CVE-2015-0796
+ RESERVED
+CVE-2015-0795
+ RESERVED
+CVE-2015-0794
+ RESERVED
+CVE-2015-0793
+ RESERVED
+CVE-2015-0792
+ RESERVED
+CVE-2015-0791
+ RESERVED
+CVE-2015-0790
+ RESERVED
+CVE-2015-0789
+ RESERVED
+CVE-2015-0788
+ RESERVED
+CVE-2015-0787
+ RESERVED
+CVE-2015-0786
+ RESERVED
+CVE-2015-0785
+ RESERVED
+CVE-2015-0784
+ RESERVED
+CVE-2015-0783
+ RESERVED
+CVE-2015-0782
+ RESERVED
+CVE-2015-0781
+ RESERVED
+CVE-2015-0780
+ RESERVED
+CVE-2015-0779
+ RESERVED
+CVE-2015-0778
+ RESERVED
+CVE-2015-0777
+ RESERVED
+CVE-2015-0776
+ RESERVED
+CVE-2015-0775
+ RESERVED
+CVE-2015-0774
+ RESERVED
+CVE-2015-0773
+ RESERVED
+CVE-2015-0772
+ RESERVED
+CVE-2015-0771
+ RESERVED
+CVE-2015-0770
+ RESERVED
+CVE-2015-0769
+ RESERVED
+CVE-2015-0768
+ RESERVED
+CVE-2015-0767
+ RESERVED
+CVE-2015-0766
+ RESERVED
+CVE-2015-0765
+ RESERVED
+CVE-2015-0764
+ RESERVED
+CVE-2015-0763
+ RESERVED
+CVE-2015-0762
+ RESERVED
+CVE-2015-0761
+ RESERVED
+CVE-2015-0760
+ RESERVED
+CVE-2015-0759
+ RESERVED
+CVE-2015-0758
+ RESERVED
+CVE-2015-0757
+ RESERVED
+CVE-2015-0756
+ RESERVED
+CVE-2015-0755
+ RESERVED
+CVE-2015-0754
+ RESERVED
+CVE-2015-0753
+ RESERVED
+CVE-2015-0752
+ RESERVED
+CVE-2015-0751
+ RESERVED
+CVE-2015-0750
+ RESERVED
+CVE-2015-0749
+ RESERVED
+CVE-2015-0748
+ RESERVED
+CVE-2015-0747
+ RESERVED
+CVE-2015-0746
+ RESERVED
+CVE-2015-0745
+ RESERVED
+CVE-2015-0744
+ RESERVED
+CVE-2015-0743
+ RESERVED
+CVE-2015-0742
+ RESERVED
+CVE-2015-0741
+ RESERVED
+CVE-2015-0740
+ RESERVED
+CVE-2015-0739
+ RESERVED
+CVE-2015-0738
+ RESERVED
+CVE-2015-0737
+ RESERVED
+CVE-2015-0736
+ RESERVED
+CVE-2015-0735
+ RESERVED
+CVE-2015-0734
+ RESERVED
+CVE-2015-0733
+ RESERVED
+CVE-2015-0732
+ RESERVED
+CVE-2015-0731
+ RESERVED
+CVE-2015-0730
+ RESERVED
+CVE-2015-0729
+ RESERVED
+CVE-2015-0728
+ RESERVED
+CVE-2015-0727
+ RESERVED
+CVE-2015-0726
+ RESERVED
+CVE-2015-0725
+ RESERVED
+CVE-2015-0724
+ RESERVED
+CVE-2015-0723
+ RESERVED
+CVE-2015-0722
+ RESERVED
+CVE-2015-0721
+ RESERVED
+CVE-2015-0720
+ RESERVED
+CVE-2015-0719
+ RESERVED
+CVE-2015-0718
+ RESERVED
+CVE-2015-0717
+ RESERVED
+CVE-2015-0716
+ RESERVED
+CVE-2015-0715
+ RESERVED
+CVE-2015-0714
+ RESERVED
+CVE-2015-0713
+ RESERVED
+CVE-2015-0712
+ RESERVED
+CVE-2015-0711
+ RESERVED
+CVE-2015-0710
+ RESERVED
+CVE-2015-0709
+ RESERVED
+CVE-2015-0708
+ RESERVED
+CVE-2015-0707
+ RESERVED
+CVE-2015-0706
+ RESERVED
+CVE-2015-0705
+ RESERVED
+CVE-2015-0704
+ RESERVED
+CVE-2015-0703
+ RESERVED
+CVE-2015-0702
+ RESERVED
+CVE-2015-0701
+ RESERVED
+CVE-2015-0700
+ RESERVED
+CVE-2015-0699
+ RESERVED
+CVE-2015-0698
+ RESERVED
+CVE-2015-0697
+ RESERVED
+CVE-2015-0696
+ RESERVED
+CVE-2015-0695
+ RESERVED
+CVE-2015-0694
+ RESERVED
+CVE-2015-0693
+ RESERVED
+CVE-2015-0692
+ RESERVED
+CVE-2015-0691
+ RESERVED
+CVE-2015-0690
+ RESERVED
+CVE-2015-0689
+ RESERVED
+CVE-2015-0688
+ RESERVED
+CVE-2015-0687
+ RESERVED
+CVE-2015-0686
+ RESERVED
+CVE-2015-0685
+ RESERVED
+CVE-2015-0684
+ RESERVED
+CVE-2015-0683
+ RESERVED
+CVE-2015-0682
+ RESERVED
+CVE-2015-0681
+ RESERVED
+CVE-2015-0680
+ RESERVED
+CVE-2015-0679
+ RESERVED
+CVE-2015-0678
+ RESERVED
+CVE-2015-0677
+ RESERVED
+CVE-2015-0676
+ RESERVED
+CVE-2015-0675
+ RESERVED
+CVE-2015-0674
+ RESERVED
+CVE-2015-0673
+ RESERVED
+CVE-2015-0672
+ RESERVED
+CVE-2015-0671
+ RESERVED
+CVE-2015-0670
+ RESERVED
+CVE-2015-0669
+ RESERVED
+CVE-2015-0668
+ RESERVED
+CVE-2015-0667
+ RESERVED
+CVE-2015-0666
+ RESERVED
+CVE-2015-0665
+ RESERVED
+CVE-2015-0664
+ RESERVED
+CVE-2015-0663
+ RESERVED
+CVE-2015-0662
+ RESERVED
+CVE-2015-0661
+ RESERVED
+CVE-2015-0660
+ RESERVED
+CVE-2015-0659
+ RESERVED
+CVE-2015-0658
+ RESERVED
+CVE-2015-0657
+ RESERVED
+CVE-2015-0656
+ RESERVED
+CVE-2015-0655
+ RESERVED
+CVE-2015-0654
+ RESERVED
+CVE-2015-0653
+ RESERVED
+CVE-2015-0652
+ RESERVED
+CVE-2015-0651
+ RESERVED
+CVE-2015-0650
+ RESERVED
+CVE-2015-0649
+ RESERVED
+CVE-2015-0648
+ RESERVED
+CVE-2015-0647
+ RESERVED
+CVE-2015-0646
+ RESERVED
+CVE-2015-0645
+ RESERVED
+CVE-2015-0644
+ RESERVED
+CVE-2015-0643
+ RESERVED
+CVE-2015-0642
+ RESERVED
+CVE-2015-0641
+ RESERVED
+CVE-2015-0640
+ RESERVED
+CVE-2015-0639
+ RESERVED
+CVE-2015-0638
+ RESERVED
+CVE-2015-0637
+ RESERVED
+CVE-2015-0636
+ RESERVED
+CVE-2015-0635
+ RESERVED
+CVE-2015-0634
+ RESERVED
+CVE-2015-0633
+ RESERVED
+CVE-2015-0632
+ RESERVED
+CVE-2015-0631
+ RESERVED
+CVE-2015-0630
+ RESERVED
+CVE-2015-0629
+ RESERVED
+CVE-2015-0628
+ RESERVED
+CVE-2015-0627
+ RESERVED
+CVE-2015-0626
+ RESERVED
+CVE-2015-0625
+ RESERVED
+CVE-2015-0624
+ RESERVED
+CVE-2015-0623
+ RESERVED
+CVE-2015-0622
+ RESERVED
+CVE-2015-0621
+ RESERVED
+CVE-2015-0620
+ RESERVED
+CVE-2015-0619
+ RESERVED
+CVE-2015-0618
+ RESERVED
+CVE-2015-0617
+ RESERVED
+CVE-2015-0616
+ RESERVED
+CVE-2015-0615
+ RESERVED
+CVE-2015-0614
+ RESERVED
+CVE-2015-0613
+ RESERVED
+CVE-2015-0612
+ RESERVED
+CVE-2015-0611
+ RESERVED
+CVE-2015-0610
+ RESERVED
+CVE-2015-0609
+ RESERVED
+CVE-2015-0608
+ RESERVED
+CVE-2015-0607
+ RESERVED
+CVE-2015-0606
+ RESERVED
+CVE-2015-0605
+ RESERVED
+CVE-2015-0604
+ RESERVED
+CVE-2015-0603
+ RESERVED
+CVE-2015-0602
+ RESERVED
+CVE-2015-0601
+ RESERVED
+CVE-2015-0600
+ RESERVED
+CVE-2015-0599
+ RESERVED
+CVE-2015-0598
+ RESERVED
+CVE-2015-0597
+ RESERVED
+CVE-2015-0596
+ RESERVED
+CVE-2015-0595
+ RESERVED
+CVE-2015-0594
+ RESERVED
+CVE-2015-0593
+ RESERVED
+CVE-2015-0592
+ RESERVED
+CVE-2015-0591
+ RESERVED
+CVE-2015-0590
+ RESERVED
+CVE-2015-0589
+ RESERVED
+CVE-2015-0588
+ RESERVED
+CVE-2015-0587
+ RESERVED
+CVE-2015-0586
+ RESERVED
+CVE-2015-0585
+ RESERVED
+CVE-2015-0584
+ RESERVED
+CVE-2015-0583
+ RESERVED
+CVE-2015-0582
+ RESERVED
+CVE-2015-0581
+ RESERVED
+CVE-2015-0580
+ RESERVED
+CVE-2015-0579
+ RESERVED
+CVE-2015-0578
+ RESERVED
+CVE-2015-0577
+ RESERVED
+CVE-2015-0576
+ RESERVED
+CVE-2015-0575
+ RESERVED
+CVE-2015-0574
+ RESERVED
+CVE-2015-0573
+ RESERVED
+CVE-2015-0572
+ RESERVED
+CVE-2015-0571
+ RESERVED
+CVE-2015-0570
+ RESERVED
+CVE-2015-0569
+ RESERVED
+CVE-2015-0568
+ RESERVED
+CVE-2015-0567
+ RESERVED
+CVE-2015-0566
+ RESERVED
+CVE-2015-0565
+ RESERVED
+CVE-2014-9583 (common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, ...)
+ TODO: check
+CVE-2014-9582 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-9581 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2014-9580 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
+ TODO: check
+CVE-2014-9579 (VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator ...)
+ TODO: check
+CVE-2014-9578 (VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with ...)
+ TODO: check
+CVE-2014-9577 (VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when ...)
+ TODO: check
+CVE-2014-9576 (VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of ...)
+ TODO: check
+CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote ...)
+ TODO: check
+CVE-2014-9574
+ RESERVED
+CVE-2014-9573
+ RESERVED
+CVE-2014-9572
+ RESERVED
+CVE-2014-9571
+ RESERVED
+CVE-2014-9570
+ RESERVED
+CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
+ TODO: check
+CVE-2014-9568
+ RESERVED
+CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in ...)
+ TODO: check
+CVE-2014-9566
+ RESERVED
+CVE-2014-9565
+ RESERVED
+CVE-2014-9564
+ RESERVED
+CVE-2014-9563
+ RESERVED
+CVE-2014-9562
+ RESERVED
+CVE-2014-9561
+ RESERVED
+CVE-2014-9560
+ RESERVED
+CVE-2014-9559
+ RESERVED
+CVE-2014-9558
+ RESERVED
+CVE-2014-9557
+ RESERVED
+CVE-2014-9555
+ RESERVED
+CVE-2014-9554
+ RESERVED
+CVE-2014-9553
+ RESERVED
+CVE-2014-9552
+ RESERVED
+CVE-2014-9551
+ RESERVED
+CVE-2014-9550
+ RESERVED
+CVE-2014-9549
+ RESERVED
+CVE-2014-9548
+ RESERVED
+CVE-2014-9547
+ RESERVED
+CVE-2014-9546
+ RESERVED
+CVE-2014-9545
+ RESERVED
+CVE-2014-9544
+ RESERVED
+CVE-2014-9543
+ RESERVED
+CVE-2014-9542
+ RESERVED
+CVE-2014-9541
+ RESERVED
+CVE-2014-9540
+ RESERVED
+CVE-2014-9539
+ RESERVED
+CVE-2014-9538
+ RESERVED
+CVE-2014-9537
+ RESERVED
+CVE-2014-9536
+ RESERVED
+CVE-2014-9535
+ RESERVED
+CVE-2014-9534
+ RESERVED
+CVE-2014-9533
+ RESERVED
+CVE-2014-9532
+ RESERVED
+CVE-2014-9531
+ RESERVED
+CVE-2014-9530
+ RESERVED
+CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in ...)
+ TODO: check
+CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to ...)
+ TODO: check
CVE-2015-XXXX [directory traversal vulnerabilities]
- ha <unfixed> (low; bug #774954)
[squeeze] - ha <no-dsa> (Minor issue)
@@ -57,21 +879,27 @@
- roundcube <unfixed>
NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
CVE-2015-0564 [TLS/SSL decryption crash]
+ RESERVED
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
CVE-2015-0563 [SMTP dissector crash]
+ RESERVED
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
CVE-2015-0562 [DEC DNA Routing Protocol dissector crash]
+ RESERVED
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
CVE-2015-0561 [LPP dissector crash]
+ RESERVED
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-02.html
CVE-2015-0560 [WCCP dissector crash]
+ RESERVED
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0559 [WCCP dissector crash]
+ RESERVED
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0558
@@ -144,8 +972,8 @@
RESERVED
CVE-2014-9484
RESERVED
-CVE-2014-9473
- RESERVED
+CVE-2014-9473 (Unrestricted file upload vulnerability in lib_nonajax.php in the ...)
+ TODO: check
CVE-2014-9472
RESERVED
CVE-2014-9470
@@ -323,6 +1151,7 @@
NOTE: http://pillow.readthedocs.org/releasenotes/2.7.0.html#png-text-chunk-size-limits
TODO: check
CVE-2014-9584 [isofs: unchecked printing of ER records]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
@@ -400,6 +1229,7 @@
RESERVED
- arj <unfixed> (bug #774434)
CVE-2014-9529 [security/keys/gc.c race condition]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://marc.info/?l=linux-kernel&m=141986398232547&w=2
@@ -434,7 +1264,7 @@
CVE-2014-9485 [miniunzip directory traversal]
RESERVED
- minizip <unfixed> (low; bug #774321)
-CVE-2014-9426 (The apprentice_load function in libmagic/apprentice.c in the Fileinfo ...)
+CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...)
- file <not-affected> (PHP specific modification in libmagic/apprentice.c)
- php5 <unfixed>
[wheezy] - php5 <not-affected> (libmagic/apprentice.c does not contain the invalid free)
@@ -477,6 +1307,7 @@
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939
NOTE: Plain bug, security implications rather far-fetched
CVE-2014-9556 [DoS; infinite loop]
+ RESERVED
- libmspack 0.4-2 (bug #773041)
- cabextract 1.4-5 (bug #772891)
[wheezy] - cabextract <no-dsa> (Minor issue)
@@ -504,7 +1335,7 @@
[squeeze] - perl <no-dsa> (Minor issue)
[wheezy] - perl <no-dsa> (Minor issue)
CVE-2014-9486
- RESERVED
+ REJECTED
CVE-2014-9497 [Buffer overflow]
RESERVED
- mpg123 1.18.0-1
@@ -891,8 +1722,7 @@
RESERVED
CVE-2015-0362
RESERVED
-CVE-2015-0361 [XSA-116]
- RESERVED
+CVE-2015-0361 (Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
@@ -978,8 +1808,7 @@
TODO: check
CVE-2014-9366
RESERVED
-CVE-2014-9493 [Glance v2 API unrestricted path traversal]
- RESERVED
+CVE-2014-9493 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) ...)
- glance 2014.1.3-6 (bug #773836)
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
@@ -1408,8 +2237,7 @@
CVE-2014-9222 (AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway ...)
NOT-FOR-US: RomPager
NOTE: http://mis.fortunecook.ie/
-CVE-2014-9221
- RESERVED
+CVE-2014-9221 (strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to ...)
{DSA-3118-1}
- strongswan 5.2.1-5
CVE-2014-9217 (Graylog2 before 0.92 allows remote attackers to bypass LDAP ...)
@@ -1927,8 +2755,7 @@
NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9017
RESERVED
-CVE-2012-6684
- RESERVED
+CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
- ruby-redcloth <unfixed> (bug #774748)
- redcloth <removed>
NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en
@@ -2233,8 +3060,7 @@
NOT-FOR-US: Nibbleblog
CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote ...)
NOT-FOR-US: Maarch LetterBox
-CVE-2014-8993
- RESERVED
+CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in ...)
- open-xchange <itp> (bug #269329)
CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: MODX Revolution
@@ -2445,16 +3271,13 @@
RESERVED
CVE-2015-0207
RESERVED
-CVE-2015-0206 [DTLS memory leak in dtls1_buffer_record]
- RESERVED
+CVE-2015-0206 (Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL ...)
- openssl 1.0.1k-1
[squeeze] - openssl <not-affected> (Affects 1.0.1 and 1.0.0)
-CVE-2015-0205 [DH client certificates accepted without verification [Server]]
- RESERVED
+CVE-2015-0205 (The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before ...)
- openssl 1.0.1k-1
[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.0)
-CVE-2015-0204 [RSA silently downgrades to EXPORT_RSA [Client]]
- RESERVED
+CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before ...)
- openssl 1.0.1k-1
CVE-2015-0203
RESERVED
@@ -3690,10 +4513,12 @@
RESERVED
CVE-2014-8738 [Out-of-bounds memory write while processing a crafted "ar" archive]
RESERVED
+ {DSA-3123-1}
- binutils 2.24.90.20141124-1
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
+ {DSA-3123-1}
- binutils 2.24.90.20141124-1
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
@@ -4004,6 +4829,7 @@
CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
NOT-FOR-US: Etiko CMS
CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
+ {DSA-3123-1}
- binutils 2.24.90.20141104-1
NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
@@ -4011,15 +4837,18 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
+ {DSA-3123-1}
- binutils 2.24.90.20141104-1
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in ...)
+ {DSA-3123-1}
- binutils 2.24.90.20141104-1
NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
+ {DSA-3123-1}
- binutils 2.24.90.20141104-1
- gdb <unfixed> (unimportant)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
@@ -4171,11 +5000,13 @@
NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 ...)
+ {DSA-3123-1}
- binutils 2.24.90.20141104-1
NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
+ {DSA-3123-1}
- binutils 2.24.51.20140903-1
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
@@ -4693,8 +5524,7 @@
RESERVED
CVE-2014-8276
RESERVED
-CVE-2014-8275 [Certificate fingerprints can be modified]
- RESERVED
+CVE-2014-8275 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k ...)
- openssl 1.0.1k-1
CVE-2014-8274
RESERVED
@@ -5011,8 +5841,7 @@
[wheezy] - libssh <no-dsa> (Minor issue)
[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
NOTE: http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
-CVE-2014-8131 [deadlock and segfault in qemuConnectGetAllDomainStats]
- RESERVED
+CVE-2014-8131 (The qemu implementation of virConnectGetAllDomainStats in libvirt ...)
- libvirt 1.2.9-7 (bug #773858)
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -5294,20 +6123,20 @@
RESERVED
CVE-2014-8034
RESERVED
-CVE-2014-8033
- RESERVED
-CVE-2014-8032
- RESERVED
-CVE-2014-8031
- RESERVED
-CVE-2014-8030
- RESERVED
-CVE-2014-8029
- RESERVED
-CVE-2014-8028
- RESERVED
-CVE-2014-8027
- RESERVED
+CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows ...)
+ TODO: check
+CVE-2014-8032 (The OutlookAction LI in Cisco WebEx Meetings Server allows remote ...)
+ TODO: check
+CVE-2014-8031 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
+ TODO: check
+CVE-2014-8030 (Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco ...)
+ TODO: check
+CVE-2014-8029 (Open redirect vulnerability in the web interface in Cisco Secure ...)
+ TODO: check
+CVE-2014-8028 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
+CVE-2014-8027 (The RBAC component in Cisco Secure Access Control System (ACS) allows ...)
+ TODO: check
CVE-2014-8026 (Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco ...)
NOT-FOR-US: Cisco
CVE-2014-8025 (The API in the Guest Server in Cisco Jabber, when HTML5 is used, ...)
@@ -7095,8 +7924,7 @@
RESERVED
CVE-2014-7210
RESERVED
-CVE-2014-7209 [run-mailcap shell command injection]
- RESERVED
+CVE-2014-7209 (run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 ...)
{DSA-3114-1 DLA-125-1}
- mime-support 3.58
CVE-2014-7208 (GParted before 0.15.0 allows local users to execute arbitrary commands ...)
@@ -13234,25 +14062,20 @@
- piwigo <removed> (low)
[squeeze] - piwigo <no-dsa> (Minor issue)
CVE-2014-4642
- RESERVED
+ REJECTED
CVE-2014-4641
- RESERVED
+ REJECTED
CVE-2014-4640
- RESERVED
-CVE-2014-4639
- RESERVED
+ REJECTED
+CVE-2014-4639 (EMC Documentum Web Development Kit (WDK) before 6.8 does not properly ...)
NOT-FOR-US: EMC Documentum Web Development
-CVE-2014-4638
- RESERVED
+CVE-2014-4638 (EMC Documentum Web Development Kit (WDK) before 6.8 allows remote ...)
NOT-FOR-US: EMC Documentum Web Development
-CVE-2014-4637
- RESERVED
+CVE-2014-4637 (Open redirect vulnerability in EMC Documentum Web Development Kit ...)
NOT-FOR-US: EMC Documentum Web Development
-CVE-2014-4636
- RESERVED
+CVE-2014-4636 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web ...)
NOT-FOR-US: EMC Documentum Web Development
-CVE-2014-4635
- RESERVED
+CVE-2014-4635 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager ...)
NOT-FOR-US: EMC Replication Manager and EMC AppSync
@@ -15307,8 +16130,8 @@
- dotclear 2.6.3+dfsg-1
CVE-2014-3780 (Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 ...)
NOT-FOR-US: Citrix
-CVE-2014-3779
- RESERVED
+CVE-2014-3779 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
+ TODO: check
CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: ARRIS modem
CVE-2014-3777 (Directory traversal vulnerability in Reportico PHP Report Designer ...)
@@ -15325,8 +16148,8 @@
RESERVED
CVE-2014-3765
RESERVED
-CVE-2014-3764
- RESERVED
+CVE-2014-3764 (Cross-site scripting (XSS) vulnerability in the web-based device ...)
+ TODO: check
CVE-2014-3763
RESERVED
CVE-2014-3762
@@ -15709,8 +16532,7 @@
- qpid-cpp <unfixed> (low; bug #772794)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
-CVE-2014-3628 [Cross-site scripting (XSS) vulnerability via the fieldvaluecache object]
- RESERVED
+CVE-2014-3628 (Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / ...)
- lucene-solr <not-affected> (Only affects later 4.x releases)
NOTE: https://issues.apache.org/jira/browse/SOLR-6738
CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 ...)
@@ -15913,16 +16735,13 @@
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
CVE-2014-3573 (The oVirt Engine backend module, as used in Red Hat Enterprise ...)
NOT-FOR-US: oVirt Engine
-CVE-2014-3572 [ECDHE silently downgrades to ECDH [Client]]
- RESERVED
+CVE-2014-3572 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before ...)
- openssl 1.0.1k-1
-CVE-2014-3571 [DTLS segmentation fault in dtls1_get_record]
- RESERVED
+CVE-2014-3571 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k ...)
- openssl 1.0.1k-1
-CVE-2014-3570 [Bignum squaring may produce incorrect results]
- RESERVED
+CVE-2014-3570 (The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before ...)
- openssl 1.0.1k-1
-CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j ...)
+CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, ...)
{DLA-81-1}
- openssl 1.0.1k-1
[wheezy] - openssl <not-affected> (Doesn't use no-ssl3 yet)
@@ -22347,8 +23166,7 @@
RESERVED
CVE-2014-1426
RESERVED
-CVE-2014-1425
- RESERVED
+CVE-2014-1425 (cmanager 0.32 does not properly enforce nesting when modifying cgroup ...)
- cgmanager 0.33-3
NOTE: https://launchpad.net/ubuntu/+source/cgmanager/0.32-4ubuntu1.1
CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 ...)
@@ -23768,7 +24586,7 @@
CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and ...)
NOT-FOR-US: EMC VPLEX
CVE-2014-0631
- RESERVED
+ REJECTED
CVE-2014-0630 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
NOT-FOR-US: EMC
CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
@@ -47015,8 +47833,8 @@
CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...)
- vlc <unfixed> (unimportant)
NOTE: Harmless crasher without security relevance
-CVE-2012-5853
- RESERVED
+CVE-2012-5853 (SQL injection vulnerability in the "the_search_function" function in ...)
+ TODO: check
CVE-2012-5852
RESERVED
CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...)
More information about the Secure-testing-commits
mailing list