[Secure-testing-commits] r35376 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jul 8 21:10:15 UTC 2015


Author: sectracker
Date: 2015-07-08 21:10:15 +0000 (Wed, 08 Jul 2015)
New Revision: 35376

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-08 15:22:51 UTC (rev 35375)
+++ data/CVE/list	2015-07-08 21:10:15 UTC (rev 35376)
@@ -1,3 +1,191 @@
+CVE-2015-5451
+	RESERVED
+CVE-2015-5450
+	RESERVED
+CVE-2015-5449
+	RESERVED
+CVE-2015-5448
+	RESERVED
+CVE-2015-5447
+	RESERVED
+CVE-2015-5446
+	RESERVED
+CVE-2015-5445
+	RESERVED
+CVE-2015-5444
+	RESERVED
+CVE-2015-5443
+	RESERVED
+CVE-2015-5442
+	RESERVED
+CVE-2015-5441
+	RESERVED
+CVE-2015-5440
+	RESERVED
+CVE-2015-5439
+	RESERVED
+CVE-2015-5438
+	RESERVED
+CVE-2015-5437
+	RESERVED
+CVE-2015-5436
+	RESERVED
+CVE-2015-5435
+	RESERVED
+CVE-2015-5434
+	RESERVED
+CVE-2015-5433
+	RESERVED
+CVE-2015-5432
+	RESERVED
+CVE-2015-5431
+	RESERVED
+CVE-2015-5430
+	RESERVED
+CVE-2015-5429
+	RESERVED
+CVE-2015-5428
+	RESERVED
+CVE-2015-5427
+	RESERVED
+CVE-2015-5426
+	RESERVED
+CVE-2015-5425
+	RESERVED
+CVE-2015-5424
+	RESERVED
+CVE-2015-5423
+	RESERVED
+CVE-2015-5422
+	RESERVED
+CVE-2015-5421
+	RESERVED
+CVE-2015-5420
+	RESERVED
+CVE-2015-5419
+	RESERVED
+CVE-2015-5418
+	RESERVED
+CVE-2015-5417
+	RESERVED
+CVE-2015-5416
+	RESERVED
+CVE-2015-5415
+	RESERVED
+CVE-2015-5414
+	RESERVED
+CVE-2015-5413
+	RESERVED
+CVE-2015-5412
+	RESERVED
+CVE-2015-5411
+	RESERVED
+CVE-2015-5410
+	RESERVED
+CVE-2015-5409
+	RESERVED
+CVE-2015-5408
+	RESERVED
+CVE-2015-5407
+	RESERVED
+CVE-2015-5406
+	RESERVED
+CVE-2015-5405
+	RESERVED
+CVE-2015-5404
+	RESERVED
+CVE-2015-5403
+	RESERVED
+CVE-2015-5402
+	RESERVED
+CVE-2015-5401
+	RESERVED
+CVE-2015-5400
+	RESERVED
+CVE-2015-5399
+	RESERVED
+CVE-2015-5398
+	RESERVED
+CVE-2015-5397
+	RESERVED
+CVE-2015-5396
+	RESERVED
+CVE-2015-5395
+	RESERVED
+CVE-2015-5394
+	RESERVED
+CVE-2015-5393
+	RESERVED
+CVE-2015-5392
+	RESERVED
+CVE-2015-5391
+	RESERVED
+CVE-2015-5390
+	RESERVED
+CVE-2015-5389
+	RESERVED
+CVE-2015-5388
+	RESERVED
+CVE-2015-5387
+	RESERVED
+CVE-2015-5386
+	RESERVED
+CVE-2015-5385
+	RESERVED
+CVE-2015-5384
+	RESERVED
+CVE-2015-5380
+	RESERVED
+CVE-2015-5379
+	RESERVED
+CVE-2015-5378
+	RESERVED
+CVE-2015-5377
+	RESERVED
+CVE-2015-5376
+	RESERVED
+CVE-2015-5375
+	RESERVED
+CVE-2015-5374
+	RESERVED
+CVE-2015-5373
+	RESERVED
+CVE-2015-5372
+	RESERVED
+CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allows ...)
+	TODO: check
+CVE-2015-5370
+	RESERVED
+CVE-2015-5369
+	RESERVED
+CVE-2015-5368
+	RESERVED
+CVE-2015-5367
+	RESERVED
+CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module ...)
+	TODO: check
+CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module ...)
+	TODO: check
+CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tournament ...)
+	TODO: check
+CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...)
+	TODO: check
+CVE-2014-9736
+	RESERVED
+CVE-2013-7442
+	RESERVED
+CVE-2012-6695
+	RESERVED
+CVE-2012-6694
+	RESERVED
+CVE-2012-6693
+	RESERVED
+CVE-2011-5324
+	RESERVED
+CVE-2011-5323
+	RESERVED
+CVE-2011-5322
+	RESERVED
 CVE-2015-XXXX [Incomplete WPS and P2P NFC NDEF record payload length validation]
 	- wpa <unfixed>
 	- wpasupplicant <removed>
@@ -26,16 +214,19 @@
 	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
 	NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
 CVE-2015-5383 [potential info disclosure from temp directory]
+	RESERVED
 	- roundcube <not-affected> (protection is done in apache config in binary package)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490378
 CVE-2015-5382 [security improvement in contact photo handling]
+	RESERVED
 	- roundcube <unfixed> (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
 	NOTE: http://trac.roundcube.net/ticket/1490379
 CVE-2015-5381 [XSS vulnerability in _mbox argument]
+	RESERVED
 	- roundcube <unfixed> (bug #791643)
 	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
@@ -1560,10 +1751,10 @@
 	RESERVED
 CVE-2015-4649
 	RESERVED
-CVE-2015-4648
-	RESERVED
-CVE-2015-4647
-	RESERVED
+CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX ...)
+	TODO: check
+CVE-2015-4647 (Multiple stack-based buffer overflows in Ipropsapi in Panasonic ...)
+	TODO: check
 CVE-2015-4641 (Directory traversal vulnerability in the SwiftKey language-pack update ...)
 	NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
 CVE-2015-4640 (The SwiftKey language-pack update implementation on Samsung Galaxy S4, ...)
@@ -2027,7 +2218,7 @@
 	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7720
 	NOTE: http://bugs.cacti.net/view.php?id=2572
 	NOTE: Fixed upstream in 0.8.8d
-CVE-2015-4453 (The web interface in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 ...)
+CVE-2015-4453 (interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch ...)
 	NOT-FOR-US: OpenEMR
 CVE-2015-4452
 	RESERVED
@@ -2464,8 +2655,8 @@
 	TODO: check
 CVE-2015-4231 (The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices ...)
 	TODO: check
-CVE-2015-4230
-	RESERVED
+CVE-2015-4230 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
+	TODO: check
 CVE-2015-4229 (The web framework in Cisco Unified Communications Domain Manager ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
 CVE-2015-4228 (Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad ...)
@@ -2726,6 +2917,7 @@
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
 CVE-2015-5366 [Linux UDP checksum DoS EGAIN part]
+	RESERVED
 	- linux 4.0.7-1
 	- linux-2.6 <removed>
 	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
@@ -3100,10 +3292,10 @@
 	- qemu-kvm <removed>
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8b8f1c7e9ddb2e88a144638f6527bf70e32343e3
-CVE-2015-4034
-	RESERVED
-CVE-2015-4033
-	RESERVED
+CVE-2015-4034 (The createFromParcel method in the ...)
+	TODO: check
+CVE-2015-4033 (Samsung SBeam allows remote attackers to read arbitrary images by ...)
+	TODO: check
 CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining NetCharts ...)
 	NOT-FOR-US: Visual Mining NetCharts Server
 CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the development ...)
@@ -3367,14 +3559,14 @@
 	RESERVED
 CVE-2015-3959
 	RESERVED
-CVE-2015-3958
-	RESERVED
-CVE-2015-3957
-	RESERVED
+CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...)
+	TODO: check
+CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...)
+	TODO: check
 CVE-2015-3956
 	RESERVED
-CVE-2015-3955
-	RESERVED
+CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion System ...)
+	TODO: check
 CVE-2015-3954
 	RESERVED
 CVE-2015-3953
@@ -4664,7 +4856,7 @@
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 (v4.1-rc2)
 	NOTE: https://lkml.org/lkml/2011/5/13/382
-CVE-2015-3459 (Hospira Lifecare PCA infusion pump running "SW ver 412" does not ...)
+CVE-2015-3459 (The communication module on the Hospira LifeCare PCA Infusion System ...)
 	NOT-FOR-US: Hospira Lifecare PCA
 CVE-2015-3458 (The fetchView function in the Mage_Core_Block_Template_Zend class in ...)
 	NOT-FOR-US: Magento
@@ -5199,8 +5391,7 @@
 	RESERVED
 CVE-2015-3282
 	RESERVED
-CVE-2015-3281 [information leak]
-	RESERVED
+CVE-2015-3281 (The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and ...)
 	{DSA-3301-1}
 	- haproxy 1.5.14-1
 	[wheezy] - haproxy <not-affected> (Affects 1.5.x and 1.6-dev only)
@@ -5433,8 +5624,7 @@
 	[wheezy] - pcre3 <no-dsa> (Minor issue)
 	[squeeze] - pcre3 <no-dsa> (Minor issue)
 	NOTE: https://bugs.exim.org/show_bug.cgi?id=1638
-CVE-2015-3216 [Crash in ssleay_rand_bytes due to locking regression]
-	RESERVED
+CVE-2015-3216 (Race condition in a certain Red Hat patch to the PRNG lock ...)
 	- openssl <not-affected> (Affects Red Hat specific patch)
 	NOTE: More information in https://bugzilla.redhat.com/show_bug.cgi?id=1225994
 CVE-2015-3215
@@ -6444,10 +6634,10 @@
 	NOT-FOR-US: Blue Coat SSL Visibility Appliance
 CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station 1.1-2291 ...)
 	NOT-FOR-US: Synology Cloud Station
-CVE-2015-2850
-	RESERVED
-CVE-2015-2849
-	RESERVED
+CVE-2015-2850 (Cross-site scripting (XSS) vulnerability in index-login.ant in the ...)
+	TODO: check
+CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate ...)
+	TODO: check
 CVE-2015-2848
 	RESERVED
 CVE-2015-2847
@@ -6854,18 +7044,15 @@
 	RESERVED
 CVE-2015-2744
 	RESERVED
-CVE-2015-2743
-	RESERVED
+CVE-2015-2743 (PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
-CVE-2015-2742
-	RESERVED
+CVE-2015-2742 (Mozilla Firefox before 39.0 on OS X includes native key press ...)
 	- iceweasel <not-affected> (OS X specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/
-CVE-2015-2741
-	RESERVED
+CVE-2015-2741 (Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and ...)
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
@@ -6875,64 +7062,56 @@
 	[jessie] - icedove <not-affected> (Only affects Thunderbird 38 and later)
 	[wheezy] - icedove <not-affected> (Only affects Thunderbird 38 and later)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/
-CVE-2015-2740
-	RESERVED
+CVE-2015-2740 (Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2739
-	RESERVED
+CVE-2015-2739 (The ArrayBufferBuilder::append function in Mozilla Firefox before ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2738
-	RESERVED
+CVE-2015-2738 (The YCbCrImageDataDeserializer::ToDataSourceSurface function in the ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2737
-	RESERVED
+CVE-2015-2737 (The rx::d3d11::SetBufferData function in the Direct3D 11 ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2736
-	RESERVED
+CVE-2015-2736 (The nsZipArchive::BuildFileList function in Mozilla Firefox before ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2735
-	RESERVED
+CVE-2015-2735 (nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2734
-	RESERVED
+CVE-2015-2734 (The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
-CVE-2015-2733
-	RESERVED
+CVE-2015-2733 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant ...)
 	- iceweasel 38.1.0esr-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
@@ -6940,44 +7119,38 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
 CVE-2015-2732
 	RESERVED
-CVE-2015-2731
-	RESERVED
+CVE-2015-2731 (Use-after-free vulnerability in the CSPService::ShouldLoad function in ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
-CVE-2015-2730
-	RESERVED
+CVE-2015-2730 (Mozilla Network Security Services (NSS) before 3.19.1, as used in ...)
 	- nss 2:3.19.1-1
 	- iceweasel 38.1.0esr-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
-CVE-2015-2729
-	RESERVED
+CVE-2015-2729 (The AudioParamTimeline::AudioNodeInputValue function in the Web Audio ...)
 	- iceweasel 38.1.0esr-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/
-CVE-2015-2728
-	RESERVED
+CVE-2015-2728 (The IndexedDatabaseManager class in the IndexedDB implementation in ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
-CVE-2015-2727
-	RESERVED
+CVE-2015-2727 (Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote ...)
 	- iceweasel 38.1.0esr-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/
-CVE-2015-2726
-	RESERVED
+CVE-2015-2726 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 39)
@@ -6987,8 +7160,7 @@
 	[jessie] - icedove <not-affected> (Only affects Icedove 39)
 	[wheezy] - icedove <not-affected> (Only affects Icedove 39)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
-CVE-2015-2725
-	RESERVED
+CVE-2015-2725 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
@@ -6998,8 +7170,7 @@
 	[jessie] - icedove <not-affected> (Only affects Icedove 38 and later)
 	[wheezy] - icedove <not-affected> (Only affects Icedove 38 and later)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
-CVE-2015-2724
-	RESERVED
+CVE-2015-2724 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-3300-1}
 	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
@@ -7008,15 +7179,13 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
 CVE-2015-2723
 	REJECTED
-CVE-2015-2722
-	RESERVED
+CVE-2015-2722 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant ...)
 	- iceweasel 38.1.0esr-1
 	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
 	[squeeze] - iceweasel <end-of-life>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
-CVE-2015-2721
-	RESERVED
+CVE-2015-2721 (Mozilla Network Security Services (NSS) before 3.19, as used in ...)
 	{DSA-3300-1}
 	- nss 2:3.19.1-1
 	- iceweasel 38.1.0esr-1
@@ -8721,8 +8890,8 @@
 	RESERVED
 CVE-2015-2127
 	RESERVED
-CVE-2015-2126
-	RESERVED
+CVE-2015-2126 (Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows ...)
+	TODO: check
 CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before ...)
 	NOT-FOR-US: HP WebInspect
 CVE-2015-2124 (Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 ...)
@@ -12392,8 +12561,8 @@
 	NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
 CVE-2015-1012
 	RESERVED
-CVE-2015-1011
-	RESERVED
+CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded ...)
+	TODO: check
 CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
 	NOT-FOR-US: Rockwell Automation RSView32
 CVE-2015-1009
@@ -25795,8 +25964,8 @@
 	NOT-FOR-US: Nordex Control 2
 CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET ...)
 	NOT-FOR-US: Schneider Electric
-CVE-2014-5406
-	RESERVED
+CVE-2014-5406 (The Hospira LifeCare PCA Infusion System before 7.0 does not validate ...)
+	TODO: check
 CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to ...)
 	NOT-FOR-US: Hospira MedNet
 CVE-2014-5404
@@ -30237,8 +30406,7 @@
 	NOT-FOR-US: JBoss KeyCloak
 CVE-2014-3654 (Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java ...)
 	NOT-FOR-US: Red Hat Satellite
-CVE-2014-3653 [XSS flaw on template preview screen]
-	RESERVED
+CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview ...)
 	- foreman <itp> (bug #663101)
 	NOTE: http://projects.theforeman.org/issues/7483
 	NOTE: https://github.com/sodabrew/foreman/issues/1




More information about the Secure-testing-commits mailing list