[Secure-testing-commits] r34701 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jun 3 21:10:17 UTC 2015
Author: sectracker
Date: 2015-06-03 21:10:17 +0000 (Wed, 03 Jun 2015)
New Revision: 34701
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-03 20:34:02 UTC (rev 34700)
+++ data/CVE/list 2015-06-03 21:10:17 UTC (rev 34701)
@@ -1,3 +1,58 @@
+CVE-2015-6593
+ REJECTED
+ TODO: check
+CVE-2015-4172
+ RESERVED
+CVE-2015-4171
+ RESERVED
+CVE-2015-4169
+ RESERVED
+CVE-2015-4168
+ RESERVED
+CVE-2015-4166
+ RESERVED
+CVE-2015-4165
+ RESERVED
+CVE-2015-4164
+ RESERVED
+CVE-2015-4163
+ RESERVED
+CVE-2015-4162 (XML external entity (XXE) vulnerability in the management interface in ...)
+ TODO: check
+CVE-2015-4161 (SAP Afaria does not properly restrict access to unspecified ...)
+ TODO: check
+CVE-2015-4160 (SQL injection vulnerability in SAP ASE Database Platform allows remote ...)
+ TODO: check
+CVE-2015-4159 (SQL injection vulnerability in SAP HANA Web-based Development ...)
+ TODO: check
+CVE-2015-4158 (SAP ABAP & Java Server allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2015-4157 (SAP Content Server allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2015-4156 (GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) ...)
+ TODO: check
+CVE-2015-4155 (GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) ...)
+ TODO: check
+CVE-2015-4154
+ RESERVED
+CVE-2015-4153
+ RESERVED
+CVE-2015-4152
+ RESERVED
+CVE-2015-4151
+ RESERVED
+CVE-2015-4150
+ RESERVED
+CVE-2015-4149
+ RESERVED
+CVE-2015-4138 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
+ TODO: check
+CVE-2015-4137 (SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 ...)
+ TODO: check
+CVE-2015-4136
+ RESERVED
+CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands ...)
+ TODO: check
CVE-2014-9731 [udf: information leakage when reading symlink]
- linux 4.0.2-1
- linux-2.6 <removed>
@@ -33,6 +88,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
TODO: check remaining affected versions
CVE-2015-4167 [fs: udf kernel oops]
+ RESERVED
- linux 4.0.2-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
@@ -47,8 +103,10 @@
NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/31/4
CVE-2015-4140
+ RESERVED
NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4139
+ RESERVED
NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4135 (Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 ...)
NOT-FOR-US: PHPWind
@@ -170,8 +228,8 @@
RESERVED
CVE-2015-4095
RESERVED
-CVE-2015-4094
- RESERVED
+CVE-2015-4094 (The Thycotic Password Manager Secret Server application through 2.3 ...)
+ TODO: check
CVE-2015-4093
RESERVED
CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 ...)
@@ -218,20 +276,20 @@
RESERVED
CVE-2015-4070
RESERVED
-CVE-2015-4069
- RESERVED
-CVE-2015-4068
- RESERVED
-CVE-2015-4067
- RESERVED
+CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 ...)
+ TODO: check
+CVE-2015-4068 (Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 ...)
+ TODO: check
+CVE-2015-4067 (Integer overflow in the libnv6 module in Dell NetVault Backup before ...)
+ TODO: check
CVE-2015-4066 (Multiple SQL injection vulnerabilities in admin/handlers.php in the ...)
NOT-FOR-US: GigPress plugin for WordPress
CVE-2015-4061
RESERVED
-CVE-2015-4060
- RESERVED
-CVE-2015-4059
- RESERVED
+CVE-2015-4060 (Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) ...)
+ TODO: check
+CVE-2015-4059 (Heap-based buffer overflow in the License Server (LicenseServer.exe) ...)
+ TODO: check
CVE-2015-4058
RESERVED
CVE-2015-4057
@@ -257,6 +315,7 @@
NOTE: https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
NOTE: http://www.openwall.com/lists/oss-security/2015/05/25/3
CVE-2015-4170 [vulnerability in the kernel tty subsystem]
+ RESERVED
- linux 3.13.4-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae (v3.13-rc5)
@@ -274,8 +333,7 @@
RESERVED
CVE-2015-4051
RESERVED
-CVE-2015-4050 [ESI unauthorized access]
- RESERVED
+CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...)
{DSA-3276-1}
- symfony 2.7.0~beta2+dfsg-2
NOTE: https://github.com/fabpot/symfony/commit/d320d27699abcea12479cf608908fa91bcc133d4
@@ -345,10 +403,10 @@
RESERVED
CVE-2015-4033
RESERVED
-CVE-2015-4032
- RESERVED
-CVE-2015-4031
- RESERVED
+CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining NetCharts ...)
+ TODO: check
+CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the development ...)
+ TODO: check
CVE-2015-4030
RESERVED
CVE-2015-4029
@@ -374,8 +432,7 @@
NOTE: https://bugs.python.org/issue17997#msg194950
NOTE: https://hg.python.org/cpython/rev/10d0edadbcdd
TODO: check affected versions
-CVE-2015-4047 [denial-of-service]
- RESERVED
+CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause ...)
{DSA-3272-1 DLA-234-1}
- ipsec-tools 1:0.8.2+20140711-3 (bug #785778)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
@@ -450,10 +507,10 @@
RESERVED
CVE-2015-3996
RESERVED
-CVE-2015-3995
- RESERVED
-CVE-2015-3994
- RESERVED
+CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
+ TODO: check
+CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...)
+ TODO: check
CVE-2015-3993
RESERVED
CVE-2015-3992
@@ -518,8 +575,7 @@
RESERVED
CVE-2015-3983 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the ...)
- pcs <itp> (bug #706522)
-CVE-2015-3982 [Fixed session flushing in the cached_db backend]
- RESERVED
+CVE-2015-3982 (The session.flush function in the cached_db backend in Django 1.8.x ...)
- python-django <not-affected> (Only affects 1.8 and development branch)
NOTE: https://www.djangoproject.com/weblog/2015/may/20/security-release/
CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
@@ -606,8 +662,8 @@
RESERVED
CVE-2015-3940
RESERVED
-CVE-2015-3939
- RESERVED
+CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
+ TODO: check
CVE-2015-3938
RESERVED
CVE-2015-3937
@@ -683,8 +739,8 @@
RESERVED
CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the Android ...)
TODO: check
-CVE-2015-3904
- RESERVED
+CVE-2015-3904 (Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php ...)
+ TODO: check
CVE-2015-3901
RESERVED
CVE-2015-3900
@@ -1314,6 +1370,7 @@
NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-4146 [EAP-pwd missing payload length validation]
+ RESERVED
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -1322,6 +1379,7 @@
NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4145 [EAP-pwd missing payload length validation]
+ RESERVED
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -1331,6 +1389,7 @@
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4144 [EAP-pwd missing payload length validation]
+ RESERVED
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -1340,6 +1399,7 @@
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4143 [EAP-pwd missing payload length validation]
+ RESERVED
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -1349,6 +1409,7 @@
NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4142 [Integer underflow in AP mode WMM Action frame processing]
+ RESERVED
- wpa <unfixed> (bug #787373)
- wpasupplicant <removed>
[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with specific configurations)
@@ -1357,6 +1418,7 @@
NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
CVE-2015-4141 [WPS UPnP vulnerability with HTTP chunked transfer encoding]
+ RESERVED
- wpa <unfixed> (bug #787372)
- wpasupplicant <removed> (unimportant)
[squeeze] - wpasupplicant <not-affected> (Affects v0.7.0-v2.4 with CONFIG_WPS_ER=y in the build configuration)
@@ -2324,8 +2386,8 @@
NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain ...)
NOT-FOR-US: FortiMail
-CVE-2015-3292
- RESERVED
+CVE-2015-3292 (The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 ...)
+ TODO: check
CVE-2015-3291
RESERVED
CVE-2015-3290
@@ -2580,35 +2642,27 @@
[jessie] - wireshark <not-affected> (Only affected 1.10.x)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1219409
-CVE-2015-3181
- RESERVED
+CVE-2015-3181 (files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3180
- RESERVED
+CVE-2015-3180 (lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3179
- RESERVED
+CVE-2015-3179 (login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3178
- RESERVED
+CVE-2015-3178 (Cross-site scripting (XSS) vulnerability in the external_format_text ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3177
- RESERVED
+CVE-2015-3177 (Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe ...)
- moodle <not-affected> (Only affects versions 2.8 to 2.8.5)
-CVE-2015-3176
- RESERVED
+CVE-2015-3176 (The account-confirmation feature in login/confirm.php in Moodle ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3175
- RESERVED
+CVE-2015-3175 (Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
-CVE-2015-3174
- RESERVED
+CVE-2015-3174 (mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...)
- moodle 2.7.8+dfsg-1 (bug #785591)
[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3173
@@ -3206,18 +3260,18 @@
RESERVED
CVE-2015-2950
RESERVED
-CVE-2015-2949
- RESERVED
-CVE-2015-2948
- RESERVED
+CVE-2015-2949 (Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and ...)
+ TODO: check
+CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in ...)
+ TODO: check
CVE-2015-2947
RESERVED
CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF common ...)
TODO: check
CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does ...)
NOT-FOR-US: Hajime Fujimoto mt-phpincgi
-CVE-2015-2944
- RESERVED
+CVE-2015-2944 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling ...)
+ TODO: check
CVE-2015-2943
RESERVED
CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for URL ...)
@@ -3427,16 +3481,16 @@
RESERVED
CVE-2015-2856
RESERVED
-CVE-2015-2855
- RESERVED
-CVE-2015-2854
- RESERVED
-CVE-2015-2853
- RESERVED
-CVE-2015-2852
- RESERVED
-CVE-2015-2851
- RESERVED
+CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
+ TODO: check
+CVE-2015-2854 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
+ TODO: check
+CVE-2015-2853 (Session fixation vulnerability in the WebUI component in Blue Coat SSL ...)
+ TODO: check
+CVE-2015-2852 (Cross-site request forgery (CSRF) vulnerability in the WebUI component ...)
+ TODO: check
+CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station 1.1-2291 ...)
+ TODO: check
CVE-2015-2850
RESERVED
CVE-2015-2849
@@ -3792,8 +3846,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/4
NOTE: Only in the asn1 definition parser, not in the asn1 parser itself
NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
-CVE-2013-7441 [nbd-server: server dies if client asks for a non-existing export]
- RESERVED
+CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server) ...)
{DSA-3271-1}
- nbd 1:3.4-1 (bug #781547)
[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
@@ -4772,11 +4825,13 @@
- libdbd-firebird-perl 1.18-2 (bug #780925)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
CVE-2015-4148 [SoapClient's __call() type confusion through unserialize() -- issue located in do_soap_call()]
+ RESERVED
- php5 5.6.7+dfsg-1
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-4147 [SoapClient's __call() type confusion through unserialize() -- In soap.c:2906]
+ RESERVED
- php5 5.6.7+dfsg-1
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
@@ -5145,16 +5200,16 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/03/12/9
CVE-2015-2283
RESERVED
-CVE-2015-2282
- RESERVED
+CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation ...)
+ TODO: check
CVE-2015-2281 (Stack-based buffer overflow in collectoragent.exe in Fortinet Single ...)
NOT-FOR-US: Fortinet Single Sign On
CVE-2015-2280
RESERVED
CVE-2015-2279
RESERVED
-CVE-2015-2278
- RESERVED
+CVE-2015-2278 (The LZH decompression implementation (CsObjectInt::BuildHufTree ...)
+ TODO: check
CVE-2015-2277
RESERVED
CVE-2015-2276
@@ -5163,43 +5218,35 @@
NOT-FOR-US: WoltLab Community Gallery
CVE-2015-2274
RESERVED
-CVE-2015-2273
- RESERVED
+CVE-2015-2273 (Cross-site scripting (XSS) vulnerability in ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
-CVE-2015-2272
- RESERVED
+CVE-2015-2272 (login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691
-CVE-2015-2271
- RESERVED
+CVE-2015-2271 (tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
-CVE-2015-2270
- RESERVED
+CVE-2015-2270 (lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
-CVE-2015-2269
- RESERVED
+CVE-2015-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144
-CVE-2015-2268
- RESERVED
+CVE-2015-2268 (filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466
-CVE-2015-2267
- RESERVED
+CVE-2015-2267 (mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
-CVE-2015-2266
- RESERVED
+CVE-2015-2266 (message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...)
- moodle 2.7.7+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204
@@ -6050,8 +6097,8 @@
RESERVED
CVE-2015-1946
RESERVED
-CVE-2015-1945
- RESERVED
+CVE-2015-1945 (Unspecified vulnerability in the Reference Data Management component ...)
+ TODO: check
CVE-2015-1944
RESERVED
CVE-2015-1943
@@ -6066,8 +6113,8 @@
RESERVED
CVE-2015-1938
RESERVED
-CVE-2015-1937
- RESERVED
+CVE-2015-1937 (IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and ...)
+ TODO: check
CVE-2015-1936
RESERVED
CVE-2015-1935
@@ -6368,8 +6415,7 @@
NOT-FOR-US: Apache Cordova
CVE-2015-1834
RESERVED
-CVE-2015-1833 [Jackrabbit WebDAV bundle susceptible to XXE/XEE attack]
- RESERVED
+CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit before ...)
- jackrabbit <unfixed> (bug #787316)
NOTE: https://issues.apache.org/jira/browse/JCR-3883
CVE-2015-1832
@@ -7683,8 +7729,7 @@
[wheezy] - facter <no-dsa> (Minor issue)
NOTE: http://puppetlabs.com/security/cve/cve-2015-1426
NOTE: The assessment for Squeeze being unaffected is based on the fact that the code accesses http://169.254.169.254/2008-02-01/meta-data/ and that http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html mentions the iam/security-credentials/role key as being introduced in version 2012-01-12.
-CVE-2015-1493 [MDL-48980 Security: Always clean the result from min_get_slash_argument]
- RESERVED
+CVE-2015-1493 (Directory traversal vulnerability in the min_get_slash_argument ...)
- moodle 2.7.5+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
@@ -9199,8 +9244,8 @@
RESERVED
CVE-2015-1011
RESERVED
-CVE-2015-1010
- RESERVED
+CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
+ TODO: check
CVE-2015-1009
RESERVED
CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...)
@@ -9813,8 +9858,7 @@
RESERVED
CVE-2015-0851
RESERVED
-CVE-2015-0850 [arbitrary command execution]
- RESERVED
+CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attackers ...)
{DSA-3275-1}
- fusionforge 6.0~rc4-1
[squeeze] - fusionforge <not-affected> (Affects 5.3 and later)
@@ -9825,8 +9869,7 @@
CVE-2015-0848 [Heap overflow]
RESERVED
- libwmf <unfixed> (bug #787644)
-CVE-2015-0847 [unsafe signal handling]
- RESERVED
+CVE-2015-0847 (nbd-server.c in Network Block Device (nbd-server) before 3.11 does not ...)
{DSA-3271-1 DLA-223-1}
- nbd 1:3.10-1 (bug #784657)
NOTE: http://sourceforge.net/p/nbd/mailman/message/34091218/
@@ -10121,40 +10164,40 @@
RESERVED
CVE-2015-0760
RESERVED
-CVE-2015-0759
- RESERVED
-CVE-2015-0758
- RESERVED
-CVE-2015-0757
- RESERVED
-CVE-2015-0756
- RESERVED
-CVE-2015-0755
- RESERVED
-CVE-2015-0754
- RESERVED
-CVE-2015-0753
- RESERVED
-CVE-2015-0752
- RESERVED
-CVE-2015-0751
- RESERVED
+CVE-2015-0759 (Cross-site request forgery (CSRF) vulnerability in Cisco Headend ...)
+ TODO: check
+CVE-2015-0758 (The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) ...)
+ TODO: check
+CVE-2015-0757 (The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) ...)
+ TODO: check
+CVE-2015-0756 (Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) ...)
+ TODO: check
+CVE-2015-0755 (The Posture module for Cisco Identity Services Engine (ISE), as ...)
+ TODO: check
+CVE-2015-0754 (Cisco Finesse 10.5(1) allows remote authenticated users to obtain ...)
+ TODO: check
+CVE-2015-0753 (SQL injection vulnerability in Cisco Unified Email Interaction Manager ...)
+ TODO: check
+CVE-2015-0752 (Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video ...)
+ TODO: check
+CVE-2015-0751 (Cisco IP Phone 7861, when firmware from Cisco Unified Communications ...)
+ TODO: check
CVE-2015-0750 (The administrative web interface in Cisco Hosted Collaboration ...)
NOT-FOR-US: Cisco
CVE-2015-0749
RESERVED
CVE-2015-0748
RESERVED
-CVE-2015-0747
- RESERVED
+CVE-2015-0747 (Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release ...)
+ TODO: check
CVE-2015-0746 (The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows ...)
NOT-FOR-US: Cisco Access Control Server
-CVE-2015-0745
- RESERVED
-CVE-2015-0744
- RESERVED
-CVE-2015-0743
- RESERVED
+CVE-2015-0745 (Cisco Headend System Release allows remote attackers to read temporary ...)
+ TODO: check
+CVE-2015-0744 (Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System ...)
+ TODO: check
+CVE-2015-0743 (Cisco Headend System Release allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2015-0742 (The Protocol Independent Multicast (PIM) application in Cisco Adaptive ...)
NOT-FOR-US: Cisco
CVE-2015-0741 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco ...)
@@ -10173,8 +10216,8 @@
NOT-FOR-US: Cisco
CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email ...)
NOT-FOR-US: Cisco
-CVE-2015-0733
- RESERVED
+CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in Digital ...)
+ TODO: check
CVE-2015-0732
RESERVED
CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote attackers to ...)
@@ -13439,42 +13482,34 @@
{DSA-3151-1 DLA-143-1}
- python-django 1.7.1-1.1 (bug #775375)
NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
-CVE-2015-0218
- RESERVED
+CVE-2015-0218 (Cross-site request forgery (CSRF) vulnerability in ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278618#p1196684
-CVE-2015-0217
- RESERVED
+CVE-2015-0217 (filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278617#p1196683
-CVE-2015-0216
- RESERVED
+CVE-2015-0216 (access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not ...)
- moodle <not-affected> (Only affects 2.8.x)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278616#p1196682
-CVE-2015-0215
- RESERVED
+CVE-2015-0215 (calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278615#p1196681
-CVE-2015-0214
- RESERVED
+CVE-2015-0214 (message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278614#p1196680
-CVE-2015-0213
- RESERVED
+CVE-2015-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278613#p1196679
-CVE-2015-0212
- RESERVED
+CVE-2015-0212 (Cross-site scripting (XSS) vulnerability in course/pending.php in ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278612#p1196678
-CVE-2015-0211
- RESERVED
+CVE-2015-0211 (mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://moodle.org/mod/forum/discuss.php?d=278611#p1196676
@@ -13515,8 +13550,8 @@
NOTE: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt
CVE-2015-0201 (The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 ...)
- libspring-java <not-affected> (Only affects Spring Framework 4.1.0 to 4.1.4)
-CVE-2015-0200
- RESERVED
+CVE-2015-0200 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 ...)
+ TODO: check
CVE-2015-0199 (The mmfslinux kernel module in IBM General Parallel File System (GPFS) ...)
NOT-FOR-US: IBM General Parallel File System
CVE-2015-0198 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...)
@@ -13529,13 +13564,13 @@
RESERVED
CVE-2015-0194
RESERVED
-CVE-2015-0193
- RESERVED
+CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
+ TODO: check
CVE-2015-0192
RESERVED
NOT-FOR-US: IBM JDK
CVE-2015-0191
- RESERVED
+ REJECTED
CVE-2015-0190
RESERVED
CVE-2015-0189 (The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 ...)
@@ -13674,8 +13709,8 @@
NOT-FOR-US: IBM Rational Team Concert
CVE-2015-0122 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
NOT-FOR-US: IBM Rational Team Concert
-CVE-2015-0121
- RESERVED
+CVE-2015-0121 (IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through ...)
+ TODO: check
CVE-2015-0120 (Buffer overflow in the FastBackMount process in IBM Tivoli Storage ...)
NOT-FOR-US: IBM
CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before ...)
@@ -15473,8 +15508,8 @@
RESERVED
CVE-2014-8392
RESERVED
-CVE-2014-8391
- RESERVED
+CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle ...)
+ TODO: check
CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...)
NOT-FOR-US: Schneider Electric
CVE-2014-8389
@@ -16339,6 +16374,7 @@
CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x ...)
- 389-ds-base 1.3.3.5-4 (bug #779909)
CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount ...)
+ {DSA-3278-1}
- libapache-mod-jk 1:1.2.40+svn150520-1 (bug #783233)
NOTE: Fix: http://svn.apache.org/r1647017
CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
@@ -34353,8 +34389,8 @@
NOT-FOR-US: SoapUI
CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
NOT-FOR-US: Lorex
-CVE-2014-0999
- RESERVED
+CVE-2014-0999 (Sendio before 7.2.4 includes the session identifier in URLs in emails, ...)
+ TODO: check
CVE-2014-0998 (Integer signedness error in the vt console driver (formerly Newcons) ...)
- kfreebsd-10 10.1~svn274115-3 (bug #779194)
- kfreebsd-9 <not-affected> (don't have newcons)
More information about the Secure-testing-commits
mailing list