[Secure-testing-commits] r34857 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jun 10 21:10:15 UTC 2015
Author: sectracker
Date: 2015-06-10 21:10:14 +0000 (Wed, 10 Jun 2015)
New Revision: 34857
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-10 21:03:28 UTC (rev 34856)
+++ data/CVE/list 2015-06-10 21:10:14 UTC (rev 34857)
@@ -1,3 +1,553 @@
+CVE-2015-4457
+ RESERVED
+CVE-2015-4456
+ RESERVED
+CVE-2015-4455
+ RESERVED
+CVE-2015-4454
+ RESERVED
+CVE-2015-4453
+ RESERVED
+CVE-2015-4452
+ RESERVED
+CVE-2015-4451
+ RESERVED
+CVE-2015-4450
+ RESERVED
+CVE-2015-4449
+ RESERVED
+CVE-2015-4448
+ RESERVED
+CVE-2015-4447
+ RESERVED
+CVE-2015-4446
+ RESERVED
+CVE-2015-4445
+ RESERVED
+CVE-2015-4444
+ RESERVED
+CVE-2015-4443
+ RESERVED
+CVE-2015-4442
+ RESERVED
+CVE-2015-4441
+ RESERVED
+CVE-2015-4440
+ RESERVED
+CVE-2015-4439
+ RESERVED
+CVE-2015-4438
+ RESERVED
+CVE-2015-4437
+ RESERVED
+CVE-2015-4436
+ RESERVED
+CVE-2015-4435
+ RESERVED
+CVE-2015-4434
+ RESERVED
+CVE-2015-4433
+ RESERVED
+CVE-2015-4432
+ RESERVED
+CVE-2015-4431
+ RESERVED
+CVE-2015-4430
+ RESERVED
+CVE-2015-4429
+ RESERVED
+CVE-2015-4428
+ RESERVED
+CVE-2015-4427 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2015-4426
+ RESERVED
+CVE-2015-4425
+ RESERVED
+CVE-2015-4424
+ RESERVED
+CVE-2015-4423
+ RESERVED
+CVE-2015-4422
+ RESERVED
+CVE-2015-4421
+ RESERVED
+CVE-2015-4420
+ RESERVED
+CVE-2015-4419
+ RESERVED
+CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an off ...)
+ TODO: check
+CVE-2015-4417
+ RESERVED
+CVE-2015-4416
+ RESERVED
+CVE-2015-4415
+ RESERVED
+CVE-2015-4414
+ RESERVED
+CVE-2015-4413
+ RESERVED
+CVE-2015-4409
+ RESERVED
+CVE-2015-4408
+ RESERVED
+CVE-2015-4407
+ RESERVED
+CVE-2015-4406
+ RESERVED
+CVE-2015-4405
+ RESERVED
+CVE-2015-4404
+ RESERVED
+CVE-2015-4403
+ RESERVED
+CVE-2015-4402
+ RESERVED
+CVE-2015-4401
+ RESERVED
+CVE-2015-4400
+ RESERVED
+CVE-2015-4399
+ RESERVED
+CVE-2015-4398
+ RESERVED
+CVE-2015-4397
+ RESERVED
+CVE-2015-4396
+ RESERVED
+CVE-2015-4395
+ RESERVED
+CVE-2015-4394
+ RESERVED
+CVE-2015-4393
+ RESERVED
+CVE-2015-4392
+ RESERVED
+CVE-2015-4391
+ RESERVED
+CVE-2015-4390
+ RESERVED
+CVE-2015-4389
+ RESERVED
+CVE-2015-4388
+ RESERVED
+CVE-2015-4387
+ RESERVED
+CVE-2015-4386
+ RESERVED
+CVE-2015-4385
+ RESERVED
+CVE-2015-4384
+ RESERVED
+CVE-2015-4383
+ RESERVED
+CVE-2015-4382
+ RESERVED
+CVE-2015-4381
+ RESERVED
+CVE-2015-4380
+ RESERVED
+CVE-2015-4379
+ RESERVED
+CVE-2015-4378
+ RESERVED
+CVE-2015-4377
+ RESERVED
+CVE-2015-4376
+ RESERVED
+CVE-2015-4375
+ RESERVED
+CVE-2015-4374
+ RESERVED
+CVE-2015-4373
+ RESERVED
+CVE-2015-4372
+ RESERVED
+CVE-2015-4371
+ RESERVED
+CVE-2015-4370
+ RESERVED
+CVE-2015-4369
+ RESERVED
+CVE-2015-4368
+ RESERVED
+CVE-2015-4367
+ RESERVED
+CVE-2015-4366
+ RESERVED
+CVE-2015-4365
+ RESERVED
+CVE-2015-4364
+ RESERVED
+CVE-2015-4363
+ RESERVED
+CVE-2015-4362
+ RESERVED
+CVE-2015-4361
+ RESERVED
+CVE-2015-4360
+ RESERVED
+CVE-2015-4359
+ RESERVED
+CVE-2015-4358
+ RESERVED
+CVE-2015-4357
+ RESERVED
+CVE-2015-4356
+ RESERVED
+CVE-2015-4355
+ RESERVED
+CVE-2015-4354
+ RESERVED
+CVE-2015-4353
+ RESERVED
+CVE-2015-4352
+ RESERVED
+CVE-2015-4351
+ RESERVED
+CVE-2015-4350
+ RESERVED
+CVE-2015-4349
+ RESERVED
+CVE-2015-4348
+ RESERVED
+CVE-2015-4347
+ RESERVED
+CVE-2015-4346
+ RESERVED
+CVE-2015-4345
+ RESERVED
+CVE-2015-4344
+ RESERVED
+CVE-2015-4343
+ RESERVED
+CVE-2015-4342
+ RESERVED
+CVE-2015-4341
+ RESERVED
+CVE-2015-4340
+ RESERVED
+CVE-2015-4339
+ RESERVED
+CVE-2015-4334
+ RESERVED
+CVE-2015-4333
+ RESERVED
+CVE-2015-4332
+ RESERVED
+CVE-2015-4331
+ RESERVED
+CVE-2015-4330
+ RESERVED
+CVE-2015-4329
+ RESERVED
+CVE-2015-4328
+ RESERVED
+CVE-2015-4327
+ RESERVED
+CVE-2015-4326
+ RESERVED
+CVE-2015-4325
+ RESERVED
+CVE-2015-4324
+ RESERVED
+CVE-2015-4323
+ RESERVED
+CVE-2015-4322
+ RESERVED
+CVE-2015-4321
+ RESERVED
+CVE-2015-4320
+ RESERVED
+CVE-2015-4319
+ RESERVED
+CVE-2015-4318
+ RESERVED
+CVE-2015-4317
+ RESERVED
+CVE-2015-4316
+ RESERVED
+CVE-2015-4315
+ RESERVED
+CVE-2015-4314
+ RESERVED
+CVE-2015-4313
+ RESERVED
+CVE-2015-4312
+ RESERVED
+CVE-2015-4311
+ RESERVED
+CVE-2015-4310
+ RESERVED
+CVE-2015-4309
+ RESERVED
+CVE-2015-4308
+ RESERVED
+CVE-2015-4307
+ RESERVED
+CVE-2015-4306
+ RESERVED
+CVE-2015-4305
+ RESERVED
+CVE-2015-4304
+ RESERVED
+CVE-2015-4303
+ RESERVED
+CVE-2015-4302
+ RESERVED
+CVE-2015-4301
+ RESERVED
+CVE-2015-4300
+ RESERVED
+CVE-2015-4299
+ RESERVED
+CVE-2015-4298
+ RESERVED
+CVE-2015-4297
+ RESERVED
+CVE-2015-4296
+ RESERVED
+CVE-2015-4295
+ RESERVED
+CVE-2015-4294
+ RESERVED
+CVE-2015-4293
+ RESERVED
+CVE-2015-4292
+ RESERVED
+CVE-2015-4291
+ RESERVED
+CVE-2015-4290
+ RESERVED
+CVE-2015-4289
+ RESERVED
+CVE-2015-4288
+ RESERVED
+CVE-2015-4287
+ RESERVED
+CVE-2015-4286
+ RESERVED
+CVE-2015-4285
+ RESERVED
+CVE-2015-4284
+ RESERVED
+CVE-2015-4283
+ RESERVED
+CVE-2015-4282
+ RESERVED
+CVE-2015-4281
+ RESERVED
+CVE-2015-4280
+ RESERVED
+CVE-2015-4279
+ RESERVED
+CVE-2015-4278
+ RESERVED
+CVE-2015-4277
+ RESERVED
+CVE-2015-4276
+ RESERVED
+CVE-2015-4275
+ RESERVED
+CVE-2015-4274
+ RESERVED
+CVE-2015-4273
+ RESERVED
+CVE-2015-4272
+ RESERVED
+CVE-2015-4271
+ RESERVED
+CVE-2015-4270
+ RESERVED
+CVE-2015-4269
+ RESERVED
+CVE-2015-4268
+ RESERVED
+CVE-2015-4267
+ RESERVED
+CVE-2015-4266
+ RESERVED
+CVE-2015-4265
+ RESERVED
+CVE-2015-4264
+ RESERVED
+CVE-2015-4263
+ RESERVED
+CVE-2015-4262
+ RESERVED
+CVE-2015-4261
+ RESERVED
+CVE-2015-4260
+ RESERVED
+CVE-2015-4259
+ RESERVED
+CVE-2015-4258
+ RESERVED
+CVE-2015-4257
+ RESERVED
+CVE-2015-4256
+ RESERVED
+CVE-2015-4255
+ RESERVED
+CVE-2015-4254
+ RESERVED
+CVE-2015-4253
+ RESERVED
+CVE-2015-4252
+ RESERVED
+CVE-2015-4251
+ RESERVED
+CVE-2015-4250
+ RESERVED
+CVE-2015-4249
+ RESERVED
+CVE-2015-4248
+ RESERVED
+CVE-2015-4247
+ RESERVED
+CVE-2015-4246
+ RESERVED
+CVE-2015-4245
+ RESERVED
+CVE-2015-4244
+ RESERVED
+CVE-2015-4243
+ RESERVED
+CVE-2015-4242
+ RESERVED
+CVE-2015-4241
+ RESERVED
+CVE-2015-4240
+ RESERVED
+CVE-2015-4239
+ RESERVED
+CVE-2015-4238
+ RESERVED
+CVE-2015-4237
+ RESERVED
+CVE-2015-4236
+ RESERVED
+CVE-2015-4235
+ RESERVED
+CVE-2015-4234
+ RESERVED
+CVE-2015-4233
+ RESERVED
+CVE-2015-4232
+ RESERVED
+CVE-2015-4231
+ RESERVED
+CVE-2015-4230
+ RESERVED
+CVE-2015-4229
+ RESERVED
+CVE-2015-4228
+ RESERVED
+CVE-2015-4227
+ RESERVED
+CVE-2015-4226
+ RESERVED
+CVE-2015-4225
+ RESERVED
+CVE-2015-4224
+ RESERVED
+CVE-2015-4223
+ RESERVED
+CVE-2015-4222
+ RESERVED
+CVE-2015-4221
+ RESERVED
+CVE-2015-4220
+ RESERVED
+CVE-2015-4219
+ RESERVED
+CVE-2015-4218
+ RESERVED
+CVE-2015-4217
+ RESERVED
+CVE-2015-4216
+ RESERVED
+CVE-2015-4215
+ RESERVED
+CVE-2015-4214
+ RESERVED
+CVE-2015-4213
+ RESERVED
+CVE-2015-4212
+ RESERVED
+CVE-2015-4211
+ RESERVED
+CVE-2015-4210
+ RESERVED
+CVE-2015-4209
+ RESERVED
+CVE-2015-4208
+ RESERVED
+CVE-2015-4207
+ RESERVED
+CVE-2015-4206
+ RESERVED
+CVE-2015-4205
+ RESERVED
+CVE-2015-4204
+ RESERVED
+CVE-2015-4203
+ RESERVED
+CVE-2015-4202
+ RESERVED
+CVE-2015-4201
+ RESERVED
+CVE-2015-4200
+ RESERVED
+CVE-2015-4199
+ RESERVED
+CVE-2015-4198
+ RESERVED
+CVE-2015-4197
+ RESERVED
+CVE-2015-4196
+ RESERVED
+CVE-2015-4195
+ RESERVED
+CVE-2015-4194
+ RESERVED
+CVE-2015-4193
+ RESERVED
+CVE-2015-4192
+ RESERVED
+CVE-2015-4191
+ RESERVED
+CVE-2015-4190
+ RESERVED
+CVE-2015-4189
+ RESERVED
+CVE-2015-4188
+ RESERVED
+CVE-2015-4187
+ RESERVED
+CVE-2015-4186
+ RESERVED
+CVE-2015-4185
+ RESERVED
+CVE-2015-4184
+ RESERVED
+CVE-2015-4183
+ RESERVED
+CVE-2015-4182
+ RESERVED
+CVE-2015-4181
+ RESERVED
+CVE-2015-4180
+ RESERVED
+CVE-2015-4175
+ RESERVED
+CVE-2015-4174
+ RESERVED
+CVE-2015-4173
+ RESERVED
+CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote ...)
+ TODO: check
CVE-2015-XXXX [kvm: x86: NULL pointer dereference in kvm_apic_has_events function]
- linux <unfixed>
- linux-2.6 <removed>
@@ -10,12 +560,15 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/08/3
TODO: check
CVE-2015-4412 [ruby-bson: DoS and possible injection, with durran 2013-04-07 commit]
+ RESERVED
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
+ RESERVED
- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
CVE-2015-4410 [ruby-bson: DoS and possible injection]
+ RESERVED
- ruby-bson <unfixed> (bug #787951)
NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
@@ -23,12 +576,15 @@
NOTE: https://sources.debian.net/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
CVE-2015-4338
+ RESERVED
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337
+ RESERVED
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4336
+ RESERVED
NOT-FOR-US: WordPress plugin xclonerbackupandrestore
-CVE-2015-4335 [Redis EVAL Lua Sandbox Escape]
+CVE-2015-4335 (Redis before 2.8.1 and 3.x before 3.0.2 allows remote attackers to ...)
{DSA-3279-1}
- redis 2:3.0.2-1
[wheezy] - redis <not-affected> (Lua support introduced in version 2.6.0)
@@ -49,8 +605,10 @@
CVE-2015-6593
REJECTED
CVE-2015-4179
+ RESERVED
NOT-FOR-US: WordPress plugin codestyling-localization
CVE-2015-4176
+ RESERVED
- linux <not-affected> (Introducing commit was applied to 4.0.2 but e0c9c0afd2fc958ffa34b697972721d81df8a56f as well backported into 4.0.2)
- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
@@ -119,6 +677,7 @@
CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands ...)
NOT-FOR-US: AVM Fritz!Box
CVE-2014-9731 [udf: information leakage when reading symlink]
+ RESERVED
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -134,18 +693,21 @@
NOTE: Negligable security impact
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8
CVE-2014-9730 [properly ignore component length for component types that do not use it]
+ RESERVED
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9729 [iinfo->i_lenAlloc != inode->i_size]
+ RESERVED
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9728 [length can be too long (addressed in three commits)]
+ RESERVED
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
@@ -194,6 +756,7 @@
CVE-2015-4127 (Cross-site scripting (XSS) vulnerability in the church_admin plugin ...)
NOT-FOR-US: church_admin plugin for WordPress
CVE-2015-4178 [ns: user namespaces panic -- lack of internal consistency of a data structure]
+ RESERVED
- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
@@ -203,6 +766,7 @@
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 (v4.1-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4177 [ns: user namespaces panic -- lack of state identification]
+ RESERVED
- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
@@ -245,15 +809,13 @@
RESERVED
CVE-2015-4110
RESERVED
-CVE-2015-4109
- RESERVED
+CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the ...)
NOT-FOR-US: WordPress plugin users-ultra
CVE-2015-4108
RESERVED
CVE-2015-4107
RESERVED
-CVE-2015-4106 [Unmediated PCI register access in qemu]
- RESERVED
+CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space ...)
- qemu 1:2.3+dfsg-5 (bug #787547)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -261,8 +823,7 @@
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-131.html
-CVE-2015-4105 [Guest triggerable qemu MSI-X pass-through error messages]
- RESERVED
+CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through ...)
- qemu 1:2.3+dfsg-5 (bug #787547)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -270,8 +831,7 @@
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-130.html
-CVE-2015-4104 [PCI MSI mask bits inadvertently exposed to guests]
- RESERVED
+CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI ...)
- qemu 1:2.3+dfsg-5 (bug #787547)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -279,8 +839,7 @@
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: Xen switched to qemu-system in 4.4.0-1
NOTE: http://xenbits.xen.org/xsa/advisory-129.html
-CVE-2015-4103 [Potential unintended writes to host MSI message data field via qemu]
- RESERVED
+CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the ...)
- qemu 1:2.3+dfsg-5 (bug #787547)
[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
- qemu-kvm <not-affected> (Vulnerable code not present)
@@ -330,8 +889,8 @@
RESERVED
CVE-2015-4081
RESERVED
-CVE-2015-4080
- RESERVED
+CVE-2015-4080 (The Kankun Smart Socket device and mobile application uses a hardcoded ...)
+ TODO: check
CVE-2015-4079
RESERVED
CVE-2015-4078
@@ -408,8 +967,8 @@
NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4052
RESERVED
-CVE-2015-4051
- RESERVED
+CVE-2015-4051 (Beckhoff IPC Diagnostics before 1.8 does not properly restrict access ...)
+ TODO: check
CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...)
{DSA-3276-1}
- symfony 2.7.0~beta2+dfsg-2
@@ -429,8 +988,7 @@
- php-horde 5.2.5+debian0-1 (bug #785364)
[jessie] - php-horde 5.2.1+debian0-2+deb8u1
NOTE: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
-CVE-2015-4053
- RESERVED
+CVE-2015-4053 (The admin command in ceph-deploy before 1.5.25 uses world-readable ...)
- ceph-deploy <itp> (bug #694013)
NOTE: http://tracker.ceph.com/issues/11694
CVE-2015-4049
@@ -465,8 +1023,7 @@
RESERVED
CVE-2015-4039
RESERVED
-CVE-2015-4038
- RESERVED
+CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote ...)
NOT-FOR-US: WordPress plugin WP Membership
CVE-2015-4037
RESERVED
@@ -553,8 +1110,8 @@
RESERVED
- xz-utils <not-affected> (Affects 4.999.9beta)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
-CVE-2015-4010
- RESERVED
+CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted ...)
+ TODO: check
CVE-2015-4009
RESERVED
CVE-2015-4008
@@ -565,23 +1122,20 @@
RESERVED
CVE-2015-4005
RESERVED
-CVE-2015-4004 [ozwpan: improper handling of length prameter inconsistency]
- RESERVED
+CVE-2015-4004 (The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...)
- linux <unfixed> (unimportant)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
NOTE: https://lkml.org/lkml/2015/5/13/739
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2015-4003 [ozwpan: divide-by-zero leading to panic]
- RESERVED
+CVE-2015-4003 (The oz_usb_handle_ep_data function in ...)
- linux <unfixed> (unimportant)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
NOTE: https://lkml.org/lkml/2015/5/13/741
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b (v4.1-rc7)
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2015-4002 [ozwpan: lack of a check for whether a length value (elt->length or len) was too small]
- RESERVED
+CVE-2015-4002 (drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...)
- linux <unfixed> (unimportant)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
@@ -590,8 +1144,7 @@
NOTE: https://lkml.org/lkml/2015/5/13/742
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 (v4.1-rc7)
NOTE: Not enabled in Debian kernels; staging drivers are not supported
-CVE-2015-4001 [ozwpan: Use unsigned ints to prevent heap overflow]
- RESERVED
+CVE-2015-4001 (Integer signedness error in the oz_hcd_get_desc_cnf function in ...)
- linux <unfixed> (unimportant)
[wheezy] - linux <not-affected> (ozwpan driver not present)
- linux-2.6 <not-affected> (ozwpan driver not present)
@@ -642,34 +1195,29 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222816
CVE-2014-9719
RESERVED
-CVE-2015-4026 [pcntl_exec() should not allow null char]
- RESERVED
+CVE-2015-4026 (The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before ...)
{DSA-3280-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68598
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
-CVE-2015-4025 [CVE-2006-7243 fix regressions in 5.4+]
- RESERVED
+CVE-2015-4025 (PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 ...)
{DSA-3280-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69418
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
-CVE-2015-4024 [DoS possibility due to ineffective parsing of form data]
- RESERVED
+CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_headers ...)
{DSA-3280-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69364
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
-CVE-2015-4022 [integer overflow on reading FTP server data leading to heap overflow]
- RESERVED
+CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...)
{DSA-3280-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69545
NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
-CVE-2015-4021 [Memory Corruption in phar_parse_tarfile when entry filename starts with null]
- RESERVED
+CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before ...)
{DSA-3280-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69453
@@ -751,8 +1299,8 @@
RESERVED
CVE-2015-3951
RESERVED
-CVE-2015-3950
- RESERVED
+CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
+ TODO: check
CVE-2015-3949
RESERVED
CVE-2015-3948
@@ -1074,7 +1622,7 @@
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-15.html
CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
- {DSA-3277-1}
+ {DSA-3277-1 DLA-241-1}
- wireshark 1.12.5+g5819e5b-1
[wheezy] - wireshark 1.8.2-5wheezy16
NOTE: add fixed version for wheezy directly in CVE list since CVE-2015-3811 the only fixed in DSA-3277-1
@@ -1417,8 +1965,7 @@
RESERVED
CVE-2015-3649
RESERVED
-CVE-2015-3648
- RESERVED
+CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala ...)
NOT-FOR-US: ResourceSpace
CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: WP Photo Album Plus (aka WPPA) plugin for WordPress
@@ -1430,7 +1977,7 @@
[squeeze] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
NOTE: https://www.stunnel.org/CVE-2015-3644.html
CVE-2015-3885 (Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...)
- {DLA-228-1}
+ {DLA-243-1 DLA-228-1}
- dcraw <unfixed> (bug #785019)
[jessie] - dcraw <no-dsa> (Minor issue)
[wheezy] - dcraw <no-dsa> (Minor issue)
@@ -1582,8 +2129,7 @@
NOTE: will enericons example.html files if present. As the file was included
NOTE: in other popular themes and plugins maybe it should as well be included
NOTE: in an update for wordpress for wheezy?
-CVE-2014-9721 [V3 protocol handler vulnerable to downgrade attacks]
- RESERVED
+CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to ...)
{DSA-3255-1}
- zeromq3 4.0.5+dfsg-3 (bug #784366)
NOTE: https://github.com/zeromq/libzmq/issues/1273
@@ -1629,8 +2175,8 @@
RESERVED
CVE-2015-3625
RESERVED
-CVE-2015-3624
- RESERVED
+CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2015-3623
RESERVED
CVE-2015-3621
@@ -1957,8 +2503,7 @@
RESERVED
CVE-2015-3460
RESERVED
-CVE-2015-3905 [buffer overflow]
- RESERVED
+CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1utils ...)
- t1utils 1.38-4 (bug #779274)
NOTE: https://github.com/kohler/t1utils/issues/4
NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
@@ -2091,8 +2636,7 @@
RESERVED
CVE-2015-3437
RESERVED
-CVE-2015-3436
- RESERVED
+CVE-2015-3436 (provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) ...)
- zarafa <itp> (bug #658433)
CVE-2015-3435 (Samsung Security Manager (SSM) before 1.31 allows remote attackers to ...)
NOT-FOR-US: Samsung Security Manager
@@ -2433,8 +2977,7 @@
NOTE: Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html
NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/4
NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
-CVE-2015-3330 [PHP potential remote code execution with apache 2.4 apache2handler]
- RESERVED
+CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...)
{DSA-3198-1 DLA-212-1}
- php5 5.6.7+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69218
@@ -2458,14 +3001,12 @@
RESERVED
CVE-2015-3311
RESERVED
-CVE-2015-3307 [Heap metadata corruption when parsing tar file in phar_tar_process_metadata()]
- RESERVED
+CVE-2015-3307 (The phar_parse_metadata function in ext/phar/phar.c in PHP before ...)
{DSA-3280-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69443
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
-CVE-2015-3329 [Buffer Overflow when parsing tar/zip/phar in phar_set_inode]
- RESERVED
+CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function ...)
{DSA-3280-1 DLA-212-1}
- php5 5.6.9+dfsg-1
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
@@ -2736,11 +3277,9 @@
- ntfs-3g 1:2014.2.15AR.3-3 (bug #786475)
NOTE: ntfs-3g source wise affected but wheezy version uses --with-fuse=external
NOTE: ntfs-3g is built with internal copy since 1:2013.1.13AR.3-2
-CVE-2015-3201
- RESERVED
+CVE-2015-3201 (Thermostat before 2.0.0 uses world-readable permissions for the ...)
NOT-FOR-US: thermostat
-CVE-2015-3200 [Log injection]
- RESERVED
+CVE-2015-3200 (mod_auth in lighttpd before 1.4.36 allows remote attackers to inject ...)
- lighttpd <unfixed> (low; bug #787132)
[jessie] - lighttpd <no-dsa> (Minor issue)
[wheezy] - lighttpd <no-dsa> (Minor issue)
@@ -3021,38 +3560,32 @@
RESERVED
CVE-2015-3109
RESERVED
-CVE-2015-3108
- RESERVED
-CVE-2015-3107
- RESERVED
+CVE-2015-3108 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
+ TODO: check
+CVE-2015-3107 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-3106
- RESERVED
+CVE-2015-3106 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-3105
- RESERVED
+CVE-2015-3105 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-3104
- RESERVED
+CVE-2015-3104 (Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-3103
- RESERVED
+CVE-2015-3103 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-3102
- RESERVED
-CVE-2015-3101
- RESERVED
-CVE-2015-3100
- RESERVED
+CVE-2015-3102 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
+ TODO: check
+CVE-2015-3101 (The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x ...)
+ TODO: check
+CVE-2015-3100 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2015-3099
- RESERVED
-CVE-2015-3098
- RESERVED
-CVE-2015-3097
- RESERVED
-CVE-2015-3096
- RESERVED
+CVE-2015-3099 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
+ TODO: check
+CVE-2015-3098 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
+ TODO: check
+CVE-2015-3097 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
+ TODO: check
+CVE-2015-3096 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
+ TODO: check
CVE-2015-3095
RESERVED
CVE-2015-3094
@@ -3323,24 +3856,24 @@
NOT-FOR-US: Juniper
CVE-2015-3002 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
NOT-FOR-US: Juniper
-CVE-2015-3001
- RESERVED
-CVE-2015-3000
- RESERVED
-CVE-2015-2999
- RESERVED
-CVE-2015-2998
- RESERVED
-CVE-2015-2997
- RESERVED
-CVE-2015-2996
- RESERVED
-CVE-2015-2995
- RESERVED
-CVE-2015-2994
- RESERVED
-CVE-2015-2993
- RESERVED
+CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 ...)
+ TODO: check
+CVE-2015-3000 (SysAid Help Desk before 15.2 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2015-2999 (Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 ...)
+ TODO: check
+CVE-2015-2998 (SysAid Help Desk before 15.2 uses a hardcoded encryption key, which ...)
+ TODO: check
+CVE-2015-2997 (SysAid Help Desk before 15.2 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2015-2996 (Multiple directory traversal vulnerabilities in SysAid Help Desk ...)
+ TODO: check
+CVE-2015-2995 (SysAid Help Desk before 15.2 does not properly check file extensions, ...)
+ TODO: check
+CVE-2015-2994 (Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid ...)
+ TODO: check
+CVE-2015-2993 (SysAid Help Desk before 15.2 does not properly restrict access to ...)
+ TODO: check
CVE-2015-2992
RESERVED
CVE-2015-2991
@@ -3403,12 +3936,12 @@
RESERVED
CVE-2015-2962
RESERVED
-CVE-2015-2961
- RESERVED
-CVE-2015-2960
- RESERVED
-CVE-2015-2959
- RESERVED
+CVE-2015-2961 (Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow ...)
+ TODO: check
+CVE-2015-2960 (Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer ...)
+ TODO: check
+CVE-2015-2959 (Zoho NetFlow Analyzer build 10250 and earlier does not check for ...)
+ TODO: check
CVE-2015-2958
RESERVED
CVE-2015-2957
@@ -3423,10 +3956,10 @@
RESERVED
CVE-2015-2952
RESERVED
-CVE-2015-2951
- RESERVED
-CVE-2015-2950
- RESERVED
+CVE-2015-2951 (JWT.php in F21 JWT before 2.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2015-2950 (Directory traversal vulnerability in the Brandon Bowles Open Explorer ...)
+ TODO: check
CVE-2015-2949 (Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and ...)
NOT-FOR-US: ZenPhoto20
CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in ...)
@@ -3938,8 +4471,7 @@
NOT-FOR-US: MyBB
CVE-2015-2784
RESERVED
-CVE-2015-2783 [Buffer Over-read in unserialize when parsing Phar]
- RESERVED
+CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x ...)
{DSA-3280-1 DLA-212-1}
- php5 5.6.9+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=69324
@@ -4053,8 +4585,8 @@
NOT-FOR-US: Websense Triton
CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the Appliance ...)
NOT-FOR-US: Websense TRITON
-CVE-2010-5323
- RESERVED
+CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote ...)
+ TODO: check
CVE-2015-2774 [Erlang POODLE TLS vulnerability]
RESERVED
- erlang 1:17.3-dfsg-4 (low; bug #781839)
@@ -4922,10 +5454,10 @@
RESERVED
CVE-2015-2361
RESERVED
-CVE-2015-2360
- RESERVED
-CVE-2015-2359
- RESERVED
+CVE-2015-2360 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
+CVE-2015-2359 (Cross-site scripting (XSS) vulnerability in the web applications in ...)
+ TODO: check
CVE-2015-2358
RESERVED
CVE-2015-2357
@@ -4992,14 +5524,12 @@
{DSA-3219-1}
- libdbd-firebird-perl 1.18-2 (bug #780925)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
-CVE-2015-4148 [SoapClient's __call() type confusion through unserialize() -- issue located in do_soap_call()]
- RESERVED
+CVE-2015-4148 (The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, ...)
- php5 5.6.7+dfsg-1
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
-CVE-2015-4147 [SoapClient's __call() type confusion through unserialize() -- In soap.c:2906]
- RESERVED
+CVE-2015-4147 (The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...)
- php5 5.6.7+dfsg-1
[wheezy] - php5 5.4.39-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69085
@@ -5803,11 +6333,9 @@
RESERVED
CVE-2015-2126
RESERVED
-CVE-2015-2125
- RESERVED
+CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before ...)
NOT-FOR-US: HP WebInspect
-CVE-2015-2124
- RESERVED
+CVE-2015-2124 (Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 ...)
NOT-FOR-US: HP
CVE-2015-2123 (Unspecified vulnerability in HP NonStop Safeguard Security Software ...)
NOT-FOR-US: HP NonStop Safeguard Security Software
@@ -6800,112 +7328,112 @@
- flex-sdk <itp> (bug #602499)
CVE-2015-1772
RESERVED
-CVE-2015-1771
- RESERVED
-CVE-2015-1770
- RESERVED
+CVE-2015-1771 (Cross-site request forgery (CSRF) vulnerability in the web ...)
+ TODO: check
+CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to ...)
+ TODO: check
CVE-2015-1769
RESERVED
-CVE-2015-1768
- RESERVED
+CVE-2015-1768 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2015-1767
RESERVED
-CVE-2015-1766
- RESERVED
-CVE-2015-1765
- RESERVED
-CVE-2015-1764
- RESERVED
+CVE-2015-1766 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1764 (The web applications in Microsoft Exchange Server 2013 SP1 and ...)
+ TODO: check
CVE-2015-1763
RESERVED
CVE-2015-1762
RESERVED
CVE-2015-1761
RESERVED
-CVE-2015-1760
- RESERVED
-CVE-2015-1759
- RESERVED
-CVE-2015-1758
- RESERVED
-CVE-2015-1757
- RESERVED
-CVE-2015-1756
- RESERVED
-CVE-2015-1755
- RESERVED
-CVE-2015-1754
- RESERVED
-CVE-2015-1753
- RESERVED
-CVE-2015-1752
- RESERVED
-CVE-2015-1751
- RESERVED
-CVE-2015-1750
- RESERVED
+CVE-2015-1760 (Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 ...)
+ TODO: check
+CVE-2015-1759 (Microsoft Office Compatibility Pack SP3 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1758 (Untrusted search path vulnerability in the LoadLibrary function in the ...)
+ TODO: check
+CVE-2015-1757 (Cross-site scripting (XSS) vulnerability in adfs/ls in Active ...)
+ TODO: check
+CVE-2015-1756 (Use-after-free vulnerability in Microsoft Common Controls in Microsoft ...)
+ TODO: check
+CVE-2015-1755 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1754 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1753 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1752 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1751 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1750 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1749
RESERVED
-CVE-2015-1748
- RESERVED
-CVE-2015-1747
- RESERVED
+CVE-2015-1748 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1747 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1746
RESERVED
-CVE-2015-1745
- RESERVED
-CVE-2015-1744
- RESERVED
-CVE-2015-1743
- RESERVED
-CVE-2015-1742
- RESERVED
-CVE-2015-1741
- RESERVED
-CVE-2015-1740
- RESERVED
-CVE-2015-1739
- RESERVED
+CVE-2015-1745 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1744 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1743 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1742 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1741 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1740 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1739 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
+ TODO: check
CVE-2015-1738
RESERVED
-CVE-2015-1737
- RESERVED
-CVE-2015-1736
- RESERVED
-CVE-2015-1735
- RESERVED
+CVE-2015-1737 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1736 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1735 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2015-1734
RESERVED
CVE-2015-1733
RESERVED
-CVE-2015-1732
- RESERVED
-CVE-2015-1731
- RESERVED
-CVE-2015-1730
- RESERVED
+CVE-2015-1732 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2015-1731 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2015-1730 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-1729
RESERVED
-CVE-2015-1728
- RESERVED
-CVE-2015-1727
- RESERVED
-CVE-2015-1726
- RESERVED
-CVE-2015-1725
- RESERVED
-CVE-2015-1724
- RESERVED
-CVE-2015-1723
- RESERVED
-CVE-2015-1722
- RESERVED
-CVE-2015-1721
- RESERVED
-CVE-2015-1720
- RESERVED
-CVE-2015-1719
- RESERVED
+CVE-2015-1728 (Microsoft Windows Media Player 10 through 12 allows remote attackers ...)
+ TODO: check
+CVE-2015-1727 (Buffer overflow in the kernel-mode drivers in Microsoft Windows Server ...)
+ TODO: check
+CVE-2015-1726 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2015-1725 (Buffer overflow in the kernel-mode drivers in Microsoft Windows Server ...)
+ TODO: check
+CVE-2015-1724 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2015-1723 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2015-1722 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2015-1721 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ...)
+ TODO: check
+CVE-2015-1720 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2015-1719 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ...)
+ TODO: check
CVE-2015-1718 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1717 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -6968,8 +7496,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2015-1687
- RESERVED
+CVE-2015-1687 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+ TODO: check
CVE-2015-1686 (The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through ...)
NOT-FOR-US: Microsoft
CVE-2015-1685 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...)
@@ -9442,8 +9970,8 @@
RESERVED
CVE-2015-1001
RESERVED
-CVE-2015-1000
- RESERVED
+CVE-2015-1000 (Stack-based buffer overflow in the OpenForIPCamTest method in the ...)
+ TODO: check
CVE-2015-0999 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0998 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
@@ -10299,8 +10827,8 @@
RESERVED
CVE-2015-0780
RESERVED
-CVE-2015-0779
- RESERVED
+CVE-2015-0779 (Directory traversal vulnerability in UploadServlet in Novell ZENworks ...)
+ TODO: check
CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary ...)
- osc 0.149.0-2 (low; bug #780410)
[wheezy] - osc <no-dsa> (Minor issue)
@@ -10322,34 +10850,27 @@
RESERVED
CVE-2015-0771
RESERVED
-CVE-2015-0770
- RESERVED
+CVE-2015-0770 (CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 ...)
+ TODO: check
CVE-2015-0769
RESERVED
CVE-2015-0768
RESERVED
-CVE-2015-0767
- RESERVED
-CVE-2015-0766
- RESERVED
+CVE-2015-0767 (Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local ...)
+ TODO: check
+CVE-2015-0766 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Cisco
-CVE-2015-0765
- RESERVED
+CVE-2015-0765 (Cisco ONS 15454 System Software 10.30 and 10.301 allows remote ...)
NOT-FOR-US: Cisco
-CVE-2015-0764
- RESERVED
+CVE-2015-0764 (Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read ...)
NOT-FOR-US: Cisco Unified MeetingPlace
-CVE-2015-0763
- RESERVED
+CVE-2015-0763 (Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session ...)
NOT-FOR-US: Cisco Unified MeetingPlace
-CVE-2015-0762
- RESERVED
+CVE-2015-0762 (Cross-site scripting (XSS) vulnerability in the management interface ...)
NOT-FOR-US: Cisco Unified MeetingPlace
-CVE-2015-0761
- RESERVED
+CVE-2015-0761 (Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x ...)
NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
-CVE-2015-0760
- RESERVED
+CVE-2015-0760 (The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and ...)
NOT-FOR-US: Cisco ASA
CVE-2015-0759 (Cross-site request forgery (CSRF) vulnerability in Cisco Headend ...)
NOT-FOR-US: Cisco
@@ -11441,8 +11962,7 @@
RESERVED
CVE-2015-0542
RESERVED
-CVE-2015-0541
- RESERVED
+CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat ...)
NOT-FOR-US: RSA Web Threat Detection
CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC Document ...)
NOT-FOR-US: EMC Document Sciences xPression
@@ -12380,8 +12900,8 @@
RESERVED
CVE-2014-9285
RESERVED
-CVE-2014-9284
- RESERVED
+CVE-2014-9284 (The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, ...)
+ TODO: check
CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows ...)
NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer ...)
@@ -12530,8 +13050,8 @@
NOT-FOR-US: HART Device Type Manager (DTM) library
CVE-2014-9202
RESERVED
-CVE-2014-9201
- RESERVED
+CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with ...)
+ TODO: check
CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM ...)
NOT-FOR-US: Schneider Electric
CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...)
@@ -13483,11 +14003,9 @@
RESERVED
CVE-2015-0265
RESERVED
-CVE-2015-0264
- RESERVED
+CVE-2015-0264 (Multiple XML external entity (XXE) vulnerabilities in ...)
NOT-FOR-US: Apache Camel
-CVE-2015-0263
- RESERVED
+CVE-2015-0263 (XML external entity (XXE) vulnerability in the XML converter setup in ...)
NOT-FOR-US: Apache Camel
CVE-2015-0262
RESERVED
@@ -13916,8 +14434,8 @@
RESERVED
CVE-2015-0113 (The Jazz help system in IBM Rational Collaborative Lifecycle ...)
NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
-CVE-2015-0112
- RESERVED
+CVE-2015-0112 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
+ TODO: check
CVE-2015-0111
RESERVED
CVE-2015-0110
@@ -14369,8 +14887,8 @@
RESERVED
CVE-2014-8888
RESERVED
-CVE-2014-8887
- RESERVED
+CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
+ TODO: check
CVE-2014-8886
RESERVED
CVE-2014-8885
@@ -15402,6 +15920,7 @@
[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-8355 [buffer overflow in PCX parser]
RESERVED
+ {DLA-242-1}
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
@@ -15413,6 +15932,7 @@
NOTE: http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/ (graphicsmagick)
CVE-2014-8562 [buffer overflow in DCM parser]
RESERVED
+ {DLA-242-1}
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
@@ -15420,6 +15940,7 @@
NOTE: https://int21.de/cve/CVE-2014-8562-dcm-oob-heap-overflow.html
CVE-2014-8354 [out-of-bounds memory access in resize code]
RESERVED
+ {DLA-242-1}
- imagemagick 8:6.8.9.9-1
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
@@ -17217,8 +17738,8 @@
NOT-FOR-US: HP-UX running System Management Homepage
CVE-2014-7873
RESERVED
-CVE-2014-7872
- RESERVED
+CVE-2014-7872 (Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC ...)
+ TODO: check
CVE-2014-7871 (SQL injection vulnerability in Open-Xchange (OX) AppSuite before ...)
- open-xchange <itp> (bug #269329)
CVE-2014-7870 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...)
@@ -17469,8 +17990,7 @@
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2014-7810 [security manager bypass via EL expressions]
- RESERVED
+CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x ...)
{DLA-232-1}
- tomcat6 6.0.41-3 (bug #787010)
NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
@@ -20937,8 +21457,8 @@
RESERVED
CVE-2014-6285
RESERVED
-CVE-2014-6284
- RESERVED
+CVE-2014-6284 (SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before ...)
+ TODO: check
CVE-2014-6283 (SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 ...)
NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6282
@@ -21137,8 +21657,8 @@
RESERVED
CVE-2014-6223
RESERVED
-CVE-2014-6222
- RESERVED
+CVE-2014-6222 (Directory traversal vulnerability in IBM Marketing Operations 7.x and ...)
+ TODO: check
CVE-2014-6221 (The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ...)
NOT-FOR-US: IBM Rational ClearCase
CVE-2014-6220
@@ -21232,8 +21752,8 @@
NOT-FOR-US: IBM
CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus ...)
NOT-FOR-US: IBM
-CVE-2014-6175
- RESERVED
+CVE-2014-6175 (Cross-site scripting (XSS) vulnerability in IBM Marketing Operations ...)
+ TODO: check
CVE-2014-6174 (IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before ...)
NOT-FOR-US: IBM
CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in ...)
@@ -37458,8 +37978,7 @@
CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...)
{DSA-2989-1 DLA-66-1}
- apache2 2.4.10-1
-CVE-2014-0230 [non-persistent DoS attack by feeding data by aborting an upload]
- RESERVED
+CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before ...)
{DLA-232-1}
- tomcat6 6.0.41-3 (bug #785316)
- tomcat7 <unfixed>
@@ -65420,6 +65939,7 @@
- graphicsmagick 1.3.16-1.1 (low; bug #683284)
[squeeze] - graphicsmagick <no-dsa> (Minor issue)
CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 ...)
+ {DLA-242-1}
- imagemagick 8:6.7.7.10-3 (low; bug #683285)
[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to ...)
More information about the Secure-testing-commits
mailing list