[Secure-testing-commits] r34993 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Jun 17 21:10:25 UTC 2015
Author: sectracker
Date: 2015-06-17 21:10:25 +0000 (Wed, 17 Jun 2015)
New Revision: 34993
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-17 20:53:13 UTC (rev 34992)
+++ data/CVE/list 2015-06-17 21:10:25 UTC (rev 34993)
@@ -1,39 +1,379 @@
+CVE-2015-4639
+ RESERVED
+CVE-2015-4638
+ RESERVED
+CVE-2015-4637
+ RESERVED
+CVE-2015-4636
+ RESERVED
+CVE-2015-4635
+ RESERVED
+CVE-2015-4634
+ RESERVED
+CVE-2015-4633
+ RESERVED
+CVE-2015-4632
+ RESERVED
+CVE-2015-4631
+ RESERVED
+CVE-2015-4630
+ RESERVED
+CVE-2015-4629
+ RESERVED
+CVE-2015-4628
+ RESERVED
+CVE-2015-4627
+ RESERVED
+CVE-2015-4626
+ RESERVED
+CVE-2015-4624
+ RESERVED
+CVE-2015-4623
+ RESERVED
+CVE-2015-4622
+ RESERVED
+CVE-2015-4621
+ RESERVED
+CVE-2015-4620
+ RESERVED
+CVE-2015-4619
+ RESERVED
+CVE-2015-4618
+ RESERVED
+CVE-2015-4617
+ RESERVED
+CVE-2015-4616
+ RESERVED
+CVE-2015-4615
+ RESERVED
+CVE-2015-4614
+ RESERVED
+CVE-2015-4613 (SQL injection vulnerability in the backend module in the Developer Log ...)
+ TODO: check
+CVE-2015-4612 (SQL injection vulnerability in the "FAQ - Frequently Asked Questions" ...)
+ TODO: check
+CVE-2015-4611 (SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) ...)
+ TODO: check
+CVE-2015-4610 (SQL injection vulnerability in the Store Locator (locator) extension ...)
+ TODO: check
+CVE-2015-4609 (SQL injection vulnerability in the wt_directory extension before 1.4.2 ...)
+ TODO: check
+CVE-2015-4608 (Cross-site scripting (XSS) vulnerability in the BE User Log ...)
+ TODO: check
+CVE-2015-4607 (Unrestricted file upload vulnerability in the Frontend User Upload ...)
+ TODO: check
+CVE-2015-4606 (Unrestricted file upload vulnerability in the Job Fair (jobfair) ...)
+ TODO: check
+CVE-2015-4597
+ RESERVED
+CVE-2015-4596
+ RESERVED
+CVE-2015-4595
+ RESERVED
+CVE-2015-4594
+ RESERVED
+CVE-2015-4593
+ RESERVED
+CVE-2015-4592
+ RESERVED
+CVE-2015-4591
+ RESERVED
+CVE-2015-4590
+ RESERVED
+CVE-2015-4589
+ RESERVED
+CVE-2015-4587
+ RESERVED
+CVE-2015-4586
+ RESERVED
+CVE-2015-4585
+ RESERVED
+CVE-2015-4584
+ RESERVED
+CVE-2015-4583
+ RESERVED
+CVE-2015-4582
+ RESERVED
+CVE-2015-4581
+ RESERVED
+CVE-2015-4580
+ RESERVED
+CVE-2015-4579
+ RESERVED
+CVE-2015-4578
+ RESERVED
+CVE-2015-4577
+ RESERVED
+CVE-2015-4576
+ RESERVED
+CVE-2015-4575
+ RESERVED
+CVE-2015-4574
+ RESERVED
+CVE-2015-4573
+ RESERVED
+CVE-2015-4572
+ RESERVED
+CVE-2015-4571
+ RESERVED
+CVE-2015-4570
+ RESERVED
+CVE-2015-4569
+ RESERVED
+CVE-2015-4568
+ RESERVED
+CVE-2015-4567
+ RESERVED
+CVE-2015-4566
+ RESERVED
+CVE-2015-4565
+ RESERVED
+CVE-2015-4564
+ RESERVED
+CVE-2015-4563
+ RESERVED
+CVE-2015-4562
+ RESERVED
+CVE-2015-4561
+ RESERVED
+CVE-2015-4560
+ RESERVED
+CVE-2015-4559 (Cross-site scripting (XSS) vulnerability in the product deployment ...)
+ TODO: check
+CVE-2015-4558
+ RESERVED
+CVE-2015-4557
+ RESERVED
+CVE-2015-4555
+ RESERVED
+CVE-2015-4554
+ RESERVED
+CVE-2015-4553
+ RESERVED
+CVE-2015-4552
+ RESERVED
+CVE-2015-4551
+ RESERVED
+CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
+ TODO: check
+CVE-2015-4549
+ RESERVED
+CVE-2015-4548
+ RESERVED
+CVE-2015-4547
+ RESERVED
+CVE-2015-4546
+ RESERVED
+CVE-2015-4545
+ RESERVED
+CVE-2015-4544
+ RESERVED
+CVE-2015-4543
+ RESERVED
+CVE-2015-4542
+ RESERVED
+CVE-2015-4541
+ RESERVED
+CVE-2015-4540
+ RESERVED
+CVE-2015-4539
+ RESERVED
+CVE-2015-4538
+ RESERVED
+CVE-2015-4537
+ RESERVED
+CVE-2015-4536
+ RESERVED
+CVE-2015-4535
+ RESERVED
+CVE-2015-4534
+ RESERVED
+CVE-2015-4533
+ RESERVED
+CVE-2015-4532
+ RESERVED
+CVE-2015-4531
+ RESERVED
+CVE-2015-4530
+ RESERVED
+CVE-2015-4529
+ RESERVED
+CVE-2015-4528
+ RESERVED
+CVE-2015-4527
+ RESERVED
+CVE-2015-4526
+ RESERVED
+CVE-2015-4525
+ RESERVED
+CVE-2015-4524
+ RESERVED
+CVE-2015-4523
+ RESERVED
+CVE-2015-4522
+ RESERVED
+CVE-2015-4521
+ RESERVED
+CVE-2015-4520
+ RESERVED
+CVE-2015-4519
+ RESERVED
+CVE-2015-4518
+ RESERVED
+CVE-2015-4517
+ RESERVED
+CVE-2015-4516
+ RESERVED
+CVE-2015-4515
+ RESERVED
+CVE-2015-4514
+ RESERVED
+CVE-2015-4513
+ RESERVED
+CVE-2015-4512
+ RESERVED
+CVE-2015-4511
+ RESERVED
+CVE-2015-4510
+ RESERVED
+CVE-2015-4509
+ RESERVED
+CVE-2015-4508
+ RESERVED
+CVE-2015-4507
+ RESERVED
+CVE-2015-4506
+ RESERVED
+CVE-2015-4505
+ RESERVED
+CVE-2015-4504
+ RESERVED
+CVE-2015-4503
+ RESERVED
+CVE-2015-4502
+ RESERVED
+CVE-2015-4501
+ RESERVED
+CVE-2015-4500
+ RESERVED
+CVE-2015-4499
+ RESERVED
+CVE-2015-4498
+ RESERVED
+CVE-2015-4497
+ RESERVED
+CVE-2015-4496
+ RESERVED
+CVE-2015-4495
+ RESERVED
+CVE-2015-4494
+ RESERVED
+CVE-2015-4493
+ RESERVED
+CVE-2015-4492
+ RESERVED
+CVE-2015-4491
+ RESERVED
+CVE-2015-4490
+ RESERVED
+CVE-2015-4489
+ RESERVED
+CVE-2015-4488
+ RESERVED
+CVE-2015-4487
+ RESERVED
+CVE-2015-4486
+ RESERVED
+CVE-2015-4485
+ RESERVED
+CVE-2015-4484
+ RESERVED
+CVE-2015-4483
+ RESERVED
+CVE-2015-4482
+ RESERVED
+CVE-2015-4481
+ RESERVED
+CVE-2015-4480
+ RESERVED
+CVE-2015-4479
+ RESERVED
+CVE-2015-4478
+ RESERVED
+CVE-2015-4477
+ RESERVED
+CVE-2015-4476
+ RESERVED
+CVE-2015-4475
+ RESERVED
+CVE-2015-4474
+ RESERVED
+CVE-2015-4473
+ RESERVED
+CVE-2015-4466
+ RESERVED
+CVE-2015-4465 (Cross-site scripting (XSS) vulnerability in the zM Ajax Login & ...)
+ TODO: check
+CVE-2015-4464
+ RESERVED
+CVE-2015-4463
+ RESERVED
+CVE-2015-4462
+ RESERVED
+CVE-2015-4461
+ RESERVED
+CVE-2015-4460
+ RESERVED
+CVE-2015-4459
+ RESERVED
+CVE-2015-4458
+ RESERVED
+CVE-2014-9733
+ RESERVED
CVE-2015-4603 [exception::getTraceAsString issue]
+ RESERVED
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69152 [2015-03-03 04:30 UTC]
CVE-2015-4602
+ RESERVED
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1
NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4601
+ RESERVED
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4600
+ RESERVED
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4599 [Type confusion vulnerability in exception::getTraceAsString]
+ RESERVED
- php5 5.6.9+dfsg-1
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
NOTE: https://bugs.php.net/bug.php?id=69152
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
CVE-2015-4598 [Incorrect handling of paths with NULs]
+ RESERVED
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69719
NOTE: Fixed in 5.6.10 and 5.4.42 upstream
CVE-2015-4588 [RLE decoding doesn't check that the "count" fits into the image]
+ RESERVED
- libwmf <unfixed> (bug #787644)
CVE-2015-4556 [buffer overrun in CHICKEN Scheme's string-translate* procedure]
+ RESERVED
- chicken <unfixed> (bug #788833)
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
@@ -132,8 +472,8 @@
RESERVED
CVE-2015-4416
RESERVED
-CVE-2015-4415
- RESERVED
+CVE-2015-4415 (Multiple directory traversal vulnerabilities in func.php in Magnifica ...)
+ TODO: check
CVE-2015-4414
RESERVED
NOT-FOR-US: WordPress plugin se-html5-album-audio-player
@@ -161,116 +501,116 @@
RESERVED
CVE-2015-4399
RESERVED
-CVE-2015-4398
- RESERVED
-CVE-2015-4397
- RESERVED
-CVE-2015-4396
- RESERVED
-CVE-2015-4395
- RESERVED
-CVE-2015-4394
- RESERVED
-CVE-2015-4393
- RESERVED
-CVE-2015-4392
- RESERVED
-CVE-2015-4391
- RESERVED
-CVE-2015-4390
- RESERVED
-CVE-2015-4389
- RESERVED
-CVE-2015-4388
- RESERVED
-CVE-2015-4387
- RESERVED
-CVE-2015-4386
- RESERVED
-CVE-2015-4385
- RESERVED
-CVE-2015-4384
- RESERVED
-CVE-2015-4383
- RESERVED
-CVE-2015-4382
- RESERVED
-CVE-2015-4381
- RESERVED
-CVE-2015-4380
- RESERVED
-CVE-2015-4379
- RESERVED
-CVE-2015-4378
- RESERVED
-CVE-2015-4377
- RESERVED
-CVE-2015-4376
- RESERVED
-CVE-2015-4375
- RESERVED
-CVE-2015-4374
- RESERVED
-CVE-2015-4373
- RESERVED
-CVE-2015-4372
- RESERVED
-CVE-2015-4371
- RESERVED
-CVE-2015-4370
- RESERVED
-CVE-2015-4369
- RESERVED
-CVE-2015-4368
- RESERVED
-CVE-2015-4367
- RESERVED
-CVE-2015-4366
- RESERVED
-CVE-2015-4365
- RESERVED
-CVE-2015-4364
- RESERVED
-CVE-2015-4363
- RESERVED
-CVE-2015-4362
- RESERVED
-CVE-2015-4361
- RESERVED
-CVE-2015-4360
- RESERVED
-CVE-2015-4359
- RESERVED
-CVE-2015-4358
- RESERVED
-CVE-2015-4357
- RESERVED
-CVE-2015-4356
- RESERVED
-CVE-2015-4355
- RESERVED
-CVE-2015-4354
- RESERVED
-CVE-2015-4353
- RESERVED
-CVE-2015-4352
- RESERVED
-CVE-2015-4351
- RESERVED
-CVE-2015-4350
- RESERVED
-CVE-2015-4349
- RESERVED
-CVE-2015-4348
- RESERVED
-CVE-2015-4347
- RESERVED
-CVE-2015-4346
- RESERVED
-CVE-2015-4345
- RESERVED
-CVE-2015-4344
- RESERVED
+CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools) module ...)
+ TODO: check
+CVE-2015-4397 (Cross-site request forgery (CSRF) vulnerability in the Node Template ...)
+ TODO: check
+CVE-2015-4396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2015-4395 (The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal ...)
+ TODO: check
+CVE-2015-4394 (The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote ...)
+ TODO: check
+CVE-2015-4393 (The resource/endpoint for uploading files in the Services module ...)
+ TODO: check
+CVE-2015-4392 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...)
+ TODO: check
+CVE-2015-4391 (Cross-site request forgery (CSRF) vulnerability in the CiviCRM private ...)
+ TODO: check
+CVE-2015-4390 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
+ TODO: check
+CVE-2015-4389 (The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not ...)
+ TODO: check
+CVE-2015-4388 (Cross-site scripting (XSS) vulnerability in the Current Search Links ...)
+ TODO: check
+CVE-2015-4387 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
+ TODO: check
+CVE-2015-4386 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
+ TODO: check
+CVE-2015-4385 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
+ TODO: check
+CVE-2015-4384 (Cross-site scripting (XSS) vulnerability in the Ubercart Webform ...)
+ TODO: check
+CVE-2015-4383 (Cross-site request forgery (CSRF) vulnerability in the Decisions ...)
+ TODO: check
+CVE-2015-4382 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2015-4381 (Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x ...)
+ TODO: check
+CVE-2015-4380 (Cross-site scripting (XSS) vulnerability in the Linear Case module ...)
+ TODO: check
+CVE-2015-4379 (Cross-site request forgery (CSRF) vulnerability in the Webform ...)
+ TODO: check
+CVE-2015-4378 (Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x ...)
+ TODO: check
+CVE-2015-4377 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
+ TODO: check
+CVE-2015-4376 (Cross-site scripting (XSS) vulnerability in the Profile2 Privacy ...)
+ TODO: check
+CVE-2015-4375 (The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal ...)
+ TODO: check
+CVE-2015-4374 (Cross-site scripting (XSS) vulnerability in the Webform module before ...)
+ TODO: check
+CVE-2015-4373 (Cross-site scripting (XSS) vulnerability in the OG tabs module before ...)
+ TODO: check
+CVE-2015-4372 (Cross-site scripting (XSS) vulnerability in the Image Title module ...)
+ TODO: check
+CVE-2015-4371 (Open redirect vulnerability in the Perfecto module before 7.x-1.2 for ...)
+ TODO: check
+CVE-2015-4370 (Cross-site scripting (XSS) vulnerability in the Site Documentation ...)
+ TODO: check
+CVE-2015-4369 (Cross-site scripting (XSS) vulnerability in the Trick Question module ...)
+ TODO: check
+CVE-2015-4368 (The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows ...)
+ TODO: check
+CVE-2015-4367 (Cross-site scripting (XSS) vulnerability in the Simple Subscription ...)
+ TODO: check
+CVE-2015-4366 (Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 ...)
+ TODO: check
+CVE-2015-4365 (Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion ...)
+ TODO: check
+CVE-2015-4364 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2015-4363 (Open redirect vulnerability in the finder_form_goto function in the ...)
+ TODO: check
+CVE-2015-4362 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2015-4361 (Cross-site request forgery (CSRF) vulnerability in the Registration ...)
+ TODO: check
+CVE-2015-4360 (Cross-site request forgery (CSRF) vulnerability in the Registration ...)
+ TODO: check
+CVE-2015-4359 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2015-4358 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
+ TODO: check
+CVE-2015-4357 (Cross-site scripting (XSS) vulnerability in the Webform module before ...)
+ TODO: check
+CVE-2015-4356 (Cross-site scripting (XSS) vulnerability in the view-based webform ...)
+ TODO: check
+CVE-2015-4355 (Cross-site request forgery (CSRF) vulnerability in the Watchdog ...)
+ TODO: check
+CVE-2015-4354 (Cross-site scripting (XSS) vulnerability in the Ubercart Webform ...)
+ TODO: check
+CVE-2015-4353 (Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap ...)
+ TODO: check
+CVE-2015-4352 (Cross-site request forgery (CSRF) vulnerability in the Spider Video ...)
+ TODO: check
+CVE-2015-4351 (The Spider Video Player module for Drupal allows remote authenticated ...)
+ TODO: check
+CVE-2015-4350 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2015-4349 (Cross-site request forgery (CSRF) vulnerability in the Spider Contacts ...)
+ TODO: check
+CVE-2015-4348 (SQL injection vulnerability in the Spider Contacts module for Drupal ...)
+ TODO: check
+CVE-2015-4347 (Cross-site scripting (XSS) vulnerability in the inLinks Integration ...)
+ TODO: check
+CVE-2015-4346 (Cross-site scripting (XSS) vulnerability in the SMS Framework module ...)
+ TODO: check
+CVE-2015-4345 (The RESTWS Basic Auth submodule in the RESTful Web Services module ...)
+ TODO: check
+CVE-2015-4344 (The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for ...)
+ TODO: check
CVE-2015-4343
RESERVED
CVE-2015-4342 [SQL Injection and Location header injection from cdef id]
@@ -574,24 +914,24 @@
RESERVED
CVE-2015-4191
RESERVED
-CVE-2015-4190
- RESERVED
+CVE-2015-4190 (Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on ...)
+ TODO: check
CVE-2015-4189
RESERVED
-CVE-2015-4188
- RESERVED
+CVE-2015-4188 (SQL injection vulnerability in the Manager interface in Cisco Prime ...)
+ TODO: check
CVE-2015-4187
RESERVED
-CVE-2015-4186
- RESERVED
-CVE-2015-4185
- RESERVED
-CVE-2015-4184
- RESERVED
-CVE-2015-4183
- RESERVED
-CVE-2015-4182
- RESERVED
+CVE-2015-4186 (The diagnostics subsystem in the administrative web interface on Cisco ...)
+ TODO: check
+CVE-2015-4185 (The TCL interpreter in Cisco IOS 15.2 does not properly maintain the ...)
+ TODO: check
+CVE-2015-4184 (The anti-spam scanner on Cisco Email Security Appliance (ESA) devices ...)
+ TODO: check
+CVE-2015-4183 (Cisco UCS Central Software 1.2(1a) allows local users to gain ...)
+ TODO: check
+CVE-2015-4182 (The administrative web interface in Cisco Identity Services Engine ...)
+ TODO: check
CVE-2015-4181
RESERVED
CVE-2015-4180
@@ -611,6 +951,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/10/6
NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
CVE-2015-4625 [cookie generator can wrap and two identical cookies could exist; DoS]
+ RESERVED
- policykit-1 <unfixed> (low)
[jessie] - policykit-1 <no-dsa> (Minor issue)
[wheezy] - policykit-1 <no-dsa> (Minor issue)
@@ -676,8 +1017,7 @@
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f (v4.1-rc1)
CVE-2015-4172
RESERVED
-CVE-2015-4171
- RESERVED
+CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client ...)
{DSA-3282-1 DLA-244-1}
- strongswan 5.3.1-1
NOTE: https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-(cve-2015-4171).html
@@ -690,14 +1030,12 @@
CVE-2015-4165 [unspecified arbitrary files modification vulnerability]
RESERVED
- elasticsearch <unfixed> (bug #788471)
-CVE-2015-4164 [vulnerability in the iret hypercall handler]
- RESERVED
+CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way ...)
{DSA-3286-1}
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-136.html
-CVE-2015-4163 [GNTTABOP_swap_grant_ref operation misbehavior]
- RESERVED
+CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the ...)
{DSA-3286-1}
- xen <unfixed>
[wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
@@ -728,11 +1066,9 @@
NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
CVE-2015-4154
RESERVED
-CVE-2015-4153
- RESERVED
+CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login & Register ...)
NOT-FOR-US: WordPress plugin zm-ajax-login-register
-CVE-2015-4152
- RESERVED
+CVE-2015-4152 (Directory traversal vulnerability in the file output plugin in ...)
- logstash <itp> (bug #664841)
CVE-2015-4151
RESERVED
@@ -872,10 +1208,10 @@
RESERVED
CVE-2015-4120
RESERVED
-CVE-2015-4119
- RESERVED
-CVE-2015-4118
- RESERVED
+CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig ...)
+ TODO: check
CVE-2015-4117
RESERVED
CVE-2015-4116
@@ -894,8 +1230,8 @@
RESERVED
CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the ...)
NOT-FOR-US: WordPress plugin users-ultra
-CVE-2015-4108
- RESERVED
+CVE-2015-4108 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP ...)
+ TODO: check
CVE-2015-4107
RESERVED
CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space ...)
@@ -956,8 +1292,7 @@
RESERVED
CVE-2015-4094 (The Thycotic Password Manager Secret Server application through 2.3 ...)
NOT-FOR-US: Thycotic Password Manager Secret Server application for iOS
-CVE-2015-4093
- RESERVED
+CVE-2015-4093 (Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x ...)
- kibana <itp> (bug #700337)
CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 ...)
NOT-FOR-US: SAP Afaria
@@ -1266,8 +1601,8 @@
NOT-FOR-US: SAP HANA DB
CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...)
NOT-FOR-US: SAP HANA DB
-CVE-2015-3993
- RESERVED
+CVE-2015-3993 (Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows ...)
+ TODO: check
CVE-2015-3992
RESERVED
CVE-2015-3991 [strongSwan DoS and potential RCE]
@@ -1392,12 +1727,12 @@
RESERVED
CVE-2015-3952
RESERVED
-CVE-2015-3951
- RESERVED
+CVE-2015-3951 (RLE Nova-Wind Turbine HMI devices store cleartext credentials, which ...)
+ TODO: check
CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
NOT-FOR-US: XZERES 442SR (wind turbine)
-CVE-2015-3949
- RESERVED
+CVE-2015-3949 (Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows ...)
+ TODO: check
CVE-2015-3948
RESERVED
CVE-2015-3947
@@ -1424,8 +1759,7 @@
RESERVED
CVE-2015-3936
RESERVED
-CVE-2015-3935 [HTML Injection]
- RESERVED
+CVE-2015-3935 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
- dolibarr <unfixed> (bug #787762)
NOTE: https://github.com/Dolibarr/dolibarr/issues/2857
NOTE: https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
@@ -1451,8 +1785,8 @@
RESERVED
CVE-2015-3924
RESERVED
-CVE-2015-3923
- RESERVED
+CVE-2015-3923 (Coppermine Photo Gallery before 1.5.36 allows remote attackers to ...)
+ TODO: check
CVE-2015-3922 (Open redirect vulnerability in mode.php in Coppermine Photo Gallery ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3921 (Cross-site scripting (XSS) vulnerability in contact.php in Coppermine ...)
@@ -2132,8 +2466,7 @@
[jessie] - didjvu 0.2.8-1+deb8u1
NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
-CVE-2015-4146 [EAP-pwd missing payload length validation]
- RESERVED
+CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 ...)
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -2141,8 +2474,7 @@
NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
-CVE-2015-4145 [EAP-pwd missing payload length validation]
- RESERVED
+CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and ...)
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -2151,8 +2483,7 @@
NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
-CVE-2015-4144 [EAP-pwd missing payload length validation]
- RESERVED
+CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and ...)
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -2161,8 +2492,7 @@
NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
-CVE-2015-4143 [EAP-pwd missing payload length validation]
- RESERVED
+CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and ...)
- wpa <unfixed> (bug #787371)
- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
@@ -2171,8 +2501,7 @@
NOTE: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
-CVE-2015-4142 [Integer underflow in AP mode WMM Action frame processing]
- RESERVED
+CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 ...)
- wpa <unfixed> (bug #787373)
- wpasupplicant <removed>
[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with specific configurations)
@@ -2180,8 +2509,7 @@
NOTE: http://w1.fi/security/2015-3/
NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
-CVE-2015-4141 [WPS UPnP vulnerability with HTTP chunked transfer encoding]
- RESERVED
+CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and ...)
- wpa <unfixed> (bug #787372)
- wpasupplicant <removed> (unimportant)
[squeeze] - wpasupplicant <not-affected> (Affects v0.7.0-v2.4 with CONFIG_WPS_ER=y in the build configuration)
@@ -2885,8 +3213,7 @@
- yii-framework <itp> (bug #597899)
CVE-2015-3396
RESERVED
-CVE-2015-3395 [invalid memory access]
- RESERVED
+CVE-2015-3395 (The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and ...)
{DSA-3288-1}
- ffmpeg 7:2.6.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
@@ -3040,6 +3367,7 @@
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-132.html
CVE-2015-4605 [denial of service when processing a crafted file with Fileinfo -- 2015-02-09 17:10 UTC]
+ RESERVED
- php5 5.6.9+dfsg-1 (bug #783099)
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
@@ -3047,6 +3375,7 @@
NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
NOTE: https://bugs.php.net/bug.php?id=68819
CVE-2015-4604 [denial of service when processing a crafted file with Fileinfo -- 2015-02-05 13:53 UTC]
+ RESERVED
- php5 5.6.9+dfsg-1 (bug #783099)
[jessie] - php5 5.6.9+dfsg-0+deb8u1
[wheezy] - php5 5.4.41-0+deb7u1
@@ -3105,12 +3434,12 @@
NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7
CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
NOT-FOR-US: Hotspot Express hotEx Billing Manager
-CVE-2015-3318
- RESERVED
-CVE-2015-3317
- RESERVED
-CVE-2015-3316
- RESERVED
+CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
+ TODO: check
+CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
+ TODO: check
+CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
+ TODO: check
CVE-2015-3314
RESERVED
CVE-2015-3313
@@ -3402,8 +3731,7 @@
NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1558
NOTE: Affected code refactored in: http://vcs.pcre.org/pcre?view=revision&revision=1359 (8.34)
NOTE: Issue then introduced by: http://vcs.pcre.org/pcre?view=revision&revision=1361
-CVE-2015-3209 [heap overflow in qemu pcnet controller allowing guest to host escape]
- RESERVED
+CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows ...)
{DSA-3286-1 DSA-3285-1 DSA-3284-1}
- qemu 1:2.3+dfsg-6 (bug #788460)
[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
@@ -3426,8 +3754,8 @@
NOTE: former.
NOTE: KDC verification support in pykerberos added in https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c
NOTE: Using the above code as is might break existing installations since a keytab is required to call krb5_verify_init_creds
-CVE-2015-3205
- RESERVED
+CVE-2015-3205 (libmimedir allows remote attackers to execute arbitrary code via a VCF ...)
+ TODO: check
CVE-2015-3204
RESERVED
- libreswan <itp> (bug #773459)
@@ -3996,8 +4324,7 @@
CVE-2015-3297 [read-only directory traversal in Etherpad Minify]
RESERVED
- etherpad-lite <itp> (bug #576998)
-CVE-2015-3010 [world-readable keyring permissions]
- RESERVED
+CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ...)
- ceph-deploy <itp> (bug #694013)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
CVE-2015-3405 [ntp-keygen may generate non-random symmetric keys on big-endian systems]
@@ -4103,28 +4430,28 @@
RESERVED
CVE-2015-2963
RESERVED
-CVE-2015-2962
- RESERVED
+CVE-2015-2962 (CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to ...)
+ TODO: check
CVE-2015-2961 (Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow ...)
NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2960 (Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer ...)
NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2959 (Zoho NetFlow Analyzer build 10250 and earlier does not check for ...)
NOT-FOR-US: Zoho NetFlow Analyzer
-CVE-2015-2958
- RESERVED
-CVE-2015-2957
- RESERVED
-CVE-2015-2956
- RESERVED
-CVE-2015-2955
- RESERVED
-CVE-2015-2954
- RESERVED
-CVE-2015-2953
- RESERVED
-CVE-2015-2952
- RESERVED
+CVE-2015-2958 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ...)
+ TODO: check
+CVE-2015-2957 (Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light ...)
+ TODO: check
+CVE-2015-2956 (SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier ...)
+ TODO: check
+CVE-2015-2955 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ...)
+ TODO: check
+CVE-2015-2954 (Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep ...)
+ TODO: check
+CVE-2015-2953 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ...)
+ TODO: check
+CVE-2015-2952 (The user-information management functionality in Igreks MilkyStep ...)
+ TODO: check
CVE-2015-2951 (JWT.php in F21 JWT before 2.0 allows remote attackers to bypass ...)
NOT-FOR-US: PHP JWT aibrary
CVE-2015-2950 (Directory traversal vulnerability in the Brandon Bowles Open Explorer ...)
@@ -4541,10 +4868,10 @@
- das-watchdog 0.9.0-3.1 (bug #781806)
NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
-CVE-2015-2805
- RESERVED
-CVE-2015-2804
- RESERVED
+CVE-2015-2805 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, ...)
+ TODO: check
CVE-2015-2803
RESERVED
CVE-2015-2802
@@ -5736,18 +6063,18 @@
RESERVED
CVE-2015-2342
RESERVED
-CVE-2015-2341
- RESERVED
-CVE-2015-2340
- RESERVED
-CVE-2015-2339
- RESERVED
-CVE-2015-2338
- RESERVED
-CVE-2015-2337
- RESERVED
-CVE-2015-2336
- RESERVED
+CVE-2015-2341 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, ...)
+ TODO: check
+CVE-2015-2340 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
+ TODO: check
+CVE-2015-2339 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
+ TODO: check
+CVE-2015-2338 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
+ TODO: check
+CVE-2015-2337 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
+ TODO: check
+CVE-2015-2336 (TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
+ TODO: check
CVE-2015-2335 (A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows ...)
NOT-FOR-US: MyBB
CVE-2015-2334 (Cross-site request forgery (CSRF) vulnerability in the Admin Control ...)
@@ -7433,30 +7760,25 @@
RESERVED
CVE-2015-1793
RESERVED
-CVE-2015-1792 [CMS verify infinite loop with unknown hash function]
- RESERVED
+CVE-2015-1792 (The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before ...)
{DSA-3287-1}
- openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
-CVE-2015-1791 [race condition in NewSessionTicket]
- RESERVED
+CVE-2015-1791 (Race condition in the ssl3_get_new_session_ticket function in ...)
{DSA-3287-1}
- openssl 1.0.2b-1
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
-CVE-2015-1790 [PKCS7 crash with missing EnvelopedContent]
- RESERVED
+CVE-2015-1790 (The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL ...)
{DSA-3287-1}
- openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
-CVE-2015-1789 [Exploitable out-of-bounds read in X509_cmp_time]
- RESERVED
+CVE-2015-1789 (The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before ...)
{DSA-3287-1}
- openssl 1.0.2b-1
NOTE: http://openssl.org/news/secadv_20150611.txt
-CVE-2015-1788 [Malformed ECParameters causes infinite loop]
- RESERVED
+CVE-2015-1788 (The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before ...)
{DSA-3287-1}
- openssl 1.0.2b-1
[squeeze] - openssl <not-affected> (Vulnerable code got introduced post 1.0.0)
@@ -9582,16 +9904,16 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
CVE-2015-1353
REJECTED
-CVE-2015-4471 [off-by-one buffer under-read in mspack/lzxd.c]
+CVE-2015-4471 (Off-by-one error in the lzxd_decompress function in lzxd.c in ...)
- libmspack 0.5-1 (bug #775499)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2014-9732 [null pointer dereference on a crafted CAB]
+CVE-2014-9732 (The cabd_extract function in cabd.c in libmspack before 0.5 does not ...)
- libmspack 0.5-1 (bug #774665)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-4470 [off-by-one buffer over-read in mspack/mszipd.c]
+CVE-2015-4470 (Off-by-one error in the inflate function in mszipd.c in libmspack ...)
- libmspack 0.5-1 (bug #775498)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-4472 [CHM decompression: another pointer arithmetic overflow]
+CVE-2015-4472 (Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack ...)
- libmspack 0.5-1 (bug #775687)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-1591
@@ -11042,25 +11364,24 @@
- linux <not-affected> (Addon Xen usbback patch not present)
- linux-2.6 <not-affected> (Addon Xen usbback patch not present)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=917830
-CVE-2015-0776
- RESERVED
-CVE-2015-0775
- RESERVED
-CVE-2015-0774
- RESERVED
-CVE-2015-0773
- RESERVED
-CVE-2015-0772
- RESERVED
-CVE-2015-0771
- RESERVED
+CVE-2015-0776 (telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 ...)
+ TODO: check
+CVE-2015-0775 (The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on ...)
+ TODO: check
+CVE-2015-0774 (Cross-site scripting (XSS) vulnerability in Cisco Application and ...)
+ TODO: check
+CVE-2015-0773 (Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote ...)
+ TODO: check
+CVE-2015-0772 (Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows ...)
+ TODO: check
+CVE-2015-0771 (The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS ...)
+ TODO: check
CVE-2015-0770 (CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 ...)
NOT-FOR-US: Cisco TelePresence TC Software
-CVE-2015-0769
- RESERVED
+CVE-2015-0769 (Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System ...)
NOT-FOR-US: Cisco IOS
-CVE-2015-0768
- RESERVED
+CVE-2015-0768 (The Device Work Center (DWC) component in Cisco Prime Network Control ...)
+ TODO: check
CVE-2015-0767 (Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local ...)
NOT-FOR-US: Cisco
CVE-2015-0766 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -11121,8 +11442,8 @@
NOT-FOR-US: Cisco
CVE-2015-0738 (Cross-site scripting (XSS) vulnerability in the Web Tracking Report ...)
NOT-FOR-US: Cisco
-CVE-2015-0737
- RESERVED
+CVE-2015-0737 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT ...)
+ TODO: check
CVE-2015-0736 (Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense ...)
NOT-FOR-US: Cisco
CVE-2015-0735 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
@@ -11638,13 +11959,13 @@
[wheezy] - cpio <no-dsa> (Minor issue)
[squeeze] - cpio <no-dsa> (Minor issue)
NOTE: Patch used in SUSE: https://bugzilla.suse.com/attachment.cgi?id=599460&action=diff
-CVE-2015-4469 [CHM decompression: pointer arithmetic overflow -- fix-name-field-boundaries.patch; missing impot validation]
+CVE-2015-4469 (The chmd_read_headers function in chmd.c in libmspack before 0.5 does ...)
- libmspack 0.4-3 (bug #774726)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-4468 [CHM decompression: pointer arithmetic overflow -- fix-pointer-arithmetic-overflow.patch]
+CVE-2015-4468 (Multiple integer overflows in the search_chunk function in chmd.c in ...)
- libmspack 0.4-3 (bug #774726)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
-CVE-2015-4467 [CHM decompression: division by zero]
+CVE-2015-4467 (The chmd_init_decomp function in chmd.c in libmspack before 0.5 does ...)
- libmspack 0.4-3 (bug #774725)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-XXXX [directory traversal]
@@ -12161,8 +12482,7 @@
RESERVED
CVE-2015-0547
RESERVED
-CVE-2015-0546
- RESERVED
+CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows ...)
NOT-FOR-US: EMC Unified Infrastructure Manager/Provisioning
CVE-2015-0545
RESERVED
@@ -13356,10 +13676,10 @@
NOT-FOR-US: Adobe Flash
CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
NOT-FOR-US: Adobe ColdFusion
-CVE-2015-0344
- RESERVED
-CVE-2015-0343
- RESERVED
+CVE-2015-0344 (Cross-site scripting (XSS) vulnerability in the web app in Adobe ...)
+ TODO: check
+CVE-2015-0343 (Cross-site scripting (XSS) vulnerability in admin/home/homepage/search ...)
+ TODO: check
CVE-2015-0342 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
NOT-FOR-US: Adobe Flash
CVE-2015-0341 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
@@ -15658,16 +15978,16 @@
NOT-FOR-US: Android
CVE-2014-8608 (The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) ...)
NOT-FOR-US: K7 Computing
-CVE-2014-8607
- RESERVED
-CVE-2014-8606
- RESERVED
-CVE-2014-8605
- RESERVED
-CVE-2014-8604
- RESERVED
-CVE-2014-8603
- RESERVED
+CVE-2014-8607 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides ...)
+ TODO: check
+CVE-2014-8606 (Directory traversal vulnerability in the XCloner plugin 3.1.1 for ...)
+ TODO: check
+CVE-2014-8605 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores ...)
+ TODO: check
+CVE-2014-8604 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns ...)
+ TODO: check
+CVE-2014-8603 (cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and ...)
+ TODO: check
CVE-2014-8602 (iterator.c in NLnet Labs Unbound before 1.5.1 does not limit ...)
{DSA-3097-1 DLA-107-1}
- unbound 1.4.22-3 (bug #772622)
@@ -16963,8 +17283,7 @@
RESERVED
CVE-2014-8177
RESERVED
-CVE-2014-8176 [Invalid free in DTLS]
- RESERVED
+CVE-2014-8176 (The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before ...)
{DSA-3287-1}
- openssl 1.0.1h-1
NOTE: http://openssl.org/news/secadv_20150611.txt
@@ -62634,8 +62953,8 @@
RESERVED
CVE-2012-4717
RESERVED
-CVE-2012-4716
- RESERVED
+CVE-2012-4716 (N-Tron 702-W Industrial Wireless Access Point devices use the same (1) ...)
+ TODO: check
CVE-2012-4715 (Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx ...)
NOT-FOR-US: Rockwell Automation RSLinx Enterprise
CVE-2012-4714 (Integer overflow in RNADiagnostics.dll in Rockwell Automation ...)
More information about the Secure-testing-commits
mailing list