[Secure-testing-commits] r32722 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Mar 9 21:10:15 UTC 2015
Author: sectracker
Date: 2015-03-09 21:10:15 +0000 (Mon, 09 Mar 2015)
New Revision: 32722
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-09 19:38:30 UTC (rev 32721)
+++ data/CVE/list 2015-03-09 21:10:15 UTC (rev 32722)
@@ -1,3 +1,71 @@
+CVE-2015-2241
+ RESERVED
+CVE-2015-2240
+ RESERVED
+CVE-2015-2239 (Google Chrome before 41.0.2272.76, when Instant Extended mode is used, ...)
+ TODO: check
+CVE-2015-2238 (Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...)
+ TODO: check
+CVE-2015-2237
+ RESERVED
+CVE-2015-2236
+ RESERVED
+CVE-2015-2235 (Secure Transport in Apple iOS through 8.1.3, Apple OS X through ...)
+ TODO: check
+CVE-2015-2234
+ RESERVED
+CVE-2015-2233
+ RESERVED
+CVE-2015-2232
+ RESERVED
+CVE-2015-2231
+ RESERVED
+CVE-2015-2230
+ RESERVED
+CVE-2015-2229
+ RESERVED
+CVE-2015-2228
+ RESERVED
+CVE-2015-2227
+ RESERVED
+CVE-2015-2226
+ RESERVED
+CVE-2015-2225
+ RESERVED
+CVE-2015-2224
+ RESERVED
+CVE-2015-2223
+ RESERVED
+CVE-2015-2222
+ RESERVED
+CVE-2015-2221
+ RESERVED
+CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
+ TODO: check
+CVE-2015-2219
+ RESERVED
+CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2015-2217
+ RESERVED
+CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
+ TODO: check
+CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server ...)
+ TODO: check
+CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2015-2213
+ RESERVED
+CVE-2015-2212
+ RESERVED
+CVE-2015-2211
+ RESERVED
+CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in ...)
+ TODO: check
+CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...)
+ TODO: check
+CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...)
+ TODO: check
CVE-2015-XXXX [tcllib XSS]
- tcllib 1.16-dfsg-2 (low; bug #780100)
CVE-2015-XXXX [ActiveModel::Name to_json Call Infinite Loop Remote DoS]
@@ -57,34 +125,28 @@
CVE-2013-7435
RESERVED
NOT-FOR-US: Evergreen library
-CVE-2015-2192 [The SCSI OSD dissector could go into an infinite loop (wnpa-sec-2015-11)]
- RESERVED
+CVE-2015-2192 (Integer overflow in the dissect_osd2_cdb_continuation function in ...)
- wireshark <unfixed>
[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024
-CVE-2015-2191 [The TNEF dissector could go into an infinite loop (wnpa-sec-2015-10)]
- RESERVED
+CVE-2015-2191 (Integer overflow in the dissect_tnef function in ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
-CVE-2015-2190 [The LLDP dissector could crash (wnpa-sec-2015-09)]
- RESERVED
+CVE-2015-2190 (epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly ...)
- wireshark <unfixed>
[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983
-CVE-2015-2189 [The pcapng file parser could crash (wnpa-sec-2015-08)]
- RESERVED
+CVE-2015-2189 (Off-by-one error in the pcapng_read function in wiretap/pcapng.c in ...)
- wireshark <unfixed>
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
-CVE-2015-2188 [The WCP dissector could crash while decompressing data (wnpa-sec-2015-07)]
- RESERVED
+CVE-2015-2188 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
- wireshark <unfixed>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844
-CVE-2015-2187 [The ATN-CPDLC dissector could crash (wnpa-sec-2015-06)]
- RESERVED
+CVE-2015-2187 (The dissect_atn_cpdlc_heur function in ...)
- wireshark <unfixed>
[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
@@ -107,8 +169,8 @@
RESERVED
CVE-2015-2178
RESERVED
-CVE-2015-2177
- RESERVED
+CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a ...)
+ TODO: check
CVE-2015-2176
RESERVED
CVE-2015-2175
@@ -1286,8 +1348,8 @@
RESERVED
CVE-2015-1638
RESERVED
-CVE-2015-1637
- RESERVED
+CVE-2015-1637 (Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, ...)
+ TODO: check
CVE-2015-1636
RESERVED
CVE-2015-1635
@@ -1352,18 +1414,18 @@
RESERVED
CVE-2015-1601
RESERVED
-CVE-2015-1599
- RESERVED
-CVE-2015-1598
- RESERVED
-CVE-2015-1597
- RESERVED
-CVE-2015-1596
- RESERVED
-CVE-2015-1595
- RESERVED
-CVE-2015-1594
- RESERVED
+CVE-2015-1599 (The Siemens SPCanywhere application for iOS allows physically ...)
+ TODO: check
+CVE-2015-1598 (The Siemens SPCanywhere application for Android does not properly ...)
+ TODO: check
+CVE-2015-1597 (The Siemens SPCanywhere application for Android does not use ...)
+ TODO: check
+CVE-2015-1596 (The Siemens SPCanywhere application for Android and iOS does not ...)
+ TODO: check
+CVE-2015-1595 (The Siemens SPCanywhere application for Android and iOS does not use ...)
+ TODO: check
+CVE-2015-1594 (Untrusted search path vulnerability in Siemens SIMATIC ProSave before ...)
+ TODO: check
CVE-2013-7427
RESERVED
CVE-2012-6688
@@ -1729,8 +1791,8 @@
RESERVED
CVE-2015-1484
RESERVED
-CVE-2015-1483
- RESERVED
+CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
+ TODO: check
CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
- libav 6:11.2-1
@@ -2717,102 +2779,83 @@
RESERVED
CVE-2015-1233
RESERVED
-CVE-2015-1232
- RESERVED
-CVE-2015-1231
- RESERVED
+CVE-2015-1232 (Array index error in the MidiManagerUsb::DispatchSendMidiData function ...)
+ TODO: check
+CVE-2015-1231 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1230
- RESERVED
+CVE-2015-1230 (The getHiddenProperty function in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2015-1229
- RESERVED
+CVE-2015-1229 (net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1228
- RESERVED
+CVE-2015-1228 (The RenderCounter::updateCounter function in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1227
- RESERVED
+CVE-2015-1227 (The DragImage::create function in platform/DragImage.cpp in Blink, as ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1226
- RESERVED
+CVE-2015-1226 (The DebuggerFunction::InitAgentHost function in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1225
- RESERVED
+CVE-2015-1225 (PDFium, as used in Google Chrome before 41.0.2272.76, allows remote ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1224
- RESERVED
+CVE-2015-1224 (The VpxVideoDecoder::VpxDecode function in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1223
- RESERVED
+CVE-2015-1223 (Multiple use-after-free vulnerabilities in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1222
- RESERVED
+CVE-2015-1222 (Multiple use-after-free vulnerabilities in the ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1221
- RESERVED
+CVE-2015-1221 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1220
- RESERVED
+CVE-2015-1220 (Use-after-free vulnerability in the GIFImageReader::parseData function ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1219
- RESERVED
+CVE-2015-1219 (Integer overflow in the SkMallocPixelRef::NewAllocate function in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1218
- RESERVED
+CVE-2015-1218 (Multiple use-after-free vulnerabilities in the DOM implementation in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1217
- RESERVED
+CVE-2015-1217 (The V8LazyEventListener::prepareListenerObject function in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1216
- RESERVED
+CVE-2015-1216 (Use-after-free vulnerability in the ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1215
- RESERVED
+CVE-2015-1215 (The filters implementation in Skia, as used in Google Chrome before ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1214
- RESERVED
+CVE-2015-1214 (Integer overflow in the SkAutoSTArray implementation in ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1213
- RESERVED
+CVE-2015-1213 (The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
@@ -2878,8 +2921,8 @@
NOT-FOR-US: WordPress theme holding_pattern
CVE-2015-1171
RESERVED
-CVE-2015-1170
- RESERVED
+CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
+ TODO: check
CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
NOT-FOR-US: Apereo Central Authentication Service
CVE-2015-1168
@@ -4005,10 +4048,10 @@
RESERVED
CVE-2015-0896
RESERVED
-CVE-2015-0895
- RESERVED
-CVE-2015-0894
- RESERVED
+CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
+ TODO: check
+CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security & Firewall ...)
+ TODO: check
CVE-2015-0893 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
NOT-FOR-US: Maroyaka
CVE-2015-0892 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
@@ -4520,16 +4563,16 @@
RESERVED
CVE-2015-0662
RESERVED
-CVE-2015-0661
- RESERVED
+CVE-2015-0661 (The SNMPv2 implementation in Cisco IOS XR allows remote authenticated ...)
+ TODO: check
CVE-2015-0660
RESERVED
-CVE-2015-0659
- RESERVED
+CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
+ TODO: check
CVE-2015-0658
RESERVED
-CVE-2015-0657
- RESERVED
+CVE-2015-0657 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
+ TODO: check
CVE-2015-0656 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
NOT-FOR-US: Cisco NAM
CVE-2015-0655 (Cross-site scripting (XSS) vulnerability in Unified Web Interaction ...)
@@ -4628,8 +4671,8 @@
NOT-FOR-US: Cisco
CVE-2015-0608 (Race condition in the Measurement, Aggregation, and Correlation Engine ...)
NOT-FOR-US: Cisco
-CVE-2015-0607
- RESERVED
+CVE-2015-0607 (The Authentication Proxy feature in Cisco IOS does not properly handle ...)
+ TODO: check
CVE-2015-0606 (The IOS Shell in Cisco IOS allows local users to cause a denial of ...)
NOT-FOR-US: Cisco
CVE-2015-0605 (The uuencode inspection engine in Cisco AsyncOS on Cisco Email ...)
@@ -4646,8 +4689,8 @@
NOT-FOR-US: Cisco
CVE-2015-0599 (The web interface in Cisco Integrated Management Controller in Cisco ...)
NOT-FOR-US: Cisco
-CVE-2015-0598
- RESERVED
+CVE-2015-0598 (The RADIUS implementation in Cisco IOS and IOS XE allows remote ...)
+ TODO: check
CVE-2015-0597 (The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) ...)
NOT-FOR-US: Cisco
CVE-2015-0596 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
@@ -5929,8 +5972,8 @@
NOT-FOR-US: ManageEngine Desktop Central MSP
CVE-2014-9370
RESERVED
-CVE-2014-9369
- RESERVED
+CVE-2014-9369 (Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 ...)
+ TODO: check
CVE-2014-9368 (Cross-site request forgery (CSRF) vulnerability in the twitterDash ...)
NOT-FOR-US: WordPress plugin twitterDash
CVE-2014-9367 (Incomplete blacklist vulnerability in the urlEncode function in ...)
@@ -7474,8 +7517,7 @@
RESERVED
CVE-2015-0229
RESERVED
-CVE-2015-0228 [apache2 mod_lua websocket DoS]
- RESERVED
+CVE-2015-0228 (The lua_websocket_read function in lua_request.c in the mod_lua module ...)
- apache2 <unfixed> (low)
[wheezy] - apache2 <not-affected> (no mod_lua in 2.2)
[squeeze] - apache2 <not-affected> (no mod_lua in 2.2)
@@ -8209,11 +8251,9 @@
NOT-FOR-US: IBM
CVE-2014-8893 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: IBM
-CVE-2014-8892
- RESERVED
+CVE-2014-8892 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM ...)
NOT-FOR-US: IBM Java
-CVE-2014-8891
- RESERVED
+CVE-2014-8891 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM ...)
NOT-FOR-US: IBM Java
CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...)
NOT-FOR-US: IBM
@@ -25282,7 +25322,8 @@
NOT-FOR-US: Cisco
CVE-2014-2189
RESERVED
-CVE-2014-2188 (The Authentication Proxy feature in Cisco IOS does not properly handle ...)
+CVE-2014-2188
+ REJECTED
NOT-FOR-US: Cisco IOS
CVE-2014-2187
RESERVED
@@ -25398,8 +25439,8 @@
NOT-FOR-US: Cisco WebEx
CVE-2014-2131 (The packet driver in Cisco IOS allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-2130
- RESERVED
+CVE-2014-2130 (Cisco Secure Access Control Server (ACS) provides an unintentional ...)
+ TODO: check
CVE-2014-2129 (The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2128 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
More information about the Secure-testing-commits
mailing list