[Secure-testing-commits] r32782 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Mar 11 09:11:55 UTC 2015
Author: sectracker
Date: 2015-03-11 09:11:44 +0000 (Wed, 11 Mar 2015)
New Revision: 32782
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-11 07:52:25 UTC (rev 32781)
+++ data/CVE/list 2015-03-11 09:11:44 UTC (rev 32782)
@@ -1,3 +1,67 @@
+CVE-2015-2274
+ RESERVED
+CVE-2015-2273
+ RESERVED
+CVE-2015-2272
+ RESERVED
+CVE-2015-2271
+ RESERVED
+CVE-2015-2270
+ RESERVED
+CVE-2015-2269
+ RESERVED
+CVE-2015-2268
+ RESERVED
+CVE-2015-2267
+ RESERVED
+CVE-2015-2266
+ RESERVED
+CVE-2015-2264
+ RESERVED
+CVE-2015-2263
+ RESERVED
+CVE-2015-2262
+ RESERVED
+CVE-2015-2261
+ RESERVED
+CVE-2015-2260
+ RESERVED
+CVE-2015-2259
+ RESERVED
+CVE-2015-2258
+ RESERVED
+CVE-2015-2257
+ RESERVED
+CVE-2015-2256
+ RESERVED
+CVE-2015-2255
+ RESERVED
+CVE-2015-2254
+ RESERVED
+CVE-2015-2253
+ RESERVED
+CVE-2015-2252
+ RESERVED
+CVE-2015-2251
+ RESERVED
+CVE-2015-2250
+ RESERVED
+CVE-2015-2249
+ RESERVED
+CVE-2015-2248
+ RESERVED
+CVE-2015-2247
+ RESERVED
+CVE-2015-2246
+ RESERVED
+CVE-2015-2245
+ RESERVED
+CVE-2015-2244 (Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun ...)
+ TODO: check
+CVE-2015-2243 (Directory traversal vulnerability in Webshop hun 1.062S allows remote ...)
+ TODO: check
+CVE-2015-2242 (Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow ...)
+ TODO: check
CVE-2015-XXXX [several security vulnerabilities and network packets can terminate the connection]
- armagetronad <unfixed> (bug #780178)
CVE-2015-XXXX [use after free in phar_object.c]
@@ -18,6 +82,7 @@
NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2015-2265 [Incomplete fix for CVE-2014-2707; CUPS-filters remove_bad_chars() bypass]
+ RESERVED
- cups-filters <unfixed>
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
@@ -112,8 +177,7 @@
RESERVED
CVE-2015-2207
RESERVED
-CVE-2015-2206 [phpMyAdmin risk of BREACH attack due to reflected parameter.]
- RESERVED
+CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, ...)
- phpmyadmin <unfixed> (unimportant)
NOTE: Hardening, not a concrete issue itself
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php
@@ -403,18 +467,18 @@
RESERVED
CVE-2015-2098
RESERVED
-CVE-2015-2097
- RESERVED
-CVE-2015-2096
- RESERVED
-CVE-2015-2095
- RESERVED
-CVE-2015-2094
- RESERVED
-CVE-2015-2093
- RESERVED
-CVE-2015-2092
- RESERVED
+CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) ...)
+ TODO: check
+CVE-2015-2096 (Use-after-free vulnerability in the Connect function in the ...)
+ TODO: check
+CVE-2015-2095 (Heap-based buffer overflow in the SetConnectInfo function in the ...)
+ TODO: check
+CVE-2015-2094 (Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 ...)
+ TODO: check
+CVE-2015-2093 (Stack-based buffer overflow in the Connect function in the WebGate ...)
+ TODO: check
+CVE-2015-2092 (The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies ...)
+ TODO: check
CVE-2015-2090 (SQL injection vulnerability in the ajax_survey function in ...)
NOT-FOR-US: ajax_survey function in settings.php in the WordPress Survey and Poll plugin for WordPress
CVE-2015-2089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -511,8 +575,8 @@
NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
CVE-2015-2062
RESERVED
-CVE-2015-2061
- RESERVED
+CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View ...)
+ TODO: check
CVE-2015-2057
RESERVED
CVE-2015-2056
@@ -913,8 +977,8 @@
RESERVED
CVE-2015-1875
RESERVED
-CVE-2015-1874
- RESERVED
+CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
+ TODO: check
CVE-2015-1873
RESERVED
CVE-2015-1872
@@ -2111,8 +2175,7 @@
NOT-FOR-US: Fork CMS
CVE-2015-1466
RESERVED
-CVE-2015-1464
- RESERVED
+CVE-2015-1464 (RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows ...)
{DSA-3176-1 DLA-158-1}
- request-tracker4 4.2.8-3
- request-tracker3.8 <removed>
@@ -2982,8 +3045,7 @@
RESERVED
CVE-2015-1166
RESERVED
-CVE-2015-1165
- RESERVED
+CVE-2015-1165 (RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x ...)
{DSA-3176-1 DLA-158-1}
- request-tracker4 4.2.8-3
- request-tracker3.8 <removed>
@@ -4046,8 +4108,7 @@
REJECTED
CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in includes/refreshDate.php ...)
NOT-FOR-US: Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin for WordPress
-CVE-2015-2063 [buffer overflow]
- RESERVED
+CVE-2015-2063 (Integer overflow in unace 1.2b allows remote attackers to cause a ...)
{DSA-3178-1 DLA-164-1}
- unace 1.2b-12 (bug #775003)
NOTE: http://git.hadrons.org/?p=debian/pkgs/unace.git;a=commitdiff;h=319446f
@@ -5126,8 +5187,7 @@
RESERVED
CVE-2014-9473 (Unrestricted file upload vulnerability in lib_nonajax.php in the ...)
NOT-FOR-US: formsII plugin for WordPress
-CVE-2014-9472
- RESERVED
+CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before ...)
{DSA-3176-1 DLA-158-1}
- request-tracker4 4.2.8-3
- request-tracker3.8 <removed> (unimportant)
@@ -7474,8 +7534,7 @@
CVE-2015-0255 (X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x ...)
{DSA-3160-1}
- xorg-server 2:1.16.4-1
-CVE-2015-0254 [XXE and RCE via XSL extension in JSTL XML tags]
- RESERVED
+CVE-2015-0254 (Apache Standard Taglibs before 1.2.3 allows remote attackers to ...)
- jakarta-taglibs-standard <unfixed> (bug #779621)
CVE-2015-0253
RESERVED
@@ -11069,28 +11128,28 @@
[squeeze] - chromium-browser <end-of-life>
NOTE: http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
NOTE: https://chromium.googlesource.com/chromium/src/+/5cfbddc9cc972f5133f26664dbf5810bb569cd04
-CVE-2014-7898
- RESERVED
-CVE-2014-7897
- RESERVED
+CVE-2014-7898 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7897 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
CVE-2014-7896 (Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 ...)
NOT-FOR-US: HP
-CVE-2014-7895
- RESERVED
-CVE-2014-7894
- RESERVED
-CVE-2014-7893
- RESERVED
-CVE-2014-7892
- RESERVED
-CVE-2014-7891
- RESERVED
-CVE-2014-7890
- RESERVED
-CVE-2014-7889
- RESERVED
-CVE-2014-7888
- RESERVED
+CVE-2014-7895 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7894 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7893 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7892 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7891 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7890 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7889 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
+CVE-2014-7888 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
+ TODO: check
CVE-2014-7887
RESERVED
CVE-2014-7886
@@ -21015,8 +21074,7 @@
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/
CVE-2014-3692 (The customization template in Red Hat CloudForms 3.1 Management Engine ...)
NOT-FOR-US: RedHat CloudForms Management Engine
-CVE-2014-3691
- RESERVED
+CVE-2014-3691 (Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before ...)
NOT-FOR-US: Foreman Smart Proxy
CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before ...)
{DSA-3060-1}
More information about the Secure-testing-commits
mailing list