[Secure-testing-commits] r32829 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Mar 12 21:10:17 UTC 2015
Author: sectracker
Date: 2015-03-12 21:10:17 +0000 (Thu, 12 Mar 2015)
New Revision: 32829
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-12 20:40:14 UTC (rev 32828)
+++ data/CVE/list 2015-03-12 21:10:17 UTC (rev 32829)
@@ -1,3 +1,7 @@
+CVE-2015-2284
+ RESERVED
+CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier ...)
+ TODO: check
CVE-2015-XXXX [Doesn't Validate TLS]
- python-restkit <unfixed>
NOTE: https://github.com/benoitc/restkit/issues/140
@@ -271,8 +275,8 @@
TODO: check
CVE-2015-2183 (Multiple SQL injection vulnerabilities in the administrative backend ...)
TODO: check
-CVE-2015-2182
- RESERVED
+CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 ...)
+ TODO: check
CVE-2015-2181
RESERVED
CVE-2015-2180
@@ -1001,8 +1005,8 @@
RESERVED
CVE-2015-1876
RESERVED
-CVE-2015-1875
- RESERVED
+CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...)
+ TODO: check
CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-1873
@@ -1643,6 +1647,7 @@
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
RESERVED
+ {DSA-3184-1}
[experimental] - gnupg2 2.1.2-1
- gnupg2 2.0.26-5 (bug #778577)
[wheezy] - gnupg2 <no-dsa> (Minor issue)
@@ -1706,6 +1711,7 @@
NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
NOTE: https://lkml.org/lkml/2015/2/14/61
CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and ...)
+ {DSA-3183-1}
- movabletype-opensource <removed>
NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
@@ -3382,18 +3388,18 @@
RESERVED
CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...)
TODO: check
-CVE-2015-1066
- RESERVED
-CVE-2015-1065
- RESERVED
-CVE-2015-1064
- RESERVED
-CVE-2015-1063
- RESERVED
-CVE-2015-1062
- RESERVED
-CVE-2015-1061
- RESERVED
+CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...)
+ TODO: check
+CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 ...)
+ TODO: check
+CVE-2015-1064 (Springboard in Apple iOS before 8.2 allows physically proximate ...)
+ TODO: check
+CVE-2015-1063 (CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause ...)
+ TODO: check
+CVE-2015-1062 (MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 ...)
+ TODO: check
+CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and ...)
+ TODO: check
CVE-2015-1060 (Open redirect vulnerability in lib/Cake/Controller/Controller.php in ...)
NOT-FOR-US: AdaptCMS
CVE-2015-1059 (Unrestricted file upload vulnerability in admin/files/add in AdaptCMS ...)
@@ -3665,8 +3671,8 @@
NOTE: Effect mitigated because of disabled automatic version check due to CVE-2014-2029
NOTE: Patch applied to OpenSUSE 13.1: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
TODO: check details
-CVE-2015-1026
- RESERVED
+CVE-2015-1026 (Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ...)
+ TODO: check
CVE-2015-1025
RESERVED
CVE-2015-1024
@@ -4323,6 +4329,7 @@
RESERVED
CVE-2015-0837 [data-dependent timing variations in modular exponentiation]
RESERVED
+ {DSA-3185-1 DSA-3184-1}
- libgcrypt11 <unfixed>
- libgcrypt20 1.6.3-2
- gnupg 1.4.18-7
@@ -5653,20 +5660,15 @@
RESERVED
CVE-2015-0526
RESERVED
-CVE-2015-0525
- RESERVED
+CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual ...)
NOT-FOR-US: EMC
-CVE-2015-0524
- RESERVED
+CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC ...)
NOT-FOR-US: EMC
-CVE-2015-0523
- RESERVED
+CVE-2015-0523 (EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA ...)
NOT-FOR-US: RSA
-CVE-2015-0522
- RESERVED
+CVE-2015-0522 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate ...)
NOT-FOR-US: RSA
-CVE-2015-0521
- RESERVED
+CVE-2015-0521 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate ...)
NOT-FOR-US: RSA
CVE-2015-0520
RESERVED
@@ -7053,6 +7055,7 @@
CVE-2014-9058
RESERVED
CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...)
+ {DSA-3183-1}
- movabletype-opensource <removed> (bug #774192)
NOTE: https://movabletype.org/news/2014/12/6.0.6.html
NOTE: https://movabletype.org/documentation/appendices/release-notes/6.0.6.html
@@ -7119,8 +7122,8 @@
NOT-FOR-US: ZTE ZXDSL 831 and 831CII
CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
NOT-FOR-US: ZTE ZXDSL 831CII
-CVE-2014-9017
- RESERVED
+CVE-2014-9017 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...)
+ TODO: check
CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
{DSA-3168-1 DLA-167-1}
- ruby-redcloth 4.2.9-4 (bug #774748)
@@ -21515,6 +21518,7 @@
NOT-FOR-US: OpenShift Origin
CVE-2014-3591 [sidechannel attack on Elgamal]
RESERVED
+ {DSA-3185-1 DSA-3184-1}
- libgcrypt11 <unfixed>
- libgcrypt20 1.6.3-2
- gnupg 1.4.18-7
@@ -44712,6 +44716,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
CVE-2013-2184 [unsafe use of Storable::thaw]
RESERVED
+ {DSA-3183-1}
- movabletype-opensource 5.2.7+dfsg-1 (bug #712602)
[squeeze] - movabletype-opensource <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q2/568
More information about the Secure-testing-commits
mailing list