[Secure-testing-commits] r32856 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Mar 13 21:10:17 UTC 2015
Author: sectracker
Date: 2015-03-13 21:10:17 +0000 (Fri, 13 Mar 2015)
New Revision: 32856
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-13 20:51:36 UTC (rev 32855)
+++ data/CVE/list 2015-03-13 21:10:17 UTC (rev 32856)
@@ -1,3 +1,25 @@
+CVE-2015-2287
+ RESERVED
+CVE-2015-2286
+ RESERVED
+CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
+ TODO: check
+CVE-2014-9697
+ RESERVED
+CVE-2014-9696
+ RESERVED
+CVE-2014-9695
+ RESERVED
+CVE-2014-9694
+ RESERVED
+CVE-2014-9693
+ RESERVED
+CVE-2014-9692
+ RESERVED
+CVE-2014-9691
+ RESERVED
+CVE-2014-9690
+ RESERVED
CVE-2015-XXXX [tty: kobject reference leakage in tty_open]
- linux 3.2.20-1
- linux-2.6 3.2.1-1
@@ -28,8 +50,8 @@
RESERVED
CVE-2015-2276
RESERVED
-CVE-2015-2275
- RESERVED
+CVE-2015-2275 (Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery ...)
+ TODO: check
CVE-2015-2274
RESERVED
CVE-2015-2273
@@ -48,8 +70,8 @@
RESERVED
CVE-2015-2266
RESERVED
-CVE-2015-2264
- RESERVED
+CVE-2015-2264 (Multiple untrusted search path vulnerabilities in (1) ...)
+ TODO: check
CVE-2015-2263
RESERVED
CVE-2015-2262
@@ -113,8 +135,7 @@
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
NOTE: http://www.openwall.com/lists/oss-security/2015/03/09/5
-CVE-2015-2241 [XSS attack via properties in ModelAdmin.readonly_fields]
- RESERVED
+CVE-2015-2241 (Cross-site scripting (XSS) vulnerability in the contents function in ...)
- python-django 1.7.6-1
[wheezy] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
[squeeze] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
@@ -131,8 +152,8 @@
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant)
NOTE: libv8 not covered by security support
-CVE-2015-2237
- RESERVED
+CVE-2015-2237 (Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) ...)
+ TODO: check
CVE-2015-2236
RESERVED
CVE-2015-2235
@@ -203,8 +224,8 @@
RESERVED
CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation path ...)
NOT-FOR-US: DLGuard
-CVE-2015-2208
- RESERVED
+CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows ...)
+ TODO: check
CVE-2015-2207
RESERVED
CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, ...)
@@ -350,13 +371,11 @@
- xen <unfixed>
NOTE: http://xenbits.xen.org/xsa/advisory-119.html
TODO: check: vulnerable code seems present
-CVE-2015-2151 [Hypervisor memory corruption due to x86 emulator flaw]
- RESERVED
+CVE-2015-2151 (The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore ...)
{DSA-3181-1}
- xen 4.4.1-8 (bug #780227)
NOTE: http://xenbits.xen.org/xsa/advisory-123.html
-CVE-2015-2150 [Non-maskable interrupts triggerable by guests]
- RESERVED
+CVE-2015-2150 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI ...)
- linux <unfixed>
- linux-2.6 <not-affected> (xen-pciback introduced in 3.1)
NOTE: http://xenbits.xen.org/xsa/advisory-120.html
@@ -564,6 +583,7 @@
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/26/5
CVE-2011-5320 [glibc scanf implementation crashes on certain inputs]
+ RESERVED
- glibc 2.15
- eglibc 2.15
NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should
@@ -635,14 +655,12 @@
NOT-FOR-US: D-Link DCS-931L
CVE-2015-2048 (Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L ...)
NOT-FOR-US: D-Link DCS-931L
-CVE-2015-2045 [Information leak through version information hypercall]
- RESERVED
+CVE-2015-2045 (The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does ...)
{DSA-3181-1}
- xen 4.4.1-8
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://xenbits.xen.org/xsa/advisory-122.html
-CVE-2015-2044 [Information leak via internal x86 system device emulation]
- RESERVED
+CVE-2015-2044 (The emulation routines for unspecified X86 devices in Xen 3.2.x ...)
{DSA-3181-1}
- xen 4.4.1-8
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
@@ -1626,6 +1644,7 @@
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
CVE-2013-7436 [session hijack through insecurely set session token cookies]
+ RESERVED
- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
@@ -4746,14 +4765,11 @@
NOT-FOR-US: Cisco NAM
CVE-2015-0655 (Cross-site scripting (XSS) vulnerability in Unified Web Interaction ...)
NOT-FOR-US: Cisco Unified Web
-CVE-2015-0654
- RESERVED
+CVE-2015-0654 (Race condition in the TLS implementation in MainApp in the management ...)
NOT-FOR-US: Cisco
-CVE-2015-0653
- RESERVED
+CVE-2015-0653 (The management interface in Cisco TelePresence Video Communication ...)
NOT-FOR-US: Cisco
-CVE-2015-0652
- RESERVED
+CVE-2015-0652 (The Session Description Protocol (SDP) implementation in Cisco ...)
NOT-FOR-US: Cisco
CVE-2015-0651 (Cross-site request forgery (CSRF) vulnerability in the web GUI in ...)
NOT-FOR-US: Cisco
@@ -7861,8 +7877,8 @@
RESERVED
CVE-2015-0178
RESERVED
-CVE-2015-0177
- RESERVED
+CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
+ TODO: check
CVE-2015-0176
RESERVED
CVE-2015-0175
@@ -7937,8 +7953,8 @@
RESERVED
CVE-2015-0140
RESERVED
-CVE-2015-0139
- RESERVED
+CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
+ TODO: check
CVE-2015-0138
RESERVED
CVE-2015-0137
@@ -7949,16 +7965,16 @@
RESERVED
CVE-2015-0134
RESERVED
-CVE-2015-0133
- RESERVED
+CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...)
+ TODO: check
CVE-2015-0132
RESERVED
CVE-2015-0131
RESERVED
CVE-2015-0130
RESERVED
-CVE-2015-0129
- RESERVED
+CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
+ TODO: check
CVE-2015-0128
RESERVED
CVE-2015-0127
@@ -7969,10 +7985,10 @@
RESERVED
CVE-2015-0124
RESERVED
-CVE-2015-0123
- RESERVED
-CVE-2015-0122
- RESERVED
+CVE-2015-0123 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
+ TODO: check
+CVE-2015-0122 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
+ TODO: check
CVE-2015-0121
RESERVED
CVE-2015-0120
@@ -15168,8 +15184,8 @@
RESERVED
CVE-2014-6215 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
NOT-FOR-US: IBM
-CVE-2014-6214
- RESERVED
+CVE-2014-6214 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
+ TODO: check
CVE-2014-6213
RESERVED
CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...)
@@ -15309,8 +15325,8 @@
NOT-FOR-US: IBM
CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
NOT-FOR-US: IBM
-CVE-2014-6144
- RESERVED
+CVE-2014-6144 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
+ TODO: check
CVE-2014-6143 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
NOT-FOR-US: IBM
CVE-2014-6142
More information about the Secure-testing-commits
mailing list