[Secure-testing-commits] r32991 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Mar 19 21:10:16 UTC 2015
Author: sectracker
Date: 2015-03-19 21:10:16 +0000 (Thu, 19 Mar 2015)
New Revision: 32991
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-19 19:08:11 UTC (rev 32990)
+++ data/CVE/list 2015-03-19 21:10:16 UTC (rev 32991)
@@ -1,3 +1,37 @@
+CVE-2015-2348
+ RESERVED
+CVE-2015-2347
+ RESERVED
+CVE-2015-2346
+ RESERVED
+CVE-2015-2345
+ RESERVED
+CVE-2015-2344
+ RESERVED
+CVE-2015-2343
+ RESERVED
+CVE-2015-2342
+ RESERVED
+CVE-2015-2341
+ RESERVED
+CVE-2015-2340
+ RESERVED
+CVE-2015-2339
+ RESERVED
+CVE-2015-2338
+ RESERVED
+CVE-2015-2337
+ RESERVED
+CVE-2015-2336
+ RESERVED
+CVE-2015-2335 (A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows ...)
+ TODO: check
+CVE-2015-2334 (Cross-site request forgery (CSRF) vulnerability in the Admin Control ...)
+ TODO: check
+CVE-2015-2333 (Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB ...)
+ TODO: check
+CVE-2015-2332 (Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka ...)
+ TODO: check
CVE-2015-XXXX [SA-CORE-2015-001: Access bypass]
- drupal7 7.32-1+deb8u2 (bug #780772)
- drupal6 <removed>
@@ -79,15 +113,18 @@
RESERVED
CVE-2015-2320 [Related to "remove the client-side SSLv2 fallback"]
RESERVED
+ {DLA-176-1}
- mono 3.2.8+dfsg-10 (bug #780751)
NOTE: https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
CVE-2015-2319 [FREAK issue]
RESERVED
+ {DLA-176-1}
- mono 3.2.8+dfsg-10 (bug #780751)
NOTE: https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10
NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/728af6f96d1b8c976659
CVE-2015-2318 [SKIP-TLS issue]
RESERVED
+ {DLA-176-1}
- mono 3.2.8+dfsg-10 (bug #780751)
NOTE: https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4
NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/f8c6e67f551d8a608154
@@ -183,8 +220,7 @@
RESERVED
- etherpad-lite <itp> (bug #576998)
NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
-CVE-2015-2296 [session fixation and cookie stealing]
- RESERVED
+CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 ...)
- requests 2.4.3-6 (bug #780506)
[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
@@ -603,8 +639,7 @@
- tcpdump 4.6.2-4
[squeeze] - tcpdump <not-affected> (Vulnerable code not present)
NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
-CVE-2015-2152 [HVM qemu unexpectedly enabling emulated VGA graphics backends]
- RESERVED
+CVE-2015-2152 (Xen 4.5.x and earlier enables certain default backends when emulating ...)
- xen <unfixed>
[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
NOTE: http://xenbits.xen.org/xsa/advisory-119.html
@@ -618,8 +653,8 @@
- linux <unfixed>
- linux-2.6 <not-affected> (xen-pciback introduced in 3.1)
NOTE: http://xenbits.xen.org/xsa/advisory-120.html
-CVE-2015-2149
- RESERVED
+CVE-2015-2149 (Multiple cross-site scripting (XSS) vulnerabilities in the administrative ...)
+ TODO: check
CVE-2015-2148
RESERVED
CVE-2015-2147
@@ -3650,40 +3685,40 @@
RESERVED
CVE-2015-1085
RESERVED
-CVE-2015-1084
- RESERVED
-CVE-2015-1083
- RESERVED
-CVE-2015-1082
- RESERVED
-CVE-2015-1081
- RESERVED
-CVE-2015-1080
- RESERVED
-CVE-2015-1079
- RESERVED
-CVE-2015-1078
- RESERVED
-CVE-2015-1077
- RESERVED
-CVE-2015-1076
- RESERVED
-CVE-2015-1075
- RESERVED
-CVE-2015-1074
- RESERVED
-CVE-2015-1073
- RESERVED
-CVE-2015-1072
- RESERVED
-CVE-2015-1071
- RESERVED
-CVE-2015-1070
- RESERVED
-CVE-2015-1069
- RESERVED
-CVE-2015-1068
- RESERVED
+CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, ...)
+ TODO: check
+CVE-2015-1083 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1082 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1081 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1080 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1079 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1078 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1077 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1076 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1075 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1074 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1073 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1072 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1071 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1070 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1069 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
+CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
+ TODO: check
CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...)
TODO: check
CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...)
@@ -4496,8 +4531,8 @@
RESERVED
CVE-2015-0897
RESERVED
-CVE-2015-0896
- RESERVED
+CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...)
+ TODO: check
CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security & Firewall ...)
@@ -5008,14 +5043,14 @@
RESERVED
CVE-2015-0668
RESERVED
-CVE-2015-0667
- RESERVED
+CVE-2015-0667 (The Management Interface on Cisco Content Services Switch (CSS) 11500 ...)
+ TODO: check
CVE-2015-0666
RESERVED
CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client ...)
TODO: check
-CVE-2015-0664
- RESERVED
+CVE-2015-0664 (The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) ...)
+ TODO: check
CVE-2015-0663 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does ...)
TODO: check
CVE-2015-0662 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows ...)
@@ -7787,6 +7822,7 @@
[squeeze] - openssl <unfixed>
CVE-2015-0292
RESERVED
+ {DSA-3197-1}
- openssl <unfixed>
CVE-2015-0291
RESERVED
@@ -7796,16 +7832,20 @@
- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0289
RESERVED
+ {DSA-3197-1}
- openssl <unfixed>
CVE-2015-0288
RESERVED
+ {DSA-3197-1}
- openssl <unfixed>
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
CVE-2015-0287
RESERVED
+ {DSA-3197-1}
- openssl <unfixed>
CVE-2015-0286
RESERVED
+ {DSA-3197-1}
- openssl <unfixed>
CVE-2015-0285
RESERVED
@@ -8095,6 +8135,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0210
CVE-2015-0209
RESERVED
+ {DSA-3197-1}
- openssl <unfixed>
NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
CVE-2015-0208
@@ -10646,8 +10687,7 @@
CVE-2014-8170
RESERVED
- ovirt-node <itp> (bug #502024)
-CVE-2014-8169 [priv escalation via interpreter load path for program based automount maps]
- RESERVED
+CVE-2014-8169 (automount 5.0.8, when a program map uses certain interpreted ...)
- autofs 5.0.8-2 (bug #779591)
[wheezy] - autofs <not-affected> (Vulnerable code introduced in 5.0.8)
- autofs5 <not-affected> (Vulnerable code introduced in 5.0.8)
More information about the Secure-testing-commits
mailing list