[Secure-testing-commits] r33306 - data/CVE

Tue Mar 31 21:10:17 UTC 2015

Author: sectracker
Date: 2015-03-31 21:10:17 +0000 (Tue, 31 Mar 2015)
New Revision: 33306

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-03-31 19:23:05 UTC (rev 33305)
+++ data/CVE/list	2015-03-31 21:10:17 UTC (rev 33306)
@@ -1,3 +1,35 @@
+CVE-2015-2805
+	RESERVED
+CVE-2015-2804
+	RESERVED
+CVE-2015-2803
+	RESERVED
+CVE-2015-2802
+	RESERVED
+CVE-2015-2801
+	RESERVED
+CVE-2015-2800
+	RESERVED
+CVE-2015-2799
+	RESERVED
+CVE-2015-2798
+	RESERVED
+CVE-2015-2797
+	RESERVED
+CVE-2015-2796
+	RESERVED
+CVE-2015-2795
+	RESERVED
+CVE-2015-2794
+	RESERVED
+CVE-2015-2792 (The WPML plugin before 3.1.9 for WordPress does not properly handle ...)
+	TODO: check
+CVE-2015-2791 (The "menu sync" function in the WPML plugin before 3.1.9 for WordPress ...)
+	TODO: check
+CVE-2015-2790 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow ...)
+	TODO: check
+CVE-2015-2789 (Unquoted Windows search path vulnerability in the Foxit Cloud Safe ...)
+	TODO: check
 CVE-2015-XXXX [xdeb: disables apt's signature checks]
 	- xdeb <unfixed> (bug #781595)
 	[wheezy] - xdeb <no-dsa> (Minor issue)
@@ -64,9 +96,11 @@
 	[wheezy] - hp2xx <no-dsa> (Minor issue)
 	[squeeze] - hp2xx <no-dsa> (Minor issue)
 CVE-2015-2793 [cross-site scripting via openid_identifier]
+	RESERVED
 	- ikiwiki 3.20141016.2 (bug #781483)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/30/5
 CVE-2015-2806 [two-byte stack overflow in asn1_der_decoding]
+	RESERVED
 	[experimental] - libtasn1-6 4.4-1
 	- libtasn1-6 <unfixed>
 	- libtasn1-3 <removed>
@@ -1581,6 +1615,7 @@
 	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024
 CVE-2015-2191 (Integer overflow in the dissect_tnef function in ...)
+	{DSA-3210-1}
 	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
 CVE-2015-2190 (epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly ...)
@@ -1589,10 +1624,12 @@
 	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983
 CVE-2015-2189 (Off-by-one error in the pcapng_read function in wiretap/pcapng.c in ...)
+	{DSA-3210-1}
 	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
 CVE-2015-2188 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
+	{DSA-3210-1}
 	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844
 CVE-2015-2187 (The dissect_atn_cpdlc_heur function in ...)
@@ -1631,8 +1668,8 @@
 CVE-2009-5145
 	RESERVED
 	- zope2.12 2.12.10-1
-CVE-2015-2171
-	RESERVED
+CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote ...)
+	TODO: check
 CVE-2015-2170
 	RESERVED
 CVE-2015-2169
@@ -1766,14 +1803,14 @@
 	RESERVED
 CVE-2015-2110
 	RESERVED
-CVE-2015-2109
-	RESERVED
-CVE-2015-2108
-	RESERVED
+CVE-2015-2109 (Unspecified vulnerability in HP Operations Orchestration 10.x allows ...)
+	TODO: check
+CVE-2015-2108 (Unspecified vulnerability in Powershell Operations in HP Operations ...)
+	TODO: check
 CVE-2015-2107 (HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows ...)
 	TODO: check
-CVE-2015-2106
-	RESERVED
+CVE-2015-2106 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...)
+	TODO: check
 CVE-2015-2105
 	RESERVED
 CVE-2015-2104
@@ -1810,8 +1847,7 @@
 	NOTE: temporary workaround until CVE assigned to explitly tag for wheezy+squeeze
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
 	NOTE: https://www.trustmatta.com/advisories/MATTA-2015-002.txt (not yet published)
-CVE-2015-2172 [DokuWiki privilege escalation in RPC API]
-	RESERVED
+CVE-2015-2172 (DokuWiki before 2014-05-05d and before 2014-09-29c does not properly ...)
 	- dokuwiki 0.0.20140929.d-1 (bug #779547)
 	[jessie] - dokuwiki 0.0.20140505.a+dfsg-4
 	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
@@ -2444,8 +2480,7 @@
 	RESERVED
 CVE-2015-1828
 	RESERVED
-CVE-2015-1827 [memory corruption when using get_user_grouplist()]
-	RESERVED
+CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA ...)
 	- freeipa <not-affected> (Only affects 4.1, see bug #781224)
 	NOTE: https://fedorahosted.org/freeipa/ticket/4908
 CVE-2015-1826
@@ -2476,8 +2511,7 @@
 	- musl <unfixed> (bug #781497)
 CVE-2015-1816
 	RESERVED
-CVE-2015-1815
-	RESERVED
+CVE-2015-1815 (The get_rpm_nvr_by_file_path_temporary function in util.py in ...)
 	NOT-FOR-US: setroubleshoot
 CVE-2015-1814 [SECURITY-180, orced API token change]
 	RESERVED
@@ -2940,8 +2974,7 @@
 	NOT-FOR-US: OpenDaylight
 CVE-2015-1610
 	RESERVED
-CVE-2015-1609
-	RESERVED
+CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers ...)
 	- mongodb 1:2.4.10-5 (bug #780129)
 	NOTE: https://jira.mongodb.org/browse/SERVER-17264
 CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
@@ -5156,10 +5189,10 @@
 	RESERVED
 CVE-2015-0986
 	RESERVED
-CVE-2015-0985
-	RESERVED
-CVE-2015-0984
-	RESERVED
+CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
+	TODO: check
+CVE-2015-0984 (Directory traversal vulnerability in the FTP server on Honeywell Excel ...)
+	TODO: check
 CVE-2015-0983
 	RESERVED
 CVE-2015-0982 (Buffer overflow in an unspecified DLL in Schneider Electric Pelco ...)
@@ -5593,10 +5626,10 @@
 	RESERVED
 CVE-2015-0902
 	RESERVED
-CVE-2015-0901
-	RESERVED
-CVE-2015-0900
-	RESERVED
+CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy theme ...)
+	TODO: check
+CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi ...)
+	TODO: check
 CVE-2015-0899 [input validation bypass in MultiPageValidator]
 	RESERVED
 	- libstruts1.2-java <unfixed>
@@ -8082,8 +8115,8 @@
 	RESERVED
 CVE-2014-9210
 	RESERVED
-CVE-2014-9209
-	RESERVED
+CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application ...)
+	TODO: check
 CVE-2014-9208
 	RESERVED
 CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...)
@@ -8986,8 +9019,7 @@
 CVE-2015-0284
 	RESERVED
 	NOT-FOR-US: Red Hat Satellite
-CVE-2015-0283 [infinite loop in getgrnam_r() and getgrgid_r()]
-	RESERVED
+CVE-2015-0283 (The slapi-nis plug-in before 0.54.2 does not properly reallocate ...)
 	- slapi-nis <unfixed> (bug #781346)
 CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature ...)
 	{DSA-3191-1 DLA-180-1}
@@ -12735,8 +12767,8 @@
 	NOT-FOR-US: HP Helion Cloud Development Platform
 CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
 	NOT-FOR-US: HP-UX
-CVE-2014-7876
-	RESERVED
+CVE-2014-7876 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...)
+	TODO: check
 CVE-2014-7875 (Unspecified vulnerability on the HP LaserJet CM3530 Multifunction ...)
 	NOT-FOR-US: HP Color LaserJet Printers
 CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System ...)


