[Secure-testing-commits] r34400 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu May 21 21:10:14 UTC 2015
Author: sectracker
Date: 2015-05-21 21:10:14 +0000 (Thu, 21 May 2015)
New Revision: 34400
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-21 20:38:00 UTC (rev 34399)
+++ data/CVE/list 2015-05-21 21:10:14 UTC (rev 34400)
@@ -1,3 +1,9 @@
+CVE-2015-4049
+ RESERVED
+CVE-2015-4048
+ RESERVED
+CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2015-XXXX [remote crash/DoS - invalid packet order causes lookup of NULL pointer]
- pgbouncer 1.5.5-1
NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
@@ -43,6 +49,7 @@
CVE-2013-7440
RESERVED
CVE-2015-4047 [denial-of-service]
+ RESERVED
- ipsec-tools <unfixed> (bug #785778)
NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
CVE-2015-4023
@@ -53,8 +60,8 @@
RESERVED
CVE-2015-4018
RESERVED
-CVE-2015-4016
- RESERVED
+CVE-2015-4016 (The client detection protocol in Valve Steam allows remote attackers ...)
+ TODO: check
CVE-2015-4015
RESERVED
CVE-2015-4014
@@ -100,8 +107,7 @@
RESERVED
CVE-2015-4001
RESERVED
-CVE-2015-4000 [TLS does not properly convey server's ciphersuite choice]
- RESERVED
+CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
NOTE: disclosed in section 3.2 of the
NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper.
@@ -109,8 +115,8 @@
NOTE: IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
NOTE: OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
NOTE: GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
-CVE-2015-3999
- RESERVED
+CVE-2015-3999 (Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames ...)
+ TODO: check
CVE-2015-3998
RESERVED
CVE-2015-3997
@@ -127,8 +133,8 @@
RESERVED
CVE-2015-3991
RESERVED
-CVE-2015-3990
- RESERVED
+CVE-2015-3990 (The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, ...)
+ TODO: check
CVE-2015-3989 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
TODO: check
CVE-2014-9720
@@ -516,6 +522,7 @@
RESERVED
- phpmyadmin 4:4.4.6.1-1 (unimportant)
CVE-2015-4036 [drivers/vhost/scsi.c: potential memory corruption]
+ RESERVED
- linux 4.0.2-1
- linux-2.6 <removed>
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
@@ -998,6 +1005,7 @@
NOTE: in other popular themes and plugins maybe it should as well be included
NOTE: in an update for wordpress for wheezy?
CVE-2014-9721 [V3 protocol handler vulnerable to downgrade attacks]
+ {DSA-3255-1}
- zeromq3 4.0.5+dfsg-3 (bug #784366)
NOTE: https://github.com/zeromq/libzmq/issues/1273
NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
@@ -2087,6 +2095,7 @@
RESERVED
CVE-2015-3202
RESERVED
+ {DSA-3266-1}
- fuse 2.9.3-16 (bug #786439)
- ntfs-3g <unfixed> (unimportant)
NOTE: ntfs-3g source wise affected but uses --with-fuse=external
@@ -2270,8 +2279,8 @@
CVE-2015-3142
RESERVED
NOT-FOR-US: abrt is Red Hat / Fedora specific
-CVE-2015-3141
- RESERVED
+CVE-2015-3141 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2015-3140
RESERVED
CVE-2015-3139
@@ -2484,8 +2493,8 @@
NOT-FOR-US: Adobe Flash
CVE-2015-3037
RESERVED
-CVE-2015-3036
- RESERVED
+CVE-2015-3036 (Stack-based buffer overflow in the run_init_sbus function in the ...)
+ TODO: check
CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with ...)
TODO: check
CVE-2015-3034
@@ -8021,8 +8030,8 @@
RESERVED
CVE-2015-1189
RESERVED
-CVE-2015-1188
- RESERVED
+CVE-2015-1188 (The certificate verification functions in the HNDS service in Swisscom ...)
+ TODO: check
CVE-2015-1187
RESERVED
NOT-FOR-US: D-Link
@@ -9634,10 +9643,10 @@
RESERVED
CVE-2015-0743
RESERVED
-CVE-2015-0742
- RESERVED
-CVE-2015-0741
- RESERVED
+CVE-2015-0742 (The Protocol Independent Multicast (PIM) application in Cisco Adaptive ...)
+ TODO: check
+CVE-2015-0741 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco ...)
+ TODO: check
CVE-2015-0740 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
TODO: check
CVE-2015-0739 (The Lights-Out Management (LOM) implementation in Cisco FireSIGHT ...)
@@ -60534,10 +60543,10 @@
- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4903 (Google Chrome before 18.0.1025308 on Android does not properly ...)
- chromium-browser <not-affected> (Chrome on Android)
-CVE-2012-4902
- RESERVED
-CVE-2012-4901
- RESERVED
+CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Template ...)
+ TODO: check
+CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ...)
+ TODO: check
CVE-2012-4900
RESERVED
CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing ...)
@@ -65198,8 +65207,8 @@
RESERVED
CVE-2012-3244
RESERVED
-CVE-2012-3243
- RESERVED
+CVE-2012-3243 (Cross-site scripting (XSS) vulnerability in the SEOgento plugin for ...)
+ TODO: check
CVE-2012-3242
RESERVED
CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not ...)
@@ -69250,10 +69259,10 @@
- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware ...)
NOT-FOR-US: VMware Tools
-CVE-2012-1665
- RESERVED
-CVE-2012-1664
- RESERVED
+CVE-2012-1665 (Multiple SQL injection vulnerabilities in the admin panel in osCMax ...)
+ TODO: check
+CVE-2012-1664 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
+ TODO: check
CVE-2012-1663 (Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows ...)
- gnutls28 3.0.14-1
- gnutls26 <not-affected> (only GNUTLS 3.0 is affected)
More information about the Secure-testing-commits
mailing list