[Secure-testing-commits] r34440 - data/CVE

Fri May 22 21:10:15 UTC 2015

Author: sectracker
Date: 2015-05-22 21:10:15 +0000 (Fri, 22 May 2015)
New Revision: 34440

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-05-22 20:43:56 UTC (rev 34439)
+++ data/CVE/list	2015-05-22 21:10:15 UTC (rev 34440)
@@ -1,3 +1,19 @@
+CVE-2015-4052
+	RESERVED
+CVE-2015-4051
+	RESERVED
+CVE-2015-4050
+	RESERVED
+CVE-2014-9726
+	RESERVED
+CVE-2014-9725
+	RESERVED
+CVE-2014-9724
+	RESERVED
+CVE-2014-9723
+	RESERVED
+CVE-2014-9722
+	RESERVED
 CVE-2015-XXXX [XSS in group administration]
 	- php-horde 5.2.5+debian0-1 (bug #785364)
 	NOTE: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
@@ -2,2 +18,3 @@
 CVE-2015-4053
+	RESERVED
 	- ceph-deploy <itp> (bug #694013)
@@ -11,6 +28,7 @@
 CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	NOT-FOR-US: osCMax
 CVE-2015-4054 [remote crash/DoS - invalid packet order causes lookup of NULL pointer]
+	RESERVED
 	- pgbouncer 1.5.5-1
 	[jessie] - pgbouncer <no-dsa> (Minor issue)
 	[wheezy] - pgbouncer <no-dsa> (Minor issue)
@@ -66,8 +84,8 @@
 	RESERVED
 CVE-2015-4019
 	RESERVED
-CVE-2015-4018
-	RESERVED
+CVE-2015-4018 (SQL injection vulnerability in feedwordpresssyndicationpage.class.php ...)
+	TODO: check
 CVE-2015-4016 (The client detection protocol in Valve Steam allows remote attackers ...)
 	NOT-FOR-US: client detection protocol in Valve Steam
 CVE-2015-4015
@@ -335,10 +353,10 @@
 	RESERVED
 CVE-2015-3913
 	RESERVED
-CVE-2015-3912
-	RESERVED
-CVE-2015-3911
-	RESERVED
+CVE-2015-3912 (Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and ...)
+	TODO: check
+CVE-2015-3911 (Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows ...)
+	TODO: check
 CVE-2015-3910 (Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as ...)
 	TODO: check
 CVE-2015-3909
@@ -906,8 +924,8 @@
 	RESERVED
 CVE-2015-3648
 	RESERVED
-CVE-2015-3647
-	RESERVED
+CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2015-3645
 	RESERVED
 CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not ...)
@@ -1011,6 +1029,7 @@
 	NOTE: in other popular themes and plugins maybe it should as well be included
 	NOTE: in an update for wordpress for wheezy?
 CVE-2014-9721 [V3 protocol handler vulnerable to downgrade attacks]
+	RESERVED
 	{DSA-3255-1}
 	- zeromq3 4.0.5+dfsg-3 (bug #784366)
 	NOTE: https://github.com/zeromq/libzmq/issues/1273
@@ -1385,6 +1404,7 @@
 CVE-2015-3460
 	RESERVED
 CVE-2015-3905 [buffer overflow]
+	RESERVED
 	- t1utils 1.38-4 (bug #779274)
 	NOTE: https://github.com/kohler/t1utils/issues/4
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
@@ -2207,17 +2227,20 @@
 	REJECTED
 CVE-2015-3167
 	RESERVED
+	{DSA-3270-1 DSA-3269-1}
 	- postgresql-9.4 9.4.2-1
 	- postgresql-9.1 <removed>
 	NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
 	- postgresql-8.4 <removed>
 CVE-2015-3166
 	RESERVED
+	{DSA-3270-1 DSA-3269-1}
 	- postgresql-9.4 9.4.2-1
 	- postgresql-9.1 <removed>
 	- postgresql-8.4 <removed>
 CVE-2015-3165
 	RESERVED
+	{DSA-3270-1 DSA-3269-1}
 	- postgresql-9.4 9.4.2-1
 	- postgresql-9.1 <removed>
 	NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
@@ -3360,6 +3383,7 @@
 	NOTE: Only in the asn1 definition parser, not in the asn1 parser itself
 	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
 CVE-2013-7441 [nbd-server: server dies if client asks for a non-existing export]
+	RESERVED
 	- nbd 1:3.4-1 (bug #781547)
 	[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/05/19/6
@@ -7115,6 +7139,7 @@
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
 CVE-2015-1547 [uninitialized memory in NeXTDecode]
 	RESERVED
+	{DLA-221-1}
 	- tiff <unfixed> (bug #777390)
 	- tiff3 <removed>
 	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
@@ -9213,10 +9238,10 @@
 	NOT-FOR-US: Sefrengo
 CVE-2015-0917 (Cross-site scripting (XSS) vulnerability in the backend in Kajona ...)
 	NOT-FOR-US: Kajona
-CVE-2015-0916
-	RESERVED
-CVE-2015-0915
-	RESERVED
+CVE-2015-0916 (SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows ...)
+	TODO: check
+CVE-2015-0915 (Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 ...)
+	TODO: check
 CVE-2015-0914 (EasyCTF before 1.4 does not validate the session ID, which allows ...)
 	TODO: check
 CVE-2015-0913 (Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows ...)
@@ -9686,8 +9711,8 @@
 	RESERVED
 CVE-2015-0747
 	RESERVED
-CVE-2015-0746
-	RESERVED
+CVE-2015-0746 (The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows ...)
+	TODO: check
 CVE-2015-0745
 	RESERVED
 CVE-2015-0744
@@ -68504,8 +68529,8 @@
 	RESERVED
 CVE-2012-1979 (Cross-site scripting (XSS) vulnerability in starnet/index.php in ...)
 	NOT-FOR-US: SyndeoCMS
-CVE-2012-1978
-	RESERVED
+CVE-2012-1978 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
+	TODO: check
 CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of ...)
 	NOT-FOR-US: WellinTech KingSCADA
 CVE-2012-1976 (Use-after-free vulnerability in the ...)


