[Secure-testing-commits] r34535 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue May 26 21:10:16 UTC 2015
Author: sectracker
Date: 2015-05-26 21:10:16 +0000 (Tue, 26 May 2015)
New Revision: 34535
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-26 20:17:15 UTC (rev 34534)
+++ data/CVE/list 2015-05-26 21:10:16 UTC (rev 34535)
@@ -1,3 +1,57 @@
+CVE-2015-4086
+ RESERVED
+CVE-2015-4084
+ RESERVED
+CVE-2015-4083
+ RESERVED
+CVE-2015-4082
+ RESERVED
+CVE-2015-4081
+ RESERVED
+CVE-2015-4080
+ RESERVED
+CVE-2015-4079
+ RESERVED
+CVE-2015-4078
+ RESERVED
+CVE-2015-4077
+ RESERVED
+CVE-2015-4076
+ RESERVED
+CVE-2015-4075
+ RESERVED
+CVE-2015-4074
+ RESERVED
+CVE-2015-4073
+ RESERVED
+CVE-2015-4072
+ RESERVED
+CVE-2015-4071
+ RESERVED
+CVE-2015-4070
+ RESERVED
+CVE-2015-4069
+ RESERVED
+CVE-2015-4068
+ RESERVED
+CVE-2015-4067
+ RESERVED
+CVE-2015-4066
+ RESERVED
+CVE-2015-4061
+ RESERVED
+CVE-2015-4060
+ RESERVED
+CVE-2015-4059
+ RESERVED
+CVE-2015-4058
+ RESERVED
+CVE-2015-4057
+ RESERVED
+CVE-2015-4056
+ RESERVED
+CVE-2015-4055
+ RESERVED
CVE-2015-XXXX [hwclock(8) SUID privilege escalation]
- util-linux <unfixed> (unimportant; bug #786804)
NOTE: hwclock is not installed suid in Debian
@@ -29,12 +83,16 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/1
TODO: check affected version
CVE-2015-4065
+ RESERVED
NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4064
+ RESERVED
NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4063
+ RESERVED
NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4062
+ RESERVED
NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4052
RESERVED
@@ -2203,7 +2261,7 @@
RESERVED
CVE-2015-3202
RESERVED
- {DSA-3268-1 DSA-3266-1 DLA-226-1}
+ {DSA-3268-2 DSA-3268-1 DSA-3266-1 DLA-226-2 DLA-226-1}
- fuse 2.9.3-16 (bug #786439)
NOTE: Upstream fix: http://sourceforge.net/p/fuse/fuse/ci/fe2d96/
- ntfs-3g 1:2014.2.15AR.3-3 (bug #786475)
@@ -2308,7 +2366,7 @@
REJECTED
CVE-2015-3167
RESERVED
- {DSA-3270-1 DSA-3269-1}
+ {DSA-3270-1 DSA-3269-1 DLA-227-1}
- postgresql-9.4 9.4.2-1
- postgresql-9.1 <removed>
NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
@@ -2316,14 +2374,14 @@
[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3166
RESERVED
- {DSA-3270-1 DSA-3269-1}
+ {DSA-3270-1 DSA-3269-1 DLA-227-1}
- postgresql-9.4 9.4.2-1
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <no-dsa> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3165
RESERVED
- {DSA-3270-1 DSA-3269-1}
+ {DSA-3270-1 DSA-3269-1 DLA-227-1}
- postgresql-9.4 9.4.2-1
- postgresql-9.1 <removed>
NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
@@ -2739,6 +2797,7 @@
NOTE: Upstream patch: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
NOTE: https://sourceforge.net/p/net-snmp/bugs/2615/ (currently not public)
CVE-2015-4085 [read-only directory traversal in Etherpad frontend tests]
+ RESERVED
- etherpad-lite <itp> (bug #576998)
NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
CVE-2015-3297 [read-only directory traversal in Etherpad Minify]
@@ -2883,10 +2942,10 @@
RESERVED
CVE-2015-2947
RESERVED
-CVE-2015-2946
- RESERVED
-CVE-2015-2945
- RESERVED
+CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF common ...)
+ TODO: check
+CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does ...)
+ TODO: check
CVE-2015-2944
RESERVED
CVE-2015-2943
@@ -3662,8 +3721,7 @@
RESERVED
CVE-2015-2695
RESERVED
-CVE-2015-2694 [issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass]
- RESERVED
+CVE-2015-2694 (The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x ...)
- krb5 1.12.1+dfsg-20 (bug #783557)
[jessie] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
[wheezy] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
@@ -5257,21 +5315,17 @@
RESERVED
CVE-2015-2124
RESERVED
-CVE-2015-2123
- RESERVED
-CVE-2015-2122
- RESERVED
+CVE-2015-2123 (Unspecified vulnerability in HP NonStop Safeguard Security Software ...)
+ TODO: check
+CVE-2015-2122 (The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows ...)
NOT-FOR-US: HP
-CVE-2015-2121
- RESERVED
+CVE-2015-2121 (HP Network Virtualization for LoadRunner and Performance Center 8.61 ...)
NOT-FOR-US: HP
-CVE-2015-2120
- RESERVED
+CVE-2015-2120 (Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x ...)
NOT-FOR-US: HP SiteScope
CVE-2015-2119
RESERVED
-CVE-2015-2118
- RESERVED
+CVE-2015-2118 (Unspecified vulnerability in the Secure Pull Print and Security Pull ...)
NOT-FOR-US: HP Access Control Software
CVE-2015-2117 (HP TippingPoint Security Management System (SMS) and TippingPoint ...)
NOT-FOR-US: HP TippingPoint
@@ -5287,8 +5341,7 @@
NOT-FOR-US: HP Thin Clients
CVE-2015-2111 (Unspecified vulnerability in HP Intelligent Provisioning 1.40 through ...)
NOT-FOR-US: HP Intelligent Provisioning
-CVE-2015-2110
- RESERVED
+CVE-2015-2110 (Buffer overflow in HP LoadRunner 11.52 allows remote attackers to ...)
NOT-FOR-US: HP LoadRunner
CVE-2015-2109 (Unspecified vulnerability in HP Operations Orchestration 10.x allows ...)
NOT-FOR-US: HP Operations Orchestration
@@ -5767,8 +5820,8 @@
RESERVED
CVE-2015-1922
RESERVED
-CVE-2015-1921
- RESERVED
+CVE-2015-1921 (Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before ...)
+ TODO: check
CVE-2015-1920 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 ...)
NOT-FOR-US: IBM
CVE-2015-1919
@@ -5780,8 +5833,8 @@
CVE-2015-1916
RESERVED
NOT-FOR-US: IBM JDK
-CVE-2015-1915
- RESERVED
+CVE-2015-1915 (The Endpoint Manager for Remote Control component in IBM Tivoli ...)
+ TODO: check
CVE-2015-1914
RESERVED
NOT-FOR-US: IBM JDK
@@ -5789,12 +5842,12 @@
RESERVED
CVE-2015-1912
RESERVED
-CVE-2015-1911
- RESERVED
-CVE-2015-1910
- RESERVED
-CVE-2015-1909
- RESERVED
+CVE-2015-1911 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
+ TODO: check
+CVE-2015-1910 (Cross-site scripting (XSS) vulnerability in the Reference Data ...)
+ TODO: check
+CVE-2015-1909 (The XML parser in the Reference Data Management component in the ...)
+ TODO: check
CVE-2015-1908 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1907 (The Administration and Reporting Tool in IBM Rational License Key ...)
@@ -5813,18 +5866,18 @@
RESERVED
CVE-2015-1900
RESERVED
-CVE-2015-1899
- RESERVED
+CVE-2015-1899 (IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause ...)
+ TODO: check
CVE-2015-1898 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
NOT-FOR-US: IBM
CVE-2015-1897 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
NOT-FOR-US: IBM
-CVE-2015-1896
- RESERVED
-CVE-2015-1895
- RESERVED
-CVE-2015-1894
- RESERVED
+CVE-2015-1896 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
+ TODO: check
+CVE-2015-1895 (IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on ...)
+ TODO: check
+CVE-2015-1894 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
+ TODO: check
CVE-2015-1893 (The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows ...)
NOT-FOR-US: IBM WebSphere
CVE-2015-1892 (The Multicast DNS (mDNS) responder in IBM Security Access Manager for ...)
@@ -8854,8 +8907,8 @@
RESERVED
CVE-2015-1014
RESERVED
-CVE-2015-1013
- RESERVED
+CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure ...)
+ TODO: check
CVE-2015-1012
RESERVED
CVE-2015-1011
@@ -8864,8 +8917,8 @@
RESERVED
CVE-2015-1009
RESERVED
-CVE-2015-1008
- RESERVED
+CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...)
+ TODO: check
CVE-2015-1007
RESERVED
CVE-2015-1006
@@ -8959,10 +9012,10 @@
RESERVED
CVE-2015-0963
RESERVED
-CVE-2015-0962
- RESERVED
-CVE-2015-0961
- RESERVED
+CVE-2015-0962 (Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection ...)
+ TODO: check
+CVE-2015-0961 (Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, ...)
+ TODO: check
CVE-2015-0960
RESERVED
CVE-2015-0959
@@ -9013,8 +9066,8 @@
NOT-FOR-US: Blue Coat
CVE-2015-0936
RESERVED
-CVE-2015-0935
- RESERVED
+CVE-2015-0935 (Bomgar Remote Support before 15.1.1 allows remote attackers to execute ...)
+ TODO: check
CVE-2015-0934 (Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ...)
NOT-FOR-US: ShareLaTeX
CVE-2015-0933 (Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, ...)
@@ -9790,8 +9843,8 @@
RESERVED
CVE-2015-0751
RESERVED
-CVE-2015-0750
- RESERVED
+CVE-2015-0750 (The administrative web interface in Cisco Hosted Collaboration ...)
+ TODO: check
CVE-2015-0749
RESERVED
CVE-2015-0748
@@ -9846,8 +9899,8 @@
NOT-FOR-US: Cisco
CVE-2015-0723 (The wireless web-authentication subsystem on Cisco Wireless LAN ...)
NOT-FOR-US: Cisco
-CVE-2015-0722
- RESERVED
+CVE-2015-0722 (The network drivers in Cisco TelePresence T, Cisco TelePresence TE, ...)
+ TODO: check
CVE-2015-0721
RESERVED
CVE-2015-0720
@@ -9864,8 +9917,8 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2015-0714 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse ...)
NOT-FOR-US: Cisco Finesse
-CVE-2015-0713
- RESERVED
+CVE-2015-0713 (The web framework in Cisco TelePresence Advanced Media Gateway Series ...)
+ TODO: check
CVE-2015-0712 (The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and ...)
NOT-FOR-US: Cisco StarOS
CVE-2015-0711 (The hamgr service in the IPv6 Proxy Mobile (PM) implementation in ...)
@@ -10863,8 +10916,8 @@
RESERVED
CVE-2015-0541
RESERVED
-CVE-2015-0540
- RESERVED
+CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC Document ...)
+ TODO: check
CVE-2015-0539
RESERVED
CVE-2015-0538 (ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 ...)
@@ -13205,8 +13258,8 @@
RESERVED
CVE-2015-0181
RESERVED
-CVE-2015-0180
- RESERVED
+CVE-2015-0180 (The Connector Migration Tool in IBM InfoSphere Information Server 8.1 ...)
+ TODO: check
CVE-2015-0179 (Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 ...)
NOT-FOR-US: IBM Domino
CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before ...)
@@ -13223,14 +13276,14 @@
RESERVED
CVE-2015-0172
RESERVED
-CVE-2015-0171
- RESERVED
-CVE-2015-0170
- RESERVED
-CVE-2015-0169
- RESERVED
-CVE-2015-0168
- RESERVED
+CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector System ...)
+ TODO: check
+CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
+ TODO: check
+CVE-2015-0169 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
+ TODO: check
+CVE-2015-0168 (Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector ...)
+ TODO: check
CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in ...)
NOT-FOR-US: textAngular
CVE-2015-0166
@@ -13243,18 +13296,18 @@
RESERVED
CVE-2015-0162
RESERVED
-CVE-2015-0161
- RESERVED
-CVE-2015-0160
- RESERVED
+CVE-2015-0161 (SQL injection vulnerability in IBM Security SiteProtector System 3.0 ...)
+ TODO: check
+CVE-2015-0160 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
+ TODO: check
CVE-2015-0159
REJECTED
CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2015-0157
RESERVED
-CVE-2015-0156
- RESERVED
+CVE-2015-0156 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
+ TODO: check
CVE-2015-0155
RESERVED
CVE-2015-0154
@@ -13285,8 +13338,8 @@
RESERVED
CVE-2015-0141
RESERVED
-CVE-2015-0140
- RESERVED
+CVE-2015-0140 (An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 ...)
+ TODO: check
CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2015-0138 (GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before ...)
@@ -13325,8 +13378,8 @@
NOT-FOR-US: IBM Rational Team Concert
CVE-2015-0121
RESERVED
-CVE-2015-0120
- RESERVED
+CVE-2015-0120 (Buffer overflow in the FastBackMount process in IBM Tivoli Storage ...)
+ TODO: check
CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before ...)
NOT-FOR-US: IBM Tivoli Storage Manager FastBack
CVE-2015-0118
@@ -13714,10 +13767,10 @@
RESERVED
CVE-2014-8928
RESERVED
-CVE-2014-8927
- RESERVED
-CVE-2014-8926
- RESERVED
+CVE-2014-8927 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License ...)
+ TODO: check
+CVE-2014-8926 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License ...)
+ TODO: check
CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in ...)
NOT-FOR-US: IBM
CVE-2014-8924 (The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before ...)
@@ -15785,8 +15838,7 @@
RESERVED
CVE-2014-8148 (The default D-Bus access control rule in Midgard2 10.05.7.1 allows ...)
- midgard2-core <unfixed> (bug #774630)
-CVE-2014-8147 [Integer overflow]
- RESERVED
+CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode ...)
- icu 52.1-9 (bug #784773)
[wheezy] - icu <not-affected> (Vulnerable code not present)
[squeeze] - icu <not-affected> (Vulnerable code not present)
@@ -15795,8 +15847,7 @@
[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37080
-CVE-2014-8146 [Heap overflow]
- RESERVED
+CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unicode ...)
- icu 52.1-9 (bug #784773)
[wheezy] - icu <not-affected> (Vulnerable code not present)
[squeeze] - icu <not-affected> (Vulnerable code not present)
@@ -20622,12 +20673,12 @@
NOT-FOR-US: IBM Maximo
CVE-2014-6193 (IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, ...)
NOT-FOR-US: IBM
-CVE-2014-6192
- RESERVED
+CVE-2014-6192 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
+ TODO: check
CVE-2014-6191
RESERVED
-CVE-2014-6190
- RESERVED
+CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows ...)
+ TODO: check
CVE-2014-6189
RESERVED
CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
@@ -23910,16 +23961,16 @@
RESERVED
CVE-2014-4779
RESERVED
-CVE-2014-4778
- RESERVED
+CVE-2014-4778 (IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for ...)
+ TODO: check
CVE-2014-4777
RESERVED
CVE-2014-4776 (IBM License Metric Tool 9 before 9.1.0.2 does not have an off ...)
NOT-FOR-US: IBM
CVE-2014-4775 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x ...)
NOT-FOR-US: IBM
-CVE-2014-4774
- RESERVED
+CVE-2014-4774 (Cross-site request forgery (CSRF) vulnerability in the login page in ...)
+ TODO: check
CVE-2014-4773
RESERVED
CVE-2014-4772
@@ -30972,8 +31023,8 @@
NOT-FOR-US: Cisco IOS
CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
NOT-FOR-US: Cisco
-CVE-2014-2174
- RESERVED
+CVE-2014-2174 (Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 ...)
+ TODO: check
CVE-2014-2173 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
NOT-FOR-US: Cisco
CVE-2014-2172 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
More information about the Secure-testing-commits
mailing list