[Secure-testing-commits] r34566 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu May 28 21:10:22 UTC 2015
Author: sectracker
Date: 2015-05-28 21:10:22 +0000 (Thu, 28 May 2015)
New Revision: 34566
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-28 20:29:44 UTC (rev 34565)
+++ data/CVE/list 2015-05-28 21:10:22 UTC (rev 34566)
@@ -1,3 +1,85 @@
+CVE-2015-4126
+ RESERVED
+CVE-2015-4125
+ RESERVED
+CVE-2015-4124
+ RESERVED
+CVE-2015-4123
+ RESERVED
+CVE-2015-4122
+ RESERVED
+CVE-2015-4121
+ RESERVED
+CVE-2015-4120
+ RESERVED
+CVE-2015-4119
+ RESERVED
+CVE-2015-4118
+ RESERVED
+CVE-2015-4117
+ RESERVED
+CVE-2015-4116
+ RESERVED
+CVE-2015-4115
+ RESERVED
+CVE-2015-4114
+ RESERVED
+CVE-2015-4113
+ RESERVED
+CVE-2015-4112
+ RESERVED
+CVE-2015-4111
+ RESERVED
+CVE-2015-4110
+ RESERVED
+CVE-2015-4109
+ RESERVED
+CVE-2015-4108
+ RESERVED
+CVE-2015-4107
+ RESERVED
+CVE-2015-4106
+ RESERVED
+CVE-2015-4105
+ RESERVED
+CVE-2015-4104
+ RESERVED
+CVE-2015-4103
+ RESERVED
+CVE-2015-4102
+ RESERVED
+CVE-2015-4101
+ RESERVED
+CVE-2015-4100
+ RESERVED
+CVE-2015-4099
+ RESERVED
+CVE-2015-4098
+ RESERVED
+CVE-2015-4097
+ RESERVED
+CVE-2015-4096
+ RESERVED
+CVE-2015-4095
+ RESERVED
+CVE-2015-4094
+ RESERVED
+CVE-2015-4093
+ RESERVED
+CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 ...)
+ TODO: check
+CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java ...)
+ TODO: check
+CVE-2015-4090
+ RESERVED
+CVE-2015-4089
+ RESERVED
+CVE-2015-4088
+ RESERVED
+CVE-2015-4087
+ RESERVED
+CVE-2007-6758
+ RESERVED
CVE-2015-4086
RESERVED
CVE-2015-4084
@@ -36,8 +118,8 @@
RESERVED
CVE-2015-4067
RESERVED
-CVE-2015-4066
- RESERVED
+CVE-2015-4066 (Multiple SQL injection vulnerabilities in admin/handlers.php in the ...)
+ TODO: check
CVE-2015-4061
RESERVED
CVE-2015-4060
@@ -72,17 +154,13 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae (v3.13-rc5)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/1
TODO: check affected version
-CVE-2015-4065
- RESERVED
+CVE-2015-4065 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin landing-pages
-CVE-2015-4064
- RESERVED
+CVE-2015-4064 (SQL injection vulnerability in modules/module.ab-testing.php in the ...)
NOT-FOR-US: WordPress plugin landing-pages
-CVE-2015-4063
- RESERVED
+CVE-2015-4063 (Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in ...)
NOT-FOR-US: WordPress plugin newstatpress
-CVE-2015-4062
- RESERVED
+CVE-2015-4062 (SQL injection vulnerability in includes/nsp_search.php in the ...)
NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4052
RESERVED
@@ -441,10 +519,10 @@
RESERVED
CVE-2015-3923
RESERVED
-CVE-2015-3922
- RESERVED
-CVE-2015-3921
- RESERVED
+CVE-2015-3922 (Open redirect vulnerability in mode.php in Coppermine Photo Gallery ...)
+ TODO: check
+CVE-2015-3921 (Cross-site scripting (XSS) vulnerability in contact.php in Coppermine ...)
+ TODO: check
CVE-2015-3920
RESERVED
CVE-2015-3919
@@ -478,8 +556,8 @@
RESERVED
CVE-2015-3907
RESERVED
-CVE-2015-3906
- RESERVED
+CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the Android ...)
+ TODO: check
CVE-2015-3904
RESERVED
CVE-2015-3901
@@ -650,11 +728,9 @@
RESERVED
CVE-2015-3816
RESERVED
-CVE-2015-3903 [phpmyadmin PMASA-2015-3 A vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack.]
- RESERVED
+CVE-2015-3903 (libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x ...)
- phpmyadmin 4:4.4.6.1-1 (unimportant)
-CVE-2015-3902 [phpmyadmin PMASA-2015-2 XSRF/CSRF vulnerability in phpMyAdmin setup.]
- RESERVED
+CVE-2015-3902 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- phpmyadmin 4:4.4.6.1-1 (unimportant)
CVE-2015-4036 [drivers/vhost/scsi.c: potential memory corruption]
RESERVED
@@ -685,37 +761,29 @@
NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
NOTE: https://github.com/gobby/gobby/issues/61
NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/1
-CVE-2015-3815
- RESERVED
+CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-18.html
-CVE-2015-3814
- RESERVED
+CVE-2015-3814 (The (1) dissect_tfs_request and (2) dissect_tfs_response functions in ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-17.html
-CVE-2015-3813
- RESERVED
+CVE-2015-3813 (The fragment_add_work function in epan/reassemble.c in the ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-16.html
-CVE-2015-3812
- RESERVED
+CVE-2015-3812 (Multiple memory leaks in the x11_init_protocol function in ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-15.html
-CVE-2015-3811
- RESERVED
+CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-14.html
-CVE-2015-3810
- RESERVED
+CVE-2015-3810 (epan/dissectors/packet-websocket.c in the WebSocket dissector in ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-13.html
-CVE-2015-3809 [LBMR infinite loop (wnpa-sec-2015-12)]
- RESERVED
+CVE-2015-3809 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
-CVE-2015-3808 [LBMR infinite loop (wnpa-sec-2015-12)]
- RESERVED
+CVE-2015-3808 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the ...)
- wireshark 1.12.5+g5819e5b-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
@@ -1964,8 +2032,7 @@
- file <not-affected> (Not reproducible with file, see #783108)
NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
NOTE: https://bugs.php.net/bug.php?id=68819
-CVE-2015-3339 [chown() was racy relative to execve()]
- RESERVED
+CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the ...)
{DSA-3237-1}
- linux 3.16.7-ckt9-3
- linux-2.6 <removed>
@@ -2769,8 +2836,7 @@
NOTE: https://github.com/proftpd/proftpd/pull/109
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4169
NOTE: https://cxsecurity.com/issue/WLB-2015040075
-CVE-2015-3331 [Buffer overruns in Linux kernel RFC4106 implementation using AESNI]
- RESERVED
+CVE-2015-3331 (The __driver_rfc4106_decrypt function in ...)
{DSA-3237-1}
- linux 3.16.7-ckt9-3 (bug #782561)
- linux-2.6 <removed>
@@ -2778,8 +2844,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/16
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a (v4.0-rc5)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e (v2.6.38-rc1)
-CVE-2015-3332 [TCP Fast Open local DoS]
- RESERVED
+CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux ...)
- linux 3.16.7-ckt9-3 (bug #782515)
[jessie] - linux 3.16.7-ckt9-3~deb8u1
[wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
@@ -2978,8 +3043,7 @@
[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
NOTE: https://trac.xiph.org/ticket/2191
NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/8
-CVE-2014-9715 [DoS -- OOPS NULL pointer dereference in nf_nat_setup_info+0x471]
- RESERVED
+CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem ...)
{DSA-3237-1}
- linux 3.14.5-1 (bug #741667)
- linux-2.6 <not-affected> (Introduced in 3.6)
@@ -3300,8 +3364,7 @@
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
NOTE: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html
-CVE-2015-2922 [IPv6 Hop limit lowering via RA messages]
- RESERVED
+CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the ...)
{DSA-3237-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
@@ -3345,8 +3408,7 @@
NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...)
NOT-FOR-US: SAP NetWeaver Portal
-CVE-2015-2830 [Linux mishandles int80 fork from 64-bit tasks]
- RESERVED
+CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not ...)
{DSA-3237-1}
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
@@ -4482,8 +4544,7 @@
NOT-FOR-US: Appweb Web Server
CVE-2014-9707 (EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path ...)
NOT-FOR-US: GoAhead Web Server
-CVE-2014-9710 [btrfs: non-atomic xattr replace operation]
- RESERVED
+CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ...)
- linux 3.16.7-ckt9-1
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
@@ -4670,8 +4731,7 @@
- flightgear-data 3.0.0-3 (bug #780716)
CVE-2015-XXXX [permissive file access allowed from nasal]
- flightgear 3.0.0-5 (bug #780712)
-CVE-2015-2666 [execution in the early microcode loader]
- RESERVED
+CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode ...)
- linux 3.16.7-ckt9-1
[wheezy] - linux <not-affected> (Introduced in 3.9)
- linux-2.6 <not-affected> (Introduced in 3.9)
@@ -8444,8 +8504,8 @@
RESERVED
CVE-2015-1158
RESERVED
-CVE-2015-1157
- RESERVED
+CVE-2015-1157 (CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause ...)
+ TODO: check
CVE-2015-1156 (The page-loading implementation in WebKit, as used in Apple Safari ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1155 (The history implementation in WebKit, as used in Apple Safari before ...)
@@ -8988,8 +9048,8 @@
RESERVED
CVE-2015-0987
RESERVED
-CVE-2015-0986
- RESERVED
+CVE-2015-0986 (Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus ...)
+ TODO: check
CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-0984 (Directory traversal vulnerability in the FTP server on Honeywell Excel ...)
@@ -16976,6 +17036,7 @@
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7810 [security manager bypass via EL expressions]
RESERVED
+ {DLA-232-1}
- tomcat6 6.0.41-3 (bug #787010)
NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
- tomcat7 7.0.61-1
@@ -36964,6 +37025,7 @@
- apache2 2.4.10-1
CVE-2014-0230 [non-persistent DoS attack by feeding data by aborting an upload]
RESERVED
+ {DLA-232-1}
- tomcat6 6.0.41-3 (bug #785316)
- tomcat7 <unfixed>
[jessie] - tomcat7 <no-dsa> (Minor issue)
@@ -36977,6 +37039,7 @@
CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...)
NOT-FOR-US: Apache Hive
CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...)
+ {DLA-232-1}
- tomcat6 6.0.41-3 (bug #785312)
NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
More information about the Secure-testing-commits
mailing list