[Secure-testing-commits] r36418 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Wed Sep 2 09:10:12 UTC 2015
Author: sectracker
Date: 2015-09-02 09:10:12 +0000 (Wed, 02 Sep 2015)
New Revision: 36418
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-02 07:42:37 UTC (rev 36417)
+++ data/CVE/list 2015-09-02 09:10:12 UTC (rev 36418)
@@ -1,3 +1,125 @@
+CVE-2015-6804
+ RESERVED
+CVE-2015-6803
+ RESERVED
+CVE-2015-6802
+ RESERVED
+CVE-2015-6801
+ RESERVED
+CVE-2015-6800
+ RESERVED
+CVE-2015-6799
+ RESERVED
+CVE-2015-6798
+ RESERVED
+CVE-2015-6797
+ RESERVED
+CVE-2015-6796
+ RESERVED
+CVE-2015-6795
+ RESERVED
+CVE-2015-6794
+ RESERVED
+CVE-2015-6793
+ RESERVED
+CVE-2015-6792
+ RESERVED
+CVE-2015-6791
+ RESERVED
+CVE-2015-6790
+ RESERVED
+CVE-2015-6789
+ RESERVED
+CVE-2015-6788
+ RESERVED
+CVE-2015-6787
+ RESERVED
+CVE-2015-6786
+ RESERVED
+CVE-2015-6785
+ RESERVED
+CVE-2015-6784
+ RESERVED
+CVE-2015-6783
+ RESERVED
+CVE-2015-6782
+ RESERVED
+CVE-2015-6781
+ RESERVED
+CVE-2015-6780
+ RESERVED
+CVE-2015-6779
+ RESERVED
+CVE-2015-6778
+ RESERVED
+CVE-2015-6777
+ RESERVED
+CVE-2015-6776
+ RESERVED
+CVE-2015-6775
+ RESERVED
+CVE-2015-6774
+ RESERVED
+CVE-2015-6773
+ RESERVED
+CVE-2015-6772
+ RESERVED
+CVE-2015-6771
+ RESERVED
+CVE-2015-6770
+ RESERVED
+CVE-2015-6769
+ RESERVED
+CVE-2015-6768
+ RESERVED
+CVE-2015-6767
+ RESERVED
+CVE-2015-6766
+ RESERVED
+CVE-2015-6765
+ RESERVED
+CVE-2015-6764
+ RESERVED
+CVE-2015-6763
+ RESERVED
+CVE-2015-6762
+ RESERVED
+CVE-2015-6761
+ RESERVED
+CVE-2015-6760
+ RESERVED
+CVE-2015-6759
+ RESERVED
+CVE-2015-6758
+ RESERVED
+CVE-2015-6757
+ RESERVED
+CVE-2015-6756
+ RESERVED
+CVE-2015-6755
+ RESERVED
+CVE-2015-6754 (Cross-site scripting (XSS) vulnerability in the administration ...)
+ TODO: check
+CVE-2015-6753 (Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit ...)
+ TODO: check
+CVE-2015-6752 (Cross-site scripting (XSS) vulnerability in the Search API ...)
+ TODO: check
+CVE-2015-6751 (Multiple cross-site scripting (XSS) vulnerabilities in the Time ...)
+ TODO: check
+CVE-2015-6750 (Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows ...)
+ TODO: check
+CVE-2015-6747 (Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent ...)
+ TODO: check
+CVE-2015-6746 (Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys ...)
+ TODO: check
+CVE-2015-6745 (Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to ...)
+ TODO: check
+CVE-2015-6744 (Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client ...)
+ TODO: check
+CVE-2015-6743 (Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password ...)
+ TODO: check
+CVE-2015-6742 (Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded ...)
+ TODO: check
CVE-2015-XXXX [Cross Site Request Forgery / Code Execution]
- jenkins <unfixed>
NOTE: http://seclists.org/bugtraq/2015/Aug/161
@@ -10,6 +132,7 @@
NOTE: https://savannah.gnu.org/bugs/?45713
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/01/1
CVE-2015-6749 [buffer overflow in aiff_open()]
+ RESERVED
- vorbis-tools <unfixed> (bug #797461)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
NOTE: https://trac.xiph.org/ticket/2212
@@ -22,6 +145,7 @@
CVE-2015-6738
RESERVED
CVE-2015-6748 [XSS vulnerability in jsoup related to incomplete tags at EOF]
+ RESERVED
- jsoup 1.8.3-1 (bug #797275)
NOTE: https://github.com/jhy/jsoup/pull/582
NOTE: https://hibernate.atlassian.net/browse/HV-1012
@@ -172,8 +296,8 @@
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0 (v4.2-rc8)
NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c7577a7583747c9b71f26dced7f696b739da745 (v3.19-rc1)
-CVE-2015-6655
- RESERVED
+CVE-2015-6655 (Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 ...)
+ TODO: check
CVE-2015-6654
RESERVED
- xen <unfixed>
@@ -412,8 +536,8 @@
RESERVED
CVE-2015-6536
RESERVED
-CVE-2015-6535
- RESERVED
+CVE-2015-6535 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2015-6534
RESERVED
CVE-2015-6533
@@ -1028,22 +1152,22 @@
RESERVED
CVE-2015-6274
RESERVED
-CVE-2015-6273
- RESERVED
-CVE-2015-6272
- RESERVED
-CVE-2015-6271
- RESERVED
-CVE-2015-6270
- RESERVED
-CVE-2015-6269
- RESERVED
-CVE-2015-6268
- RESERVED
-CVE-2015-6267
- RESERVED
-CVE-2015-6266
- RESERVED
+CVE-2015-6273 (Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the ...)
+ TODO: check
+CVE-2015-6272 (Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when ...)
+ TODO: check
+CVE-2015-6271 (Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when ...)
+ TODO: check
+CVE-2015-6270 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
+ TODO: check
+CVE-2015-6269 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
+ TODO: check
+CVE-2015-6268 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
+ TODO: check
+CVE-2015-6267 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
+ TODO: check
+CVE-2015-6266 (The guest portal in Cisco Identity Services Engine (ISE) 3300 ...)
+ TODO: check
CVE-2015-6265 (The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and ...)
TODO: check
CVE-2015-6264
@@ -1077,8 +1201,7 @@
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/18/6
NOTE: http://review.gluster.org/#/c/10780/
NOTE: https://github.com/gluster/glusterfs/commit/b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6
-CVE-2015-6526 [perf on ppc64 can loop forever getting userlevel stacktraces]
- RESERVED
+CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...)
- linux 4.1.3-1
[wheezy] - linux <not-affected> (No ppc64 yet)
- linux-2.6 <not-affected> (No ppc64 yet)
@@ -1713,48 +1836,42 @@
[squeeze] - openssh <no-dsa> (Minor issue)
NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
-CVE-2015-6737
- RESERVED
+CVE-2015-6737 (Cross-site scripting (XSS) vulnerability in the Widgets extension for ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T88964
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6736
- RESERVED
+CVE-2015-6736 (The Quiz extension for MediaWiki allows remote attackers to cause a ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T97083
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6735
- RESERVED
+CVE-2015-6735 (The reset functionality in the TimedMediaHandler extension for ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T100211
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6734
- RESERVED
+CVE-2015-6734 (Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T108198
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6733
- RESERVED
+CVE-2015-6733 (GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T108198
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6732
- RESERVED
+CVE-2015-6732 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
@@ -1763,8 +1880,7 @@
NOTE: https://phabricator.wikimedia.org/T103765
NOTE: https://phabricator.wikimedia.org/T103765
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6731
- RESERVED
+CVE-2015-6731 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
@@ -1773,32 +1889,28 @@
NOTE: https://phabricator.wikimedia.org/T103765
NOTE: https://phabricator.wikimedia.org/T103765
TODO: recheck after CVE assignment, in extension rather than mediawiki core
-CVE-2015-6730
- RESERVED
+CVE-2015-6730 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T97391
TODO: recheck after CVE assignment
-CVE-2015-6729
- RESERVED
+CVE-2015-6729 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T97391
TODO: recheck after CVE assignment
-CVE-2015-6728
- RESERVED
+CVE-2015-6728 (The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T94116
TODO: recheck after CVE assignment
-CVE-2013-7444
- RESERVED
+CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
@@ -1806,8 +1918,7 @@
NOTE: https://phabricator.wikimedia.org/T106893
NOTE: https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e
TODO: recheck after CVE assignment
-CVE-2015-6727
- RESERVED
+CVE-2015-6727 (The Special:DeletedContributions page in MediaWiki before 1.23.10, ...)
- mediawiki <unfixed>
[jessie] - mediawiki <no-dsa> (Minor issues)
[wheezy] - mediawiki <no-dsa> (Minor issues)
@@ -1829,8 +1940,7 @@
NOT-FOR-US: Mozilla Firefox OS
CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attackers to ...)
NOT-FOR-US: Mozilla Firefox OS
-CVE-2015-6520 [allows access to a connected USB printer via all configured network addresses]
- RESERVED
+CVE-2015-6520 (IPPUSBXD before 1.22 listens on all interfaces, which allows remote ...)
- ippusbxd 1.22-1 (bug #795162)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/1
NOTE: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
@@ -2398,8 +2508,8 @@
[wheezy] - wordpress <not-affected> (Vulnerable code introduced later)
NOTE: https://core.trac.wordpress.org/changeset/33535
NOTE: https://core.trac.wordpress.org/changeset/33536
-CVE-2015-5717
- RESERVED
+CVE-2015-5717 (The Siemens COMPAS Mobile application before 1.6 for Android does not ...)
+ TODO: check
CVE-2015-5716
RESERVED
CVE-2015-5715
@@ -2472,8 +2582,7 @@
NOTE: Probably introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10db10d144c0248f285242f79daf6b9de6b00a62 (v2.6.28-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 (v4.1-rc1)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee (v4.1-rc1)
-CVE-2015-5706 [Use-after-free in path lookup]
- RESERVED
+CVE-2015-5706 (Use-after-free vulnerability in the path_openat function in fs/namei.c ...)
- linux 4.0.4-1
[jessie] - linux 3.16.7-ckt11-1+deb8u3
[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
@@ -2512,8 +2621,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/1
CVE-2015-5699
RESERVED
-CVE-2015-5698
- RESERVED
+CVE-2015-5698 (Cross-site request forgery (CSRF) vulnerability in the web server on ...)
+ TODO: check
CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a ...)
NOT-FOR-US: Dell Netvault Backup
CVE-2015-5693
@@ -2676,8 +2785,7 @@
RESERVED
CVE-2015-5624
RESERVED
-CVE-2015-5697 [information leak in md driver]
- RESERVED
+CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kernel ...)
{DSA-3329-1}
- linux 4.1.3-1
- linux-2.6 <removed>
@@ -3960,8 +4068,7 @@
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html
NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=1894df02811f6b79ea3ffbf1084599d96f316173 (v2.2.0-rc0)
-CVE-2015-5157
- RESERVED
+CVE-2015-5157 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
{DSA-3313-1}
- linux 4.0.8-2
[wheezy] - linux <not-affected> (Introduced in 3.3)
@@ -5078,8 +5185,7 @@
CVE-2015-4703
RESERVED
NOT-FOR-US: WordPress plugin wp-instance-rename
-CVE-2015-4700 [Crafted BPF filters may crash kernel during JIT optimisation]
- RESERVED
+CVE-2015-4700 (The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the ...)
{DSA-3329-1}
- linux 4.0.7-1
- linux-2.6 <removed>
@@ -5362,8 +5468,8 @@
CVE-2015-4557
RESERVED
NOT-FOR-US: WordPress plugin nextend-twitter-connect
-CVE-2015-4555
- RESERVED
+CVE-2015-4555 (Buffer overflow in the HTTP administrative interface in TIBCO ...)
+ TODO: check
CVE-2015-4554 (Multiple unspecified vulnerabilities in TIBCO Spotfire Client and ...)
NOT-FOR-US: TIBCO
CVE-2015-4553
@@ -5476,14 +5582,12 @@
RESERVED
CVE-2015-4499
RESERVED
-CVE-2015-4498 [Add-on notification bypass through data URLs]
- RESERVED
+CVE-2015-4498 (The add-on installation feature in Mozilla Firefox before 40.0.3 and ...)
{DSA-3345-1}
- iceweasel 38.2.1esr-1
[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-95
-CVE-2015-4497 [Use-after-free when resizing canvas element during restyling]
- RESERVED
+CVE-2015-4497 (Use-after-free vulnerability in the CanvasRenderingContext2D ...)
{DSA-3345-1}
- iceweasel 38.2.1esr-1
[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
@@ -6386,16 +6490,14 @@
RESERVED
CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands ...)
NOT-FOR-US: AVM Fritz!Box
-CVE-2014-9731 [udf: information leakage when reading symlink]
- RESERVED
+CVE-2014-9731 (The UDF filesystem implementation in the Linux kernel before 3.18.2 ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
-CVE-2015-5366 [Linux UDP checksum DoS EGAIN part]
- RESERVED
+CVE-2015-5366 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux ...)
{DSA-3313-1}
- linux 4.0.7-1
[wheezy] - linux 3.2.68-1+deb7u3
@@ -6403,8 +6505,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
NOTE: https://twitter.com/grsecurity/status/605854034260426753
NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
-CVE-2015-5364 [Linux UDP checksum DoS]
- RESERVED
+CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux ...)
{DSA-3313-1}
- linux 4.0.7-1
[wheezy] - linux 3.2.68-1+deb7u3
@@ -6416,24 +6517,21 @@
- sharutils <unfixed> (unimportant)
NOTE: Negligable security impact
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8
-CVE-2014-9730 [properly ignore component length for component types that do not use it]
- RESERVED
+CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
-CVE-2014-9729 [iinfo->i_lenAlloc != inode->i_size]
- RESERVED
+CVE-2014-9729 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
-CVE-2014-9728 [length can be too long (addressed in three commits)]
- RESERVED
+CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18.2 ...)
{DLA-246-1}
- linux 3.16.7-ckt4-1
[wheezy] - linux 3.2.68-1
@@ -7028,8 +7126,8 @@
RESERVED
CVE-2015-3967
RESERVED
-CVE-2015-3966
- RESERVED
+CVE-2015-3966 (The IPsec SA establishment process on Innominate mGuard devices with ...)
+ TODO: check
CVE-2015-3965
RESERVED
CVE-2015-3964
@@ -7352,8 +7450,7 @@
- phpmyadmin 4:4.4.6.1-1 (unimportant)
CVE-2015-3902 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- phpmyadmin 4:4.4.6.1-1 (unimportant)
-CVE-2015-4036 [drivers/vhost/scsi.c: potential memory corruption]
- RESERVED
+CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in ...)
- linux 3.16.7-ckt9-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <removed>
@@ -8867,8 +8964,7 @@
NOT-FOR-US: FortiMail
CVE-2015-3292 (The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 ...)
NOT-FOR-US: NetApp OnCommand Workflow Automation
-CVE-2015-3291
- RESERVED
+CVE-2015-3291 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
{DSA-3313-1}
- linux 4.0.8-2
[wheezy] - linux <not-affected> (Present since 3.3)
@@ -8876,8 +8972,7 @@
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a27507ca2d796cfa8d907de31ad730359c8a6d06 (prerequisite)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
NOTE: Introduced around 3.3-rc1: (https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f3c8b8c4b2a34776c3470142a7c8baafcda6eb0)
-CVE-2015-3290
- RESERVED
+CVE-2015-3290 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
{DSA-3313-1}
- linux 4.0.8-2
[wheezy] - linux <not-affected> (Introduced in 3.13)
@@ -9191,8 +9286,7 @@
CVE-2015-3215
RESERVED
NOT-FOR-US: virtio Windows drivers
-CVE-2015-3214 [i8254: out-of-bounds memory access in pit_ioport_read function]
- RESERVED
+CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and ...)
- qemu 1:2.4+dfsg-1a (bug #795461)
[jessie] - qemu <no-dsa> (Minor issue, can be fixed along with future DSA)
[wheezy] - qemu <not-affected> (Introduced in 1.3.0)
@@ -9211,8 +9305,7 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749847
NOTE: Introduced by: https://git.gnome.org/browse/clutter/commit/?id=abcf1d589f29ba7914d5648bb9814ad26c13cd83 (1.13.2)
NOTE: Fixed by: https://git.gnome.org/browse/clutter/commit/?id=97724939c8de004d7fa230f3ff64862d957f93a9 (1.17.2)
-CVE-2015-3212 [SCTP race condition allows list corruption and panic from userlevel]
- RESERVED
+CVE-2015-3212 (Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 ...)
{DSA-3329-1}
- linux 4.0.8-1
- linux-2.6 <not-affected> (Vulnerable code introduced later)
@@ -9913,8 +10006,8 @@
RESERVED
CVE-2015-2988
RESERVED
-CVE-2015-2987
- RESERVED
+CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...)
+ TODO: check
CVE-2015-2986
RESERVED
CVE-2015-2985
@@ -10407,8 +10500,8 @@
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of JSSE."
-CVE-2015-2807
- RESERVED
+CVE-2015-2807 (Cross-site scripting (XSS) vulnerability in js/window.php in the Navis ...)
+ TODO: check
CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execute ...)
{DSA-3221-1 DLA-194-1}
- das-watchdog 0.9.0-3.1 (bug #781806)
@@ -12594,8 +12687,8 @@
TODO: check
CVE-2015-2136
RESERVED
-CVE-2015-2135
- RESERVED
+CVE-2015-2135 (Unspecified vulnerability in HP Intelligent Provisioning 1.00 through ...)
+ TODO: check
CVE-2015-2134 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
NOT-FOR-US: Hewlett-Packard
CVE-2015-2133
@@ -15101,8 +15194,7 @@
- lxc 1:1.0.7-4 (bug #793298)
[wheezy] - lxc <not-affected> (Affects 0.9.0 and higher)
[squeeze] - lxc <not-affected> (Affects 0.9.0 and higher)
-CVE-2015-1333 [Linux: keyring DoS]
- RESERVED
+CVE-2015-1333 (Memory leak in the __key_link_end function in security/keys/keyring.c ...)
- linux 4.1.3-1
[jessie] - linux 3.16.7-ckt11-1+deb8u3
[wheezy] - linux <not-affected> (Introduced in 3.13)
@@ -15766,8 +15858,8 @@
RESERVED
CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the ...)
NOT-FOR-US: WordPress theme holding_pattern
-CVE-2015-1171
- RESERVED
+CVE-2015-1171 (Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) ...)
+ TODO: check
CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
NOT-FOR-US: NVIDIA Windows driver
CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
@@ -16547,10 +16639,10 @@
RESERVED
CVE-2015-0944
RESERVED
-CVE-2015-0943
- RESERVED
+CVE-2015-0943 (Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt ...)
+ TODO: check
CVE-2015-0942
- RESERVED
+ REJECTED
CVE-2015-0941 (The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as ...)
NOT-FOR-US: Nullsoft Scriptable Install System plugin Inetc
CVE-2015-0940
@@ -16822,8 +16914,7 @@
- patch 2.7.1-7 (bug #775227)
[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
-CVE-2014-9651 [buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures]
- RESERVED
+CVE-2014-9651 (Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, ...)
- chicken <unfixed> (bug #775346)
[jessie] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
@@ -27022,8 +27113,7 @@
CVE-2014-6617
RESERVED
NOT-FOR-US: Softing FG-100
-CVE-2014-6616
- RESERVED
+CVE-2014-6616 (Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS ...)
NOT-FOR-US: Softing FG-100
CVE-2014-6615
RESERVED
@@ -36041,8 +36131,8 @@
RESERVED
CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
NOT-FOR-US: Invision Power IP.Board
-CVE-2014-3148
- RESERVED
+CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid ...)
+ TODO: check
CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature ...)
NOT-FOR-US: Splunk
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
@@ -37526,8 +37616,7 @@
NOT-FOR-US: ASP.NET WebForms and MVC
CVE-2014-2574
RESERVED
-CVE-2014-2570 [Reflected Cross Site Scripting]
- RESERVED
+CVE-2014-2570 (Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...)
- php-font-lib <unfixed> (unimportant)
NOTE: make_subset.php installed to examples
NOTE: http://seclists.org/bugtraq/2014/Mar/128
@@ -38208,23 +38297,19 @@
NOT-FOR-US: Fortinet FortiManager
CVE-2014-2333 (Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...)
NOT-FOR-US: WordPress plugin Lazyest Gallery
-CVE-2014-2332
- RESERVED
+CVE-2014-2332 (Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote ...)
- check-mk 1.2.2p3-1 (bug #742689)
[wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
-CVE-2014-2331
- RESERVED
+CVE-2014-2331 (Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated ...)
- check-mk 1.2.6p4-1 (bug #742689)
[wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
-CVE-2014-2330
- RESERVED
+CVE-2014-2330 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- check-mk 1.2.6p4-1 (bug #742689)
[wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
-CVE-2014-2329
- RESERVED
+CVE-2014-2329 (Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before ...)
- check-mk 1.2.2p3-1 (bug #742689)
[wheezy] - check-mk <no-dsa> (Minor issue)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
More information about the Secure-testing-commits
mailing list