[Secure-testing-commits] r42451 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Jun 10 21:10:13 UTC 2016
Author: sectracker
Date: 2016-06-10 21:10:13 +0000 (Fri, 10 Jun 2016)
New Revision: 42451
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-10 20:05:31 UTC (rev 42450)
+++ data/CVE/list 2016-06-10 21:10:13 UTC (rev 42451)
@@ -1,7 +1,75 @@
+CVE-2016-5382
+ RESERVED
+CVE-2016-5381
+ RESERVED
+CVE-2016-5380
+ RESERVED
+CVE-2016-5379
+ RESERVED
+CVE-2016-5378
+ RESERVED
+CVE-2016-5377
+ RESERVED
+CVE-2016-5376
+ RESERVED
+CVE-2016-5375
+ RESERVED
+CVE-2016-5374
+ RESERVED
+CVE-2016-5373
+ RESERVED
+CVE-2016-5372
+ RESERVED
+CVE-2016-5371
+ RESERVED
+CVE-2016-5370
+ RESERVED
+CVE-2016-5369
+ RESERVED
+CVE-2016-5368
+ RESERVED
+CVE-2016-5367
+ RESERVED
+CVE-2016-5366
+ RESERVED
+CVE-2016-5365
+ RESERVED
+CVE-2016-5364
+ RESERVED
+CVE-2016-5363
+ RESERVED
+CVE-2016-5362
+ RESERVED
+CVE-2016-5349
+ RESERVED
+CVE-2016-5348
+ RESERVED
+CVE-2016-5347
+ RESERVED
+CVE-2016-5346
+ RESERVED
+CVE-2016-5345
+ RESERVED
+CVE-2016-5344
+ RESERVED
+CVE-2016-5343
+ RESERVED
+CVE-2016-5342
+ RESERVED
+CVE-2016-5341
+ RESERVED
+CVE-2016-5340
+ RESERVED
+CVE-2016-5339
+ RESERVED
+CVE-2014-9862
+ RESERVED
CVE-2016-5361
+ RESERVED
- libreswan <itp> (bug #773459)
TODO: check other implementations, but CVE is assigned specific to libreswan
CVE-2016-5360 [remote denial of service via reqdeny]
+ RESERVED
- haproxy <unfixed> (bug #826869)
[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
@@ -45,12 +113,14 @@
CVE-2016-5325
RESERVED
CVE-2016-5359 [wnpa-sec-2016-38]
+ RESERVED
- wireshark 2.0
NOTE: Only affects 1.12, marking 2.0 as fixed
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-38.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
NOTE: https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0
CVE-2016-5358 [wnpa-sec-2016-37]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
[jessie] - wireshark <not-affected> (Only affects 2.0)
[wheezy] - wireshark <not-affected> (Only affects 2.0)
@@ -58,34 +128,40 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
NOTE: https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7
CVE-2016-5357 [wnpa-sec-2016-36]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-36.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
NOTE: https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
NOTE: https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78
CVE-2016-5356 [wnpa-sec-2016-35]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-35.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
NOTE: https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
NOTE: https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500
CVE-2016-5355 [wnpa-sec-2016-34]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-34.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
NOTE: https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
NOTE: https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b
CVE-2016-5354 [wnpa-sec-2016-33]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-33.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
NOTE: https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6
CVE-2016-5353 [wnpa-sec-2016-32]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-32.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
NOTE: https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4
CVE-2016-5352 [wnpa-sec-2016-31]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
[jessie] - wireshark <not-affected> (Only affects 2.0)
[wheezy] - wireshark <not-affected> (Only affects 2.0)
@@ -93,11 +169,13 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
NOTE: https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185
CVE-2016-5351 [wnpa-sec-2016-30]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-30.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
NOTE: https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4
CVE-2016-5350 [wnpa-sec-2016-29]
+ RESERVED
- wireshark 2.0.4+gdd7746e-1
NOTE: https://www.wireshark.org/security/wnpa-sec-2016-29.html
NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b
@@ -2490,14 +2568,14 @@
RESERVED
CVE-2016-4528
RESERVED
-CVE-2016-4527
- RESERVED
+CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication ...)
+ TODO: check
CVE-2016-4526
RESERVED
CVE-2016-4525
RESERVED
-CVE-2016-4524
- RESERVED
+CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords ...)
+ TODO: check
CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
TODO: check
CVE-2016-4522
@@ -2512,8 +2590,8 @@
RESERVED
CVE-2016-4517
RESERVED
-CVE-2016-4516
- RESERVED
+CVE-2016-4516 (ABB PCM600 before 2.7 improperly stores the main application password ...)
+ TODO: check
CVE-2016-4515
RESERVED
CVE-2016-4514
@@ -2522,8 +2600,8 @@
RESERVED
CVE-2016-4512
RESERVED
-CVE-2016-4511
- RESERVED
+CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main ...)
+ TODO: check
CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
TODO: check
CVE-2016-4509
@@ -2554,10 +2632,10 @@
NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
NOT-FOR-US: Panasonic FPWIN Pro
-CVE-2016-4495
- RESERVED
-CVE-2016-4494
- RESERVED
+CVE-2016-4495 (KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow ...)
+ TODO: check
+CVE-2016-4494 (Cross-site request forgery (CSRF) vulnerability on KMC Controls ...)
+ TODO: check
CVE-2016-4493 [Read access violations]
RESERVED
- gccxml <undetermined>
@@ -2829,22 +2907,19 @@
{DSA-3592-1}
- nginx 1.10.1-1 (bug #825960)
[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
-CVE-2016-4449
- RESERVED
+CVE-2016-4449 (XML external entity (XXE) vulnerability in the ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4)
-CVE-2016-4448
- RESERVED
+CVE-2016-4448 (Format string vulnerability in libxml2 before 2.9.4 allows attackers ...)
- libxml2 <unfixed>
[jessie] - libxml2 <no-dsa> (Minor impact; too intrusive to backport)
[wheezy] - libxml2 <no-dsa> (Minor impact; too intrusive to backport)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761029
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 (v2.9.4)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b (v2.9.4)
-CVE-2016-4447
- RESERVED
+CVE-2016-4447 (The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 ...)
{DSA-3593-1 DLA-503-1}
- libxml2 2.9.3+dfsg1-1.1
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
@@ -3166,12 +3241,12 @@
RESERVED
CVE-2016-4329
RESERVED
-CVE-2016-4328
- RESERVED
+CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS or ...)
+ TODO: check
CVE-2016-4327
RESERVED
-CVE-2016-4326
- RESERVED
+CVE-2016-4326 (The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for ...)
+ TODO: check
CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have ...)
NOT-FOR-US: Lantronix xPrintServer
CVE-2016-4324
@@ -4783,25 +4858,25 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
CVE-2016-3728 (Eval injection vulnerability in tftp_api.rb in the TFTP module in the ...)
- foreman <itp> (bug #663101)
-CVE-2016-3727 (The API URL computer/(master)/api/xml in CloudBees Jenkins before 2.3 ...)
+CVE-2016-3727 (The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3726 (Multiple open redirect vulnerabilities in CloudBees Jenkins before 2.3 ...)
+CVE-2016-3726 (Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3725 (CloudBees Jenkins before 2.3 and LTS before 1.651.2 allows remote ...)
+CVE-2016-3725 (Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3724 (CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote ...)
+CVE-2016-3724 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3723 (CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote ...)
+CVE-2016-3723 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3722 (CloudBees Jenkins before 2.3 and LTS before 1.651.2 allow remote ...)
+CVE-2016-3722 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
-CVE-2016-3721 (CloudBees Jenkins before 2.3 and LTS before 1.651.2 might allow remote ...)
+CVE-2016-3721 (Jenkins before 2.3 and LTS before 1.651.2 might allow remote ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3720 [XmlMapper is vulnerable to XXE attack]
@@ -8777,7 +8852,7 @@
CVE-2016-2336
RESERVED
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
- {DSA-3599-1}
+ {DSA-3599-1 DLA-510-1}
- p7zip 15.14.1+dfsg-2 (bug #824160)
NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
CVE-2016-2334 [Heap-buffer-overflow vulnerability]
@@ -9513,8 +9588,7 @@
- moodle 2.7.13+dfsg-1
CVE-2016-2151 (user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x ...)
- moodle 2.7.13+dfsg-1
-CVE-2016-2150 [Host memory access from guest with invalid primary surface parameters]
- RESERVED
+CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitrary ...)
{DSA-3596-1}
- spice <unfixed> (bug #826584)
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
@@ -11695,11 +11769,9 @@
CVE-2016-1583
RESERVED
- linux <unfixed>
-CVE-2016-1582
- RESERVED
+CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an ...)
- lxd <itp> (bug #768073)
-CVE-2016-1581
- RESERVED
+CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for ...)
- lxd <itp> (bug #768073)
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher ...)
TODO: check
@@ -12209,12 +12281,12 @@
RESERVED
CVE-2016-1422
RESERVED
-CVE-2016-1421
- RESERVED
-CVE-2016-1420
- RESERVED
-CVE-2016-1419
- RESERVED
+CVE-2016-1421 (The web application on Cisco IP 8800 devices allows remote attackers ...)
+ TODO: check
+CVE-2016-1420 (The installation component on Cisco Application Policy Infrastructure ...)
+ TODO: check
+CVE-2016-1419 (Cisco Access Point devices with software 8.2(102.43) allow remote ...)
+ TODO: check
CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...)
TODO: check
CVE-2016-1417
@@ -13999,8 +14071,8 @@
RESERVED
CVE-2016-0917
RESERVED
-CVE-2016-0916
- RESERVED
+CVE-2016-0916 (EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before ...)
+ TODO: check
CVE-2016-0915
RESERVED
CVE-2016-0914
@@ -14011,8 +14083,8 @@
RESERVED
CVE-2016-0911
RESERVED
-CVE-2016-0910
- RESERVED
+CVE-2016-0910 (EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 ...)
+ TODO: check
CVE-2016-0909
RESERVED
CVE-2016-0908 (EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows ...)
@@ -14185,7 +14257,7 @@
NOT-FOR-US: Advantech
CVE-2016-0855 (Directory traversal vulnerability in Advantech WebAccess before 8.1 ...)
NOT-FOR-US: Advantech
-CVE-2016-0854 (Unrestricted file upload vulnerability in Advantech WebAccess before ...)
+CVE-2016-0854 (Unrestricted file upload vulnerability in the uploadImageCommon ...)
NOT-FOR-US: Advantech
CVE-2016-0853 (Advantech WebAccess before 8.1 allows remote attackers to obtain ...)
NOT-FOR-US: Advantech
@@ -14335,19 +14407,19 @@
NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793 (Incomplete blacklist vulnerability in the servlet filter restriction ...)
NOT-FOR-US: WildFly / Red Hat JBoss EAP
-CVE-2016-0792 (Multiple unspecified API endpoints in CloudBees Jenkins before 1.650 ...)
+CVE-2016-0792 (Multiple unspecified API endpoints in Jenkins before 1.650 and LTS ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
-CVE-2016-0791 (CloudBees Jenkins before 1.650 and LTS before 1.642.2 do not use a ...)
+CVE-2016-0791 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
-CVE-2016-0790 (CloudBees Jenkins before 1.650 and LTS before 1.642.2 do not use a ...)
+CVE-2016-0790 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0789 (CRLF injection vulnerability in the CLI command documentation in ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
-CVE-2016-0788 (The remoting module in CloudBees Jenkins before 1.650 and LTS before ...)
+CVE-2016-0788 (The remoting module in Jenkins before 1.650 and LTS before 1.642.2 ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0787 (The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 ...)
@@ -14513,8 +14585,7 @@
[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0750
RESERVED
-CVE-2016-0749 [heap-based memory corruption within smartcard handling]
- RESERVED
+CVE-2016-0749 (The smartcard interaction in SPICE allows remote attackers to cause a ...)
{DSA-3596-1}
- spice <unfixed> (bug #826585)
[wheezy] - spice <not-affected> (Vulnerable code not present. Configured with --disable-smartcard)
@@ -17396,8 +17467,8 @@
RESERVED
CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
NOT-FOR-US: Fisher-Price
-CVE-2015-8268
- RESERVED
+CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 ...)
+ TODO: check
CVE-2015-8267 (The PasswordReset.Controllers.ResetController.ChangePasswordIndex ...)
NOT-FOR-US: Dovestones
CVE-2015-8266
@@ -17951,7 +18022,7 @@
NOT-FOR-US: Login Disable module for Drupal
CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might ...)
NOT-FOR-US: Field as Block module for Drupal
-CVE-2015-8103 (The Jenkins CLI subsystem in CloudBees Jenkins before 1.638 and LTS ...)
+CVE-2015-8103 (The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before ...)
- jenkins <removed> (bug #804522)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-7501 [java unserialisation issues]
@@ -19762,13 +19833,13 @@
[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
NOTE: https://www.samba.org/samba/security/CVE-2015-7540.html
-CVE-2015-7539 (The Plugins Manager in CloudBees Jenkins before 1.640 and LTS before ...)
+CVE-2015-7539 (The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 ...)
- jenkins <removed>
-CVE-2015-7538 (CloudBees Jenkins before 1.640 and LTS before 1.625.2 allow remote ...)
+CVE-2015-7538 (Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to ...)
- jenkins <removed>
-CVE-2015-7537 (Cross-site request forgery (CSRF) vulnerability in CloudBees Jenkins ...)
+CVE-2015-7537 (Cross-site request forgery (CSRF) vulnerability in Jenkins before ...)
- jenkins <removed>
-CVE-2015-7536 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2015-7536 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and ...)
- jenkins <removed>
CVE-2015-7535
RESERVED
@@ -25666,31 +25737,31 @@
CVE-2015-5326 (Cross-site scripting (XSS) vulnerability in the slave overview page in ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5325 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 allow attackers ...)
+CVE-2015-5325 (Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5324 (Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5323 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 do not properly ...)
+CVE-2015-5323 (Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5322 (Directory traversal vulnerability in CloudBees Jenkins before 1.638 ...)
+CVE-2015-5322 (Directory traversal vulnerability in Jenkins before 1.638 and LTS ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5321 (The sidepanel widgets in the CLI command overview and help pages in ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5320 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 do not properly ...)
+CVE-2015-5320 (Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5319 (XML external entity (XXE) vulnerability in the create-job CLI command ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5318 (CloudBees Jenkins before 1.638 and LTS before 1.625.2 uses a publicly ...)
+CVE-2015-5318 (Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
-CVE-2015-5317 (The Fingerprints pages in CloudBees Jenkins before 1.638 and LTS ...)
+CVE-2015-5317 (The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 ...)
- jenkins <removed>
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5316 [EAP-pwd peer error path failure on unexpected Confirm message]
@@ -32628,7 +32699,7 @@
NOT-FOR-US: SysAid Help Desk
CVE-2015-2996 (Multiple directory traversal vulnerabilities in SysAid Help Desk ...)
NOT-FOR-US: SysAid Help Desk
-CVE-2015-2995 (SysAid Help Desk before 15.2 does not properly check file extensions, ...)
+CVE-2015-2995 (The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not ...)
NOT-FOR-US: SysAid Help Desk
CVE-2015-2994 (Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid ...)
NOT-FOR-US: SysAid Help Desk
@@ -36277,33 +36348,33 @@
- foreman <itp> (bug #663101)
CVE-2015-1815 (The get_rpm_nvr_by_file_path_temporary function in util.py in ...)
NOT-FOR-US: setroubleshoot
-CVE-2015-1814 (The API token-issuing service in CloudBees Jenkins before 1.606 and ...)
+CVE-2015-1814 (The API token-issuing service in Jenkins before 1.606 and LTS before ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
-CVE-2015-1813 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2015-1813 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
-CVE-2015-1812 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2015-1812 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1811 [External entity processing in XML can reveal sensitive local files (SECURITY-167)]
RESERVED
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1810 (The HudsonPrivateSecurityRealm class in CloudBees Jenkins before 1.600 ...)
+CVE-2015-1810 (The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1809 [external entity injection via XPath (SECURITY-165)]
RESERVED
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1808 (CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote ...)
+CVE-2015-1808 (Jenkins before 1.600 and LTS before 1.596.1 allows remote ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1807 (Directory traversal vulnerability in CloudBees Jenkins before 1.600 ...)
+CVE-2015-1807 (Directory traversal vulnerability in Jenkins before 1.600 and LTS ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
-CVE-2015-1806 (The combination filter Groovy script in CloudBees Jenkins before 1.600 ...)
+CVE-2015-1806 (The combination filter Groovy script in Jenkins before 1.600 and LTS ...)
- jenkins <removed> (bug #781223)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in ...)
@@ -57120,11 +57191,11 @@
NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
CVE-2014-3682 (XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl ...)
NOT-FOR-US: jBPM Designer
-CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3680 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
+CVE-2014-3680 (Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3679 (The Monitoring plugin before 1.53.0 for CloudBees Jenkins allows ...)
+CVE-2014-3679 (The Monitoring plugin before 1.53.0 for Jenkins allows remote ...)
NOT-FOR-US: Jenkins monitoring plugin
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
CVE-2014-3678 (Cross-site scripting (XSS) vulnerability in the Monitoring plugin ...)
@@ -57168,22 +57239,22 @@
{DSA-3064-1 DLA-94-1}
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68027
-CVE-2014-3667 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 does not ...)
+CVE-2014-3667 (Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3666 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
+CVE-2014-3666 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3665 (CloudBees Jenkins before 1.587 and LTS before 1.580.1 do not properly ...)
+CVE-2014-3665 (Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure ...)
- jenkins <removed> (bug #767541)
[jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is documented as such)
NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented,
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
-CVE-2014-3664 (Directory traversal vulnerability in CloudBees Jenkins before 1.583 ...)
+CVE-2014-3664 (Directory traversal vulnerability in Jenkins before 1.583 and LTS ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3663 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
+CVE-2014-3663 (Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3662 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
+CVE-2014-3662 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3661 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
+CVE-2014-3661 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity ...)
{DSA-2978-2 DSA-3057-1 DLA-151-1 DLA-80-1}
@@ -61840,31 +61911,31 @@
CVE-2014-2067 (Cross-site scripting (XSS) vulnerability in ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
-CVE-2014-2066 (Session fixation vulnerability in CloudBees Jenkins before 1.551 and ...)
+CVE-2014-2066 (Session fixation vulnerability in Jenkins before 1.551 and LTS before ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
-CVE-2014-2065 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2014-2065 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
CVE-2014-2064 (The loadUserByUsername function in ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec
-CVE-2014-2063 (CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote ...)
+CVE-2014-2063 (Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
-CVE-2014-2062 (CloudBees Jenkins before 1.551 and LTS before 1.532.2 does not ...)
+CVE-2014-2062 (Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
-CVE-2014-2061 (The input control in PasswordParameterDefinition in CloudBees Jenkins ...)
+CVE-2014-2061 (The input control in PasswordParameterDefinition in Jenkins before ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
-CVE-2014-2060 (The Winstone servlet container in CloudBees Jenkins before 1.551 and ...)
+CVE-2014-2060 (The Winstone servlet container in Jenkins before 1.551 and LTS before ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0
CVE-2014-2059 (Directory traversal vulnerability in the CLI job creation ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
-CVE-2014-2058 (BuildTrigger in CloudBees Jenkins before 1.551 and LTS before 1.532.2 ...)
+CVE-2014-2058 (BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e
CVE-2014-2057 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
@@ -62108,7 +62179,7 @@
NOT-FOR-US: Visibility Software Cyber Recruiter
CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use the ...)
NOT-FOR-US: Visibility Software Cyber Recruiter
-CVE-2013-7330 (CloudBees Jenkins before 1.502 allows remote authenticated users to ...)
+CVE-2013-7330 (Jenkins before 1.502 allows remote authenticated users to configure an ...)
- jenkins 1.565.2-1 (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ...)
@@ -69895,7 +69966,7 @@
[wheezy] - xen <not-affected> (Only affects >= 4.2)
CVE-2013-6374 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
-CVE-2013-6373 (The Exclusion plugin before 0.9 for CloudBees Jenkins does not ...)
+CVE-2013-6373 (The Exclusion plugin before 0.9 for Jenkins does not properly prevent ...)
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6372 (The Subversion plugin before 1.54 for Jenkins stores credentials using ...)
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
@@ -81297,9 +81368,9 @@
CVE-2013-2035 (Race condition in ...)
- hawtjni 1.10-1 (low; bug #708293)
[wheezy] - hawtjni 1.0~+git0c502e20c4-3+deb7u1
-CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins ...)
- jenkins 1.509.2+dfsg-1 (bug #706725)
-CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS ...)
- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2032 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow ...)
{DSA-2891-1}
@@ -86700,13 +86771,13 @@
CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x ...)
{DSA-2640-1}
- zoneminder 1.25.0-1 (bug #700912)
-CVE-2013-0331 (CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote ...)
+CVE-2013-0331 (Jenkins before 1.502 and LTS before 1.480.3 allows remote ...)
- jenkins 1.480.3+dfsg-1 (bug #700761)
-CVE-2013-0330 (Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS ...)
+CVE-2013-0330 (Unspecified vulnerability in Jenkins before 1.502 and LTS before ...)
- jenkins 1.480.3+dfsg-1 (bug #700761)
-CVE-2013-0329 (Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS ...)
+CVE-2013-0329 (Unspecified vulnerability in Jenkins before 1.502 and LTS before ...)
- jenkins 1.480.3+dfsg-1 (bug #700761)
-CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and ...)
- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins master in ...)
- jenkins 1.480.3+dfsg-1 (bug #700761)
@@ -87272,7 +87343,7 @@
CVE-2013-0159
RESERVED
NOT-FOR-US: Fedora build script
-CVE-2013-0158 (Unspecified vulnerability in CloudBees Jenkins before 1.498, Jenkins ...)
+CVE-2013-0158 (Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before ...)
- jenkins 1.480.2+dfsg-1~exp1 (bug #697617)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
CVE-2013-0157 ((a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably ...)
@@ -88066,15 +88137,15 @@
- xen 4.1.3-8
[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
-CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
-CVE-2012-6073 (Open redirect vulnerability in CloudBees Jenkins before 1.491, Jenkins ...)
+CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
-CVE-2012-6072 (CRLF injection vulnerability in CloudBees Jenkins before 1.491, ...)
+CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS ...)
- jenkins 1.447.2+dfsg-3 (bug #696816)
- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
@@ -103420,9 +103491,9 @@
NOTE: patch unclear: difficult to find the patch in 1.3.2 release
CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not ...)
NOT-FOR-US: twicca application for Android
-CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, ...)
- jenkins 1.424.6+dfsg-1
-CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
+CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, ...)
- jenkins 1.424.6+dfsg-1
CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin ...)
NOT-FOR-US: Autocomplete plugin for SquirrelMail
@@ -106182,7 +106253,7 @@
CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when ...)
- namazu2 2.0.21-1 (low)
[squeeze] - namazu2 <no-dsa> (Minor issue)
-CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in CloudBees ...)
+CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins ...)
- jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900)
CVE-2011-4343
RESERVED
More information about the Secure-testing-commits
mailing list