[Secure-testing-commits] r54405 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Mon Aug 7 21:10:13 UTC 2017
Author: sectracker
Date: 2017-08-07 21:10:13 +0000 (Mon, 07 Aug 2017)
New Revision: 54405
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-07 20:50:37 UTC (rev 54404)
+++ data/CVE/list 2017-08-07 21:10:13 UTC (rev 54405)
@@ -1,3 +1,115 @@
+CVE-2017-12661
+ RESERVED
+CVE-2017-12660
+ RESERVED
+CVE-2017-12659
+ RESERVED
+CVE-2017-12658
+ RESERVED
+CVE-2017-12657
+ RESERVED
+CVE-2017-12656
+ RESERVED
+CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the ...)
+ TODO: check
+CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 ...)
+ TODO: check
+CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege ...)
+ TODO: check
+CVE-2017-12652
+ RESERVED
+CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist ...)
+ TODO: check
+CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress ...)
+ TODO: check
+CVE-2017-12649 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or ...)
+ TODO: check
+CVE-2017-12648 (XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. ...)
+ TODO: check
+CVE-2017-12647 (XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base ...)
+ TODO: check
+CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, ...)
+ TODO: check
+CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid ...)
+ TODO: check
+CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...)
+ TODO: check
+CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ...)
+ TODO: check
+CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...)
+ TODO: check
+CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...)
+ TODO: check
+CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ...)
+ TODO: check
+CVE-2017-12639
+ RESERVED
+CVE-2017-12638
+ RESERVED
+CVE-2017-12637 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2017-12636
+ RESERVED
+CVE-2017-12635
+ RESERVED
+CVE-2017-12634
+ RESERVED
+CVE-2017-12633
+ RESERVED
+CVE-2017-12632
+ RESERVED
+CVE-2017-12631
+ RESERVED
+CVE-2017-12630
+ RESERVED
+CVE-2017-12629
+ RESERVED
+CVE-2017-12628
+ RESERVED
+CVE-2017-12627
+ RESERVED
+CVE-2017-12626
+ RESERVED
+CVE-2017-12625
+ RESERVED
+CVE-2017-12624
+ RESERVED
+CVE-2017-12623
+ RESERVED
+CVE-2017-12622
+ RESERVED
+CVE-2017-12621
+ RESERVED
+CVE-2017-12620
+ RESERVED
+CVE-2017-12619
+ RESERVED
+CVE-2017-12618
+ RESERVED
+CVE-2017-12617
+ RESERVED
+CVE-2017-12616
+ RESERVED
+CVE-2017-12615
+ RESERVED
+CVE-2017-12614
+ RESERVED
+CVE-2017-12613
+ RESERVED
+CVE-2017-12612
+ RESERVED
+CVE-2017-12611
+ RESERVED
+CVE-2017-12610
+ RESERVED
+CVE-2017-12609
+ RESERVED
+CVE-2017-12608
+ RESERVED
+CVE-2017-12607
+ RESERVED
+CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...)
+ TODO: check
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
- opencv <unfixed>
NOTE: https://github.com/opencv/opencv/issues/9309
@@ -96,8 +208,8 @@
RESERVED
CVE-2017-12568 (Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother ...)
NOT-FOR-US: Brother
-CVE-2017-12567
- RESERVED
+CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance ...)
+ TODO: check
CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
- imagemagick 8:6.9.7.4+dfsg-16 (bug #870503)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/603
@@ -290,12 +402,12 @@
NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1222
CVE-2017-12480 (Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading ...)
NOT-FOR-US: Sandboxie
-CVE-2017-12479
- RESERVED
-CVE-2017-12478
- RESERVED
-CVE-2017-12477
- RESERVED
+CVE-2017-12479 (It was discovered that an issue in the session logic in Unitrends ...)
+ TODO: check
+CVE-2017-12478 (It was discovered that the api/storage web interface in Unitrends ...)
+ TODO: check
+CVE-2017-12477 (It was discovered that the bpserverd proprietary protocol in Unitrends ...)
+ TODO: check
CVE-2017-12476
RESERVED
CVE-2017-12475
@@ -3449,6 +3561,7 @@
CVE-2017-11197
RESERVED
CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in ...)
+ {DLA-1049-1}
- libsndfile 1.0.28-3 (bug #869166)
NOTE: https://github.com/erikd/libsndfile/issues/292
NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
@@ -5719,8 +5832,7 @@
RESERVED
CVE-2017-9802
RESERVED
-CVE-2017-9801
- RESERVED
+CVE-2017-9801 (When a call-site passes a subject for an email that contains ...)
NOT-FOR-US: Apache commons email
CVE-2017-9800
RESERVED
@@ -18154,7 +18266,7 @@
CVE-2017-6213
RESERVED
CVE-2017-6212
- RESERVED
+ REJECTED
CVE-2017-6211
RESERVED
CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...)
@@ -31642,7 +31754,7 @@
NOT-FOR-US: IBM
CVE-2017-1371 (Builder tools running in the IBM TRIRIGA Application Platform 3.3, ...)
NOT-FOR-US: IBM
-CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sentive ...)
+CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive ...)
NOT-FOR-US: IBM
CVE-2017-1369
RESERVED
@@ -38556,8 +38668,7 @@
NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
-CVE-2016-7976 [various userparams allow %pipe% in paths, allowing remote shell command execution]
- RESERVED
+CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote ...)
{DSA-3691-1 DLA-674-1}
- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
@@ -45791,8 +45902,8 @@
RESERVED
CVE-2016-6221
RESERVED
-CVE-2016-6220
- RESERVED
+CVE-2016-6220 (The default error pages in Trend Micro Control Manager SP3 6.0 reveals ...)
+ TODO: check
CVE-2016-6219
RESERVED
CVE-2016-6218
@@ -49304,23 +49415,19 @@
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <no-dsa> (No apparent security impact)
-CVE-2014-9827 [Fix handling of corrupted of xpm file]
- RESERVED
+CVE-2014-9827 (coders/xpm.c in ImageMagick allows remote attackers to have ...)
- imagemagick 8:6.8.9.9-4 (bug #773834)
[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
-CVE-2014-9828 [Fix corrupted (too many colors) psd file]
- RESERVED
+CVE-2014-9828 (coders/psd.c in ImageMagick allows remote attackers to have ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9829 (coders/sun.c in ImageMagick allows remote attackers to cause a denial ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9830 [Fix handling of corrupted sun file]
- RESERVED
+CVE-2014-9830 (coders/sun.c in ImageMagick allows remote attackers to have ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
-CVE-2014-9831 [Fix handling of corrupted wpg file]
- RESERVED
+CVE-2014-9831 (coders/wpg.c in ImageMagick allows remote attackers to have ...)
{DLA-731-1}
- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9832 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. ...)
@@ -55615,8 +55722,7 @@
RESERVED
CVE-2016-3114 (Kallithea before 0.3.2 allows remote authenticated users to edit or ...)
- kallithea <itp> (bug #689573)
-CVE-2016-3113
- RESERVED
+CVE-2016-3113 (Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote ...)
NOT-FOR-US: ovirt-engine
CVE-2016-3112 (client/consumer/cli.py in Pulp before 2.8.3 writes consumer private ...)
NOT-FOR-US: Pulp (Red Hat)
@@ -63480,8 +63586,7 @@
[wheezy] - mediawiki <no-dsa> (Minor issue)
[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
NOTE: https://phabricator.wikimedia.org/T117899
-CVE-2015-8621 [t-coffee: creates world-writable directories]
- RESERVED
+CVE-2015-8621 (t-coffee before 11.00.8cbe486-2 allows local users to write to ...)
- t-coffee 11.00.8cbe486-2 (low; bug #751579)
[jessie] - t-coffee <no-dsa> (Minor issue)
[wheezy] - t-coffee <no-dsa> (Minor issue)
@@ -68168,8 +68273,8 @@
RESERVED
CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge LRX22G.G925VVRU1AOE2
-CVE-2015-7887
- RESERVED
+CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to list ...)
+ TODO: check
CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are ...)
NOT-FOR-US: NetApp
CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...)
@@ -68194,8 +68299,7 @@
NOT-FOR-US: User Dashboard module for Drupal
CVE-2015-7876 (The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver ...)
NOT-FOR-US: Driver for SQL Server and SQL Azure module for Drupal
-CVE-2015-7875
- RESERVED
+CVE-2015-7875 (ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal ...)
NOT-FOR-US: Ctools module for Drupal
CVE-2015-7874
RESERVED
@@ -68225,8 +68329,7 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c (v4.4-rc1)
-CVE-2015-7871
- RESERVED
+CVE-2015-7871 (Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -68267,30 +68370,26 @@
NOT-FOR-US: Joomla
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
NOT-FOR-US: OpenNMS
-CVE-2015-7855
- RESERVED
+CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/ba716a464ecb20618560075f2e4e1051e5b6f24f
-CVE-2015-7854
- RESERVED
+CVE-2015-7854 (Buffer overflow in the password management functionality in NTP 4.2.x ...)
- ntp 1:4.2.8p4+dfsg-1
[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/1bb401576f412532d8cdcca5509b85ad29605913
-CVE-2015-7853
- RESERVED
+CVE-2015-7853 (The datalen parameter in the refclock driver in NTP 4.2.x before ...)
- ntp 1:4.2.8p4+dfsg-1
[jessie] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
[wheezy] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
[squeeze] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261
-CVE-2015-7852
- RESERVED
+CVE-2015-7852 (ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -68304,14 +68403,12 @@
[squeeze] - ntp <no-dsa> (Vulnerability only affects VMS)
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/184516e143ce4448ddb5b9876dd372008cc779f6
-CVE-2015-7850
- RESERVED
+CVE-2015-7850 (ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/bb928ef08eec020ef6008f3a140702ccc0536b8e
-CVE-2015-7849
- RESERVED
+CVE-2015-7849 (Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
- ntp 1:4.2.8p4+dfsg-1
[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
@@ -68772,8 +68869,7 @@
[wheezy] - audiofile <no-dsa> (Minor issue)
[squeeze] - audiofile <not-affected> (Vulnerable code introduced later)
NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/2
-CVE-2015-7705 [An attacker can forge packets that claim to be from the target and send them to servers often enough that a server that implements KoD rate limiting will send the target machine a KoD response to attempt to reduce the rate of incoming packets]
- RESERVED
+CVE-2015-7705 (The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before ...)
- ntp 1:4.2.8p4+dfsg-3
[jessie] - ntp <no-dsa> (Default config not affected)
[wheezy] - ntp <no-dsa> (Default config not affected)
@@ -68783,8 +68879,7 @@
NOTE: https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
NOTE: Original fix was reported broken, then fixed in http://bugs.ntp.org/show_bug.cgi?id=2952 (4.2.8p7)
NOTE: Original upsteam bug: http://support.ntp.org/bin/view/Main/NtpBug2901
-CVE-2015-7704 [An ntpd client that honors Kiss-of-Death responses will honor KoD messages that have been forged by an attacker, causing it to delay or stop querying its servers for time updates.]
- RESERVED
+CVE-2015-7704 (The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-3
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -68796,14 +68891,12 @@
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/5dea6ff160c7e8f7cb038619ccccd28c3a8df637
NOTE: https://github.com/ntp-project/ntp/commit/cdae0f1369ade98dc7ae912a0f1953b6e533cb88
-CVE-2015-7702
- RESERVED
+CVE-2015-7702 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: https://github.com/ntp-project/ntp/commit/c4cd4aaf418f57f7225708a93bf48afb2bc9c1da
-CVE-2015-7701
- RESERVED
+CVE-2015-7701 (Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -68826,14 +68919,12 @@
RESERVED
CVE-2015-7693
RESERVED
-CVE-2015-7692
- RESERVED
+CVE-2015-7692 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
NOTE: Fixed upstream together with CVE-2015-7702
-CVE-2015-7691
- RESERVED
+CVE-2015-7691 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
{DSA-3388-1 DLA-335-1}
- ntp 1:4.2.8p4+dfsg-1
NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
@@ -69208,8 +69299,7 @@
REJECTED
CVE-2015-7572
REJECTED
-CVE-2015-7571
- RESERVED
+CVE-2015-7571 (Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows ...)
NOT-FOR-US: Yeager CMS
CVE-2015-7570 (Multiple server-side request forgery (SSRF) vulnerabilities in Yeager ...)
NOT-FOR-US: Yeager CMS
@@ -69235,8 +69325,7 @@
NOT-FOR-US: TeamPass
CVE-2015-7562 (Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...)
NOT-FOR-US: TeamPass
-CVE-2015-7561
- RESERVED
+CVE-2015-7561 (Kubernetes in OpenShift3 allows remote authenticated users to use the ...)
NOT-FOR-US: OpenShift
CVE-2015-7560 (The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, ...)
{DSA-3514-1}
@@ -73456,8 +73545,8 @@
RESERVED
CVE-2015-5947
RESERVED
-CVE-2015-5946
- RESERVED
+CVE-2015-5946 (Incomplete blacklist vulnerability in SugarCRM 6.5.22 allows local ...)
+ TODO: check
CVE-2015-5945 (The Sandbox subsystem in Apple OS X before 10.11.1 allows local users ...)
NOT-FOR-US: Apple
CVE-2015-5944 (CoreText in Apple OS X before 10.11.1 allows remote attackers to ...)
@@ -75040,8 +75129,7 @@
NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...)
NOT-FOR-US: GE Healthcare Centricity PACS
-CVE-2011-5325 [Directory traversal via crafted tar file which contains a symlink pointing outside of the current directory]
- RESERVED
+CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
- busybox <unfixed> (bug #802702)
[stretch] - busybox <no-dsa> (Minor issue)
[jessie] - busybox <no-dsa> (Minor issue)
@@ -75615,8 +75703,7 @@
[jessie] - ceph 0.80.7-2+deb8u1
NOTE: http://tracker.ceph.com/issues/12537
NOTE: https://github.com/ceph/ceph/pull/5430
-CVE-2015-5244 [incorrect ciphersuite parsing]
- RESERVED
+CVE-2015-5244 (The NSSCipherSuite option with ciphersuites enabled in mod_nss before ...)
- libapache2-mod-nss 1.0.12-1 (bug #799464)
[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
@@ -79538,8 +79625,8 @@
RESERVED
CVE-2015-3840 (The MessageStatusReceiver service in the AndroidManifest.XML in ...)
NOT-FOR-US: MessageStatusReceiver in Android
-CVE-2015-3839
- RESERVED
+CVE-2015-3839 (The updateMessageStatus function in Android 5.1.1 and earlier allows ...)
+ TODO: check
CVE-2015-3838
RESERVED
CVE-2015-3837 (The OpenSSLX509Certificate class in ...)
@@ -84801,8 +84888,7 @@
RESERVED
CVE-2015-2173
RESERVED
-CVE-2009-5145
- RESERVED
+CVE-2009-5145 (Cross-site scripting (XSS) vulnerability in ZMI pages that use the ...)
- zope2.12 2.12.10-1
CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote ...)
NOT-FOR-US: Slim PHP Framework
@@ -86547,8 +86633,8 @@
RESERVED
CVE-2015-1556
RESERVED
-CVE-2015-1555
- RESERVED
+CVE-2015-1555 (Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, ...)
+ TODO: check
CVE-2015-1553
RESERVED
CVE-2015-1552
@@ -87539,8 +87625,7 @@
[squeeze] - socat <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/6
NOTE: Upstream advisory: http://www.dest-unreach.org/socat/contrib/socat-secadv6.txt
-CVE-2015-1378 [Issues with sourcing cmdlineopts.clp from current working directory]
- RESERVED
+CVE-2015-1378 (cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before ...)
- grml-debootstrap 0.68.1 (low; bug #776502)
[wheezy] - grml-debootstrap <no-dsa> (Minor issue)
NOTE: https://github.com/grml/grml-debootstrap/issues/59
@@ -91760,12 +91845,12 @@
NOT-FOR-US: SAP SQL Anywhere
CVE-2014-9263 (Multiple buffer overflows in the ...)
NOT-FOR-US: 3S Pocketnet Tech VMS
-CVE-2014-9262
- RESERVED
+CVE-2014-9262 (The Duplicator plugin in Wordpress before 0.5.10 allows remote ...)
+ TODO: check
CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement ...)
NOT-FOR-US: Codoforum
-CVE-2014-9260
- RESERVED
+CVE-2014-9260 (The basic_settings function in the download manager plugin for ...)
+ TODO: check
CVE-2014-9259
RESERVED
CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...)
@@ -107647,8 +107732,7 @@
CVE-2014-XXXX [data leak during restore]
- obnam 1.8-1 (low; bug #745112)
[wheezy] - obnam <no-dsa> (Minor issue)
-CVE-2014-3462 [Editing Configuration File Disables MACs]
- RESERVED
+CVE-2014-3462 (The ".encfs6.xml" configuration file in encfs before 1.7.5 allows ...)
- encfs 1.8.1-1 (low; bug #736066)
[jessie] - encfs <no-dsa> (Minor issue)
[squeeze] - encfs <no-dsa> (Minor issue)
@@ -114171,8 +114255,7 @@
{DSA-2843-1}
- graphviz 2.26.3-16.1 (bug #734745)
NOTE: fix: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
-CVE-2014-1235
- RESERVED
+CVE-2014-1235 (Stack-based buffer overflow in the "yyerror" function in Graphviz ...)
- graphviz 2.26.3-16.1 (bug #734745)
[wheezy] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
[squeeze] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
More information about the Secure-testing-commits
mailing list