Author: sectracker
Date: 2017-09-20 21:10:14 +0000 (Wed, 20 Sep 2017)
New Revision: 55945
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-20 21:02:39 UTC (rev 55944)
+++ data/CVE/list 2017-09-20 21:10:14 UTC (rev 55945)
@@ -1,3 +1,29 @@
+CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before
12.0. If ...)
+ TODO: check
+CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before
12.0. ...)
+ TODO: check
+CVE-2017-14614
+ RESERVED
+CVE-2017-14613
+ RESERVED
+CVE-2017-14612
+ RESERVED
+CVE-2017-14611
+ RESERVED
+CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos
16.2.6 ...)
+ TODO: check
+CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID
file after ...)
+ TODO: check
+CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related
to ...)
+ TODO: check
+CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related
to ...)
+ TODO: check
+CVE-2017-14606
+ RESERVED
+CVE-2017-14605
+ RESERVED
+CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover
passwords ...)
+ TODO: check
CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file
type by ...)
- nautilus 3.25.90-1 (bug #860268)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
@@ -18,10 +44,10 @@
RESERVED
CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS
via the ...)
NOT-FOR-US: AfterLogic WebMail
-CVE-2017-14596
- RESERVED
-CVE-2017-14595
- RESERVED
+CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP
authentication ...)
+ TODO: check
+CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead
to the ...)
+ TODO: check
CVE-2017-14594
RESERVED
CVE-2017-14593
@@ -291,7 +317,7 @@
CVE-2017-14490
RESERVED
CVE-2017-14489 (The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.13-1
NOTE: https://patchwork.kernel.org/patch/9923803/
CVE-2017-14488
@@ -661,11 +687,11 @@
NOTE: https://github.com/LibRaw/LibRaw/issues/100
NOTE:
https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the
Linux ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
-CVE-2017-14339
- RESERVED
+CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check
for the ...)
+ TODO: check
CVE-2017-14338
RESERVED
CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate
...)
@@ -1163,7 +1189,7 @@
CVE-2017-14157
RESERVED
CVE-2017-14156 (The atyfb_ioctl function in
drivers/video/fbdev/aty/atyfb_base.c in the ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.13-1 (low)
CVE-2017-14155
RESERVED
@@ -1196,7 +1222,7 @@
NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2
NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2
CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ),
starting at ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.13-1 (bug #875881)
NOTE: Fixed by:
https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
NOTE: https://www.armis.com/blueborne/
@@ -1234,7 +1260,7 @@
CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin
panel in ...)
NOT-FOR-US: Kaltura
CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel
before ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.12-1
NOTE: Fixed by:
https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in
WriteMSLImage in ...)
@@ -1358,7 +1384,7 @@
CVE-2017-14104
RESERVED
CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux
kernel ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8
(v4.12-rc3)
CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c
in ...)
@@ -5190,11 +5216,12 @@
CVE-2017-12778
RESERVED
CVE-2017-1000112 [Exploitable memory corruption due to UFO to non-UFO path
switch]
+ {DSA-3981-1}
- linux 4.12.6-1 (low)
NOTE: Introduced by:
https://git.kernel.org/linus/e89e9cf539a28df7d0eb1d0a545368e9920b34ac
(2.6.15-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
CVE-2017-1000111 [heap out-of-bounds in AF_PACKET sockets]
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.6-1
NOTE: Introduced by:
https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4
(2.6.27-rc1)
NOTE: Fixed by:
https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
@@ -5641,8 +5668,7 @@
RESERVED
CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs
unsafe ...)
NOT-FOR-US: Apache Spark
-CVE-2017-12611
- RESERVED
+CVE-2017-12611 (In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10,
using an ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <ignored> (Minor issue)
NOTE: Only a problem if the application programmer has made a security
mistake.
@@ -6739,13 +6765,13 @@
- tripleo-heat-templates <undetermined>
CVE-2017-12154 [kvm: nVMX: L2 guest could access hardware(L0) CR8 register]
RESERVED
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.13-1
NOTE: Fixed by:
https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f
(v4.14-rc1)
NOTE: https://www.spinics.net/lists/kvm/msg155414.html
CVE-2017-12153 [null pointer dereference in nl80211_set_rekey_data()]
RESERVED
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.13-1
NOTE: https://marc.info/?t=150525503100001&r=1&w=2
NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
@@ -6814,7 +6840,7 @@
- xen <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12134 (The xen_biovec_phys_mergeable function in
drivers/xen/biomerge.c in ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.12-1
NOTE: https://xenbits.xen.org/xsa/advisory-229.html
NOTE:
https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0
(v4.13-rc6)
@@ -8242,7 +8268,7 @@
CVE-2017-11601
RESERVED
CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3,
when ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.12.6-1
NOTE: http://seclists.org/bugtraq/2017/Jul/30
CVE-2017-11599
@@ -11740,8 +11766,7 @@
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not
present)
NOTE: https://struts.apache.org/docs/s2-052.html
-CVE-2017-9804
- RESERVED
+CVE-2017-9804 (In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12,
if an ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <ignored> (Minor issue)
NOTE: DOS class vulnerability and classified as low by upstream.
@@ -11760,6 +11785,7 @@
CVE-2017-9799 (It was found that under some situations and configurations of
Apache ...)
NOT-FOR-US: Apache Storm
CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from
process ...)
+ {DSA-3980-1}
- apache2 <unfixed> (bug #876109)
NOTE:
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
NOTE: https://github.com/hannob/optionsbleed
@@ -11773,8 +11799,7 @@
RESERVED
CVE-2017-9794
RESERVED
-CVE-2017-9793
- RESERVED
+CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5
through ...)
- libstruts1.2-java <removed>
[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not
present)
NOTE: https://struts.apache.org/docs/s2-051.html
@@ -13369,10 +13394,12 @@
- exim4 4.89-3
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a
...)
+ {DSA-3981-1}
- linux 4.11.11-1
[wheezy] - linux <not-affected> (Memory layout is different)
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a
...)
+ {DSA-3981-1}
- linux 4.11.11-1
[wheezy] - linux <not-affected> (Memory layout is different)
NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
@@ -13727,16 +13754,16 @@
RESERVED
CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was
discovered ...)
NOT-FOR-US: Automated Logic Corporation (ALC)
-CVE-2017-9649
- RESERVED
+CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in
Mirion ...)
+ TODO: check
CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in
Solar ...)
NOT-FOR-US: Solar Controls WATTConfig M Software
CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the
Continental ...)
NOT-FOR-US: Continental AG Infineon S-Gold
CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in
Solar ...)
NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader)
-CVE-2017-9645
- RESERVED
+CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in
Mirion ...)
+ TODO: check
CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in
Automated ...)
NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9643
@@ -13847,8 +13874,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
NOTE:
https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
-CVE-2017-9607
- RESERVED
+CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before
1.4 might ...)
+ TODO: check
CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow
local ...)
NOT-FOR-US: Infotecs ViPNet Client and Coordinator
CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as
distributed in ...)
@@ -14859,7 +14886,7 @@
CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using
the ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2017-1000380 (sound/core/timer.c in the Linux kernel before 4.11.5 is
vulnerable to a ...)
- {DLA-1099-1}
+ {DSA-3981-1 DLA-1099-1}
- linux 4.11.6-1
NOTE: Fixed by:
https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378
(v4.12-rc5)
NOTE: Fixed by:
https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728
(v4.12-rc5)
@@ -16563,12 +16590,12 @@
NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total
Security ...)
NOT-FOR-US: Quick Heal Internet Security
-CVE-2017-8772
- RESERVED
-CVE-2017-8771
- RESERVED
-CVE-2017-8770
- RESERVED
+CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into
telnet ...)
+ TODO: check
+CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into
telnet ...)
+ TODO: check
+CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0
...)
+ TODO: check
CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android
uses ...)
NOT-FOR-US: WhatsApp Messenger
CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command
...)
@@ -18708,8 +18735,8 @@
NOT-FOR-US: OSIsoft
CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua
...)
NOT-FOR-US: Dahua
-CVE-2017-7924
- RESERVED
+CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell
...)
+ TODO: check
CVE-2017-7923 (A Password in Configuration File issue was discovered in
Hikvision ...)
NOT-FOR-US: Hikvision
CVE-2017-7922 (An Improper Privilege Management issue was discovered in
Cambium ...)
@@ -20344,6 +20371,7 @@
NOTE: http://tracker.ceph.com/issues/20240
CVE-2017-7518 [debug exception via syscall emulation]
RESERVED
+ {DSA-3981-1}
- linux 4.11.11-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
NOTE: http://www.openwall.com/lists/oss-security/2017/06/23/5
@@ -43715,8 +43743,8 @@
NOTE: HTTP/2 support introduced in 2.4.17
CVE-2016-8739 (The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior
to ...)
NOT-FOR-US: Apache CXF
-CVE-2016-8738
- RESERVED
+CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows
entering ...)
+ TODO: check
CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable
to ...)
NOT-FOR-US: Apache Brooklyn
CVE-2016-8736
@@ -50031,8 +50059,8 @@
NOTE: Fixed by: http://svn.apache.org/r1758494 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1758495 (7.0.x)
NOTE: Fixed by:
https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
-CVE-2016-6795
- RESERVED
+CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.20 through
2.3.30, it is ...)
+ TODO: check
CVE-2016-6794 (When a SecurityManager is configured, a web application's
ability to ...)
{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
- tomcat8 8.0.37-1 (low)
@@ -72824,8 +72852,8 @@
CVE-2015-8466 (Swift3 before 1.9 allows remote attackers to conduct replay
attacks ...)
{DSA-3583-1}
- swift-plugin-s3 1.9-1 (bug #822688)
-CVE-2014-9758
- RESERVED
+CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce
...)
+ TODO: check
CVE-2015-XXXX [uses non-random tempdir /tmp/tmprepo.0/.git/]
- git-repair 1.20151215-1 (unimportant; bug #807341)
NOTE: Non-exploitable on release archs due to kernel hardening
@@ -73597,8 +73625,8 @@
NOT-FOR-US: Huawei
CVE-2015-8225 (The Joint Photographic Experts Group Processing Unit (JPU)
driver in ...)
NOT-FOR-US: Huawei
-CVE-2015-8224
- RESERVED
+CVE-2015-8224 (Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200,
before ...)
+ TODO: check
CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and
P7-L09C92B85, and ...)
NOT-FOR-US: Huawei
CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package
before ...)
@@ -76290,8 +76318,8 @@
RESERVED
CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and
...)
NOT-FOR-US: zTree
-CVE-2015-7347
- RESERVED
+CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer
Pages ...)
+ TODO: check
CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
NOT-FOR-US: ZCMS
CVE-2015-7345
@@ -78520,8 +78548,7 @@
- drupal7 7.39-1
NOTE: https://www.drupal.org/SA-CORE-2015-003
NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
-CVE-2015-6673 [use-after-free vulnerability in Decoder.cpp]
- RESERVED
+CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before
6.15.32. ...)
- libpgf 6.14.12-3.2 (bug #798032)
[jessie] - libpgf <no-dsa> (Minor issue, can be fixed via a point
release)
NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
@@ -80841,8 +80868,8 @@
NOT-FOR-US: SolarWinds
CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export
plugin 1.1 ...)
NOT-FOR-US: Image Export plugin for WordPress
-CVE-2015-5608
- RESERVED
+CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
...)
+ TODO: check
CVE-2015-5606
RESERVED
CVE-2015-5605 (The regular-expression implementation in Google V8, as used in
Google ...)
@@ -81229,8 +81256,7 @@
RESERVED
CVE-2015-5462
RESERVED
-CVE-2015-5607 [IPython CSRF validation]
- RESERVED
+CVE-2015-5607 (Cross-site request forgery in the REST API in IPython 2 and 3.
...)
- ipython 2.4.1-1 (bug #793123)
[jessie] - ipython <no-dsa> (Minor issue)
[wheezy] - ipython <no-dsa> (Minor issue)
@@ -81480,8 +81506,7 @@
[squeeze] - hostapd <not-affected> (v0.7.0-v2.4 with CONFIG_WPS_NFC=y)
NOTE: http://www.openwall.com/lists/oss-security/2015/07/08/3
NOTE: http://w1.fi/security/2015-5/
-CVE-2015-5395 [CSRF]
- RESERVED
+CVE-2015-5395 (Cross-site request forgery (CSRF) vulnerability in SOGo before
3.1.0. ...)
- sogo 3.2.4-0.2 (bug #796197)
[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html
@@ -82011,8 +82036,7 @@
NOT-FOR-US: OpenShift
CVE-2015-5249
REJECTED
-CVE-2015-5248
- RESERVED
+CVE-2015-5248 (Reflected file download vulnerability in Red Hat Feedhenry
Enterprise ...)
NOT-FOR-US: Red Hat Mobile
CVE-2015-5247 (The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19
allows ...)
- libvirt 1.2.20-1 (bug #799132)
@@ -82274,8 +82298,7 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18784
NOTE: Originally proposed for jessie 8.8, but breaks the NSS ABI so was
retracted
-CVE-2015-5179 [non-printable characters aren't check in every case of user
data]
- RESERVED
+CVE-2015-5179 (FreeIPA might display user data improperly via vectors
involving ...)
- freeipa <unfixed> (bug #795399)
NOTE: https://fedorahosted.org/freeipa/ticket/5153
CVE-2015-5178 (The Management Console in Red Hat Enterprise Application
Platform ...)
@@ -83659,8 +83682,7 @@
NOTE: https://mantisbt.org/bugs/view.php?id=19873
CVE-2015-5057 (Cross-site scripting (XSS) vulnerability exists in the
Wordpress admin ...)
NOT-FOR-US: WordPress plugin broken-link-checker
-CVE-2015-4707 [IPython XSS in JSON error responses -- /api/notebooks path]
- RESERVED
+CVE-2015-4707 (Cross-site scripting (XSS) vulnerability in IPython before 3.2.
...)
- ipython 2.4.1-1 (bug #789824)
[jessie] - ipython <no-dsa> (Minor issue)
[wheezy] - ipython <not-affected> (Problematic code introduced in
rel-2.0.0)
@@ -85282,14 +85304,14 @@
NOT-FOR-US: Fortinet
CVE-2015-4076
RESERVED
-CVE-2015-4075
- RESERVED
-CVE-2015-4074
- RESERVED
-CVE-2015-4073
- RESERVED
-CVE-2015-4072
- RESERVED
+CVE-2015-4075 (The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote
...)
+ TODO: check
+CVE-2015-4074 (Directory traversal vulnerability in the Helpdesk Pro plugin
before ...)
+ TODO: check
+CVE-2015-4073 (Multiple SQL injection vulnerabilities in the Helpdesk Pro
plugin ...)
+ TODO: check
+CVE-2015-4072 (Multiple cross-site scripting (XSS) vulnerabilities in the
Helpdesk ...)
+ TODO: check
CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote
...)
NOT-FOR-US: Helpdesk Pro Plugin for Joomla!
CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...)
@@ -85847,8 +85869,8 @@
RESERVED
CVE-2015-3891
RESERVED
-CVE-2015-3890
- RESERVED
+CVE-2015-3890 (Use-after-free vulnerability in Open Litespeed before 1.3.10.
...)
+ TODO: check
CVE-2015-3889
RESERVED
CVE-2015-3888
@@ -88926,8 +88948,7 @@
RESERVED
CVE-2015-2832
RESERVED
-CVE-2015-2927 [DoS]
- RESERVED
+CVE-2015-2927 (node 0.3.2 and URONode before 1.0.5r3 allows remote attackers
to cause ...)
- node <removed> (bug #777013)
[jessie] - node <no-dsa> (Minor issue)
[squeeze] - node <no-dsa> (Minor issue)
@@ -88998,8 +89019,7 @@
NOT-FOR-US: CA Spectrum
CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x
and ...)
NOT-FOR-US: CA Spectrum
-CVE-2015-2826
- RESERVED
+CVE-2015-2826 (WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows
remote ...)
NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2825 (Unrestricted file upload vulnerability in sam-ajax-admin.php in
the ...)
NOT-FOR-US: WordPress plugin simple-ads-manager
@@ -91975,11 +91995,9 @@
- pacemaker <not-affected> (Vulnerable code not present)
NOTE: Introduced by:
https://github.com/ClusterLabs/pacemaker/commit/f242c1ef (Pacemaker-1.1.12-rc1)
NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/84ac07c
(Pacemaker-1.1.13-rc2)
-CVE-2015-1866
- RESERVED
+CVE-2015-1866 (Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x
before ...)
NOT-FOR-US: ember.js
-CVE-2015-1865 ["time of check to time of use" race condition fts.c]
- RESERVED
+CVE-2015-1865 (fts.c in coreutils 8.4 allows local users to delete arbitrary
files. ...)
- coreutils 8.13-1 (low)
[squeeze] - coreutils <no-dsa> (Minor issue)
NOTE: relevant code changed between 8.5 and 8.13, see
https://bugzilla.redhat.com/show_bug.cgi?id=1211300 for details
@@ -93818,8 +93836,8 @@
CVE-2015-1330 (unattended-upgrades before 0.86.1 does not properly
authenticate ...)
{DSA-3297-1 DLA-267-1}
- unattended-upgrades 0.86.1
-CVE-2015-1329
- RESERVED
+CVE-2015-1329 (Use-after-free vulnerability in
oxide::qt::URLRequestDelegatedJob in ...)
+ TODO: check
CVE-2015-1328 (The overlayfs implementation in the linux (aka Linux kernel)
package ...)
- linux <not-affected> (Ubuntu-specific flaw, overlayfs mounts
restricted to privileged users in Debian)
- linux-2.6 <not-affected> (Ubuntu-specific flaw, overlayfs mounts
restricted to privileged users in Debian)
@@ -99526,8 +99544,8 @@
REJECTED
CVE-2015-0163
RESERVED
-CVE-2015-0162
- RESERVED
+CVE-2015-0162 (IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows
local ...)
+ TODO: check
CVE-2015-0161 (SQL injection vulnerability in IBM Security SiteProtector
System 3.0 ...)
NOT-FOR-US: IBM
CVE-2015-0160 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1
before ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
