Author: sectracker
Date: 2015-02-18 21:10:15 +0000 (Wed, 18 Feb 2015)
New Revision: 32328
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-18 19:11:06 UTC (rev 32327)
+++ data/CVE/list 2015-02-18 21:10:15 UTC (rev 32328)
@@ -1,3 +1,561 @@
+CVE-2015-1876
+ RESERVED
+CVE-2015-1875
+ RESERVED
+CVE-2015-1874
+ RESERVED
+CVE-2015-1873
+ RESERVED
+CVE-2015-1872
+ RESERVED
+CVE-2015-1871
+ RESERVED
+CVE-2015-1870
+ RESERVED
+CVE-2015-1869
+ RESERVED
+CVE-2015-1868
+ RESERVED
+CVE-2015-1867
+ RESERVED
+CVE-2015-1866
+ RESERVED
+CVE-2015-1865
+ RESERVED
+CVE-2015-1864
+ RESERVED
+CVE-2015-1863
+ RESERVED
+CVE-2015-1862
+ RESERVED
+CVE-2015-1861
+ RESERVED
+CVE-2015-1860
+ RESERVED
+CVE-2015-1859
+ RESERVED
+CVE-2015-1858
+ RESERVED
+CVE-2015-1857
+ RESERVED
+CVE-2015-1856
+ RESERVED
+CVE-2015-1855
+ RESERVED
+CVE-2015-1854
+ RESERVED
+CVE-2015-1853
+ RESERVED
+CVE-2015-1852
+ RESERVED
+CVE-2015-1851
+ RESERVED
+CVE-2015-1850
+ RESERVED
+CVE-2015-1849
+ RESERVED
+CVE-2015-1848
+ RESERVED
+CVE-2015-1847
+ RESERVED
+CVE-2015-1846
+ RESERVED
+CVE-2015-1845
+ RESERVED
+CVE-2015-1844
+ RESERVED
+CVE-2015-1843
+ RESERVED
+CVE-2015-1842
+ RESERVED
+CVE-2015-1841
+ RESERVED
+CVE-2015-1840
+ RESERVED
+CVE-2015-1839
+ RESERVED
+CVE-2015-1838
+ RESERVED
+CVE-2015-1837
+ RESERVED
+CVE-2015-1836
+ RESERVED
+CVE-2015-1835
+ RESERVED
+CVE-2015-1834
+ RESERVED
+CVE-2015-1833
+ RESERVED
+CVE-2015-1832
+ RESERVED
+CVE-2015-1831
+ RESERVED
+CVE-2015-1830
+ RESERVED
+CVE-2015-1829
+ RESERVED
+CVE-2015-1828
+ RESERVED
+CVE-2015-1827
+ RESERVED
+CVE-2015-1826
+ RESERVED
+CVE-2015-1825
+ RESERVED
+CVE-2015-1824
+ RESERVED
+CVE-2015-1823
+ RESERVED
+CVE-2015-1822
+ RESERVED
+CVE-2015-1821
+ RESERVED
+CVE-2015-1820
+ RESERVED
+CVE-2015-1819
+ RESERVED
+CVE-2015-1818
+ RESERVED
+CVE-2015-1817
+ RESERVED
+CVE-2015-1816
+ RESERVED
+CVE-2015-1815
+ RESERVED
+CVE-2015-1814
+ RESERVED
+CVE-2015-1813
+ RESERVED
+CVE-2015-1812
+ RESERVED
+CVE-2015-1811
+ RESERVED
+CVE-2015-1810
+ RESERVED
+CVE-2015-1809
+ RESERVED
+CVE-2015-1808
+ RESERVED
+CVE-2015-1807
+ RESERVED
+CVE-2015-1806
+ RESERVED
+CVE-2015-1805
+ RESERVED
+CVE-2015-1804
+ RESERVED
+CVE-2015-1803
+ RESERVED
+CVE-2015-1802
+ RESERVED
+CVE-2015-1801
+ RESERVED
+CVE-2015-1800
+ RESERVED
+CVE-2015-1799
+ RESERVED
+CVE-2015-1798
+ RESERVED
+CVE-2015-1797
+ RESERVED
+CVE-2015-1796
+ RESERVED
+CVE-2015-1795
+ RESERVED
+CVE-2015-1794
+ RESERVED
+CVE-2015-1793
+ RESERVED
+CVE-2015-1792
+ RESERVED
+CVE-2015-1791
+ RESERVED
+CVE-2015-1790
+ RESERVED
+CVE-2015-1789
+ RESERVED
+CVE-2015-1788
+ RESERVED
+CVE-2015-1787
+ RESERVED
+CVE-2015-1786
+ RESERVED
+CVE-2015-1785
+ RESERVED
+CVE-2015-1784
+ RESERVED
+CVE-2015-1783
+ RESERVED
+CVE-2015-1782
+ RESERVED
+CVE-2015-1781
+ RESERVED
+CVE-2015-1780
+ RESERVED
+CVE-2015-1779
+ RESERVED
+CVE-2015-1778
+ RESERVED
+CVE-2015-1777
+ RESERVED
+CVE-2015-1776
+ RESERVED
+CVE-2015-1775
+ RESERVED
+CVE-2015-1774
+ RESERVED
+CVE-2015-1773
+ RESERVED
+CVE-2015-1772
+ RESERVED
+CVE-2015-1771
+ RESERVED
+CVE-2015-1770
+ RESERVED
+CVE-2015-1769
+ RESERVED
+CVE-2015-1768
+ RESERVED
+CVE-2015-1767
+ RESERVED
+CVE-2015-1766
+ RESERVED
+CVE-2015-1765
+ RESERVED
+CVE-2015-1764
+ RESERVED
+CVE-2015-1763
+ RESERVED
+CVE-2015-1762
+ RESERVED
+CVE-2015-1761
+ RESERVED
+CVE-2015-1760
+ RESERVED
+CVE-2015-1759
+ RESERVED
+CVE-2015-1758
+ RESERVED
+CVE-2015-1757
+ RESERVED
+CVE-2015-1756
+ RESERVED
+CVE-2015-1755
+ RESERVED
+CVE-2015-1754
+ RESERVED
+CVE-2015-1753
+ RESERVED
+CVE-2015-1752
+ RESERVED
+CVE-2015-1751
+ RESERVED
+CVE-2015-1750
+ RESERVED
+CVE-2015-1749
+ RESERVED
+CVE-2015-1748
+ RESERVED
+CVE-2015-1747
+ RESERVED
+CVE-2015-1746
+ RESERVED
+CVE-2015-1745
+ RESERVED
+CVE-2015-1744
+ RESERVED
+CVE-2015-1743
+ RESERVED
+CVE-2015-1742
+ RESERVED
+CVE-2015-1741
+ RESERVED
+CVE-2015-1740
+ RESERVED
+CVE-2015-1739
+ RESERVED
+CVE-2015-1738
+ RESERVED
+CVE-2015-1737
+ RESERVED
+CVE-2015-1736
+ RESERVED
+CVE-2015-1735
+ RESERVED
+CVE-2015-1734
+ RESERVED
+CVE-2015-1733
+ RESERVED
+CVE-2015-1732
+ RESERVED
+CVE-2015-1731
+ RESERVED
+CVE-2015-1730
+ RESERVED
+CVE-2015-1729
+ RESERVED
+CVE-2015-1728
+ RESERVED
+CVE-2015-1727
+ RESERVED
+CVE-2015-1726
+ RESERVED
+CVE-2015-1725
+ RESERVED
+CVE-2015-1724
+ RESERVED
+CVE-2015-1723
+ RESERVED
+CVE-2015-1722
+ RESERVED
+CVE-2015-1721
+ RESERVED
+CVE-2015-1720
+ RESERVED
+CVE-2015-1719
+ RESERVED
+CVE-2015-1718
+ RESERVED
+CVE-2015-1717
+ RESERVED
+CVE-2015-1716
+ RESERVED
+CVE-2015-1715
+ RESERVED
+CVE-2015-1714
+ RESERVED
+CVE-2015-1713
+ RESERVED
+CVE-2015-1712
+ RESERVED
+CVE-2015-1711
+ RESERVED
+CVE-2015-1710
+ RESERVED
+CVE-2015-1709
+ RESERVED
+CVE-2015-1708
+ RESERVED
+CVE-2015-1707
+ RESERVED
+CVE-2015-1706
+ RESERVED
+CVE-2015-1705
+ RESERVED
+CVE-2015-1704
+ RESERVED
+CVE-2015-1703
+ RESERVED
+CVE-2015-1702
+ RESERVED
+CVE-2015-1701
+ RESERVED
+CVE-2015-1700
+ RESERVED
+CVE-2015-1699
+ RESERVED
+CVE-2015-1698
+ RESERVED
+CVE-2015-1697
+ RESERVED
+CVE-2015-1696
+ RESERVED
+CVE-2015-1695
+ RESERVED
+CVE-2015-1694
+ RESERVED
+CVE-2015-1693
+ RESERVED
+CVE-2015-1692
+ RESERVED
+CVE-2015-1691
+ RESERVED
+CVE-2015-1690
+ RESERVED
+CVE-2015-1689
+ RESERVED
+CVE-2015-1688
+ RESERVED
+CVE-2015-1687
+ RESERVED
+CVE-2015-1686
+ RESERVED
+CVE-2015-1685
+ RESERVED
+CVE-2015-1684
+ RESERVED
+CVE-2015-1683
+ RESERVED
+CVE-2015-1682
+ RESERVED
+CVE-2015-1681
+ RESERVED
+CVE-2015-1680
+ RESERVED
+CVE-2015-1679
+ RESERVED
+CVE-2015-1678
+ RESERVED
+CVE-2015-1677
+ RESERVED
+CVE-2015-1676
+ RESERVED
+CVE-2015-1675
+ RESERVED
+CVE-2015-1674
+ RESERVED
+CVE-2015-1673
+ RESERVED
+CVE-2015-1672
+ RESERVED
+CVE-2015-1671
+ RESERVED
+CVE-2015-1670
+ RESERVED
+CVE-2015-1669
+ RESERVED
+CVE-2015-1668
+ RESERVED
+CVE-2015-1667
+ RESERVED
+CVE-2015-1666
+ RESERVED
+CVE-2015-1665
+ RESERVED
+CVE-2015-1664
+ RESERVED
+CVE-2015-1663
+ RESERVED
+CVE-2015-1662
+ RESERVED
+CVE-2015-1661
+ RESERVED
+CVE-2015-1660
+ RESERVED
+CVE-2015-1659
+ RESERVED
+CVE-2015-1658
+ RESERVED
+CVE-2015-1657
+ RESERVED
+CVE-2015-1656
+ RESERVED
+CVE-2015-1655
+ RESERVED
+CVE-2015-1654
+ RESERVED
+CVE-2015-1653
+ RESERVED
+CVE-2015-1652
+ RESERVED
+CVE-2015-1651
+ RESERVED
+CVE-2015-1650
+ RESERVED
+CVE-2015-1649
+ RESERVED
+CVE-2015-1648
+ RESERVED
+CVE-2015-1647
+ RESERVED
+CVE-2015-1646
+ RESERVED
+CVE-2015-1645
+ RESERVED
+CVE-2015-1644
+ RESERVED
+CVE-2015-1643
+ RESERVED
+CVE-2015-1642
+ RESERVED
+CVE-2015-1641
+ RESERVED
+CVE-2015-1640
+ RESERVED
+CVE-2015-1639
+ RESERVED
+CVE-2015-1638
+ RESERVED
+CVE-2015-1637
+ RESERVED
+CVE-2015-1636
+ RESERVED
+CVE-2015-1635
+ RESERVED
+CVE-2015-1634
+ RESERVED
+CVE-2015-1633
+ RESERVED
+CVE-2015-1632
+ RESERVED
+CVE-2015-1631
+ RESERVED
+CVE-2015-1630
+ RESERVED
+CVE-2015-1629
+ RESERVED
+CVE-2015-1628
+ RESERVED
+CVE-2015-1627
+ RESERVED
+CVE-2015-1626
+ RESERVED
+CVE-2015-1625
+ RESERVED
+CVE-2015-1624
+ RESERVED
+CVE-2015-1623
+ RESERVED
+CVE-2015-1622
+ RESERVED
+CVE-2015-1621 (Cross-site scripting (XSS) vulnerability in the Webform
prepopulate ...)
+ TODO: check
+CVE-2015-1620
+ RESERVED
+CVE-2015-1619 (Cross-site scripting (XSS) vulnerability in the Secure Web Mail
Client ...)
+ TODO: check
+CVE-2015-1618 (The ePO extension in McAfee Data Loss Prevention Endpoint
(DLPe) ...)
+ TODO: check
+CVE-2015-1617 (Cross-site scripting (XSS) vulnerability in the ePO extension
in ...)
+ TODO: check
+CVE-2015-1616 (SQL injection vulnerability in the ePO extension in McAfee Data
Loss ...)
+ TODO: check
+CVE-2015-1615
+ RESERVED
+CVE-2015-1613 (RhodeCode before 2.2.7 allows remote authenticated users to
obtain API ...)
+ TODO: check
+CVE-2015-1612
+ RESERVED
+CVE-2015-1611
+ RESERVED
+CVE-2015-1610
+ RESERVED
+CVE-2015-1609
+ RESERVED
+CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15
does not ...)
+ TODO: check
+CVE-2015-1605
+ RESERVED
+CVE-2015-1602
+ RESERVED
+CVE-2015-1601
+ RESERVED
+CVE-2015-1599
+ RESERVED
+CVE-2015-1598
+ RESERVED
+CVE-2015-1597
+ RESERVED
+CVE-2015-1596
+ RESERVED
+CVE-2015-1595
+ RESERVED
+CVE-2015-1594
+ RESERVED
+CVE-2013-7427
+ RESERVED
+CVE-2012-6688
+ RESERVED
CVE-2015-XXXX [use after free]
- libgtk2-perl 2:1.2492-4
NOTE: https://www.mail-archive.com/[email protected]/msg07793.html
@@ -16,6 +574,7 @@
- libcsoap <unfixed> (bug #778599)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/17/2
CVE-2014-9683 [ecryptfs 1-byte overwrite]
+ RESERVED
- linux 3.16.7-ckt4-1
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc
(v3.19-rc1)
@@ -27,12 +586,15 @@
- mod-gnutls <unfixed> (bug #578663)
NOTE:
https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2
CVE-2014-9682
+ RESERVED
NOT-FOR-US: node-dns-sync
CVE-2014-XXXX [more to CVE-2014-6585]
- icu <unfixed> (low; bug #778511)
CVE-2015-1614
+ RESERVED
NOT-FOR-US: WordPress plugin image-metadata-cruncher
CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect
bitwise left shifts]
+ RESERVED
[experimental] - gnupg2 2.1.2-1
- gnupg2 2.0.26-5 (bug #778577)
[wheezy] - gnupg2 <no-dsa> (Minor issue)
@@ -41,6 +603,7 @@
NOTE:
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
NOTE:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
+ RESERVED
[experimental] - gnupg2 2.1.2-1
- gnupg2 2.0.26-5 (bug #778577)
[wheezy] - gnupg2 <no-dsa> (Minor issue)
@@ -49,10 +612,13 @@
NOTE:
https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
NOTE:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
CVE-2015-1604
+ RESERVED
NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1603
+ RESERVED
NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1600
+ RESERVED
NOT-FOR-US: Netatmo Weather Station
CVE-2015-1588
RESERVED
@@ -83,8 +649,8 @@
TODO: check
CVE-2015-1575 (Multiple cross-site scripting (XSS) vulnerabilities in u5CMS
before ...)
TODO: check
-CVE-2015-1574
- RESERVED
+CVE-2015-1574 (The Google Email application 4.2.2.0200 for Android allows
remote ...)
+ TODO: check
CVE-2013-7425
RESERVED
CVE-2014-9678
@@ -94,6 +660,7 @@
RESERVED
NOT-FOR-US: FlexPaper
CVE-2015-1593 [Linux ASLR integer overflow]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
@@ -280,22 +847,22 @@
RESERVED
CVE-2015-1502
RESERVED
-CVE-2015-1501
- RESERVED
-CVE-2015-1500
- RESERVED
-CVE-2015-1499
- RESERVED
-CVE-2015-1498
- RESERVED
-CVE-2015-1497
- RESERVED
-CVE-2015-1496
- RESERVED
-CVE-2015-1495
- RESERVED
-CVE-2015-1494
- RESERVED
+CVE-2015-1501 (The factory.loadExtensionFactory function in ...)
+ TODO: check
+CVE-2015-1500 (Multiple stack-based buffer overflows in the ...)
+ TODO: check
+CVE-2015-1499 (The ActiveMQ Broker in Samsung Security Manager (SSM) before
1.31 ...)
+ TODO: check
+CVE-2015-1498 (Persistent Systems Radia Client Automation does not properly
restrict ...)
+ TODO: check
+CVE-2015-1497 (radexecd.exe in Persistent Systems Radia Client Automation
(RCA) 7.9, ...)
+ TODO: check
+CVE-2015-1496 (Motorola Scanner SDK uses weak permissions for (1)
CoreScanner.exe, ...)
+ TODO: check
+CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK
allow ...)
+ TODO: check
+CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress
does not ...)
+ TODO: check
CVE-2015-1492
RESERVED
CVE-2015-1491
@@ -547,8 +1114,8 @@
NOT-FOR-US: xlinkerz ecommerceMajor
CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my
little forum ...)
NOT-FOR-US: My Little Forum
-CVE-2015-1474
- RESERVED
+CVE-2015-1474 (Multiple integer overflows in the GraphicBuffer::unflatten
function in ...)
+ TODO: check
CVE-2015-1471 (SQL injection vulnerability in userprofile.lib.php in Pragyan
CMS 3.0 ...)
TODO: check
CVE-2015-1470
@@ -619,18 +1186,17 @@
RESERVED
CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus
RT-N10+ D1 ...)
NOT-FOR-US: Asus RT-N10+ D1 router
-CVE-2015-1436
- RESERVED
-CVE-2015-1435
- RESERVED
-CVE-2015-1434
- RESERVED
+CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider
plugin ...)
+ TODO: check
+CVE-2015-1435 (Cross-site scripting (XSS) vulnerability in my little forum
before ...)
+ TODO: check
+CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum
before 2.3.4 ...)
+ TODO: check
CVE-2015-1429
RESERVED
CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2
allow ...)
NOT-FOR-US: Sefrengo
-CVE-2015-1427
- RESERVED
+CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and
1.4.x ...)
- elasticsearch <undetermined>
NOTE: http://seclists.org/bugtraq/2015/Feb/92
NOTE: Problem in the Groovy scripting engine.
@@ -863,14 +1429,14 @@
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
-CVE-2015-1358
- RESERVED
+CVE-2015-1358 (The remote-management module in the (1) Multi Panels, (2)
Comfort ...)
+ TODO: check
CVE-2015-1357 (Siemens Ruggedcom WIN51xx devices with firmware before
SS4.4.4624.35, ...)
NOT-FOR-US: Siemens Ruggedcom
-CVE-2015-1356
- RESERVED
-CVE-2015-1355
- RESERVED
+CVE-2015-1356 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a
user's ...)
+ TODO: check
+CVE-2015-1355 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak
...)
+ TODO: check
CVE-2014-9648
(components/navigation_interception/intercept_navigation_resource_throttle.cc
...)
- chromium-browser <not-affected> (Chrome on Android)
CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google
Chrome ...)
@@ -2137,8 +2703,8 @@
RESERVED
CVE-2015-0932
RESERVED
-CVE-2015-0931
- RESERVED
+CVE-2015-0931 (Ektron Content Management System (CMS) 8.5 and 8.7 before
8.7sp2 and ...)
+ TODO: check
CVE-2015-0930 (The web interface on SerVision HVG Video Gateway devices with
firmware ...)
NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-0929 (time.htm in the web interface on SerVision HVG Video Gateway
devices ...)
@@ -2153,8 +2719,8 @@
NOT-FOR-US: iPass Open Mobile
CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the
root ...)
NOT-FOR-US: Ceragon FiberAir IP-10 bridges
-CVE-2015-0923
- RESERVED
+CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in
Ektron ...)
+ TODO: check
CVE-2014-999999
REJECTED
CVE-2014-99999
@@ -2517,8 +3083,8 @@
RESERVED
CVE-2015-0876
RESERVED
-CVE-2015-0875
- RESERVED
+CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0
for ...)
+ TODO: check
CVE-2015-0874
RESERVED
CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator
...)
@@ -3027,16 +3593,16 @@
RESERVED
CVE-2015-0622
RESERVED
-CVE-2015-0621
- RESERVED
-CVE-2015-0620
- RESERVED
+CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow
remote ...)
+ TODO: check
+CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS)
14.3(.2) ...)
+ TODO: check
CVE-2015-0619 (Memory leak in the embedded web server in the WebVPN subsystem
in ...)
TODO: check
CVE-2015-0618
RESERVED
-CVE-2015-0617
- RESERVED
+CVE-2015-0617 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway
devices ...)
+ TODO: check
CVE-2015-0616
RESERVED
CVE-2015-0615
@@ -3051,8 +3617,8 @@
TODO: check
CVE-2015-0610 (Race condition in the object-group ACL feature in Cisco IOS
15.5(2)T ...)
TODO: check
-CVE-2015-0609
- RESERVED
+CVE-2015-0609 (Race condition in the Common Classification Engine (CCE) in the
...)
+ TODO: check
CVE-2015-0608 (Race condition in the Measurement, Aggregation, and Correlation
Engine ...)
TODO: check
CVE-2015-0607
@@ -3459,8 +4025,7 @@
RESERVED
CVE-2014-9467
RESERVED
-CVE-2014-9466
- RESERVED
+CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0
before ...)
- open-xchange <itp> (bug #269329)
CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS
0.95 ...)
NOT-FOR-US: Microweber CMS
@@ -3905,14 +4470,11 @@
RESERVED
CVE-2015-0520
RESERVED
-CVE-2015-0519
- RESERVED
+CVE-2015-0519 (The InputAccel Database (IADB) installation process in EMC
Captiva ...)
NOT-FOR-US: EMC Captiva Capture
-CVE-2015-0518
- RESERVED
+CVE-2015-0518 (The Properties service in the D2FS web-service component in EMC
...)
NOT-FOR-US: EMC Documentum D2
-CVE-2015-0517
- RESERVED
+CVE-2015-0517 (The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0
and 4.1 ...)
NOT-FOR-US: EMC Documentum D2
CVE-2015-0516 (Directory traversal vulnerability in EMC M&R (aka
Watch4Net) before ...)
NOT-FOR-US: EMC
@@ -4361,8 +4923,8 @@
RESERVED
CVE-2014-9382
RESERVED
-CVE-2014-9375
- RESERVED
+CVE-2014-9375 (Directory traversal vulnerability in the
LibraryFileUploadServlet ...)
+ TODO: check
CVE-2014-9373 (Directory traversal vulnerability in the
CollectorConfInfoServlet ...)
NOT-FOR-US: ManageEngine NetFlow Analyzer
CVE-2014-9372 (Directory traversal vulnerability in the
UploadAccountActivities ...)
@@ -5752,8 +6314,7 @@
RESERVED
CVE-2015-0269
RESERVED
-CVE-2015-0268 [XSA-117]
- RESERVED
+CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x,
when ...)
- xen <not-affected> (Only affects 4.5)
NOTE: http://xenbits.xen.org/xsa/advisory-117.html
CVE-2015-0267
@@ -5771,8 +6332,7 @@
RESERVED
CVE-2015-0261
RESERVED
-CVE-2015-0260
- RESERVED
+CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea 0.1 allows remote
authenticated ...)
- kallithea <itp> (bug #753975)
CVE-2015-0259
RESERVED
@@ -5783,8 +6343,7 @@
NOT-FOR-US: ovirt / RHEV
CVE-2015-0256
RESERVED
-CVE-2015-0255
- RESERVED
+CVE-2015-0255 (X.Org Server (aka xserver and xorg-server) before 1.16.3 and
1.17.x ...)
{DSA-3160-1}
- xorg-server 2:1.16.4-1
CVE-2015-0254
@@ -5801,16 +6360,14 @@
RESERVED
CVE-2015-0248
RESERVED
-CVE-2015-0247 [heap based buffer overflow]
- RESERVED
+CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library
in ...)
{DLA-153-1}
- e2fsprogs 1.42.12-1
[wheezy] - e2fsprogs <no-dsa> (Minor issue)
NOTE:
https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
CVE-2015-0246
REJECTED
-CVE-2015-0245 [denial of service in dbus >= 1.4 systemd activation]
- RESERVED
+CVE-2015-0245 (D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16,
and ...)
{DSA-3161-1}
- dbus 1.8.16-1 (bug #777545)
[squeeze] - dbus <not-affected> (affects 1.4 and above)
@@ -6180,10 +6737,10 @@
RESERVED
CVE-2015-0110
RESERVED
-CVE-2015-0109
- RESERVED
-CVE-2015-0108
- RESERVED
+CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
+ TODO: check
+CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset
...)
+ TODO: check
CVE-2015-0107
RESERVED
CVE-2015-0106
@@ -6584,8 +7141,8 @@
NOT-FOR-US: IBM
CVE-2014-8912
RESERVED
-CVE-2014-8911
- RESERVED
+CVE-2014-8911 (Cross-site scripting (XSS) vulnerability in IBM Content
Navigator ...)
+ TODO: check
CVE-2014-8910
RESERVED
CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal ...)
@@ -8235,8 +8792,8 @@
RESERVED
CVE-2014-8758
RESERVED
-CVE-2014-8757
- RESERVED
+CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers
to ...)
+ TODO: check
CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera
Recorder ...)
NOT-FOR-US: Panasonic Network Camera
CVE-2014-8755 (Panasonic Network Camera View 3 and 4 allows remote attackers
to ...)
@@ -8722,8 +9279,7 @@
[wheezy] - horizon <no-dsa> (Minor issue)
- python-django-openstack-auth 1.1.6-5 (bug #772712)
NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
-CVE-2014-8122
- RESERVED
+CVE-2014-8122 (Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0
Alpha3 ...)
NOT-FOR-US: JBoss Weld
CVE-2014-8121
RESERVED
@@ -9004,8 +9560,8 @@
NOT-FOR-US: Cisco
CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5
CORS ...)
NOT-FOR-US: Cisco
-CVE-2014-8023
- RESERVED
+CVE-2014-8023 (Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and
earlier, ...)
+ TODO: check
CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Identity ...)
NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-8021 (Cross-site scripting (XSS) vulnerability in Cisco AnyConnect
Secure ...)
@@ -9381,8 +9937,8 @@
RESERVED
CVE-2014-7884
RESERVED
-CVE-2014-7883
- RESERVED
+CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables
the ...)
+ TODO: check
CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x
allows ...)
NOT-FOR-US: HP SiteScope
CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP
Insight ...)
@@ -9472,8 +10028,7 @@
RESERVED
CVE-2014-7854
RESERVED
-CVE-2014-7853
- RESERVED
+CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red
Hat ...)
NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as
used ...)
NOT-FOR-US: RichFaces
@@ -9484,8 +10039,7 @@
- freeipa <unfixed>
NOTE: https://fedorahosted.org/freeipa/ticket/4742
TODO: check (possibly unimportant severity if we don't include WebUI
part and only have vulnerable code)
-CVE-2014-7849
- RESERVED
+CVE-2014-7849 (The Role Based Access Control (RBAC) implementation in JBoss
...)
NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and
2.7.x ...)
- moodle 2.7.5+dfsg-1 (bug #775842)
@@ -9583,8 +10137,7 @@
CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is
...)
- freeipa 4.0.5-1 (bug #768294)
NOTE: https://fedorahosted.org/freeipa/ticket/4690
-CVE-2014-7827
- RESERVED
+CVE-2014-7827 (The org.jboss.security.plugins.mapping.JBossMappingManager ...)
NOT-FOR-US: JBoss Security
CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does ...)
- linux 3.16.7-ckt2-1
@@ -10982,7 +11535,7 @@
CVE-2014-7197
RESERVED
CVE-2014-7196
- RESERVED
+ REJECTED
CVE-2014-7195 (Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x
before ...)
NOT-FOR-US: Spotfire Web Player
CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4,
Managed File ...)
@@ -13364,10 +13917,10 @@
NOT-FOR-US: IBM
CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience
Factory ...)
NOT-FOR-US: IBM WEF
-CVE-2014-6195
- RESERVED
-CVE-2014-6194
- RESERVED
+CVE-2014-6195 (The (1) Java GUI and (2) Web GUI components in the IBM Tivoli
Storage ...)
+ TODO: check
+CVE-2014-6194 (Directory traversal vulnerability in an unspecified web form in
IBM ...)
+ TODO: check
CVE-2014-6193 (IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0
before CF04, ...)
NOT-FOR-US: IBM
CVE-2014-6192
@@ -13481,8 +14034,7 @@
TODO: check
CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before
FP4 ...)
NOT-FOR-US: IBM
-CVE-2014-6137
- RESERVED
+CVE-2014-6137 (Cross-site scripting (XSS) vulnerability in the Relay
Diagnostic page ...)
NOT-FOR-US: IBM Endpoint Manager
CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1
supports ...)
NOT-FOR-US: IBM
@@ -13530,8 +14082,8 @@
RESERVED
CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution
Server ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-6113
- RESERVED
+CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports
component ...)
+ TODO: check
CVE-2014-6112
RESERVED
CVE-2014-6111
@@ -13552,8 +14104,8 @@
RESERVED
CVE-2014-6103
RESERVED
-CVE-2014-6102
- RESERVED
+CVE-2014-6102 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0
before ...)
+ TODO: check
CVE-2014-6101 (Cross-site scripting (XSS) vulnerability in the redirect-login
feature ...)
NOT-FOR-US: IBM Business Process Manager
CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM
Tivoli ...)
@@ -16607,8 +17159,8 @@
NOT-FOR-US: IBM
CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary
files ...)
NOT-FOR-US: IBM DB2
-CVE-2014-4804
- RESERVED
+CVE-2014-4804 (Curam Universal Access in IBM Curam Social Program Management
5.2 ...)
+ TODO: check
CVE-2014-4803 (CRLF injection vulnerability in the Universal Access
implementation in ...)
TODO: check
CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console
in IBM ...)
@@ -29600,8 +30152,7 @@
RESERVED
CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based
authorization ...)
NOT-FOR-US: Apache Hive
-CVE-2014-0227 [Request Smuggling]
- RESERVED
+CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java
in ...)
- tomcat6 6.0.41-3
NOTE: Fixed in
https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
NOTE: Marked as fixed in 6.0.41-3 which only builds the
libservlet2.5-java and libservlet2.5-java-doc packages
@@ -29873,15 +30424,13 @@
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: fix:
https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60
-CVE-2014-0154
- RESERVED
+CVE-2014-0154 (oVirt Engine before 3.5.0 does not include the HTTPOnly flag in
a ...)
NOT-FOR-US: oVirt web admin interface
CVE-2014-0153 (The REST API in oVirt 3.4.0 and earlier stores session IDs in
HTML5 ...)
NOT-FOR-US: oVirt REST API
CVE-2014-0152 (Session fixation vulnerability in the web admin interface in
oVirt ...)
NOT-FOR-US: oVirt web admin interface
-CVE-2014-0151
- RESERVED
+CVE-2014-0151 (Cross-site request forgery (CSRF) vulnerability in oVirt Engine
before ...)
NOT-FOR-US: ovirt
CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in ...)
{DSA-2910-1 DSA-2909-1}
@@ -43394,8 +43943,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8
CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in
nginx ...)
- nginx <not-affected> (Vulnerable code not present)
-CVE-2013-2027 [creates executables class files with wrong permissions]
- RESERVED
+CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of
the class ...)
- jython <unfixed> (low; bug #777079)
[jessie] - jython <no-dsa> (Minor issue)
[wheezy] - jython <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
