Author: sectracker
Date: 2015-04-22 21:10:16 +0000 (Wed, 22 Apr 2015)
New Revision: 33769
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-22 21:02:51 UTC (rev 33768)
+++ data/CVE/list 2015-04-22 21:10:16 UTC (rev 33769)
@@ -1,4 +1,123 @@
+CVE-2015-3399
+ RESERVED
+CVE-2015-3398
+ RESERVED
+CVE-2015-3397
+ RESERVED
+CVE-2015-3396
+ RESERVED
+CVE-2015-3395
+ RESERVED
+CVE-2015-3394
+ RESERVED
+CVE-2015-3393 (Open redirect vulnerability in the Commerce WeDeal module
before ...)
+ TODO: check
+CVE-2015-3392 (Cross-site scripting (XSS) vulnerability in the Ajax Timeline
module ...)
+ TODO: check
+CVE-2015-3391 (The Path Breadcrumbs module before 7.x-3.2 for Drupal allows
remote ...)
+ TODO: check
+CVE-2015-3390 (Cross-site scripting (XSS) vulnerability in the Facebook Album
Fetcher ...)
+ TODO: check
+CVE-2015-3389 (Cross-site scripting (XSS) vulnerability in the Download counts
report ...)
+ TODO: check
+CVE-2015-3388 (Cross-site request forgery (CSRF) vulnerability in the Commerce
...)
+ TODO: check
+CVE-2015-3387 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
+ TODO: check
+CVE-2015-3386 (Cross-site scripting (XSS) vulnerability in the Node Access
Product ...)
+ TODO: check
+CVE-2015-3385 (Cross-site scripting (XSS) vulnerability in the Taxonomy Path
module ...)
+ TODO: check
+CVE-2015-3384 (Cross-site scripting (XSS) vulnerability in the Bank Account
Listing ...)
+ TODO: check
+CVE-2015-3383 (Open redirect vulnerability in the Node basket module for
Drupal ...)
+ TODO: check
+CVE-2015-3382 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Node ...)
+ TODO: check
+CVE-2015-3381 (Cross-site scripting (XSS) vulnerability in the Node basket
module for ...)
+ TODO: check
+CVE-2015-3380 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3379 (The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and
7.x-3.x ...)
+ TODO: check
+CVE-2015-3378 (Open redirect vulnerability in the Views module before
6.x-2.18, ...)
+ TODO: check
+CVE-2015-3377
+ RESERVED
+CVE-2015-3376 (Cross-site scripting (XSS) vulnerability in the Quizzler module
before ...)
+ TODO: check
+CVE-2015-3375 (Cross-site request forgery (CSRF) vulnerability in the
Shibboleth ...)
+ TODO: check
+CVE-2015-3374 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3373 (The Amazon AWS module before 7.x-1.3 for Drupal uses the base
URL and ...)
+ TODO: check
+CVE-2015-3372 (Cross-site scripting (XSS) vulnerability in the Node Invite
module ...)
+ TODO: check
+CVE-2015-3371 (Open redirect vulnerability in the Node Invite module before
6.x-2.5 ...)
+ TODO: check
+CVE-2015-3370 (Cross-site request forgery (CSRF) vulnerability in the Node
Invite ...)
+ TODO: check
+CVE-2015-3369 (Cross-site scripting (XSS) vulnerability in the Taxonews module
before ...)
+ TODO: check
+CVE-2015-3368 (Cross-site scripting (XSS) vulnerability in the administration
user ...)
+ TODO: check
+CVE-2015-3367 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3366 (Cross-site request forgery (CSRF) vulnerability in the Alfresco
module ...)
+ TODO: check
+CVE-2015-3365 (Cross-site scripting (XSS) vulnerability in the nodeauthor
module for ...)
+ TODO: check
+CVE-2015-3364 (Cross-site scripting (XSS) vulnerability in the Content
Analysis ...)
+ TODO: check
+CVE-2015-3363 (Cross-site request forgery (CSRF) vulnerability in the Contact
Form ...)
+ TODO: check
+CVE-2015-3362 (Cross-site scripting (XSS) vulnerability in the Video module
before ...)
+ TODO: check
+CVE-2015-3361 (Cross-site scripting (XSS) vulnerability in the Linkit module
before ...)
+ TODO: check
+CVE-2015-3360 (Cross-site scripting (XSS) vulnerability in the Term Merge
module ...)
+ TODO: check
+CVE-2015-3359 (Multiple cross-site scripting (XSS) vulnerabilities in the Room
...)
+ TODO: check
+CVE-2015-3358 (Multiple open redirect vulnerabilities in the Tadaa! module
before ...)
+ TODO: check
+CVE-2015-3357 (Cross-site scripting (XSS) vulnerability in the Wishlist module
before ...)
+ TODO: check
+CVE-2015-3356 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3355 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3354 (Cross-site request forgery (CSRF) vulnerability in the Wishlist
module ...)
+ TODO: check
+CVE-2015-3353 (Cross-site scripting (XSS) vulnerability in the Field Display
Label ...)
+ TODO: check
+CVE-2015-3352 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3351 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Log ...)
+ TODO: check
+CVE-2015-3350 (Cross-site request forgery (CSRF) vulnerability in the Todo
Filter ...)
+ TODO: check
+CVE-2015-3349 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2015-3348 (Cross-site scripting (XSS) vulnerability in the Cloudwords for
...)
+ TODO: check
+CVE-2015-3347 (Cross-site request forgery (CSRF) vulnerability in the
Cloudwords for ...)
+ TODO: check
+CVE-2015-3346 (SQL injection vulnerability in the WikiWiki module before
6.x-1.2 for ...)
+ TODO: check
+CVE-2015-3345 (SQL injection vulnerability in the PHPlist Integration Module
before ...)
+ TODO: check
+CVE-2015-3344 (Cross-site scripting (XSS) vulnerability in the Course module
6.x-1.x ...)
+ TODO: check
+CVE-2015-3343 (Cross-site request forgery (CSRF) vulnerability in the OPAC
module ...)
+ TODO: check
+CVE-2015-3342 (Open redirect vulnerability in the Ubercart Currency Conversion
module ...)
+ TODO: check
+CVE-2015-3341
+ RESERVED
CVE-2015-3400
+ RESERVED
NOT-FOR-US: ZFS on Linux Debian packages specific as published in the
archive.zfsonlinux.org repositories
CVE-2015-3338
RESERVED
@@ -428,6 +547,7 @@
- openjdk-8 <not-affected> (defective patch not applied)
CVE-2015-3148 [Negotiate not treated as connection-oriented]
RESERVED
+ {DSA-3232-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422B.html
CVE-2015-3147
@@ -451,6 +571,7 @@
NOTE: http://curl.haxx.se/docs/adv_20150422D.html
CVE-2015-3143 [Re-using authenticated connection when unauthenticated]
RESERVED
+ {DSA-3232-1}
- curl 7.42.0-1
NOTE: http://curl.haxx.se/docs/adv_20150422A.html
CVE-2015-3142
@@ -1255,10 +1376,9 @@
CVE-2015-2826
RESERVED
NOT-FOR-US: WordPress plugin simple-ads-manager
-CVE-2015-2825
- RESERVED
+CVE-2015-2825 (Unrestricted file upload vulnerability in sam-ajax-admin.php in
the ...)
NOT-FOR-US: WordPress plugin simple-ads-manager
-CVE-2015-2824 (Multiple SQL injection vulnerabilities in sam-ajax-admin.php in
the ...)
+CVE-2015-2824 (Multiple SQL injection vulnerabilities in the Simple Ads
Manager ...)
NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2823 (Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC
(TIA ...)
NOT-FOR-US: Siemens
@@ -2381,7 +2501,7 @@
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
(v3.19-rc1)
NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
-CVE-2014-9718 [malicious PRDT flow from guest to host]
+CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE
functionality in ...)
- qemu <unfixed> (unimportant; bug #781250)
- qemu-kvm <removed> (unimportant)
NOTE:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8
(v2.2.0-rc2)
@@ -3780,8 +3900,8 @@
RESERVED
CVE-2015-1890 (/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System
(GPFS) ...)
NOT-FOR-US: IBM General Parallel File System
-CVE-2015-1889
- RESERVED
+CVE-2015-1889 (The Big SQL component in IBM InfoSphere BigInsights 3.0 through
...)
+ TODO: check
CVE-2015-1888
RESERVED
CVE-2015-1887
@@ -4890,8 +5010,8 @@
RESERVED
CVE-2015-1485
RESERVED
-CVE-2015-1484
- RESERVED
+CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in
Symantec ...)
+ TODO: check
CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and
UNIX ...)
NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in
ffmpeg 2.1.4 ...)
@@ -7698,10 +7818,10 @@
RESERVED
CVE-2015-0706
RESERVED
-CVE-2015-0705
- RESERVED
-CVE-2015-0704
- RESERVED
+CVE-2015-0705 (Cross-site request forgery (CSRF) vulnerability in the SOAP API
...)
+ TODO: check
+CVE-2015-0704 (Multiple cross-site request forgery (CSRF) vulnerabilities in
API ...)
+ TODO: check
CVE-2015-0703 (Cross-site scripting (XSS) vulnerability in the administrative
web ...)
TODO: check
CVE-2015-0702 (Unrestricted file upload vulnerability in the Custom Prompts
upload ...)
@@ -11108,8 +11228,8 @@
NOT-FOR-US: IBM PowerVC
CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and
1.2.1.x ...)
NOT-FOR-US: IBM PowerVC
-CVE-2015-0135
- RESERVED
+CVE-2015-0135 (IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3
IF2 ...)
+ TODO: check
CVE-2015-0134 (Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x
before ...)
NOT-FOR-US: IBM
CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows
remote ...)
@@ -13722,8 +13842,7 @@
NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=41878
NOTE:
https://github.com/htcondor/htcondor/commit/e891cea9970496aac74caf72604475a2b7e6a0ca.patch
NOTE:
https://github.com/htcondor/htcondor/commit/aebc6b0492acdc8b21b39ba22e33661752c2c37d.patch
-CVE-2014-8125
- RESERVED
+CVE-2014-8125 (XML external entity (XXE) vulnerability in Drools and jBPM
before ...)
NOT-FOR-US: jBPM
CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x
before ...)
- horizon 2014.1.3-6 (bug #772710)
@@ -13780,8 +13899,7 @@
RESERVED
CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and
1.3.3.x ...)
- 389-ds-base 1.3.3.5-4 (bug #779909)
-CVE-2014-8111
- RESERVED
+CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores
JkUnmount ...)
- libapache-mod-jk <unfixed>
NOTE: Fix: http://svn.apache.org/r1647017
CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web
based ...)
@@ -20140,8 +20258,8 @@
RESERVED
CVE-2014-5371
RESERVED
-CVE-2014-5370
- RESERVED
+CVE-2014-5370 (Directory traversal vulnerability in the CFChart servlet ...)
+ TODO: check
CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when
encryption ...)
- enigmail 2:1.7.2-1
[wheezy] - enigmail <not-affected> (Introduced in 1.7)
@@ -20161,8 +20279,8 @@
RESERVED
CVE-2014-5362
RESERVED
-CVE-2014-5361
- RESERVED
+CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Landesk ...)
+ TODO: check
CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface
in ...)
NOT-FOR-US: LANDESK Management Suite
CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication
Service ...)
@@ -24749,8 +24867,7 @@
NOTE: https://bugs.php.net/bug.php?id=67716
NOTE:
https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
- file 1:5.19-2
-CVE-2014-3586
- RESERVED
+CVE-2014-3586 (The default configuration for the Command Line Interface in Red
Hat ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2014-3585
RESERVED
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
