[Secure-testing-commits] r32000 - data/CVE

Thu, 05 Feb 2015 13:11:11 -0800 

Author: sectracker
Date: 2015-02-05 21:10:17 +0000 (Thu, 05 Feb 2015)
New Revision: 32000

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-02-05 20:58:01 UTC (rev 31999)
+++ data/CVE/list       2015-02-05 21:10:17 UTC (rev 32000)
@@ -1,3 +1,21 @@
+CVE-2015-1482 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote 
attackers to ...)
+       TODO: check
+CVE-2015-1481 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote 
organization ...)
+       TODO: check
+CVE-2015-1480 (ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 
allows ...)
+       TODO: check
+CVE-2015-1479 (SQL injection vulnerability in reports/CreateReportTable.jsp in 
ZOHO ...)
+       TODO: check
+CVE-2015-1478 (Cross-site scripting (XSS) vulnerability in the CMSJunkie ...)
+       TODO: check
+CVE-2015-1477 (SQL injection vulnerability in the CMSJunkie 
J-ClassifiedsManager ...)
+       TODO: check
+CVE-2015-1476 (Multiple SQL injection vulnerabilities in xlinkerz 
ecommerceMajor ...)
+       TODO: check
+CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my 
little forum ...)
+       TODO: check
+CVE-2015-1474
+       RESERVED
 CVE-2015-1471
        RESERVED
 CVE-2015-1470
@@ -65,8 +83,8 @@
        RESERVED
 CVE-2015-1438
        RESERVED
-CVE-2015-1437
-       RESERVED
+CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus 
RT-N10+ D1 ...)
+       TODO: check
 CVE-2015-1436
        RESERVED
 CVE-2015-1435
@@ -2595,8 +2613,8 @@
        RESERVED
 CVE-2014-9563
        RESERVED
-CVE-2014-9562
-       RESERVED
+CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php 
in M2 ...)
+       TODO: check
 CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in 
redir_last_post_list.php ...)
        NOT-FOR-US: SoftBB
 CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in 
SoftBB ...)
@@ -3855,6 +3873,7 @@
        NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
        NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
 CVE-2014-9652 [out-of-bounds memory access]
+       {DSA-3126-1 DSA-3121-1}
        - file 1:5.21+15-1
        [squeeze] - file <not-affected> (The code was not vulnerable, confirmed 
with Valgrind on the test data submitted to upstream)
        [wheezy] - file 5.11-2+deb7u7
@@ -3940,8 +3959,8 @@
        RESERVED
 CVE-2014-9332
        RESERVED
-CVE-2014-9331
-       RESERVED
+CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO 
ManageEngine ...)
+       TODO: check
 CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 
allows ...)
        - tiff 4.0.3-12 (bug #773987)
        - tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF 
tools)
@@ -4048,10 +4067,12 @@
        NOTE: jmm coordinating with reporters wrt CVE
 CVE-2014-9298
        RESERVED
+       {DSA-3154-1}
        - ntp 1:4.2.6.p5+dfsg-4
        NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)
 CVE-2014-9297
        RESERVED
+       {DSA-3154-1}
        - ntp 1:4.2.6.p5+dfsg-4
        NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
 CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 
...)
@@ -4683,24 +4704,24 @@
        RESERVED
 CVE-2014-9051
        RESERVED
-CVE-2014-9049
-       RESERVED
-CVE-2014-9048
-       RESERVED
-CVE-2014-9047
-       RESERVED
-CVE-2014-9046
-       RESERVED
-CVE-2014-9045
-       RESERVED
-CVE-2014-9044
-       RESERVED
-CVE-2014-9043
-       RESERVED
-CVE-2014-9042
-       RESERVED
-CVE-2014-9041
-       RESERVED
+CVE-2014-9049 (The documents application in ownCloud Server 6.x before 6.0.6 
and 7.x ...)
+       TODO: check
+CVE-2014-9048 (The documents application in ownCloud Server 6.x before 6.0.6 
and 7.x ...)
+       TODO: check
+CVE-2014-9047 (Multiple unspecified vulnerabilities in the preview system in 
ownCloud ...)
+       TODO: check
+CVE-2014-9046 (The OC_Util::getUrlContent function in ownCloud Server before 
5.0.18, ...)
+       TODO: check
+CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 
5.0.18 and ...)
+       TODO: check
+CVE-2014-9044 (Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of 
the ...)
+       TODO: check
+CVE-2014-9043 (The user_ldap (aka LDAP user and group backend) application in 
...)
+       TODO: check
+CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import 
functionality ...)
+       TODO: check
+CVE-2014-9041 (The import functionality in the bookmarks application in 
ownCloud ...)
+       TODO: check
 CVE-2014-9040
        RESERVED
 CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and 
(2) ...)
@@ -5180,8 +5201,8 @@
        RESERVED
        - postgresql-9.4 9.4.1-1
        - postgresql-9.1 9.1.11-2
-        [wheezy] - postgresql-9.1 <unfixed>
-        NOTE: workaround until DSA released, remove tag and note after 
releasing
+       [wheezy] - postgresql-9.1 <unfixed>
+       NOTE: workaround until DSA released, remove tag and note after releasing
        - postgresql-8.4 <removed>
        [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only 
provides PL/Perl)
 CVE-2015-0242
@@ -5192,8 +5213,8 @@
        RESERVED
        - postgresql-9.4 9.4.1-1
        - postgresql-9.1 9.1.11-2
-        [wheezy] - postgresql-9.1 <unfixed>
-        NOTE: workaround until DSA released, remove tag and note after 
releasing
+       [wheezy] - postgresql-9.1 <unfixed>
+       NOTE: workaround until DSA released, remove tag and note after releasing
        - postgresql-8.4 <removed>
        [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only 
provides PL/Perl)
 CVE-2015-0240
@@ -7876,8 +7897,8 @@
        RESERVED
        - postgresql-9.4 9.4.1-1
        - postgresql-9.1 9.1.11-2
-        [wheezy] - postgresql-9.1 <unfixed>
-        NOTE: workaround until DSA released, remove tag and note after 
releasing
+       [wheezy] - postgresql-9.1 <unfixed>
+       NOTE: workaround until DSA released, remove tag and note after releasing
        - postgresql-8.4 <removed>
        [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only 
provides PL/Perl)
 CVE-2014-8160 [iptables restriction bypass if a protocol handler kernel module 
not loaded]
@@ -8760,8 +8781,8 @@
        NOT-FOR-US: ZOHO
 CVE-2014-7865
        REJECTED
-CVE-2014-7864
-       RESERVED
+CVE-2014-7864 (Multiple SQL injection vulnerabilities in the 
FailOverHelperServlet ...)
+       TODO: check
 CVE-2014-7863
        RESERVED
 CVE-2014-7862
@@ -14520,8 +14541,8 @@
        NOT-FOR-US: Feng Office
 CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 
allows ...)
        NOT-FOR-US: Aruba Networks ClearPass
-CVE-2014-5341
-       RESERVED
+CVE-2014-5341 (The SFTP external storage driver (files_external) in ownCloud 
Server ...)
+       TODO: check
 CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 
1.2.5i4 ...)
        - check-mk <unfixed> (bug #758883)
        [wheezy] - check-mk <not-affected> (does not use pickle, vulnerable 
code not present)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to