Author: sectracker
Date: 2015-02-19 21:10:16 +0000 (Thu, 19 Feb 2015)
New Revision: 32355
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-19 18:42:28 UTC (rev 32354)
+++ data/CVE/list 2015-02-19 21:10:16 UTC (rev 32355)
@@ -1,3 +1,5 @@
+CVE-2015-1878
+ RESERVED
CVE-2015-1876
RESERVED
CVE-2015-1875
@@ -733,6 +735,7 @@
NOTE: https://review.openstack.org/#/c/156553
TODO: check
CVE-2015-1877 [command injection vulnerability]
+ RESERVED
- xdg-utils <unfixed> (bug #777722)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/02/18/7
CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD
Infinite ...)
@@ -1529,8 +1532,7 @@
NOT-FOR-US: sequelize
CVE-2015-1354
RESERVED
-CVE-2015-1349 [bind9 crash in trust anchor management]
- RESERVED
+CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and
9.10.x ...)
{DSA-3162-1}
- bind9 1:9.9.5.dfsg-9 (low; bug #778733)
CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware
before ...)
@@ -3600,16 +3602,16 @@
RESERVED
CVE-2015-0627
RESERVED
-CVE-2015-0626
- RESERVED
+CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS)
allows ...)
+ TODO: check
CVE-2015-0625
RESERVED
CVE-2015-0624
RESERVED
-CVE-2015-0623
- RESERVED
-CVE-2015-0622
- RESERVED
+CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator
report ...)
+ TODO: check
+CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on
Cisco ...)
+ TODO: check
CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow
remote ...)
TODO: check
CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS)
14.3(.2) ...)
@@ -4338,16 +4340,13 @@
- minizip 1.1-5 (low; bug #774321)
CVE-2014-9426 (** DISPUTED ** The apprentice_load function in
libmagic/apprentice.c ...)
NOTE: Disputed PHP issue to be rejected, code wasn't present in
squeeze/wheezy or file (PHP-specific)
-CVE-2014-9423
- RESERVED
+CVE-2014-9423 (The svcauth_gss_accept_sec_context function in
lib/rpc/svc_auth_gss.c ...)
{DSA-3153-1 DLA-146-1}
- krb5 1.12.1+dfsg-17
-CVE-2014-9422
- RESERVED
+CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c
in ...)
{DSA-3153-1 DLA-146-1}
- krb5 1.12.1+dfsg-17
-CVE-2014-9421
- RESERVED
+CVE-2014-9421 (The auth_gssapi_unwrap_data function in
lib/rpc/auth_gssapi_misc.c in ...)
{DSA-3153-1 DLA-146-1}
- krb5 1.12.1+dfsg-17
CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in
Huawei ...)
@@ -6135,6 +6134,7 @@
NOTE:
https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85
NOTE: https://www.teeworlds.com/?page=news&id=11200
CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a
denial of ...)
+ {DSA-3163-1}
- libreoffice 1:4.3.3-2 (bug #771163)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449
NOTE:
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401
@@ -13653,14 +13653,14 @@
RESERVED
CVE-2014-6305
RESERVED
-CVE-2014-6304
- RESERVED
-CVE-2014-6303
- RESERVED
-CVE-2014-6302
- RESERVED
-CVE-2014-6301
- RESERVED
+CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before
7.7 ...)
+ TODO: check
+CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence
Kinetics ...)
+ TODO: check
+CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence
Kinetics ...)
+ TODO: check
+CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history
...)
- phpmyadmin 4:4.2.8.1-1
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
@@ -14046,8 +14046,8 @@
NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM)
7.2.0.0 ...)
NOT-FOR-US: IBM Tivoli TADDM
-CVE-2014-6147
- RESERVED
+CVE-2014-6147 (IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x,
1.3.0.0, ...)
+ TODO: check
CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...)
NOT-FOR-US: IBM
CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM
Cognos ...)
@@ -15744,8 +15744,7 @@
[wheezy] - krb5 <no-dsa> (Minor issue)
[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to
trigger crash)
NOTE: Upstream commit:
https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
-CVE-2014-5352
- RESERVED
+CVE-2014-5352 (The krb5_gss_process_context_token function in ...)
{DSA-3153-1 DLA-146-1}
- krb5 1.12.1+dfsg-17
CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
@@ -15905,8 +15904,8 @@
RESERVED
CVE-2014-5287
RESERVED
-CVE-2014-5286
- RESERVED
+CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO
...)
+ TODO: check
CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO
...)
NOT-FOR-US: TIBCO Spotfire Server
CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files
with ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
