Author: sectracker Date: 2015-02-19 21:10:16 +0000 (Thu, 19 Feb 2015) New Revision: 32355
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-02-19 18:42:28 UTC (rev 32354) +++ data/CVE/list 2015-02-19 21:10:16 UTC (rev 32355) @@ -1,3 +1,5 @@ +CVE-2015-1878 + RESERVED CVE-2015-1876 RESERVED CVE-2015-1875 @@ -733,6 +735,7 @@ NOTE: https://review.openstack.org/#/c/156553 TODO: check CVE-2015-1877 [command injection vulnerability] + RESERVED - xdg-utils <unfixed> (bug #777722) NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/18/7 CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite ...) @@ -1529,8 +1532,7 @@ NOT-FOR-US: sequelize CVE-2015-1354 RESERVED -CVE-2015-1349 [bind9 crash in trust anchor management] - RESERVED +CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x ...) {DSA-3162-1} - bind9 1:9.9.5.dfsg-9 (low; bug #778733) CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...) @@ -3600,16 +3602,16 @@ RESERVED CVE-2015-0627 RESERVED -CVE-2015-0626 - RESERVED +CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...) + TODO: check CVE-2015-0625 RESERVED CVE-2015-0624 RESERVED -CVE-2015-0623 - RESERVED -CVE-2015-0622 - RESERVED +CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator report ...) + TODO: check +CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on Cisco ...) + TODO: check CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow remote ...) TODO: check CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) ...) @@ -4338,16 +4340,13 @@ - minizip 1.1-5 (low; bug #774321) CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...) NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific) -CVE-2014-9423 - RESERVED +CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 -CVE-2014-9422 - RESERVED +CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 -CVE-2014-9421 - RESERVED +CVE-2014-9421 (The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei ...) @@ -6135,6 +6134,7 @@ NOTE: https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85 NOTE: https://www.teeworlds.com/?page=news&id=11200 CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denial of ...) + {DSA-3163-1} - libreoffice 1:4.3.3-2 (bug #771163) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449 NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401 @@ -13653,14 +13653,14 @@ RESERVED CVE-2014-6305 RESERVED -CVE-2014-6304 - RESERVED -CVE-2014-6303 - RESERVED -CVE-2014-6302 - RESERVED -CVE-2014-6301 - RESERVED +CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 ...) + TODO: check +CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...) + TODO: check +CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...) + TODO: check +CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history ...) - phpmyadmin 4:4.2.8.1-1 NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php @@ -14046,8 +14046,8 @@ NOT-FOR-US: IBM Tivoli TADDM CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 ...) NOT-FOR-US: IBM Tivoli TADDM -CVE-2014-6147 - RESERVED +CVE-2014-6147 (IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, ...) + TODO: check CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...) NOT-FOR-US: IBM CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...) @@ -15744,8 +15744,7 @@ [wheezy] - krb5 <no-dsa> (Minor issue) [squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to trigger crash) NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3 -CVE-2014-5352 - RESERVED +CVE-2014-5352 (The krb5_gss_process_context_token function in ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...) @@ -15905,8 +15904,8 @@ RESERVED CVE-2014-5287 RESERVED -CVE-2014-5286 - RESERVED +CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ...) + TODO: check CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO ...) NOT-FOR-US: TIBCO Spotfire Server CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits