diff options
author | security tracker role <sectracker@debian.org> | 2015-01-18 09:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@debian.org> | 2015-01-18 09:10:18 +0000 |
commit | fb2e076196e8454513058f2ca5664637a03b62b3 (patch) | |
tree | ab0a841838fa7b7882b6f86b4aa44c438e7f8888 | |
parent | 8b399c8d199d925b7c84b9cddda749a929ede0c0 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31484 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list | 620 |
1 files changed, 417 insertions, 203 deletions
diff --git a/data/CVE/list b/data/CVE/list index a30d665e26..cd3bbc1e1c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,279 @@ +CVE-2015-1160 + RESERVED +CVE-2015-1159 + RESERVED +CVE-2015-1158 + RESERVED +CVE-2015-1157 + RESERVED +CVE-2015-1156 + RESERVED +CVE-2015-1155 + RESERVED +CVE-2015-1154 + RESERVED +CVE-2015-1153 + RESERVED +CVE-2015-1152 + RESERVED +CVE-2015-1151 + RESERVED +CVE-2015-1150 + RESERVED +CVE-2015-1149 + RESERVED +CVE-2015-1148 + RESERVED +CVE-2015-1147 + RESERVED +CVE-2015-1146 + RESERVED +CVE-2015-1145 + RESERVED +CVE-2015-1144 + RESERVED +CVE-2015-1143 + RESERVED +CVE-2015-1142 + RESERVED +CVE-2015-1141 + RESERVED +CVE-2015-1140 + RESERVED +CVE-2015-1139 + RESERVED +CVE-2015-1138 + RESERVED +CVE-2015-1137 + RESERVED +CVE-2015-1136 + RESERVED +CVE-2015-1135 + RESERVED +CVE-2015-1134 + RESERVED +CVE-2015-1133 + RESERVED +CVE-2015-1132 + RESERVED +CVE-2015-1131 + RESERVED +CVE-2015-1130 + RESERVED +CVE-2015-1129 + RESERVED +CVE-2015-1128 + RESERVED +CVE-2015-1127 + RESERVED +CVE-2015-1126 + RESERVED +CVE-2015-1125 + RESERVED +CVE-2015-1124 + RESERVED +CVE-2015-1123 + RESERVED +CVE-2015-1122 + RESERVED +CVE-2015-1121 + RESERVED +CVE-2015-1120 + RESERVED +CVE-2015-1119 + RESERVED +CVE-2015-1118 + RESERVED +CVE-2015-1117 + RESERVED +CVE-2015-1116 + RESERVED +CVE-2015-1115 + RESERVED +CVE-2015-1114 + RESERVED +CVE-2015-1113 + RESERVED +CVE-2015-1112 + RESERVED +CVE-2015-1111 + RESERVED +CVE-2015-1110 + RESERVED +CVE-2015-1109 + RESERVED +CVE-2015-1108 + RESERVED +CVE-2015-1107 + RESERVED +CVE-2015-1106 + RESERVED +CVE-2015-1105 + RESERVED +CVE-2015-1104 + RESERVED +CVE-2015-1103 + RESERVED +CVE-2015-1102 + RESERVED +CVE-2015-1101 + RESERVED +CVE-2015-1100 + RESERVED +CVE-2015-1099 + RESERVED +CVE-2015-1098 + RESERVED +CVE-2015-1097 + RESERVED +CVE-2015-1096 + RESERVED +CVE-2015-1095 + RESERVED +CVE-2015-1094 + RESERVED +CVE-2015-1093 + RESERVED +CVE-2015-1092 + RESERVED +CVE-2015-1091 + RESERVED +CVE-2015-1090 + RESERVED +CVE-2015-1089 + RESERVED +CVE-2015-1088 + RESERVED +CVE-2015-1087 + RESERVED +CVE-2015-1086 + RESERVED +CVE-2015-1085 + RESERVED +CVE-2015-1084 + RESERVED +CVE-2015-1083 + RESERVED +CVE-2015-1082 + RESERVED +CVE-2015-1081 + RESERVED +CVE-2015-1080 + RESERVED +CVE-2015-1079 + RESERVED +CVE-2015-1078 + RESERVED +CVE-2015-1077 + RESERVED +CVE-2015-1076 + RESERVED +CVE-2015-1075 + RESERVED +CVE-2015-1074 + RESERVED +CVE-2015-1073 + RESERVED +CVE-2015-1072 + RESERVED +CVE-2015-1071 + RESERVED +CVE-2015-1070 + RESERVED +CVE-2015-1069 + RESERVED +CVE-2015-1068 + RESERVED +CVE-2015-1067 + RESERVED +CVE-2015-1066 + RESERVED +CVE-2015-1065 + RESERVED +CVE-2015-1064 + RESERVED +CVE-2015-1063 + RESERVED +CVE-2015-1062 + RESERVED +CVE-2015-1061 + RESERVED +CVE-2015-1060 (Open redirect vulnerability in lib/Cake/Controller/Controller.php in ...) + TODO: check +CVE-2015-1059 (Unrestricted file upload vulnerability in admin/files/add in AdaptCMS ...) + TODO: check +CVE-2015-1058 (Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 ...) + TODO: check +CVE-2015-1057 (Cross-site scripting (XSS) vulnerability in usersettings.php in e107 ...) + TODO: check +CVE-2015-1056 (Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW ...) + TODO: check +CVE-2015-1055 (SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for ...) + TODO: check +CVE-2015-1054 (Cross-site scripting (XSS) vulnerability in the Games feature in ...) + TODO: check +CVE-2015-1053 (Cross-site scripting (XSS) vulnerability in the administrative backend ...) + TODO: check +CVE-2015-1052 (Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT ...) + TODO: check +CVE-2015-1050 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application ...) + TODO: check +CVE-2015-1049 + RESERVED +CVE-2014-9619 + RESERVED +CVE-2014-9618 + RESERVED +CVE-2014-9617 + RESERVED +CVE-2014-9616 + RESERVED +CVE-2014-9615 + RESERVED +CVE-2014-9614 + RESERVED +CVE-2014-9613 + RESERVED +CVE-2014-9612 + RESERVED +CVE-2014-9611 + RESERVED +CVE-2014-9610 + RESERVED +CVE-2014-9609 + RESERVED +CVE-2014-9608 + RESERVED +CVE-2014-9607 + RESERVED +CVE-2014-9606 + RESERVED +CVE-2014-9605 + RESERVED +CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...) + TODO: check +CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...) + TODO: check +CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits ...) + TODO: check +CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 ...) + TODO: check +CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in ...) + TODO: check +CVE-2014-9598 + RESERVED +CVE-2014-9597 + RESERVED +CVE-2014-9596 (Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 ...) + TODO: check +CVE-2014-9595 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 ...) + TODO: check +CVE-2014-9594 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 ...) + TODO: check +CVE-2014-9593 (Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote ...) + TODO: check CVE-2015-XXXX [vulnerability in the web interface] - sympa 6.1.23~dfsg-2 NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting @@ -8,7 +284,7 @@ CVE-2015-XXXX [CAPTCHA bypass] NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/17/5 NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726 NOTE: https://www.mantisbt.org/bugs/view.php?id=17984 -CVE-2015-1051 +CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Context ...) NOT-FOR-US: Drupal extension drupal7-context CVE-2015-XXXX [directory traversal in bsdcpio] - libarchive <unfixed> @@ -60,12 +336,11 @@ CVE-2015-1044 RESERVED CVE-2015-1043 RESERVED -CVE-2015-1041 - RESERVED -CVE-2015-1040 - RESERVED -CVE-2015-1039 - RESERVED +CVE-2015-1041 (Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php ...) + TODO: check +CVE-2015-1040 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check +CVE-2015-1039 (Cross-site scripting (XSS) vulnerability in user/login.phtml in ...) NOT-FOR-US: zfcUser CVE-2015-1037 RESERVED @@ -79,8 +354,7 @@ CVE-2015-1033 RESERVED CVE-2015-1032 RESERVED -CVE-2015-1029 [local information leakage and local privilege escalation vulnerability] - RESERVED +CVE-2015-1029 (The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x ...) - puppet-module-puppetlabs-stdlib <unfixed> (bug #775535) NOTE: http://puppetlabs.com/security/cve/cve-2015-1029 CVE-2015-1028 @@ -289,8 +563,8 @@ CVE-2015-0926 RESERVED CVE-2015-0925 RESERVED -CVE-2015-0924 - RESERVED +CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...) + TODO: check CVE-2015-0923 RESERVED CVE-2014-999999 @@ -1217,14 +1491,14 @@ CVE-2015-0593 RESERVED CVE-2015-0592 RESERVED -CVE-2015-0591 - RESERVED -CVE-2015-0590 - RESERVED +CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote ...) + TODO: check +CVE-2015-0590 (Cisco WebEx Meeting Center allows remote attackers to activate ...) + TODO: check CVE-2015-0589 RESERVED -CVE-2015-0588 - RESERVED +CVE-2015-0588 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...) + TODO: check CVE-2015-0587 RESERVED CVE-2015-0586 @@ -1233,8 +1507,7 @@ CVE-2015-0585 RESERVED CVE-2015-0584 RESERVED -CVE-2015-0583 - RESERVED +CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of ...) NOT-FOR-US: Cisco WebEx Meeting Center CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...) NOT-FOR-US: Cisco NX-OS @@ -1242,14 +1515,11 @@ CVE-2015-0581 RESERVED CVE-2015-0580 RESERVED -CVE-2015-0579 - RESERVED +CVE-2015-0579 (Cisco TelePresence Video Communication Server (VCS) and Cisco ...) NOT-FOR-US: Cisco TelePrecence Video Communication Server -CVE-2015-0578 - RESERVED +CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay ...) NOT-FOR-US: Cisco Adaptive Security Appliance -CVE-2015-0577 - RESERVED +CVE-2015-0577 (Multiple cross-site scripting (XSS) vulnerabilities in the IronPort ...) NOT-FOR-US: Cisco AsyncOS CVE-2015-0576 RESERVED @@ -1321,8 +1591,8 @@ CVE-2014-9571 [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x) NOTE: https://www.mantisbt.org/bugs/view.php?id=17938 -CVE-2014-9570 - RESERVED +CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...) NOT-FOR-US: SAP NetWeaver Business Client CVE-2014-9568 @@ -1339,10 +1609,10 @@ CVE-2014-9563 RESERVED CVE-2014-9562 RESERVED -CVE-2014-9561 - RESERVED -CVE-2014-9560 - RESERVED +CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...) + TODO: check +CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB ...) + TODO: check CVE-2014-9559 RESERVED CVE-2014-9558 @@ -1473,8 +1743,7 @@ CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any promp - lftp <unfixed> (low; bug #774769) [squeeze] - lftp <no-dsa> (Minor issue) [wheezy] - lftp <no-dsa> (Minor issue) -CVE-2014-9587 [possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins] - RESERVED +CVE-2014-9587 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - roundcube <unfixed> (bug #775576) [squeeze] - roundcube <no-dsa> (Minor issue) [wheezy] - roundcube <no-dsa> (Minor issue) @@ -1784,17 +2053,13 @@ CVE-2014-9487 CVE-2014-9481 RESERVED NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions -CVE-2014-9480 - RESERVED +CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions -CVE-2014-9479 - RESERVED +CVE-2014-9479 (Cross-site scripting (XSS) vulnerability in the preview in the ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions -CVE-2014-9478 - RESERVED +CVE-2014-9478 (Cross-site scripting (XSS) vulnerability in the preview in the ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions -CVE-2014-9477 - RESERVED +CVE-2014-9477 (Multiple cross-site scripting (XSS) vulnerabilities in the Listings ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9450 (Multiple SQL injection vulnerabilities in chart_bar.php in the ...) - zabbix 1:2.2.7+dfsg-2 (bug #774750) @@ -1812,8 +2077,7 @@ CVE-2014-9447 (Directory traversal vulnerability in the read_long_names function [wheezy] - elfutils <no-dsa> (Minor issue) [squeeze] - elfutils <no-dsa> (Minor issue) NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e -CVE-2015-0552 [directory traversal] - RESERVED +CVE-2015-0552 (Directory traversal vulnerability in the gcab_folder_extract function ...) - gcab 0.4-2 (bug #774580) CVE-2015-XXXX [use after free in seg_write_packet()] - ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive) @@ -1937,8 +2201,7 @@ CVE-2014-9428 (The batadv_frag_merge_packets function in ...) NOTE: http://thread.gmane.org/gmane.linux.network/343494 NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b -CVE-2014-9496 [libsndfile: two buffer read overflows] - RESERVED +CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows ...) - libsndfile <unfixed> (low; bug #774162) [squeeze] - libsndfile <no-dsa> (Minor issue) [wheezy] - libsndfile <no-dsa> (Minor issue) @@ -2431,14 +2694,12 @@ CVE-2014-XXXX - json-glib <unfixed> (low; bug #772585) [squeeze] - json-glib <not-affected> (Tool not yet present) [wheezy] - json-glib <not-affected> (Tool not yet present) -CVE-2014-9475 [XSS] - RESERVED +CVE-2014-9475 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...) {DSA-3110-1} - mediawiki 1:1.19.20+dfsg-2.2 (bug #773654) [squeeze] - mediawiki <end-of-life> NOTE: https://phabricator.wikimedia.org/T76686 (still not public) -CVE-2014-9476 [Malicious site can bypass CORS restrictions in $wgCrossSiteAJAXdomains] - RESERVED +CVE-2014-9476 (MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before ...) - mediawiki <not-affected> (CORS support was added in 1.20) NOTE: https://phabricator.wikimedia.org/T77028 CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...) @@ -2489,6 +2750,7 @@ CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZN NOTE: https://github.com/znc/znc/issues/528 NOTE: https://github.com/znc/znc/commit/8756be513ab6663dcd64087006b257ff34e8e487 CVE-2014-9620 [Limit the number of ELF notes processed - DoS] + {DSA-3121-1} - file 1:5.21+15-1 [squeeze] - file <not-affected> (Introduced in 5.08) - php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3) @@ -2668,8 +2930,8 @@ CVE-2014-9310 RESERVED CVE-2014-9309 RESERVED -CVE-2014-9308 - RESERVED +CVE-2014-9308 (Unrestricted file upload vulnerability in ...) + TODO: check CVE-2014-9307 RESERVED CVE-2014-9306 @@ -2894,18 +3156,18 @@ CVE-2014-9201 RESERVED CVE-2014-9200 RESERVED -CVE-2014-9199 - RESERVED +CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...) + TODO: check CVE-2014-9198 RESERVED CVE-2014-9197 RESERVED CVE-2014-9196 RESERVED -CVE-2014-9195 - RESERVED -CVE-2014-9194 - RESERVED +CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...) + TODO: check +CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a ...) + TODO: check CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 ...) NOT-FOR-US: Innominate mGuard CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...) @@ -3056,32 +3318,23 @@ CVE-2015-0311 RESERVED CVE-2015-0310 RESERVED -CVE-2015-0309 - RESERVED +CVE-2015-0309 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...) NOT-FOR-US: Adobe Flash -CVE-2015-0308 - RESERVED +CVE-2015-0308 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 ...) NOT-FOR-US: Adobe Flash -CVE-2015-0307 - RESERVED +CVE-2015-0307 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash -CVE-2015-0306 - RESERVED +CVE-2015-0306 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash -CVE-2015-0305 - RESERVED +CVE-2015-0305 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash -CVE-2015-0304 - RESERVED +CVE-2015-0304 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...) NOT-FOR-US: Adobe Flash -CVE-2015-0303 - RESERVED +CVE-2015-0303 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash -CVE-2015-0302 - RESERVED +CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash -CVE-2015-0301 - RESERVED +CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...) NOT-FOR-US: Adobe Flash CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service ...) {DLA-133-1} @@ -3549,8 +3802,7 @@ CVE-2014-9157 (Format string vulnerability in the yyerror function in ...) {DSA-3098-1 DLA-105-1} - graphviz 2.38.0-7 (bug #772648) NOTE: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 -CVE-2014-9471 [parse_datetime() bug] - RESERVED +CVE-2014-9471 (The parse_datetime function in GNU coreutils allows remote attackers ...) - coreutils 8.23-1 (low) [wheezy] - coreutils <no-dsa> (Minor issue) NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872 @@ -3871,21 +4123,17 @@ CVE-2015-0224 RESERVED CVE-2015-0223 RESERVED -CVE-2015-0222 [Database denial-of-service with ModelMultipleChoiceField] - RESERVED +CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x ...) - python-django <unfixed> (bug #775375) [wheezy] - python-django <not-affected> (1.4.x not affected) NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/ -CVE-2015-0221 [Denial-of-service attack against django.views.static.serve] - RESERVED +CVE-2015-0221 (The django.views.static.serve view in Django before 1.4.18, 1.6.x ...) - python-django <unfixed> (bug #775375) NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/ -CVE-2015-0220 [Mitigated possible XSS attack via user-supplied redirect URLs] - RESERVED +CVE-2015-0220 (The django.util.http.is_safe_url function in Django before 1.4.18, ...) - python-django <unfixed> (bug #775375) NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/ -CVE-2015-0219 [WSGI header spoofing via underscore/dash conflation] - RESERVED +CVE-2015-0219 (Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 ...) - python-django <unfixed> (bug #775375) NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/ CVE-2015-0218 @@ -4302,21 +4550,17 @@ CVE-2015-0018 RESERVED CVE-2015-0017 RESERVED -CVE-2015-0016 - RESERVED +CVE-2015-0016 (Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) ...) NOT-FOR-US: Microsoft Windows -CVE-2015-0015 - RESERVED +CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and ...) NOT-FOR-US: Microsoft Windows -CVE-2015-0014 - RESERVED +CVE-2015-0014 (Buffer overflow in the Telnet service in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2015-0013 RESERVED CVE-2015-0012 RESERVED -CVE-2015-0011 - RESERVED +CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in ...) NOT-FOR-US: Microsoft Windows CVE-2015-0010 RESERVED @@ -4326,21 +4570,17 @@ CVE-2015-0008 RESERVED CVE-2015-0007 RESERVED -CVE-2015-0006 - RESERVED +CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2015-0005 RESERVED -CVE-2015-0004 - RESERVED +CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2015-0003 RESERVED -CVE-2015-0002 - RESERVED +CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application ...) NOT-FOR-US: Microsoft Windows -CVE-2015-0001 - RESERVED +CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, ...) NOT-FOR-US: Microsoft Windows CVE-2014-8994 (The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows ...) NOT-FOR-US: check_diskio nagios/icinga plugin @@ -4540,8 +4780,8 @@ CVE-2014-8906 RESERVED CVE-2014-8905 RESERVED -CVE-2014-8904 - RESERVED +CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows ...) + TODO: check CVE-2014-8903 RESERVED CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM ...) @@ -4606,10 +4846,10 @@ CVE-2014-8872 RESERVED CVE-2014-8871 RESERVED -CVE-2014-8870 - RESERVED -CVE-2014-8869 - RESERVED +CVE-2014-8870 (Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the ...) + TODO: check +CVE-2014-8869 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly ...) NOT-FOR-US: EntryPass N5200 CVE-2014-8867 (The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, ...) @@ -5031,53 +5271,43 @@ CVE-2014-8645 RESERVED CVE-2014-8644 RESERVED -CVE-2014-8643 - RESERVED +CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to ...) - iceweasel <not-affected> (Only affects Firefox on Windows) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-07.html -CVE-2014-8642 - RESERVED +CVE-2014-8642 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider ...) - iceweasel <not-affected> (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-08.html -CVE-2014-8641 - RESERVED +CVE-2014-8641 (Use-after-free vulnerability in the WebRTC implementation in Mozilla ...) {DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel <end-of-life> NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-06.html -CVE-2014-8640 - RESERVED +CVE-2014-8640 (The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in ...) - iceweasel <not-affected> (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-05.html -CVE-2014-8639 - RESERVED +CVE-2014-8639 (Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird ...) {DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel <end-of-life> - icedove 31.4.0-1 [squeeze] - icedove <end-of-life> NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-04.html -CVE-2014-8638 - RESERVED +CVE-2014-8638 (The navigator.sendBeacon implementation in Mozilla Firefox before ...) {DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel <end-of-life> - icedove 31.4.0-1 [squeeze] - icedove <end-of-life> NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-03.html -CVE-2014-8637 - RESERVED +CVE-2014-8637 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly ...) - iceweasel <not-affected> (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-02.html -CVE-2014-8636 - RESERVED +CVE-2014-8636 (The XrayWrapper implementation in Mozilla Firefox before 35.0 and ...) - iceweasel <not-affected> (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-09.html -CVE-2014-8635 - RESERVED +CVE-2014-8635 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <not-affected> (Only affects versions > 31.x) -CVE-2014-8634 - RESERVED +CVE-2014-8634 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel <end-of-life> @@ -5201,8 +5431,7 @@ CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js i NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3 CVE-2010-5311 RESERVED -CVE-2014-8738 [Out-of-bounds memory write while processing a crafted "ar" archive] - RESERVED +CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU ...) {DSA-3123-2 DSA-3123-1} - binutils 2.24.90.20141124-1 - binutils-mingw-w64 <unfixed> @@ -5874,16 +6103,16 @@ CVE-2014-8401 RESERVED CVE-2014-8400 RESERVED -CVE-2014-8398 - RESERVED -CVE-2014-8397 - RESERVED -CVE-2014-8396 - RESERVED -CVE-2014-8395 - RESERVED -CVE-2014-8394 - RESERVED +CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick ...) + TODO: check +CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or ...) + TODO: check +CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local ...) + TODO: check +CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local ...) + TODO: check +CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow ...) + TODO: check CVE-2014-8393 RESERVED CVE-2014-8392 @@ -6472,17 +6701,14 @@ CVE-2014-8154 [Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()] - vala <not-affected> (MapInfo not yet present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663 NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7 -CVE-2014-8153 [L3 agent denial of service with radvd 2.0+] - RESERVED +CVE-2014-8153 (The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using ...) - neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1) CVE-2014-8152 RESERVED -CVE-2014-8151 [libcurl/darwinssl certificate check bypass] - RESERVED +CVE-2014-8151 (The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in ...) - curl <not-affected> (Only relevant when building with darwinssl/Mac OS X) NOTE: http://curl.haxx.se/docs/adv_20150108A.html -CVE-2014-8150 [URL request injection] - RESERVED +CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...) {DSA-3122-1 DLA-134-1} - curl 7.38.0-4 NOTE: http://curl.haxx.se/docs/adv_20150108B.html @@ -6500,8 +6726,7 @@ CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4 - sox 14.4.1-5 (bug #773720) CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper before ...) NOT-FOR-US: doorkeeper OAuth provider -CVE-2014-8143 [Elevation of privilege to Active Directory Domain Controller] - RESERVED +CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before ...) - samba <unfixed> [wheezy] - samba <not-affected> (Only affects 4.0 and later) [squeeze] - samba <not-affected> (Only affects 4.0 and later) @@ -6845,8 +7070,8 @@ CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not . NOT-FOR-US: Cisco CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different ...) NOT-FOR-US: Cisco -CVE-2014-8034 - RESERVED +CVE-2014-8034 (Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge ...) + TODO: check CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows ...) NOT-FOR-US: Cisco CVE-2014-8032 (The OutlookAction LI in Cisco WebEx Meetings Server allows remote ...) @@ -6869,8 +7094,8 @@ CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS NOT-FOR-US: Cisco CVE-2014-8023 RESERVED -CVE-2014-8022 - RESERVED +CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity ...) + TODO: check CVE-2014-8021 RESERVED CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows ...) @@ -6989,10 +7214,10 @@ CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in th NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: BulletProof Security plugin for WordPress -CVE-2014-7957 - RESERVED -CVE-2014-7956 - RESERVED +CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods ...) + TODO: check +CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 ...) + TODO: check CVE-2014-7955 RESERVED CVE-2014-7954 @@ -7162,8 +7387,7 @@ CVE-2014-7883 RESERVED CVE-2014-7882 RESERVED -CVE-2014-7881 - RESERVED +CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight ...) NOT-FOR-US: HP Insight Control CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP ...) NOT-FOR-US: HP OpenVMS TCP/IP @@ -7419,17 +7643,14 @@ CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote . - qemu-kvm <removed> [squeeze] - qemu-kvm <end-of-life> NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 -CVE-2014-7814 - RESERVED +CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-7813 RESERVED NOT-FOR-US: Red Hat CloudForms Management Engine -CVE-2014-7812 - RESERVED +CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat ...) NOT-FOR-US: Red Hat Satellite / Spacewalk -CVE-2014-7811 - RESERVED +CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2014-7810 RESERVED @@ -10642,16 +10863,16 @@ CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kern [wheezy] - linux 3.2.32-1 - linux-2.6 <removed> NOTE: Upstream fix: https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582 (v3.6) -CVE-2014-6386 - RESERVED -CVE-2014-6385 - RESERVED -CVE-2014-6384 - RESERVED -CVE-2014-6383 - RESERVED -CVE-2014-6382 - RESERVED +CVE-2014-6386 (Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 ...) + TODO: check +CVE-2014-6385 (Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 ...) + TODO: check +CVE-2014-6384 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, ...) + TODO: check +CVE-2014-6383 (The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, ...) + TODO: check +CVE-2014-6382 (The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before ...) + TODO: check CVE-2014-6381 (Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, ...) NOT-FOR-US: Juniper CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, ...) @@ -11101,8 +11322,8 @@ CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5. NOT-FOR-US: IBM CVE-2014-6198 RESERVED -CVE-2014-6197 - RESERVED +CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and ...) + TODO: check CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory ...) NOT-FOR-US: IBM WEF CVE-2014-6195 @@ -12705,10 +12926,10 @@ CVE-2014-5421 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 NOT-FOR-US: CareFusion CVE-2014-5420 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...) NOT-FOR-US: CareFusion -CVE-2014-5419 - RESERVED -CVE-2014-5418 - RESERVED +CVE-2014-5419 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...) + TODO: check +CVE-2014-5418 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...) + TODO: check CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server ...) NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices CVE-2014-5416 @@ -13265,14 +13486,11 @@ CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki - mediawiki 1:1.19.18+dfsg-0.1 (bug #758510) [squeeze] - mediawiki <end-of-life> NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=68187 -CVE-2014-5233 - RESERVED +CVE-2014-5233 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient -CVE-2014-5232 - RESERVED +CVE-2014-5232 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient -CVE-2014-5231 - RESERVED +CVE-2014-5231 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient CVE-2014-5230 RESERVED @@ -14277,8 +14495,8 @@ CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IB NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4836 (Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in ...) NOT-FOR-US: IBM TRIRIGA Application Platform -CVE-2014-4835 - RESERVED +CVE-2014-4835 (IBM ServerGuide before 9.63, UpdateXpress System Packs Installer ...) + TODO: check CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...) NOT-FOR-US: IBM CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...) @@ -17020,8 +17238,7 @@ CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Rem - libreoffice 1:4.3.3~rc2~git20141011-1 [wheezy] - libreoffice <not-affected> (Introduced in 4.0.0) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/ -CVE-2014-3692 - RESERVED +CVE-2014-3692 (The customization template in Red Hat CloudForms 3.1 Management Engine ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-3691 RESERVED @@ -18322,8 +18539,7 @@ CVE-2014-3316 (The Multiple Analyzer in the Dialed Number Analyzer (DNA) compone NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3315 (Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the ...) NOT-FOR-US: Cisco Unified Communications Manager -CVE-2014-3314 - RESERVED +CVE-2014-3314 (Cisco AnyConnect on Android and OS X does not properly verify the host ...) NOT-FOR-US: Cisco AnyConnect CVE-2014-3313 (Cross-site scripting (XSS) vulnerability in the web user interface on ...) NOT-FOR-US: Cisco Small Business phones @@ -19107,8 +19323,8 @@ CVE-2014-3034 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract NOT-FOR-US: IBM CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing ...) NOT-FOR-US: IBM Emptoris Sourcing Portfolio -CVE-2014-3032 - RESERVED +CVE-2014-3032 (Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli ...) + TODO: check CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business ...) NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2014-3030 @@ -19133,10 +19349,10 @@ CVE-2014-3021 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 b NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...) NOT-FOR-US: IBM Tivoli Integrated Portal -CVE-2014-3019 - RESERVED -CVE-2014-3018 - RESERVED +CVE-2014-3019 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...) + TODO: check +CVE-2014-3018 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...) + TODO: check CVE-2014-3017 RESERVED CVE-2014-3016 @@ -20961,8 +21177,8 @@ CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application i NOT-FOR-US: SUBNET SubSTATION Server 2 CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...) NOT-FOR-US: Innominate mGuard -CVE-2014-2355 - RESERVED +CVE-2014-2355 (The (1) CimView and (2) CimEdit components in GE Proficy ...) + TODO: check CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password ...) NOT-FOR-US: Cogent DataHub CVE-2014-2353 (Cross-site scripting (XSS) vulnerability in Cogent DataHub before ...) @@ -22063,8 +22279,7 @@ CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function i {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen <not-affected> (Xen 4.1 onwards affected) -CVE-2014-1949 [cinnamon-screensaver lock bypass] - RESERVED +CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, ...) - cinnamon 2.2.14-1 (bug #738828) NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7 NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 @@ -27517,8 +27732,7 @@ CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf - elfutils 0.158-1 (low; bug #744017) [squeeze] - elfutils <not-affected> (Affected code introduced in 0.153) [wheezy] - elfutils <not-affected> (Affected code introduced in 0.153) -CVE-2014-0171 - RESERVED +CVE-2014-0171 (XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in ...) NOT-FOR-US: Odata4j CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data ...) NOT-FOR-US: Teiid |