[Secure-testing-commits] r26387 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Apr 1 09:14:11 UTC 2014
Author: joeyh
Date: 2014-04-01 09:14:11 +0000 (Tue, 01 Apr 2014)
New Revision: 26387
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-01 08:56:37 UTC (rev 26386)
+++ data/CVE/list 2014-04-01 09:14:11 UTC (rev 26387)
@@ -1,3 +1,48 @@
+CVE-2014-5880
+ REJECTED
+ TODO: check
+CVE-2014-2686
+ RESERVED
+CVE-2014-2680
+ RESERVED
+CVE-2014-2679
+ RESERVED
+CVE-2014-2677
+ RESERVED
+CVE-2014-2676
+ RESERVED
+CVE-2014-2675
+ RESERVED
+CVE-2014-2674
+ RESERVED
+CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote ...)
+ TODO: check
+CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ...)
+ TODO: check
+CVE-2014-2666
+ RESERVED
+CVE-2014-2665
+ RESERVED
+CVE-2014-2664
+ RESERVED
+CVE-2014-2663
+ RESERVED
+CVE-2014-2662
+ RESERVED
+CVE-2014-2661
+ RESERVED
+CVE-2014-2660
+ RESERVED
+CVE-2014-2659
+ RESERVED
+CVE-2014-2658
+ RESERVED
+CVE-2014-2657
+ RESERVED
+CVE-2014-2654
+ RESERVED
+CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
+ TODO: check
CVE-2013-XXXX [several XSS]
- shaarli <unfixed> (bug #743252)
NOTE: https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
@@ -2,21 +47,28 @@
CVE-2014-2685 [zendframework ZF2014-02]
+ RESERVED
- zendframework <unfixed> (bug #743175)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2684 [zendframework ZF2014-02]
+ RESERVED
- zendframework <unfixed> (bug #743175)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2683 [zendframework ZF2014-01]
+ RESERVED
- zendframework <unfixed> (bug #743175)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2682 [zendframework ZF2014-01]
+ RESERVED
- zendframework <unfixed> (bug #743175)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2681 [zendframework ZF2014-01]
+ RESERVED
- zendframework <unfixed> (bug #743175)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2678 [rds: prevent dereference of a NULL device in rds_iw_laddr_check]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2014/3/29/188
CVE-2014-2673 [error in the "arch_dup_task_struct()" function]
+ RESERVED
- linux 3.13.7-1
@@ -27,19 +79,21 @@
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=621b5060e823301d0cba4cb52a7ee3491922d291
NOTE: only affects powerpc architecture
CVE-2014-2672 [race condition error in the "ath_tx_aggr_sleep()" function]
+ RESERVED
- linux 3.13.7-1
- linux-2.6 <removed>
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8
-CVE-2014-2669 [postgresql: multiple integer overflows in hstore_io.c]
+CVE-2014-2669 (Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL ...)
{DSA-2865-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[squeeze] - postgresql-8.4 <not-affected> (9.x branch only)
- postgresql-9.3 9.3.3-1
-CVE-2014-2668 [couchdb: remote denial of service flaw]
+CVE-2014-2668 (Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a ...)
- couchdb <unfixed> (low)
NOTE: High resource usage in CPU and memory while query is active. No crash for deamon in 1.4.0-3+b1 and 1.2.0-5 versions.
CVE-2014-2667 [race condition]
+ RESERVED
- python3.1 <removed>
- python3.2 <removed>
- python3.3 <unfixed>
@@ -52,12 +106,14 @@
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html
CVE-2014-2656 [arbitrary insertions of malicious data within cube parameter]
+ RESERVED
NOT-FOR-US: Hypercube
CVE-2014-2655 [postfixadmin sql injection]
+ RESERVED
{DSA-2889-1}
- postfixadmin 2.3.5-3
NOTE: http://sourceforge.net/p/postfixadmin/code/1650
-CVE-2014-2653 [if the server offers a certificate, the client doesn't check the DNS for SSHFP records]
+CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in OpenSSH ...)
- openssh 1:6.6p1-1 (low; bug #742513)
CVE-2014-2652
RESERVED
@@ -181,8 +237,8 @@
RESERVED
CVE-2014-2591
RESERVED
-CVE-2014-2590
- RESERVED
+CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...)
+ TODO: check
CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend ...)
NOT-FOR-US: SonicWall
CVE-2014-2588 (Directory traversal vulnerability in servlet/downloadReport in McAfee ...)
@@ -288,10 +344,9 @@
RESERVED
CVE-2014-2529
RESERVED
-CVE-2014-2526
- RESERVED
-CVE-2014-2525 [LibYAML input sanitization errors]
- RESERVED
+CVE-2014-2526 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
+ TODO: check
+CVE-2014-2525 (Heap-based buffer overflow in the yaml_parser_scan_uri_escapes ...)
{DSA-2885-1 DSA-2884-1}
- libyaml 0.1.4-3.2 (bug #742732)
- libyaml-libyaml-perl 0.41-5
@@ -348,7 +403,7 @@
- linux 3.13.4-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f
-CVE-2013-7347
+CVE-2013-7347 (Luci in Red Hat Conga does not properly enforce the user session ...)
NOT-FOR-US: Red Hat Conga
CVE-2013-7344 (Unspecified vulnerability in core/settings.php in ownCloud before ...)
- owncloud 5.0.3+dfsg-1
@@ -377,8 +432,7 @@
RESERVED
CVE-2009-5139
RESERVED
-CVE-2014-2599 [Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible]
- RESERVED
+CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.1 and later)
CVE-2014-2585 (ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external ...)
@@ -407,8 +461,7 @@
- claws-mail-extra-plugins <removed>
[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
-CVE-2014-2573 [nova: VMWare driver leaks rescued images]
- RESERVED
+CVE-2014-2573 (The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 ...)
- nova <unfixed>
[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
NOTE: https://bugs.launchpad.net/nova/+bug/1269418
@@ -418,8 +471,7 @@
NOTE: Upstream path: https://lkml.org/lkml/2014/3/20/421
CVE-2014-2567 (The OpenConnectionTask::handleStateHelper function in ...)
NOT-FOR-US: Trojita
-CVE-2014-2538 [XSS in error page]
- RESERVED
+CVE-2014-2538 (Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the ...)
- ruby-rack-ssl <unfixed> (low; bug #742186)
[wheezy] - ruby-rack-ssl <no-dsa> (Minor issue)
NOTE: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
@@ -811,8 +863,7 @@
RESERVED
- cacti <unfixed> (bug #742768)
NOTE: http://bugs.cacti.net/view.php?id=2432
-CVE-2014-2326 [Unspecified HTML Injection Vulnerability]
- RESERVED
+CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in Cacti 0.8.7g allows remote ...)
- cacti <unfixed> (bug #742768)
NOTE: http://bugs.cacti.net/view.php?id=2431
CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
@@ -846,8 +897,7 @@
- pen <unfixed> (low; bug #741370)
[squeeze] - pen <no-dsa> (Minor issue)
[wheezy] - pen <no-dsa> (Minor issue)
-CVE-2014-2386 [icinga: small buffer overflows when checking strlen against MAX_INPUT_BUFFER]
- RESERVED
+CVE-2014-2386 (Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, ...)
- icinga 1.11.0-1
CVE-2014-2325 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail ...)
NOT-FOR-US: Proxmox Mail Gateway
@@ -1242,8 +1292,8 @@
RESERVED
CVE-2014-2132
RESERVED
-CVE-2014-2131
- RESERVED
+CVE-2014-2131 (The packet driver in Cisco IOS allows remote attackers to cause a ...)
+ TODO: check
CVE-2014-2130
RESERVED
CVE-2014-2129
@@ -1268,8 +1318,8 @@
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS ...)
NOT-FOR-US: Cisco AsyncOS
-CVE-2014-2118
- RESERVED
+CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2014-2117
RESERVED
CVE-2014-2116
@@ -1278,28 +1328,21 @@
RESERVED
CVE-2014-2114
RESERVED
-CVE-2014-2113
- RESERVED
+CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-2112
- RESERVED
+CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-2111
- RESERVED
+CVE-2014-2111 (The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through ...)
NOT-FOR-US: Cisco IOS
CVE-2014-2110
RESERVED
-CVE-2014-2109
- RESERVED
+CVE-2014-2109 (The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-2108
- RESERVED
+CVE-2014-2108 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-2107
- RESERVED
+CVE-2014-2107 (Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA ...)
NOT-FOR-US: Cisco
-CVE-2014-2106
- RESERVED
+CVE-2014-2106 (Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S ...)
NOT-FOR-US: Cisco IOS
CVE-2014-2105
RESERVED
@@ -1373,6 +1416,7 @@
NOTE: http://bugs.gw.com/view.php?id=164
NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
CVE-2014-5795
+ REJECTED
NOT-FOR-US: Oracle Demantra
CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple ...)
- cmsms <itp> (bug #608888)
@@ -1611,8 +1655,8 @@
[squeeze] - icedove <end-of-life>
CVE-2014-2017
RESERVED
-CVE-2014-2016
- RESERVED
+CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop ...)
+ TODO: check
CVE-2014-2012
RESERVED
CVE-2014-2011
@@ -1673,8 +1717,7 @@
RESERVED
CVE-2014-1983
RESERVED
-CVE-2014-1982
- RESERVED
+CVE-2014-1982 (The administrative interface in Allied Telesis AT-RG634A ADSL ...)
NOT-FOR-US: Allied Telesis AT-RG634A ADSL Broadband router
CVE-2014-1981
RESERVED
@@ -2233,12 +2276,12 @@
CVE-2013-XXXX [buffer overflow in commandline parsing]
- swath 0.4.3-3 (low; bug #698189)
[squeeze] - swath 0.4.0-4+squeeze1
-CVE-2014-1828
- RESERVED
-CVE-2014-1827
- RESERVED
-CVE-2014-1826
- RESERVED
+CVE-2014-1828 (The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad ...)
+ TODO: check
+CVE-2014-1827 (The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi ...)
+ TODO: check
+CVE-2014-1826 (Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 ...)
+ TODO: check
CVE-2014-1825
RESERVED
CVE-2014-1824
@@ -2647,11 +2690,9 @@
RESERVED
CVE-2014-1646
RESERVED
-CVE-2014-1645
- RESERVED
+CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
-CVE-2014-1644
- RESERVED
+CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2014-1643 (The Web Email Protection component in Symantec Encryption Management ...)
NOT-FOR-US: Symantec PGP Universal Web Messenger
@@ -2927,8 +2968,8 @@
RESERVED
CVE-2014-1517
RESERVED
-CVE-2014-1516
- RESERVED
+CVE-2014-1516 (The saltProfileName function in base/GeckoProfileDirectories.java in ...)
+ TODO: check
CVE-2014-1515 (Mozilla Firefox before 28.0.1 on Android processes a file: URL by ...)
NOT-FOR-US: FF on Android
CVE-2014-1514 (vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR ...)
@@ -3550,14 +3591,14 @@
RESERVED
CVE-2014-1304
RESERVED
-CVE-2014-1303
- RESERVED
+CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote ...)
+ TODO: check
CVE-2014-1302
RESERVED
CVE-2014-1301
RESERVED
-CVE-2014-1300
- RESERVED
+CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote ...)
+ TODO: check
CVE-2014-1299
RESERVED
CVE-2014-1298
@@ -3787,18 +3828,16 @@
RESERVED
CVE-2014-0984
RESERVED
-CVE-2014-0983
- RESERVED
+CVE-2014-0983 (Multiple array index errors in programs that are automatically ...)
- virtualbox <unfixed> (bug #741602)
- virtualbox-ose <removed> (bug #741602)
NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0982
- RESERVED
+ REJECTED
- virtualbox <unfixed> (bug #741602)
- virtualbox-ose <removed> (bug #741602)
NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
-CVE-2014-0981
- RESERVED
+CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through ...)
- virtualbox <unfixed> (bug #741602)
- virtualbox-ose <removed> (bug #741602)
NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
@@ -4043,8 +4082,8 @@
RESERVED
CVE-2014-0905
RESERVED
-CVE-2014-0904
- RESERVED
+CVE-2014-0904 (The update process in IBM Security AppScan Standard 7.9 through 8.8 ...)
+ TODO: check
CVE-2014-0903
RESERVED
CVE-2014-0902
@@ -4077,22 +4116,22 @@
RESERVED
CVE-2014-0888
RESERVED
-CVE-2014-0887
- RESERVED
-CVE-2014-0886
- RESERVED
-CVE-2014-0885
- RESERVED
-CVE-2014-0884
- RESERVED
+CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
+ TODO: check
+CVE-2014-0886 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
+ TODO: check
+CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in ...)
+ TODO: check
+CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM ...)
+ TODO: check
CVE-2014-0883
RESERVED
CVE-2014-0882
RESERVED
CVE-2014-0881
RESERVED
-CVE-2014-0880
- RESERVED
+CVE-2014-0880 (IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; ...)
+ TODO: check
CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX control ...)
NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2014-0878
@@ -4155,8 +4194,8 @@
NOT-FOR-US: IBM InfoSphere
CVE-2014-0849
RESERVED
-CVE-2014-0848
- RESERVED
+CVE-2014-0848 (The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server ...)
+ TODO: check
CVE-2014-0847
RESERVED
CVE-2014-0846 (Cross-site scripting (XSS) vulnerability in IBM Rational Requirements ...)
@@ -4647,17 +4686,13 @@
RESERVED
CVE-2014-0636
RESERVED
-CVE-2014-0635
- RESERVED
+CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x ...)
NOT-FOR-US: EMC VPLEX
-CVE-2014-0634
- RESERVED
+CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the ...)
NOT-FOR-US: EMC VPLEX
-CVE-2014-0633
- RESERVED
+CVE-2014-0633 (The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not ...)
NOT-FOR-US: EMC VPLEX
-CVE-2014-0632
- RESERVED
+CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and ...)
NOT-FOR-US: EMC VPLEX
CVE-2014-0631
RESERVED
@@ -4675,8 +4710,7 @@
NOT-FOR-US: EMC RSA
CVE-2014-0624 (EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not ...)
NOT-FOR-US: EMC RSA
-CVE-2014-0623
- RESERVED
+CVE-2014-0623 (Cross-site scripting (XSS) vulnerability in the Self-Service Console ...)
NOT-FOR-US: EMC RSA
CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 ...)
NOT-FOR-US: EMC Documentum Foundation Services
@@ -5060,12 +5094,11 @@
RESERVED
CVE-2014-0513
RESERVED
-CVE-2014-0512
- RESERVED
-CVE-2014-0511
- RESERVED
-CVE-2014-0510 [heap overflow with a sandbox bypass]
- RESERVED
+CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox ...)
+ TODO: check
+CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote ...)
+ TODO: check
+CVE-2014-0510 (Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows ...)
NOT-FOR-US: Flash plugin
CVE-2014-0509
RESERVED
@@ -5073,8 +5106,8 @@
RESERVED
CVE-2014-0507
RESERVED
-CVE-2014-0506
- RESERVED
+CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player 12.0.0.77 on ...)
+ TODO: check
CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
@@ -5963,10 +5996,10 @@
RESERVED
CVE-2014-0345
RESERVED
-CVE-2014-0344
- RESERVED
-CVE-2014-0343
- RESERVED
+CVE-2014-0344 (Properties.do in ZOHO ManageEngine OpStor before build 8500 does not ...)
+ TODO: check
+CVE-2014-0343 (The web interface on Virtual Access GW6110A routers with software 9.00 ...)
+ TODO: check
CVE-2014-0342
RESERVED
CVE-2014-0341
@@ -6723,8 +6756,7 @@
- nova 2013.2.2-4 (bug #742712)
[wheezy] - nova <not-affected> (Introduced in Grizzly)
NOTE: https://launchpad.net/bugs/1221190
-CVE-2014-0133 [nginx: SPDY heap buffer overflow]
- RESERVED
+CVE-2014-0133 (Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ...)
- nginx 1.4.7-1 (unimportant; bug #742059)
[wheezy] - nginx <not-affected> (Vulnerable code not present)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
@@ -6866,16 +6898,14 @@
CVE-2014-0090
RESERVED
- foreman <itp> (bug #663101)
-CVE-2014-0089
- RESERVED
+CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
CVE-2014-0088
RESERVED
- nginx <not-affected> (Only affects 1.5.10)
CVE-2014-0087
RESERVED
-CVE-2014-0086
- RESERVED
+CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss ...)
NOT-FOR-US: RichFaces
NOTE: https://github.com/richfaces/richfaces/commit/4115c103f74e7cb0af6d392e22866e52db2bc4e7
NOTE: https://issues.jboss.org/browse/RF-13250
@@ -6945,50 +6975,43 @@
CVE-2014-0068
RESERVED
NOT-FOR-US: OpenShift
-CVE-2014-0067
- RESERVED
+CVE-2014-0067 (The "make check" command for the test suites in PostgreSQL 9.3.3 and ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0066
- RESERVED
+CVE-2014-0066 (The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0065
- RESERVED
+CVE-2014-0065 (Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0064
- RESERVED
+CVE-2014-0064 (Multiple integer overflows in the path_in and other unspecified ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0063
- RESERVED
+CVE-2014-0063 (Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0062
- RESERVED
+CVE-2014-0062 (Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0061
- RESERVED
+CVE-2014-0061 (The validator functions for the procedural languages (PLs) in ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
@@ -6997,8 +7020,7 @@
- postgresql-plsh 1.20140221-1
[wheezy] - postgresql-plsh <no-dsa> (Minor issue)
[squeeze] - postgresql-plsh <no-dsa> (Minor issue)
-CVE-2014-0060
- RESERVED
+CVE-2014-0060 (PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, ...)
{DSA-2865-1 DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
@@ -7013,8 +7035,7 @@
CVE-2014-0056 [Routers can be cross plugged by other tenants]
RESERVED
- neutron 2013.2.2-4 (bug #742800)
-CVE-2014-0055 [vhost-net: insufficient handling of error conditions in get_rx_bufs()]
- RESERVED
+CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net ...)
- linux <unfixed>
- linux-2.6 <removed>
TODO: check, Red Hat specific?
@@ -7029,8 +7050,7 @@
RESERVED
CVE-2014-0051
RESERVED
-CVE-2014-0050
- RESERVED
+CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...)
{DSA-2856-1}
- libcommons-fileupload-java 1.3.1-1
- tomcat7 7.0.52-1
@@ -7535,22 +7555,22 @@
RESERVED
CVE-2013-6776
RESERVED
-CVE-2013-6775
- RESERVED
-CVE-2013-6774
- RESERVED
+CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows attackers ...)
+ TODO: check
+CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package ...)
+ TODO: check
CVE-2013-6773
RESERVED
CVE-2013-6772
RESERVED
CVE-2013-6771
RESERVED
-CVE-2013-6770
- RESERVED
-CVE-2013-6769
- RESERVED
-CVE-2013-6768
- RESERVED
+CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for ...)
+ TODO: check
+CVE-2013-6769 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for ...)
+ TODO: check
+CVE-2013-6768 (Untrusted search path vulnerability in the ...)
+ TODO: check
CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro ...)
NOT-FOR-US: QuickHeal AntiVirus
CVE-2013-6764
@@ -7642,9 +7662,9 @@
NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service ...)
NOT-FOR-US: IBM WebSphere Service Registry and Repository
-CVE-2013-6720 (Directory traversal vulnerability in the Passive Capture Application ...)
+CVE-2013-6720 (Directory traversal vulnerability in download.php in the Passive ...)
NOT-FOR-US: IBM Tealeaf
-CVE-2013-6719 (The Passive Capture Application (PCA) web console in IBM Tealeaf CX ...)
+CVE-2013-6719 (delivery.php in the Passive Capture Application (PCA) web console in ...)
NOT-FOR-US: IBM Tealeaf CX
CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and ...)
NOT-FOR-US: IBM firmware
@@ -9080,8 +9100,7 @@
RESERVED
CVE-2013-6212
RESERVED
-CVE-2013-6211
- RESERVED
+CVE-2013-6211 (Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance ...)
NOT-FOR-US: HP StoreOnce
CVE-2013-6210 (Unspecified vulnerability in HP Unified Functional Testing before 12.0 ...)
NOT-FOR-US: HP Unified Functional Testing
@@ -9642,8 +9661,7 @@
NOT-FOR-US: Joomla component multi calendar
CVE-2013-5952 (Multiple cross-site scripting (XSS) vulnerabilities in the Freichat ...)
NOT-FOR-US: Joomla component Freichat
-CVE-2013-5951
- RESERVED
+CVE-2013-5951 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...)
{DSA-2882-1}
- extplorer <unfixed> (bug #741908)
NOTE: http://seclists.org/fulldisclosure/2014/Mar/273
@@ -11040,12 +11058,12 @@
NOT-FOR-US: IBM Forms Viewer
CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
-CVE-2013-5445
- RESERVED
-CVE-2013-5444
- RESERVED
-CVE-2013-5443
- RESERVED
+CVE-2013-5445 (IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before ...)
+ TODO: check
+CVE-2013-5444 (The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, ...)
+ TODO: check
+CVE-2013-5443 (Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express ...)
+ TODO: check
CVE-2013-5442 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
NOT-FOR-US: IBM
CVE-2013-5441
@@ -14923,10 +14941,10 @@
NOT-FOR-US: IBM Cognos Command Center
CVE-2013-3999 (Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics ...)
NOT-FOR-US: IBM Social Media Analytics
-CVE-2013-3998
- RESERVED
-CVE-2013-3997
- RESERVED
+CVE-2013-3998 (CRLF injection vulnerability in the Web Application Enterprise Console ...)
+ TODO: check
+CVE-2013-3997 (Open redirect vulnerability in the Web Application Enterprise Console ...)
+ TODO: check
CVE-2013-3996 (IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle ...)
NOT-FOR-US: IBM
CVE-2013-3995 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights ...)
@@ -14967,8 +14985,8 @@
NOT-FOR-US: IBM Sametime
CVE-2013-3977
RESERVED
-CVE-2013-3976
- RESERVED
+CVE-2013-3976 (The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and ...)
+ TODO: check
CVE-2013-3975
RESERVED
CVE-2013-3974
@@ -16098,8 +16116,8 @@
NOT-FOR-US: ERADAS ER Viewer
CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ...)
NOT-FOR-US: ERADAS ER Viewer
-CVE-2013-3481
- RESERVED
+CVE-2013-3481 (Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 ...)
+ TODO: check
CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers ...)
NOT-FOR-US: Sagelight
CVE-2013-3479 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...)
@@ -17963,10 +17981,10 @@
NOT-FOR-US: Wordpress plugin Downloadmanager
CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One ...)
NOT-FOR-US: WordPress plugin All in One Webmaster
-CVE-2013-2695
- RESERVED
-CVE-2013-2694
- RESERVED
+CVE-2013-2695 (Cross-site scripting (XSS) vulnerability in invite.php in the WP ...)
+ TODO: check
+CVE-2013-2694 (Open redirect vulnerability in invite.php in the WP Symposium plugin ...)
+ TODO: check
CVE-2013-2693
RESERVED
CVE-2013-2692
@@ -18324,8 +18342,8 @@
[wheezy] - ibutils <no-dsa> (Minor issue)
CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam ...)
NOT-FOR-US: Foscam
-CVE-2013-2559
- RESERVED
+CVE-2013-2559 (SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote ...)
+ TODO: check
CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote ...)
NOT-FOR-US: Windows 8
CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 ...)
@@ -21529,10 +21547,10 @@
RESERVED
CVE-2013-1606 (Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT ...)
NOT-FOR-US: Ubiquiti UBNT AirCam
-CVE-2013-1605
- RESERVED
-CVE-2013-1604
- RESERVED
+CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 ...)
+ TODO: check
+CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...)
+ TODO: check
CVE-2013-1603
RESERVED
CVE-2013-1602
@@ -23592,8 +23610,8 @@
- openjdk-7 7u3-2.1.7-1
CVE-2013-0808
RESERVED
-CVE-2013-0807
- RESERVED
+CVE-2013-0807 (Cross-site scripting (XSS) vulnerability in the NewSectionPrompt ...)
+ TODO: check
CVE-2013-0806
RESERVED
CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
@@ -23966,12 +23984,12 @@
NOT-FOR-US: mingle forum plugin for wp
CVE-2013-0735
RESERVED
-CVE-2013-0734
- RESERVED
+CVE-2013-0734 (Multiple cross-site scripting (XSS) vulnerabilities in the Mingle ...)
+ TODO: check
CVE-2013-0733
RESERVED
-CVE-2013-0732
- RESERVED
+CVE-2013-0732 (Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before ...)
+ TODO: check
CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress ...)
NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x ...)
@@ -24246,8 +24264,8 @@
NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0663 (Cross-site request forgery (CSRF) vulnerability on the Schneider ...)
NOT-FOR-US: Schneider Electric Quantum modules
-CVE-2013-0662
- RESERVED
+CVE-2013-0662 (Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider ...)
+ TODO: check
CVE-2013-0661
RESERVED
CVE-2013-0660
@@ -34234,8 +34252,7 @@
- nova 2012.1.1-2 (bug #680110)
CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack ...)
- nova 2012.1.1-2 (bug #680110)
-CVE-2012-3359
- RESERVED
+CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in a ...)
NOT-FOR-US: Red Hat Conga
CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in ...)
{DSA-2629-1}
More information about the Secure-testing-commits
mailing list