[Secure-testing-commits] r26470 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Apr 8 21:14:09 UTC 2014
Author: joeyh
Date: 2014-04-08 21:14:09 +0000 (Tue, 08 Apr 2014)
New Revision: 26470
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-08 19:03:03 UTC (rev 26469)
+++ data/CVE/list 2014-04-08 21:14:09 UTC (rev 26470)
@@ -1,3 +1,15 @@
+CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
+ TODO: check
+CVE-2014-2729
+ RESERVED
+CVE-2014-2728
+ RESERVED
+CVE-2014-2727
+ RESERVED
+CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the ...)
+ TODO: check
+CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail ...)
+ TODO: check
CVE-2014-XXXX [Open redirector]
- redmine <unfixed> (bug #743828)
NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
@@ -325,8 +337,7 @@
RESERVED
CVE-2014-2601
RESERVED
-CVE-2014-2600
- RESERVED
+CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through ...)
NOT-FOR-US: HP
CVE-2014-2598
RESERVED
@@ -1250,8 +1261,7 @@
RESERVED
CVE-2014-2215
RESERVED
-CVE-2014-2210
- RESERVED
+CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
NOT-FOR-US: Erwin Web Portal
CVE-2014-2209
RESERVED
@@ -1379,12 +1389,12 @@
RESERVED
CVE-2014-2146
RESERVED
-CVE-2014-2145
- RESERVED
-CVE-2014-2144
- RESERVED
-CVE-2014-2143
- RESERVED
+CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...)
+ TODO: check
+CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
+ TODO: check
+CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE ...)
+ TODO: check
CVE-2014-2142
RESERVED
CVE-2014-2141
@@ -1435,14 +1445,14 @@
NOT-FOR-US: Cisco AsyncOS
CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Cisco PRSM
-CVE-2014-2117
- RESERVED
-CVE-2014-2116
- RESERVED
-CVE-2014-2115
- RESERVED
-CVE-2014-2114
- RESERVED
+CVE-2014-2117 (Multiple open redirect vulnerabilities in Cisco Emergency Responder ...)
+ TODO: check
+CVE-2014-2116 (Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2014-2115 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2014-2114 (Cross-site scripting (XSS) vulnerability in UserServlet in Cisco ...)
+ TODO: check
CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 ...)
NOT-FOR-US: Cisco IOS
CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...)
@@ -1947,6 +1957,7 @@
NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
CVE-2014-2030
RESERVED
+ {DSA-2898-1}
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
[squeeze] - imagemagick <not-affected> (CVE only for versions with r1448 applied)
NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
@@ -1977,6 +1988,7 @@
NOTE: introduced by https://www.gitorious.org/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6
CVE-2014-1958 [PSD Images Processing RLE Decoding Buffer Overflow Vulnerability]
RESERVED
+ {DSA-2898-1}
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not present)
NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage?
@@ -2001,6 +2013,7 @@
NOTE: https://launchpad.net/bugs/1275062
CVE-2014-1947 [Buffer overflow vulnerability]
RESERVED
+ {DSA-2898-1}
- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
NOTE: http://trac.imagemagick.org/changeset/13736
- graphicsmagick <unfixed>
@@ -2310,8 +2323,7 @@
[wheezy] - ruby-passenger <no-dsa> (low; bug #736958)
- passenger <removed>
[squeeze] - passenger <no-dsa> (minor issue)
-CVE-2001-1593 [insecure use of /tmp]
- RESERVED
+CVE-2001-1593 (The tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, ...)
{DSA-2892-1}
- a2ps 1:4.14-1.2 (low; bug #737385)
[wheezy] - a2ps <no-dsa> (Minor issue)
@@ -4352,8 +4364,8 @@
NOT-FOR-US: IBM Rational ClearCase
CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0827
- RESERVED
+CVE-2014-0827 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim ...)
+ TODO: check
CVE-2014-0826
RESERVED
CVE-2014-0825
@@ -4493,8 +4505,8 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
-CVE-2014-0789
- RESERVED
+CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object ...)
+ TODO: check
CVE-2014-0788
RESERVED
CVE-2014-0787
@@ -4796,11 +4808,9 @@
RESERVED
CVE-2014-0639
RESERVED
-CVE-2014-0638
- RESERVED
+CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)
NOT-FOR-US: RSA Adaptive Authentication
-CVE-2014-0637
- RESERVED
+CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office ...)
NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0636
RESERVED
@@ -4932,8 +4942,8 @@
RESERVED
CVE-2014-0593
RESERVED
-CVE-2014-0592
- RESERVED
+CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
+ TODO: check
CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
- bind9 1:9.9.5.dfsg-2 (bug #735190)
[wheezy] - bind9 <not-affected> (Only exploitable in combination with glibc 2.17 and later)
@@ -6112,7 +6122,7 @@
CVE-2014-0347
RESERVED
CVE-2014-0346
- RESERVED
+ REJECTED
CVE-2014-0345
RESERVED
CVE-2014-0344 (Properties.do in ZOHO ManageEngine OpStor before build 8500 does not ...)
@@ -6129,8 +6139,8 @@
NOT-FOR-US: Webmin
CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall ...)
NOT-FOR-US: WatchGuard Fireware XTM
-CVE-2014-0337
- RESERVED
+CVE-2014-0337 (Cross-site scripting (XSS) vulnerability in the web interface on ...)
+ TODO: check
CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in ...)
NOT-FOR-US: Serena Dimensions CM
CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
@@ -6792,8 +6802,7 @@
RESERVED
CVE-2014-0161
RESERVED
-CVE-2014-0160 [OpenSSL 1.0.1 TLS/DTLS heartbeat information disclosure]
- RESERVED
+CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before ...)
{DSA-2896-1}
- openssl 1.0.1g-1 (bug #743883)
[squeeze] - openssl <not-affected> (vulnerable code introduced in upstream commit 4817504)
@@ -7180,7 +7189,7 @@
CVE-2014-0051
RESERVED
CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...)
- {DSA-2856-1}
+ {DSA-2897-1 DSA-2856-1}
- libcommons-fileupload-java 1.3.1-1
- tomcat7 7.0.52-1
- tomcat6 <not-affected> (access to Manager application limited to authenticated administrators)
@@ -10487,8 +10496,7 @@
RESERVED
CVE-2013-5681
RESERVED
-CVE-2013-5680 [heap overflow]
- RESERVED
+CVE-2013-5680 (Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, ...)
- hylafax <not-affected> (Not built with LDAP support)
NOTE: http://www.securityfocus.com/archive/1/528943/30/0/threaded
CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption ...)
@@ -14086,6 +14094,7 @@
CVE-2013-4323
RESERVED
CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
+ {DSA-2897-1}
- tomcat6 6.0.39
- tomcat7 7.0.50
- tomcat8 <itp> (bug #722675)
@@ -14211,6 +14220,7 @@
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...)
+ {DSA-2897-1}
- tomcat6 6.0.39
- tomcat7 7.0.47
- tomcat8 <itp> (bug #722675)
@@ -15242,8 +15252,8 @@
RESERVED
CVE-2013-3931
RESERVED
-CVE-2013-3930
- RESERVED
+CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows ...)
+ TODO: check
CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
NOT-FOR-US: CMS Made Simple
CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...)
@@ -19255,8 +19265,8 @@
NOT-FOR-US: Batavi
CVE-2013-2288
RESERVED
-CVE-2013-2287
- RESERVED
+CVE-2013-2287 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2013-2286
RESERVED
CVE-2013-2285
@@ -19977,6 +19987,7 @@
[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat ...)
+ {DSA-2897-1}
- tomcat7 7.0.40-1 (bug #707704)
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...)
@@ -19990,7 +20001,7 @@
CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...)
- {DSA-2725-1}
+ {DSA-2897-1 DSA-2725-1}
- tomcat7 7.0.33
- tomcat6 6.0.37
CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to ...)
@@ -20391,8 +20402,7 @@
NOT-FOR-US: Ruby gem md2pdf
CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers ...)
NOT-FOR-US: Ruby Gem kelredd-pruview
-CVE-2013-1946
- RESERVED
+CVE-2013-1946 (The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and ...)
NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-1945
RESERVED
@@ -24457,8 +24467,8 @@
NOT-FOR-US: Symfony
CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms ...)
NOT-FOR-US: Open Solution Quick.Cart and Quick.Cms
-CVE-2012-6429
- RESERVED
+CVE-2012-6429 (Buffer overflow in the PrepareSync method in the SyncService.dll ...)
+ TODO: check
CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...)
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
@@ -28101,8 +28111,8 @@
CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash]
RESERVED
- couchdb 1.2.0-5 (bug #698439)
-CVE-2012-5648
- RESERVED
+CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow ...)
+ TODO: check
CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...)
NOT-FOR-US: OpenShift
CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...)
@@ -28365,14 +28375,11 @@
[wheezy] - tomcat6 <no-dsa> (Minor issue)
- tomcat7 <unfixed> (low)
[wheezy] - tomcat7 <no-dsa> (Minor issue)
-CVE-2012-5567
- RESERVED
+CVE-2012-5567 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
-CVE-2012-5566
- RESERVED
+CVE-2012-5566 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
-CVE-2012-5565
- RESERVED
+CVE-2012-5565 (Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in ...)
NOT-FOR-US: This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code
CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...)
- android-tools <unfixed> (bug #688280)
@@ -29972,8 +29979,8 @@
- tor 0.2.3.22-rc-1
CVE-2012-4921
RESERVED
-CVE-2012-4920
- RESERVED
+CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
+ TODO: check
CVE-2012-4919
RESERVED
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
@@ -37330,8 +37337,7 @@
NOT-FOR-US: Android
CVE-2012-2216
RESERVED
-CVE-2012-2095 [wicd command execution with root privileges]
- RESERVED
+CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before ...)
- wicd 1.7.2.4-1 (low; bug #668397)
[squeeze] - wicd 1.7.0+ds1-5+squeeze2
CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ...)
@@ -38324,8 +38330,8 @@
- inspircd 2.0.5-0.1 (bug #667914)
CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One ...)
NOT-FOR-US: All-in-One Event Calendar plugin for WordPress
-CVE-2012-1834
- RESERVED
+CVE-2012-1834 (Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head ...)
+ TODO: check
CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does ...)
NOT-FOR-US: Grails
CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
More information about the Secure-testing-commits
mailing list