[Secure-testing-commits] r26763 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Apr 30 21:14:10 UTC 2014
Author: joeyh
Date: 2014-04-30 21:14:10 +0000 (Wed, 30 Apr 2014)
New Revision: 26763
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-30 20:48:27 UTC (rev 26762)
+++ data/CVE/list 2014-04-30 21:14:10 UTC (rev 26763)
@@ -1,3 +1,291 @@
+CVE-2014-3128
+ RESERVED
+CVE-2014-3127
+ RESERVED
+CVE-2014-3126
+ RESERVED
+CVE-2014-3125
+ RESERVED
+CVE-2014-3124
+ RESERVED
+CVE-2014-3123
+ RESERVED
+CVE-2014-3122
+ RESERVED
+CVE-2014-3121
+ RESERVED
+CVE-2014-3120
+ RESERVED
+CVE-2014-3119
+ RESERVED
+CVE-2014-3118
+ RESERVED
+CVE-2014-3117
+ RESERVED
+CVE-2014-3116
+ RESERVED
+CVE-2014-3115
+ RESERVED
+CVE-2014-3114
+ RESERVED
+CVE-2014-3113
+ RESERVED
+CVE-2014-3112
+ RESERVED
+CVE-2014-3110
+ RESERVED
+CVE-2014-3109
+ RESERVED
+CVE-2014-3108
+ RESERVED
+CVE-2014-3107
+ RESERVED
+CVE-2014-3106
+ RESERVED
+CVE-2014-3105
+ RESERVED
+CVE-2014-3104
+ RESERVED
+CVE-2014-3103
+ RESERVED
+CVE-2014-3102
+ RESERVED
+CVE-2014-3101
+ RESERVED
+CVE-2014-3100
+ RESERVED
+CVE-2014-3099
+ RESERVED
+CVE-2014-3098
+ RESERVED
+CVE-2014-3097
+ RESERVED
+CVE-2014-3096
+ RESERVED
+CVE-2014-3095
+ RESERVED
+CVE-2014-3094
+ RESERVED
+CVE-2014-3093
+ RESERVED
+CVE-2014-3092
+ RESERVED
+CVE-2014-3091
+ RESERVED
+CVE-2014-3090
+ RESERVED
+CVE-2014-3089
+ RESERVED
+CVE-2014-3088
+ RESERVED
+CVE-2014-3087
+ RESERVED
+CVE-2014-3086
+ RESERVED
+CVE-2014-3085
+ RESERVED
+CVE-2014-3084
+ RESERVED
+CVE-2014-3083
+ RESERVED
+CVE-2014-3082
+ RESERVED
+CVE-2014-3081
+ RESERVED
+CVE-2014-3080
+ RESERVED
+CVE-2014-3079
+ RESERVED
+CVE-2014-3078
+ RESERVED
+CVE-2014-3077
+ RESERVED
+CVE-2014-3076
+ RESERVED
+CVE-2014-3075
+ RESERVED
+CVE-2014-3074
+ RESERVED
+CVE-2014-3073
+ RESERVED
+CVE-2014-3072
+ RESERVED
+CVE-2014-3071
+ RESERVED
+CVE-2014-3070
+ RESERVED
+CVE-2014-3069
+ RESERVED
+CVE-2014-3068
+ RESERVED
+CVE-2014-3067
+ RESERVED
+CVE-2014-3066
+ RESERVED
+CVE-2014-3065
+ RESERVED
+CVE-2014-3064
+ RESERVED
+CVE-2014-3063
+ RESERVED
+CVE-2014-3062
+ RESERVED
+CVE-2014-3061
+ RESERVED
+CVE-2014-3060
+ RESERVED
+CVE-2014-3059
+ RESERVED
+CVE-2014-3058
+ RESERVED
+CVE-2014-3057
+ RESERVED
+CVE-2014-3056
+ RESERVED
+CVE-2014-3055
+ RESERVED
+CVE-2014-3054
+ RESERVED
+CVE-2014-3053
+ RESERVED
+CVE-2014-3052
+ RESERVED
+CVE-2014-3051
+ RESERVED
+CVE-2014-3050
+ RESERVED
+CVE-2014-3049
+ RESERVED
+CVE-2014-3048
+ RESERVED
+CVE-2014-3047
+ RESERVED
+CVE-2014-3046
+ RESERVED
+CVE-2014-3045
+ RESERVED
+CVE-2014-3044
+ RESERVED
+CVE-2014-3043
+ RESERVED
+CVE-2014-3042
+ RESERVED
+CVE-2014-3041
+ RESERVED
+CVE-2014-3040
+ RESERVED
+CVE-2014-3039
+ RESERVED
+CVE-2014-3038
+ RESERVED
+CVE-2014-3037
+ RESERVED
+CVE-2014-3036
+ RESERVED
+CVE-2014-3035
+ RESERVED
+CVE-2014-3034
+ RESERVED
+CVE-2014-3033
+ RESERVED
+CVE-2014-3032
+ RESERVED
+CVE-2014-3031
+ RESERVED
+CVE-2014-3030
+ RESERVED
+CVE-2014-3029
+ RESERVED
+CVE-2014-3028
+ RESERVED
+CVE-2014-3027
+ RESERVED
+CVE-2014-3026
+ RESERVED
+CVE-2014-3025
+ RESERVED
+CVE-2014-3024
+ RESERVED
+CVE-2014-3023
+ RESERVED
+CVE-2014-3022
+ RESERVED
+CVE-2014-3021
+ RESERVED
+CVE-2014-3020
+ RESERVED
+CVE-2014-3019
+ RESERVED
+CVE-2014-3018
+ RESERVED
+CVE-2014-3017
+ RESERVED
+CVE-2014-3016
+ RESERVED
+CVE-2014-3015
+ RESERVED
+CVE-2014-3014
+ RESERVED
+CVE-2014-3013
+ RESERVED
+CVE-2014-3012
+ RESERVED
+CVE-2014-3011
+ RESERVED
+CVE-2014-3010
+ RESERVED
+CVE-2014-3009
+ RESERVED
+CVE-2014-3008 (Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to ...)
+ TODO: check
+CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might ...)
+ TODO: check
+CVE-2014-3006
+ RESERVED
+CVE-2014-3005
+ RESERVED
+CVE-2014-3004
+ RESERVED
+CVE-2014-3003
+ RESERVED
+CVE-2014-3002
+ RESERVED
+CVE-2014-3001
+ RESERVED
+CVE-2014-3000
+ RESERVED
+CVE-2014-2999
+ RESERVED
+CVE-2014-2998
+ RESERVED
+CVE-2014-2997
+ RESERVED
+CVE-2014-2996 (XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem ...)
+ TODO: check
+CVE-2014-2995
+ RESERVED
+CVE-2014-2994 (Stack-based buffer overflow in Acunetix Web Vulnerability Scanner ...)
+ TODO: check
+CVE-2014-2993 (The Birebin.com application for Android does not verify X.509 ...)
+ TODO: check
+CVE-2014-2992 (The Misli.com application for Android does not verify X.509 ...)
+ TODO: check
+CVE-2014-2991
+ RESERVED
+CVE-2014-2990
+ RESERVED
+CVE-2014-2989
+ RESERVED
+CVE-2014-2988
+ RESERVED
+CVE-2014-2987
+ RESERVED
+CVE-2013-7373 (Android before 4.4 does not properly arrange for seeding of the ...)
+ TODO: check
+CVE-2013-7372 (The engineNextBytes function in ...)
+ TODO: check
+CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft ...)
+ TODO: check
CVE-2014-XXXX [mm: try_to_unmap_cluster() should lock_page() before mlocking]
- linux <unfixed>
- linux-2.6 <removed>
@@ -21,11 +309,12 @@
NOTE: incomplete fix was applied
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
CVE-2014-3111
+ RESERVED
NOT-FOR-US: fog cloning solution, not in Debian
CVE-2014-2985
RESERVED
CVE-2014-2984
- RESERVED
+ REJECTED
CVE-2014-2982
RESERVED
CVE-2014-2981
@@ -36,8 +325,8 @@
RESERVED
CVE-2014-2977
RESERVED
-CVE-2014-2976
- RESERVED
+CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
+ TODO: check
CVE-2014-2975
RESERVED
CVE-2014-2974
@@ -170,10 +459,10 @@
RESERVED
CVE-2014-2910
RESERVED
-CVE-2014-2909
- RESERVED
-CVE-2014-2908
- RESERVED
+CVE-2014-2909 (CRLF injection vulnerability in the integrated web server on Siemens ...)
+ TODO: check
+CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
+ TODO: check
CVE-2014-2906 [unsafe temporary file creationg leading to privilege escalation]
RESERVED
- fish <unfixed> (low; bug #746259)
@@ -216,23 +505,20 @@
- virtualenvwrapper <unfixed> (low; bug #745580)
[wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
[squeeze] - virtualenvwrapper <no-dsa> (Minor issue)
-CVE-2014-2907
- RESERVED
+CVE-2014-2907 (The srtp_add_address function in epan/dissectors/packet-rtp.c in the ...)
- wireshark 1.10.7-1 (bug #745595)
[wheezy] - wireshark <not-affected> (Affects 1.10.x only)
[squeeze] - wireshark <not-affected> (Affects 1.10.x only)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-06.html
-CVE-2014-2986 [XSA-94 ARM hypervisor crash on guest interrupt controller access]
+CVE-2014-2986 (The vgic_distr_mmio_write function in the virtual guest interrupt ...)
- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
-CVE-2014-2980 [DoS]
- RESERVED
+CVE-2014-2980 (Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run ...)
- gnustep-base <unfixed> (bug #745470)
[wheezy] - gnustep-base <no-dsa> (Minor issue)
[squeeze] - gnustep-base <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?41751
-CVE-2014-2915 [XSA-93]
- RESERVED
+CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict ...)
- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2913 [Remote command execution]
RESERVED
@@ -240,8 +526,7 @@
[wheezy] - nagios-nrpe <no-dsa> (Minor issue)
[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2014/Apr/240
-CVE-2014-2983 [information disclosure]
- RESERVED
+CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate ...)
{DSA-2914-1 DSA-2913-1}
- drupal7 7.27-1
- drupal6 <removed>
@@ -273,8 +558,7 @@
- cyassl <itp> (bug #598391)
CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in ...)
- phpmyid <itp> (bug #492325)
-CVE-2014-2888
- RESERVED
+CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
NOT-FOR-US: Ruby Gem sfpagent
CVE-2014-2885
RESERVED
@@ -319,6 +603,7 @@
CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
- grails <itp> (bug #473213)
CVE-2013-7374
+ RESERVED
NOT-FOR-US: indicator-datetime
CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
RESERVED
@@ -334,15 +619,13 @@
- libmms 0.6.2-4 (bug #745301)
- xine-lib <not-affected> (mmsh is libmms-specific)
NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
-CVE-2014-2893 [scan-build: insecure use of /tmp]
- RESERVED
+CVE-2014-2893 (The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and ...)
- llvm-toolchain-snapshot <unfixed> (bug #744817)
- llvm-toolchain-3.3 <unfixed>
- llvm-toolchain-3.4 <unfixed>
CVE-2014-2854
RESERVED
-CVE-2014-2853 [mediawiki (bug 63251) SECURITY: escape sortKey in pageInfo.]
- RESERVED
+CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in ...)
- mediawiki <not-affected> (Vulnerable code not present)
CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an ...)
{DSA-2899-1}
@@ -355,8 +638,7 @@
NOT-FOR-US: Nessus
CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows ...)
NOT-FOR-US: CIS Manager CMS
-CVE-2014-2846
- RESERVED
+CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php ...)
NOT-FOR-US: Arkeia Server Backup
CVE-2014-2845
RESERVED
@@ -558,13 +840,11 @@
RESERVED
CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the ...)
NOT-FOR-US: KnowledgeTree
-CVE-2014-2736
- RESERVED
+CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before ...)
NOT-FOR-US: MODX Revolution
CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
NOT-FOR-US: WinSCP
-CVE-2014-2734
- RESERVED
+CVE-2014-2734 (The openssl extension in Ruby 2.x does not properly maintain the state ...)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
NOTE: https://gist.github.com/gdisneyleugers/10446549
CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
@@ -611,22 +891,19 @@
NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the ...)
NOT-FOR-US: MyBB plugin Advanced Forum Signatures
-CVE-2014-2889 [arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target]
- RESERVED
+CVE-2014-2889 (Off-by-one error in the bpf_jit_compile function in ...)
- linux 3.2.1-1
- linux-2.6 3.2.1-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
NOTE: introduced by https://git.kernel.org/linus/0a14842f5a3c0e88a1e59fac5c3025db39721f74
NOTE: Upstrem fix in https://git.kernel.org/linus/a03ffcf873fe0f2565386ca8ef832144c42e67fa
-CVE-2014-2894 [qemu: out of bounds buffer access, guest triggerable via IDE SMART]
- RESERVED
+CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in ...)
- qemu 2.0.0+dfsg-1 (bug #745157)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
-CVE-2014-2855 [Daemon infinite loop when no matched user in secrets]
- RESERVED
+CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
- rsync 3.1.0-3 (bug #744791)
[wheezy] - rsync <not-affected> (Introduced in 3.1.0)
[squeeze] - rsync <not-affected> (Introduced in 3.1.0)
@@ -672,15 +949,14 @@
NOT-FOR-US: Openfire
CVE-2014-2742 (Isode M-Link before 16.0v7 does not properly restrict the processing ...)
NOT-FOR-US: Openfire
-CVE-2014-2741 (Ignite Realtime Openfire before 3.9.2 does not properly restrict the ...)
+CVE-2014-2741 (nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 ...)
NOT-FOR-US: Openfire
CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
NOT-FOR-US: Microsoft Office
CVE-2014-2739 (The cma_req_handler function in drivers/infiniband/core/cma.c in the ...)
- linux <not-affected> (Introduced and fixed in 3.14)
- linux-2.6 <not-affected> ((Introduced and fixed in 3.14)
-CVE-2014-2729
- RESERVED
+CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS ...)
NOT-FOR-US: Ektron Web Content Management System
CVE-2014-2728
RESERVED
@@ -719,8 +995,8 @@
RESERVED
CVE-2014-2716
RESERVED
-CVE-2014-2715
- RESERVED
+CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2014-2714 (The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...)
NOT-FOR-US: Juniper Junos
CVE-2014-2713 (Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, ...)
@@ -791,13 +1067,12 @@
NOT-FOR-US: War FTP Daemon
CVE-2014-5880
REJECTED
-CVE-2014-2709
- RESERVED
+CVE-2014-2709 (lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote ...)
- cacti 0.8.8b+dfsg-4 (bug #743565)
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
-CVE-2014-2708 (SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows ...)
+CVE-2014-2708 (Multiple SQL injection vulnerabilities in graph_xport.php in Cacti ...)
- cacti 0.8.8b+dfsg-4 (bug #743565)
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
@@ -844,10 +1119,10 @@
RESERVED
CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in ...)
TODO: check
-CVE-2014-2658
- RESERVED
-CVE-2014-2657
- RESERVED
+CVE-2014-2658 (Unspecified vulnerability in Papercut MF and NG before 14.1 (Build ...)
+ TODO: check
+CVE-2014-2657 (Unspecified vulnerability in the print release functionality in ...)
+ TODO: check
CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and ...)
TODO: check
CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
@@ -1032,8 +1307,7 @@
RESERVED
CVE-2014-2602
RESERVED
-CVE-2014-2601
- RESERVED
+CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier ...)
NOT-FOR-US: HP
CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through ...)
NOT-FOR-US: HP
@@ -1072,8 +1346,7 @@
NOTE: Fix: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
CVE-2014-2582
RESERVED
-CVE-2014-2579
- RESERVED
+CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner ...)
NOT-FOR-US: WordPress plugin xcloner
CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
NOT-FOR-US: Splunk Web
@@ -1111,8 +1384,7 @@
RESERVED
CVE-2014-2555
RESERVED
-CVE-2014-2554 [Clickjacking issue]
- RESERVED
+CVE-2014-2554 (OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 ...)
- otrs2 3.3.6-1
[wheezy] - otrs2 <no-dsa> (Minor issue)
[squeeze] - otrs2 <no-dsa> (Minor issue)
@@ -1135,8 +1407,8 @@
RESERVED
CVE-2014-2546
RESERVED
-CVE-2014-2545
- RESERVED
+CVE-2014-2545 (TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File ...)
+ TODO: check
CVE-2014-2544 (Unspecified vulnerability in Spotfire Web Player Engine, Spotfire ...)
NOT-FOR-US: Spotfire
CVE-2014-2543 (Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing ...)
@@ -1612,8 +1884,7 @@
RESERVED
CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...)
NOT-FOR-US: VMware on Windows
-CVE-2014-2383 [dompdf: arbitrary file read]
- RESERVED
+CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...)
- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
CVE-2014-2382
@@ -1733,15 +2004,13 @@
RESERVED
- check-mk <unfixed> (bug #742689)
NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
-CVE-2014-2328 [Unspecified Remote Command Execution Vulnerability]
- RESERVED
+CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows ...)
- cacti 0.8.8b+dfsg-4 (bug #742768)
NOTE: http://bugs.cacti.net/view.php?id=2433
-CVE-2014-2327 [Cross Site Request Forgery Vulnerability]
- RESERVED
+CVE-2014-2327 (Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, ...)
- cacti <unfixed> (bug #742768)
NOTE: http://bugs.cacti.net/view.php?id=2432
-CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in Cacti 0.8.7g allows remote ...)
+CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ...)
- cacti 0.8.8b+dfsg-4 (bug #742768)
NOTE: http://bugs.cacti.net/view.php?id=2431
CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
@@ -2058,20 +2327,20 @@
RESERVED
CVE-2014-2187
RESERVED
-CVE-2014-2186
- RESERVED
-CVE-2014-2185
- RESERVED
-CVE-2014-2184
- RESERVED
-CVE-2014-2183
- RESERVED
-CVE-2014-2182
- RESERVED
+CVE-2014-2186 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+ TODO: check
+CVE-2014-2185 (The Call Detail Records (CDR) Management component in Cisco Unified ...)
+ TODO: check
+CVE-2014-2184 (The IP Manager Assistant (IPMA) component in Cisco Unified ...)
+ TODO: check
+CVE-2014-2183 (The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 ...)
+ TODO: check
+CVE-2014-2182 (Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay ...)
+ TODO: check
CVE-2014-2181
RESERVED
-CVE-2014-2180
- RESERVED
+CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center ...)
+ TODO: check
CVE-2014-2179
RESERVED
CVE-2014-2178
@@ -2259,8 +2528,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
NOT-FOR-US: Microsoft Windows
-CVE-2014-2285 [snmptrapd crash when using a trap with empty community string]
- RESERVED
+CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs ...)
- net-snmp 5.7.2.1~dfsg-3 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072778
@@ -2489,8 +2757,7 @@
- owncloud <not-affected> (Windows-specific)
CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
NOT-FOR-US: Procentia IntelliPen
-CVE-2014-2042
- RESERVED
+CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project ...)
NOT-FOR-US: Livetecs Timelive
CVE-2014-2041
RESERVED
@@ -3019,14 +3286,11 @@
RESERVED
CVE-2014-1844
RESERVED
-CVE-2014-1843
- RESERVED
+CVE-2014-1843 (Directory traversal vulnerability in the web interface in Titan FTP ...)
NOT-FOR-US: Titan FTP Server
-CVE-2014-1842
- RESERVED
+CVE-2014-1842 (Directory traversal vulnerability in the web interface in Titan FTP ...)
NOT-FOR-US: Titan FTP Server
-CVE-2014-1841
- RESERVED
+CVE-2014-1841 (Directory traversal vulnerability in the web interface in Titan FTP ...)
NOT-FOR-US: Titan FTP Server
CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB ...)
NOT-FOR-US: MyBB
@@ -3077,7 +3341,7 @@
[wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958)
- passenger <removed>
[squeeze] - passenger <no-dsa> (minor issue)
-CVE-2001-1593 (The tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, ...)
+CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and ...)
{DSA-2892-1}
- a2ps 1:4.14-1.2 (low; bug #737385)
[wheezy] - a2ps <no-dsa> (Minor issue)
@@ -3259,8 +3523,8 @@
RESERVED
CVE-2014-1777
RESERVED
-CVE-2014-1776
- RESERVED
+CVE-2014-1776 (Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer ...)
+ TODO: check
CVE-2014-1775
RESERVED
CVE-2014-1774
@@ -3279,16 +3543,16 @@
RESERVED
CVE-2014-1767
RESERVED
-CVE-2014-1766
- RESERVED
-CVE-2014-1765
- RESERVED
-CVE-2014-1764
- RESERVED
-CVE-2014-1763
- RESERVED
-CVE-2014-1762
- RESERVED
+CVE-2014-1766 (Unspecified vulnerability in the kernel in Microsoft Windows 8.1 ...)
+ TODO: check
+CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...)
+ TODO: check
+CVE-2014-1764 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 11 allows ...)
+ TODO: check
+CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 11 allows ...)
+ TODO: check
CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
NOT-FOR-US: Microsoft Word
CVE-2014-1760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -3343,32 +3607,26 @@
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1735
- RESERVED
+CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1734
- RESERVED
+CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1733
- RESERVED
+CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1732
- RESERVED
+CVE-2014-1732 (Use-after-free vulnerability in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1731
- RESERVED
+CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1730
- RESERVED
+CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
@@ -3622,10 +3880,10 @@
RESERVED
CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...)
TODO: check
-CVE-2014-1647
- RESERVED
-CVE-2014-1646
- RESERVED
+CVE-2014-1647 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
+ TODO: check
+CVE-2014-1646 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
+ TODO: check
CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI ...)
@@ -3873,72 +4131,65 @@
RESERVED
CVE-2014-1533
RESERVED
-CVE-2014-1532
- RESERVED
+CVE-2014-1532 (Use-after-free vulnerability in the ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1531
- RESERVED
+CVE-2014-1531 (Use-after-free vulnerability in the ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1530
- RESERVED
+CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1529
- RESERVED
+CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1528
- RESERVED
+CVE-2014-1528 (The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2014-1527
- RESERVED
+CVE-2014-1527 (Mozilla Firefox before 29.0 on Android allows remote attackers to ...)
- iceweasel <not-affected> (Only affects Firefox on Android)
- icedove <not-affected> (Only affects Firefox on Android)
-CVE-2014-1526
- RESERVED
+CVE-2014-1526 (The XrayWrapper implementation in Mozilla Firefox before 29.0 and ...)
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
-CVE-2014-1525
- RESERVED
+CVE-2014-1525 (The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before ...)
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
-CVE-2014-1524
- RESERVED
+CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1523
- RESERVED
+CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1522
- RESERVED
+CVE-2014-1522 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...)
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1521
RESERVED
-CVE-2014-1520
- RESERVED
+CVE-2014-1520 (maintenservice_installer.exe in the Maintenance Service Installer in ...)
- iceweasel <not-affected> (Windows-specific)
-CVE-2014-1519
- RESERVED
+CVE-2014-1519 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
-CVE-2014-1518
- RESERVED
+CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-2918-1}
- iceweasel 24.5.0esr-1
- icedove 24.5.0-1
[squeeze] - iceweasel <end-of-life>
@@ -4328,8 +4579,7 @@
- spip 3.0.13-1 (bug #736170)
[wheezy] - spip 2.1.17-1+deb7u3
[squeeze] - spip 2.1.1-3squeeze8
-CVE-2013-7302
- RESERVED
+CVE-2013-7302 (Session fixation vulnerability in the Ubercart module 6.x-2.x before ...)
NOT-FOR-US: Drupal contrib
CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...)
- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
@@ -4667,7 +4917,7 @@
NOT-FOR-US: Apple
CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after ...)
NOT-FOR-US: Apple
-CVE-2014-1263 (curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509 ...)
+CVE-2014-1263 (curl and libcurl 7.27.0 through 7.35.0, when using the ...)
- curl <not-affected> (Only applies to Curl on Mac OS or iOS)
NOTE: http://curl.haxx.se/docs/adv_20140326C.html
CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers ...)
@@ -4757,8 +5007,7 @@
NOT-FOR-US: 2E Web Option
CVE-2014-1218
RESERVED
-CVE-2014-1217
- RESERVED
+CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to ...)
NOT-FOR-US: Livetecs Timelive
CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...)
NOT-FOR-US: Fitnesse Wiki
@@ -5103,8 +5352,8 @@
RESERVED
CVE-2014-0893
RESERVED
-CVE-2014-0892
- RESERVED
+CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 ...)
+ TODO: check
CVE-2014-0891
RESERVED
CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
@@ -5299,7 +5548,7 @@
RESERVED
CVE-2014-0795
RESERVED
-CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...)
+CVE-2014-0794 (SQL injection vulnerability in the JV Comment (com_jvcomment) ...)
NOT-FOR-US: JV Comment Joomla Extension
CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...)
NOT-FOR-US: Komento Joomla Extension
@@ -5315,12 +5564,10 @@
NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
-CVE-2013-7284 [libplrpc-perl remote code execution due to Storable]
- RESERVED
+CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the ...)
- libplrpc-perl <removed> (high; bug #734789)
NOTE: Upstream appears dead.
-CVE-2013-7273 [no prompt anymore after login cancel using disable_user_list]
- RESERVED
+CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list ...)
- gdm3 <unfixed> (low; bug #683338)
[wheezy] - gdm3 <no-dsa> (Minor issue)
[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
@@ -5398,8 +5645,8 @@
RESERVED
CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
NOT-FOR-US: Yokogawa CENTUM CS 3000
-CVE-2014-0780
- RESERVED
+CVE-2014-0780 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
+ TODO: check
CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 ...)
NOT-FOR-US: Schneider Electric
CVE-2014-0778 (The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows ...)
@@ -5420,8 +5667,8 @@
NOT-FOR-US: Advantech WebAccess
CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-0769
- RESERVED
+CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
+ TODO: check
CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
@@ -5438,8 +5685,8 @@
RESERVED
CVE-2014-0761
RESERVED
-CVE-2014-0760
- RESERVED
+CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
+ TODO: check
CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric ...)
NOT-FOR-US: Schneider Electric Floating License Manager
CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, ...)
@@ -5832,8 +6079,7 @@
[squeeze] - bind9 <not-affected> (Only exploitable in combination with glibc 2.17 and later)
NOTE: https://kb.isc.org/article/AA-01078
NOTE: https://kb.isc.org/article/AA-01085
-CVE-2013-7259
- RESERVED
+CVE-2013-7259 (Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J ...)
- neo4j-community <itp> (bug #685615)
NOTE: http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
CVE-2013-7258 (Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before ...)
@@ -6098,8 +6344,7 @@
RESERVED
CVE-2014-0516
RESERVED
-CVE-2014-0515
- RESERVED
+CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x ...)
NOT-FOR-US: Flash plugin
CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not ...)
NOT-FOR-US: Adobe Reader Mobile application
@@ -6181,14 +6426,11 @@
RESERVED
CVE-2014-0475
RESERVED
-CVE-2014-0474 [MySQL typecasting could result in unexpected matches]
- RESERVED
+CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
- python-django 1.6.3-1
-CVE-2014-0473 [Caching of anonymous pages could reveal CSRF token]
- RESERVED
+CVE-2014-0473 (The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, ...)
- python-django 1.6.3-1
-CVE-2014-0472 [Unexpected code execution using ``reverse()``]
- RESERVED
+CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...)
- python-django 1.6.3-1
CVE-2014-0471 [dpkg-source: directory traversal during unpack]
RESERVED
@@ -6611,14 +6853,11 @@
NOTE: https://code.google.com/p/memcached/wiki/ReleaseNotes1417
NOTE: https://code.google.com/p/memcached/issues/detail?id=316
NOTE: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32
-CVE-2013-7236
- RESERVED
+CVE-2013-7236 (Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote ...)
NOT-FOR-US: Simple Machines Forum
-CVE-2013-7235
- RESERVED
+CVE-2013-7235 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...)
NOT-FOR-US: Simple Machines Forum
-CVE-2013-7234
- RESERVED
+CVE-2013-7234 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...)
NOT-FOR-US: Simple Machines Forum
CVE-2013-7225 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: Fat Free CRM
@@ -6628,14 +6867,12 @@
NOT-FOR-US: Fat Free CRM
CVE-2013-7222 (config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has ...)
NOT-FOR-US: Fat Free CRM
-CVE-2013-7221 [run command dialog visible above screen locker]
- RESERVED
+CVE-2013-7221 (The automatic screen lock functionality in GNOME Shell (aka ...)
- gnome-shell <unfixed>
[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=708313
NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088
-CVE-2013-7220 [blind command execution via activities search keyboard focus]
- RESERVED
+CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 ...)
- gnome-shell <unfixed>
[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740
@@ -6690,8 +6927,7 @@
[wheezy] - libproc-daemon-perl <no-dsa> (Minor issue)
[squeeze] - libproc-daemon-perl <not-affected> (does not have pid_file option)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=91450
-CVE-2013-7134
- RESERVED
+CVE-2013-7134 (Juvia uses the same secret key for all installations, which allows ...)
NOT-FOR-US: Juvia
CVE-2013-7133
RESERVED
@@ -6787,8 +7023,7 @@
NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
NOTE: Not suitable for code injection
-CVE-2013-7111
- RESERVED
+CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the ...)
NOT-FOR-US: Bio Basespace SDK Ruby Gem
CVE-2013-7110
RESERVED
@@ -6815,21 +7050,17 @@
NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7083
RESERVED
-CVE-2013-7068
- RESERVED
+CVE-2013-7068 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal ...)
+ TODO: check
CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not ...)
NOT-FOR-US: Drupal module
-CVE-2013-7066
- RESERVED
+CVE-2013-7066 (The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal ...)
NOT-FOR-US: Drupal module
-CVE-2013-7065
- RESERVED
+CVE-2013-7065 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal ...)
NOT-FOR-US: Drupal module
-CVE-2013-7064
- RESERVED
+CVE-2013-7064 (Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance ...)
NOT-FOR-US: Drupal module
-CVE-2013-7063
- RESERVED
+CVE-2013-7063 (The Invitation module 7.x-2.x for Drupal does not properly check ...)
NOT-FOR-US: Drupal module
CVE-2013-7059
RESERVED
@@ -7013,16 +7244,16 @@
RESERVED
CVE-2014-0365
RESERVED
-CVE-2014-0364
- RESERVED
-CVE-2014-0363
- RESERVED
+CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API before ...)
+ TODO: check
+CVE-2014-0363 (The ServerTrustManager component in the Ignite Realtime Smack XMPP API ...)
+ TODO: check
CVE-2014-0362
RESERVED
CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global ...)
TODO: check
CVE-2014-0360
- RESERVED
+ REJECTED
CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to ...)
NOT-FOR-US: Xangati
CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...)
@@ -7041,8 +7272,7 @@
RESERVED
CVE-2014-0351
RESERVED
-CVE-2014-0350 [certificate validation issue]
- RESERVED
+CVE-2014-0350 (The Poco::Net::X509Certificate::verify method in the NetSSL library in ...)
- poco <unfixed>
TODO: check
CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote ...)
@@ -7681,11 +7911,9 @@
CVE-2014-0189
RESERVED
NOT-FOR-US: RedHat virt-who
-CVE-2014-0188
- RESERVED
+CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, ...)
NOT-FOR-US: OpenShift
-CVE-2014-0187 [Neutron security groups bypass through invalid CIDR]
- RESERVED
+CVE-2014-0187 (The openvswitch-agent process in OpenStack Neutron 2013.1 before ...)
- neutron <unfixed>
[wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and 2014.1)
CVE-2014-0186
@@ -7703,8 +7931,7 @@
RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
-CVE-2014-0181 [Linux network reconfiguration due to incorrect netlink checks]
- RESERVED
+CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...)
- linux <undetermined>
- linux-2.6 <removed>
TODO: check, details are missing from oss-security post
@@ -7752,8 +7979,7 @@
RESERVED
CVE-2014-0163
RESERVED
-CVE-2014-0162 [Remote code execution in Glance Sheepdog backend]
- RESERVED
+CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service ...)
- glance 2014.1-1
[wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3)
CVE-2014-0161
@@ -7914,17 +8140,14 @@
RESERVED
CVE-2014-0115
RESERVED
-CVE-2014-0114
- RESERVED
+CVE-2014-0114 (The ActionForm object in Apache Struts 1.x through 1.3.10 allows ...)
- libstruts1.2-java <unfixed> (bug #745897)
NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
-CVE-2014-0113
- RESERVED
+CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard ...)
- libstruts1.2-java <unfixed>
TODO: check
NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
-CVE-2014-0112
- RESERVED
+CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.16.2 does not ...)
- libstruts1.2-java <unfixed>
TODO: check
NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
@@ -8004,8 +8227,7 @@
- foreman <itp> (bug #663101)
CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
-CVE-2014-0088
- RESERVED
+CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx ...)
- nginx <not-affected> (Only affects 1.5.10)
CVE-2014-0087
RESERVED
@@ -8041,8 +8263,7 @@
- ruby-activerecord-3.2 <not-affected> (affects only rails 4.0.x)
- ruby-activerecord-2.3 <not-affected> (affects only rails 4.0.x)
- rails <not-affected> (affects only rails 4.0.x)
-CVE-2014-0079
- RESERVED
+CVE-2014-0079 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0078
RESERVED
@@ -8203,8 +8424,7 @@
- linux-2.6 <not-affected> (Introduced in 3.4+)
NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
NOTE: Debian does not enable CONFIG_X86_X32, see #708070
-CVE-2014-0037
- RESERVED
+CVE-2014-0037 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with ...)
NOT-FOR-US: rbovirt
@@ -8390,8 +8610,7 @@
CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
{DSA-2836-1}
- devscripts 2.13.9
-CVE-2013-6887
- RESERVED
+CVE-2013-6887 (OpenJPEG 1.5.1 allows remote attackers to cause a denial of service ...)
- openjpeg 1.5.2-1 (bug #731237)
[wheezy] - openjpeg <not-affected> (Only affects 1.5)
[squeeze] - openjpeg <not-affected> (Only affects 1.5)
@@ -8730,8 +8949,8 @@
RESERVED
CVE-2013-6739
RESERVED
-CVE-2013-6738
- RESERVED
+CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics ...)
+ TODO: check
CVE-2013-6737
RESERVED
CVE-2013-6736
@@ -10560,8 +10779,7 @@
CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
{DSA-2808-1}
- openjpeg 1.3+dfsg-4.7 (bug #731237)
-CVE-2013-6053
- RESERVED
+CVE-2013-6053 (OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information ...)
- openjpeg 1.5.2-1 (bug #731237)
[wheezy] - openjpeg <not-affected> (Only affects 1.5)
[squeeze] - openjpeg <not-affected> (Only affects 1.5)
@@ -10772,12 +10990,11 @@
RESERVED
CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: CiviCRM
-CVE-2013-5956
- RESERVED
+CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...)
+ TODO: check
CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the ...)
NOT-FOR-US: Joomla plugin
-CVE-2013-5954
- RESERVED
+CVE-2013-5954 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
NOT-FOR-US: OpenX
CVE-2013-5953 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Joomla component multi calendar
@@ -11505,8 +11722,8 @@
NOTE: DNS protocol flaw
NOTE: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html
NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/
-CVE-2013-5660
- RESERVED
+CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote ...)
+ TODO: check
CVE-2013-5659
RESERVED
CVE-2013-5658
@@ -13718,16 +13935,16 @@
RESERVED
CVE-2013-4727
RESERVED
-CVE-2013-4726
- RESERVED
+CVE-2013-4726 (Cross-site request forgery (CSRF) vulnerability in DDSN Interactive ...)
+ TODO: check
CVE-2013-4725
RESERVED
CVE-2013-4724
RESERVED
-CVE-2013-4723
- RESERVED
-CVE-2013-4722
- RESERVED
+CVE-2013-4723 (Open redirect vulnerability in DDSN Interactive cm3 Acora CMS ...)
+ TODO: check
+CVE-2013-4722 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2010-5288 (Buffer overflow in the lsConnectionCached function in editcp in ...)
NOT-FOR-US: EDItran Communications Platform
CVE-2013-4721 (SQL injection vulnerability in the RSS feed from records extension ...)
@@ -14155,8 +14372,7 @@
CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...)
- libapache2-mod-nss 1.0.8-4 (low; bug #731627)
[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
-CVE-2013-4565 [heap-based buffer overflow]
- RESERVED
+CVE-2013-4565 (Heap-based buffer overflow in the __OLEdecode function in ppthtml ...)
- xlhtml <removed> (bug #729279)
CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: libreswan
@@ -15049,10 +15265,9 @@
- wordpress 3.6.1+dfsg-1 (bug #722537)
NOTE: http://core.trac.wordpress.org/changeset/25325
CVE-2013-4337
- RESERVED
+ REJECTED
NOT-FOR-US: Drupal module
-CVE-2013-4336
- RESERVED
+CVE-2013-4336 (Cross-site scripting (XSS) vulnerability in the admin page in the Flag ...)
NOT-FOR-US: Drupal module
CVE-2013-4335
RESERVED
@@ -15222,8 +15437,8 @@
- tomcat6 6.0.39
- tomcat7 7.0.47
- tomcat8 8.0.0
-CVE-2013-4285
- RESERVED
+CVE-2013-4285 (A certain Gentoo patch for the PAM S/Key module does not properly ...)
+ TODO: check
CVE-2013-4284 (Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers ...)
NOT-FOR-US: Cumin
CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote ...)
@@ -15697,7 +15912,7 @@
CVE-2013-4146
RESERVED
CVE-2013-4145
- RESERVED
+ REJECTED
CVE-2013-4144
RESERVED
CVE-2013-4143
@@ -18185,8 +18400,8 @@
RESERVED
CVE-2013-3070
RESERVED
-CVE-2013-3069
- RESERVED
+CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR ...)
+ TODO: check
CVE-2013-3068
RESERVED
CVE-2013-3067
@@ -21123,8 +21338,7 @@
RESERVED
CVE-2013-2026
REJECTED
-CVE-2013-2025
- RESERVED
+CVE-2013-2025 (Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x ...)
NOT-FOR-US: Ushahidi
CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme]
RESERVED
@@ -21890,8 +22104,8 @@
RESERVED
CVE-2013-1805
RESERVED
-CVE-2013-1804
- RESERVED
+CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
+ TODO: check
CVE-2013-1803
RESERVED
CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...)
@@ -23326,7 +23540,7 @@
NOT-FOR-US: PHP Ticket System Beta
CVE-2012-6515 (eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers ...)
NOT-FOR-US: eFront
-CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_netinvoice) ...)
+CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) ...)
NOT-FOR-US: nBill for Joomla!
CVE-2012-6513 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: gpEasy CMS
@@ -26502,8 +26716,7 @@
CVE-2013-0297 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
-CVE-2013-0296 [creates temp files with too wide permissions]
- RESERVED
+CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from the ...)
- pigz 2.2.4-2 (low; bug #700608)
[squeeze] - pigz 2.1.6-1+squeeze1
CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS]
@@ -28871,8 +29084,8 @@
RESERVED
CVE-2012-5724
RESERVED
-CVE-2012-5723
- RESERVED
+CVE-2012-5723 (Cisco ASR 1000 devices with software before 3.8S, when BDI routing is ...)
+ TODO: check
CVE-2012-5722
RESERVED
CVE-2012-5721
@@ -31535,7 +31748,7 @@
CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local ...)
NOT-FOR-US: Roxio MyDVD 9
CVE-2012-4410
- RESERVED
+ REJECTED
NOTE: to be rejected
CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
@@ -33109,8 +33322,7 @@
NOT-FOR-US: jCore
CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
NOT-FOR-US: jCore
-CVE-2012-4230 [XSS attacks via security policy bypass]
- RESERVED
+CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the ...)
- tinymce <unfixed>
- python-django-tinymce <unfixed>
TODO: check
@@ -33965,8 +34177,8 @@
RESERVED
CVE-2012-3947
RESERVED
-CVE-2012-3946
- RESERVED
+CVE-2012-3946 (Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ...)
+ TODO: check
CVE-2012-3945
RESERVED
CVE-2012-3944
@@ -35211,7 +35423,7 @@
CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based ...)
- condor 7.8.2~dfsg.1-1 (bug #685366)
CVE-2012-3415
- RESERVED
+ REJECTED
- plpupload <itp> (bug #668396)
- wordpress 3.3.2
CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
@@ -36309,7 +36521,8 @@
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier ...)
NOT-FOR-US: Jaow
-CVE-2012-2951 (SQL injection vulnerability in plog-rss.php in Plogger allows remote ...)
+CVE-2012-2951
+ REJECTED
NOT-FOR-US: Plogger
CVE-2012-2950
RESERVED
@@ -37764,8 +37977,7 @@
[squeeze] - openssh 1:5.5p1-6+squeeze3
CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
- wordpress 3.0.3-1
-CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
- RESERVED
+CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...)
- blender <unfixed> (low; bug #584621)
[squeeze] - blender <no-dsa> (Minor issue)
[wheezy] - blender <no-dsa> (Minor issue)
@@ -48212,12 +48424,10 @@
{DSA-2323-1}
- radvd 1:1.8-1.1 (bug #644614)
NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3603
- RESERVED
+CVE-2011-3603 (The router advertisement daemon (radvd) before 1.8.2 does not properly ...)
NOTE: http://seclists.org/oss-sec/2011/q4/30
NOTE: should be rejected (http://seclists.org/oss-sec/2011/q4/72)
-CVE-2011-3602
- RESERVED
+CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router ...)
{DSA-2323-1}
- radvd 1:1.8-1.1 (bug #644614)
NOTE: http://seclists.org/oss-sec/2011/q4/30
@@ -49519,8 +49729,7 @@
NOTE: see bug #650307
CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows ...)
- lightdm 1.0.6-2
-CVE-2011-3152
- RESERVED
+CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before ...)
- update-manager <not-affected> (ubuntu-specific issue)
NOTE: see bug #650307
CVE-2011-3151
@@ -82610,7 +82819,7 @@
[etch] - wireshark 0.99.4-5.etch.4
CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...)
- wireshark <not-affected> (Only affects Wireshark on Windows)
-CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown ...)
+CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact ...)
NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
More information about the Secure-testing-commits
mailing list