[Secure-testing-commits] r28262 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Aug 13 21:14:11 UTC 2014
Author: joeyh
Date: 2014-08-13 21:14:11 +0000 (Wed, 13 Aug 2014)
New Revision: 28262
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-13 18:36:25 UTC (rev 28261)
+++ data/CVE/list 2014-08-13 21:14:11 UTC (rev 28262)
@@ -1,4 +1,127 @@
+CVE-2014-5233
+ RESERVED
+CVE-2014-5232
+ RESERVED
+CVE-2014-5231
+ RESERVED
+CVE-2014-5230
+ RESERVED
+CVE-2014-5229
+ RESERVED
+CVE-2014-5228
+ RESERVED
+CVE-2014-5227
+ RESERVED
+CVE-2014-5226
+ RESERVED
+CVE-2014-5225
+ RESERVED
+CVE-2014-5224
+ RESERVED
+CVE-2014-5223
+ RESERVED
+CVE-2014-5222
+ RESERVED
+CVE-2014-5221
+ RESERVED
+CVE-2014-5220
+ RESERVED
+CVE-2014-5219
+ RESERVED
+CVE-2014-5218
+ RESERVED
+CVE-2014-5217
+ RESERVED
+CVE-2014-5216
+ RESERVED
+CVE-2014-5215
+ RESERVED
+CVE-2014-5214
+ RESERVED
+CVE-2014-5213
+ RESERVED
+CVE-2014-5212
+ RESERVED
+CVE-2014-5211
+ RESERVED
+CVE-2014-5210
+ RESERVED
+CVE-2014-5209
+ RESERVED
+CVE-2014-5208
+ RESERVED
+CVE-2014-5202 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
+ TODO: check
+CVE-2014-5201 (SQL injection vulnerability in the Gallery Objects plugin 0.4 for ...)
+ TODO: check
+CVE-2014-5200 (SQL injection vulnerability in game_play.php in the FB Gorilla plugin ...)
+ TODO: check
+CVE-2014-5199 (Cross-site request forgery (CSRF) vulnerability in the WordPress File ...)
+ TODO: check
+CVE-2014-5198 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
+ TODO: check
+CVE-2014-5197 (Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd ...)
+ TODO: check
+CVE-2014-5196 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-5195 (Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not ...)
+ TODO: check
+CVE-2014-5194 (Static code injection vulnerability in admin/admin.php in Sphider ...)
+ TODO: check
+CVE-2014-5193 (Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider ...)
+ TODO: check
+CVE-2014-5192 (SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows ...)
+ TODO: check
+CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin before ...)
+ TODO: check
+CVE-2014-5190 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-5189 (SQL injection vulnerability in lib/optin/optin_page.php in the Lead ...)
+ TODO: check
+CVE-2014-5188 (Cross-site scripting (XSS) vulnerability in doemailpassword.tml in ...)
+ TODO: check
+CVE-2014-5187 (Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin ...)
+ TODO: check
+CVE-2014-5186 (SQL injection vulnerability in the All Video Gallery ...)
+ TODO: check
+CVE-2014-5185 (SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress ...)
+ TODO: check
+CVE-2014-5184 (SQL injection vulnerability in the stripshow-storylines page in the ...)
+ TODO: check
+CVE-2014-5183 (SQL injection vulnerability in includes/mode-edit.php in the Simple ...)
+ TODO: check
+CVE-2014-5182 (Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for ...)
+ TODO: check
+CVE-2014-5181 (Directory traversal vulnerability in lastfm-proxy.php in the Last.fm ...)
+ TODO: check
+CVE-2014-5180 (SQL injection vulnerability in the videos page in the HDW Player ...)
+ TODO: check
+CVE-2014-5178 (Multiple cross-site scripting (XSS) vulnerabilities in Easy File ...)
+ TODO: check
+CVE-2014-5176 (SAP FI Manager Self-Service has a hard-coded user name, which makes it ...)
+ TODO: check
+CVE-2014-5175 (The License Measurement servlet in SAP Solution Manager 7.1 allows ...)
+ TODO: check
+CVE-2014-5174 (The SAP Netweaver Business Warehouse component does not properly ...)
+ TODO: check
+CVE-2014-5173 (SAP HANA Extend Application Services (XS) allows remote attackers to ...)
+ TODO: check
+CVE-2014-5172 (Multiple cross-site scripting (XSS) vulnerabilities in the XS ...)
+ TODO: check
+CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt ...)
+ TODO: check
+CVE-2013-7396
+ RESERVED
+CVE-2013-7395 (ZOLL Defibrillator / Monitor X Series has a default (1) supervisor ...)
+ TODO: check
+CVE-2013-7394 (The "runshellscript echo.sh" script in Splunk before 5.0.5 allows ...)
+ TODO: check
+CVE-2012-6653 (Unspecified vulnerability in the All Video Gallery (all-video-gallery) ...)
+ TODO: check
+CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...)
+ TODO: check
CVE-2014-5207 [ro bind mount bypass using user namespaces]
+ RESERVED
- linux <unfixed>
[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
@@ -6,6 +129,7 @@
NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
TODO: check
CVE-2014-5206 [ro bind mount bypass using user namespaces]
+ RESERVED
- linux <unfixed>
[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
@@ -35,12 +159,17 @@
- wordpress 3.9.2+dfsg-1 (bug #757312)
NOTE: https://core.trac.wordpress.org/changeset/29398
CVE-2014-5205 [protections against brute attacks against CSRF tokens]
+ RESERVED
+ {DSA-3001-1}
- wordpress 3.9.2+dfsg-1 (bug #757312)
NOTE: https://core.trac.wordpress.org/changeset/29408
CVE-2014-5204 [protections against brute attacks against CSRF tokens]
+ RESERVED
+ {DSA-3001-1}
- wordpress 3.9.2+dfsg-1 (bug #757312)
NOTE: https://core.trac.wordpress.org/changeset/29384
CVE-2014-5203 [unsafe serialization vulnerability]
+ RESERVED
- wordpress 3.9.2+dfsg-1 (bug #757312)
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
[squeeze] - wordpress <not-affected> (Vulnerable code not present)
@@ -79,9 +208,9 @@
NOTE: https://github.com/ipython/ipython/issues/6246
NOTE: patch: https://github.com/ipython/ipython/commit/f58dabb277d0cdfb603d46cd01fcf29819ae7613
NOTE: in Debian patch to use mathjax from system was added right away in version 0.12
-CVE-2014-5179 [drupal6-freelinking: access bypass issue]
+CVE-2014-5179 (The freelinking module for Drupal, as used in the Freelinking for Case ...)
NOT-FOR-US: drupal6-freelinking module
-CVE-2014-5177 [Unsafe parsing of XML documents allows arbitrary file read]
+CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access ...)
- libvirt 1.2.4-1 (low)
[wheezy] - libvirt <not-affected> (Not exploitable in that version)
[squeeze] - libvirt <not-affected> (Not exploitable in that version)
@@ -97,33 +226,28 @@
RESERVED
CVE-2014-5166
RESERVED
-CVE-2014-5165 [wireshark: ASN.1 BER dissector crash]
- RESERVED
+CVE-2014-5165 (The dissect_ber_constrained_bitstring function in ...)
{DSA-3002-1}
- wireshark <unfixed>
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-11.html
-CVE-2014-5164 [wireshark: RLC dissector crash]
- RESERVED
+CVE-2014-5164 (The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC ...)
{DSA-3002-1}
- wireshark <unfixed>
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-10.html
-CVE-2014-5163 [wirehark: GTP and GSM Management dissectors crash]
- RESERVED
+CVE-2014-5163 (The APN decode functionality in (1) epan/dissectors/packet-gtp.c and ...)
{DSA-3002-1}
- wireshark <unfixed>
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-09.html
-CVE-2014-5162 [wireshark: Catapult DCT2000 and IrDA dissectors buffer underrun]
- RESERVED
+CVE-2014-5162 (The read_new_line function in wiretap/catapult_dct2000.c in the ...)
{DSA-3002-1}
- wireshark <unfixed>
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
-CVE-2014-5161 [wireshark: Catapult DCT2000 and IrDA dissectors buffer underrun]
- RESERVED
+CVE-2014-5161 (The dissect_log function in plugins/irda/packet-irda.c in the IrDA ...)
{DSA-3002-1}
- wireshark <unfixed>
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
-CVE-2014-5160
- RESERVED
+CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
+ TODO: check
CVE-2014-5159
RESERVED
CVE-2014-5158
@@ -265,12 +389,12 @@
RESERVED
CVE-2014-5091
RESERVED
-CVE-2014-5090
- RESERVED
-CVE-2014-5089
- RESERVED
-CVE-2014-5088
- RESERVED
+CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated ...)
+ TODO: check
+CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k ...)
+ TODO: check
+CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote ...)
+ TODO: check
CVE-2014-5087
RESERVED
CVE-2014-5086
@@ -281,8 +405,8 @@
RESERVED
CVE-2014-5083
RESERVED
-CVE-2014-5082
- RESERVED
+CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider ...)
+ TODO: check
CVE-2014-5081
RESERVED
CVE-2014-5080
@@ -374,8 +498,7 @@
- cairo <unfixed> (low; bug #757727)
[wheezy] - cairo <no-dsa> (Minor issue)
[squeeze] - cairo <no-dsa> (Minor issue)
-CVE-2014-5077 [net: SCTP: NULL pointer dereference]
- RESERVED
+CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ...)
- linux 3.14.15-1
- linux-2.6 <removed>
NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
@@ -438,8 +561,7 @@
RESERVED
CVE-2011-5281
RESERVED
-CVE-2014-5045 [vfs: refcount issues during unmount on symlink]
- RESERVED
+CVE-2014-5045 (The mountpoint_last function in fs/namei.c in the Linux kernel before ...)
- linux 3.14.15-1
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2014/7/21/98
@@ -1048,14 +1170,14 @@
RESERVED
CVE-2014-4761
RESERVED
-CVE-2014-4760
- RESERVED
+CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through ...)
+ TODO: check
CVE-2014-4759
RESERVED
CVE-2014-4758
RESERVED
-CVE-2014-4757
- RESERVED
+CVE-2014-4757 (The Outlook Extension in IBM Content Collector 4.0.0.x before ...)
+ TODO: check
CVE-2014-4756
RESERVED
CVE-2014-4755
@@ -1066,8 +1188,8 @@
RESERVED
CVE-2014-4752
RESERVED
-CVE-2014-4751
- RESERVED
+CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
+ TODO: check
CVE-2014-4750
RESERVED
CVE-2014-4749
@@ -1076,8 +1198,8 @@
NOT-FOR-US: IBM Sametime
CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...)
NOT-FOR-US: IBM Sametime
-CVE-2014-4746
- RESERVED
+CVE-2014-4746 (IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 ...)
+ TODO: check
CVE-2014-4745
RESERVED
CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket before ...)
@@ -1205,9 +1327,9 @@
CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
NOT-FOR-US: Trimble SketchUp
CVE-2012-6652
+ RESERVED
NOT-FOR-US: WordPress plugin wppageflip
-CVE-2012-6651
- RESERVED
+CVE-2012-6651 (Multiple directory traversal vulnerabilities in the Vitamin plugin ...)
NOT-FOR-US: WordPress plugin vitamin
CVE-2012-6650
RESERVED
@@ -1313,8 +1435,8 @@
RESERVED
CVE-2014-4651
RESERVED
-CVE-2014-4647
- RESERVED
+CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the ...)
+ TODO: check
CVE-2014-4646 (Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK ...)
NOT-FOR-US: Foxit PDF SDK
CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link ...)
@@ -2677,42 +2799,42 @@
RESERVED
CVE-2014-4068
RESERVED
-CVE-2014-4067
- RESERVED
+CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-4066
RESERVED
CVE-2014-4065
RESERVED
-CVE-2014-4064
- RESERVED
-CVE-2014-4063
- RESERVED
-CVE-2014-4062
- RESERVED
-CVE-2014-4061
- RESERVED
-CVE-2014-4060
- RESERVED
+CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2014-4063 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4062 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 ...)
+ TODO: check
+CVE-2014-4061 (Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not ...)
+ TODO: check
+CVE-2014-4060 (Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows ...)
+ TODO: check
CVE-2014-4059
RESERVED
-CVE-2014-4058
- RESERVED
-CVE-2014-4057
- RESERVED
-CVE-2014-4056
- RESERVED
-CVE-2014-4055
- RESERVED
+CVE-2014-4058 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4057 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-4056 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-4054
RESERVED
CVE-2014-4053
RESERVED
-CVE-2014-4052
- RESERVED
-CVE-2014-4051
- RESERVED
-CVE-2014-4050
- RESERVED
+CVE-2014-4052 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4051 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4050 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-4042
RESERVED
CVE-2014-4041
@@ -3061,8 +3183,8 @@
NOTE: Only exploitable on Windows
CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...)
NOT-FOR-US: Rocket Servergraph
-CVE-2014-3914
- RESERVED
+CVE-2014-3914 (Directory traversal vulnerability in the Admin Center for Tivoli ...)
+ TODO: check
CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow ...)
NOT-FOR-US: Ericom AccessNow Server
CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList method in ...)
@@ -3087,12 +3209,12 @@
RESERVED
CVE-2014-3902
RESERVED
-CVE-2014-3901
- RESERVED
+CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote ...)
+ TODO: check
CVE-2014-3900
RESERVED
-CVE-2014-3899
- RESERVED
+CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to ...)
+ TODO: check
CVE-2014-3898
RESERVED
CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
@@ -3191,20 +3313,15 @@
- fish <unfixed> (low; bug #746259)
[squeeze] - fish <no-dsa> (Minor issue)
[wheezy] - fish <no-dsa> (Minor issue)
-CVE-2014-3855
- RESERVED
+CVE-2014-3855 (Directory traversal vulnerability in download.py in Pyplate 0.08 ...)
NOT-FOR-US: Pyplate
-CVE-2014-3854
- RESERVED
+CVE-2014-3854 (Cross-site request forgery (CSRF) vulnerability in admin/addScript.py ...)
NOT-FOR-US: Pyplate
-CVE-2014-3853
- RESERVED
+CVE-2014-3853 (Pyplate 0.08 does not set the secure flag for the id cookie in an ...)
NOT-FOR-US: Pyplate
-CVE-2014-3852
- RESERVED
+CVE-2014-3852 (Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header ...)
NOT-FOR-US: Pyplate
-CVE-2014-3851
- RESERVED
+CVE-2014-3851 (usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses ...)
NOT-FOR-US: Pyplate
CVE-2014-3850 (Cross-site request forgery (CSRF) vulnerability in the Member Approval ...)
NOT-FOR-US: WordPress plugin Member Approval 131109
@@ -3818,13 +3935,11 @@
- 389-ds-base 1.3.2.21-1 (bug #757437)
CVE-2014-3561
RESERVED
-CVE-2014-3560 [Remote code execution in nmbd]
- RESERVED
+CVE-2014-3560 (NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and ...)
- samba 2:4.1.11+dfsg-1 (bug #756759)
[squeeze] - samba <not-affected> (Only affects 4.x)
[wheezy] - samba <not-affected> (Only affects 4.x)
-CVE-2014-3559
- RESERVED
+CVE-2014-3559 (The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 ...)
NOT-FOR-US: ovirt-engine-backend
CVE-2014-3558
RESERVED
@@ -3839,8 +3954,7 @@
NOTE: fixed in nginx 1.7.4, 1.6.1
CVE-2014-3555 (OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno ...)
- neutron 2014.1.1-3 (bug #755134)
-CVE-2014-3554 [buffer overflow]
- RESERVED
+CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp ...)
- libndp 1.4-1 (bug #756389)
CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...)
- moodle <unfixed>
@@ -3910,8 +4024,7 @@
RESERVED
CVE-2014-3535
RESERVED
-CVE-2014-3534 [Kernel memory protection bypass on s390]
- RESERVED
+CVE-2014-3534 (arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the ...)
{DSA-2992-1}
- linux 3.14.13-2 (bug #728705)
- linux-2.6 <not-affected> (Vulnerable code was introduced later)
@@ -3961,8 +4074,7 @@
- linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour)
CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss ...)
NOT-FOR-US: JBoss Application Server
-CVE-2014-3517 [Use of non-constant time comparison operation]
- RESERVED
+CVE-2014-3517 (api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, ...)
- nova 2014.1.1-8 (bug #755042)
[wheezy] - nova <no-dsa> (Minor issue)
[wheezy] - nova <not-affected> (Only exploitable when used with neutron, which is not in stable)
@@ -4062,8 +4174,7 @@
NOT-FOR-US: RESTEasy framework for JBoss
CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2014-3488 [DoS]
- RESERVED
+CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...)
- netty <not-affected> (Introduced in 3.9.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects 3.9.0 and 3.9.1
CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in ...)
@@ -4194,28 +4305,23 @@
RESERVED
CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
NOT-FOR-US: OpenX
-CVE-2014-3800 [file containing a password world readable]
- RESERVED
+CVE-2014-3800 (XBMC 13.0 uses world-readable permissions for ...)
- xbmc <unfixed> (low; bug #747428)
[wheezy] - xbmc <no-dsa> (Minor issue)
NOTE: http://trac.xbmc.org/ticket/15198
-CVE-2014-3774 [Multiple XSS vectors in items.php]
- RESERVED
+CVE-2014-3774 (Multiple cross-site scripting (XSS) vulnerabilities in items.php in ...)
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
-CVE-2014-3773 [Multiple SQL injection vectors in sources/main.queries.php]
- RESERVED
+CVE-2014-3773 (Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow ...)
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
-CVE-2014-3772 [File execution protection bypass via incorrect use of session variables]
- RESERVED
+CVE-2014-3772 (TeamPass before 2.1.20 allows remote attackers to bypass access ...)
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
-CVE-2014-3771 [File execution protection bypass via language path injection]
- RESERVED
+CVE-2014-3771 (TeamPass before 2.1.20 allows remote attackers to bypass access ...)
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
CVE-2014-4703 [check_dhcp: Race Condition]
@@ -4281,8 +4387,8 @@
NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the ...)
NOT-FOR-US: NetIQ Sentinel
-CVE-2014-3459
- RESERVED
+CVE-2014-3459 (Heap-based buffer overflow in SolarWinds Network Configuration Manager ...)
+ TODO: check
CVE-2014-3458
RESERVED
CVE-2014-3457
@@ -4349,16 +4455,15 @@
RESERVED
CVE-2014-3435
RESERVED
-CVE-2014-3434
- RESERVED
+CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
+ TODO: check
CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...)
NOT-FOR-US: Symantec
CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in ...)
NOT-FOR-US: Symantec
CVE-2014-3431 (Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x ...)
NOT-FOR-US: Symantec PGP Desktop
-CVE-2014-3429 [Cross domain websocket hijacking]
- RESERVED
+CVE-2014-3429 (IPython Notebook 0.12 through 1.x before 1.2 does not validate the ...)
- ipython 1.2.0~rc1-1 (low)
[wheezy] - ipython <no-dsa> (Minor issue)
[squeeze] - ipython <not-affected> (Vulnerable code not present)
@@ -4529,32 +4634,32 @@
RESERVED
CVE-2014-3340
RESERVED
-CVE-2014-3339
- RESERVED
-CVE-2014-3338
- RESERVED
-CVE-2014-3337
- RESERVED
-CVE-2014-3336
- RESERVED
+CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web ...)
+ TODO: check
+CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) ...)
+ TODO: check
+CVE-2014-3337 (The SIP implementation in Cisco Unified Communications Manager (CM) ...)
+ TODO: check
+CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity ...)
+ TODO: check
CVE-2014-3335
RESERVED
CVE-2014-3334
RESERVED
-CVE-2014-3333
- RESERVED
-CVE-2014-3332
- RESERVED
+CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...)
+ TODO: check
+CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an ...)
+ TODO: check
CVE-2014-3331
RESERVED
-CVE-2014-3330
- RESERVED
+CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly ...)
+ TODO: check
CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server ...)
NOT-FOR-US: Cisco Unified Presence Server
-CVE-2014-3327
- RESERVED
+CVE-2014-3327 (The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 ...)
+ TODO: check
CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security ...)
NOT-FOR-US: Cisco Security Manager
CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
@@ -4603,8 +4708,8 @@
NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly ...)
NOT-FOR-US: Cisco WebEx Meetings Server
-CVE-2014-3302
- RESERVED
+CVE-2014-3302 (user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does ...)
+ TODO: check
CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) ...)
NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
@@ -4705,8 +4810,7 @@
RESERVED
CVE-2014-3252
RESERVED
-CVE-2014-3251
- RESERVED
+CVE-2014-3251 (The MCollective aes_security plugin, as used in Puppet Enterprise ...)
- mcollective <unfixed>
NOTE: Mcollective are not configured to use the plugin and are not vulnerable by default.
NOTE: http://puppetlabs.com/security/cve/cve-2014-3251
@@ -4964,12 +5068,12 @@
RESERVED
CVE-2014-3168
RESERVED
-CVE-2014-3167
- RESERVED
-CVE-2014-3166
- RESERVED
-CVE-2014-3165
- RESERVED
+CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+ TODO: check
+CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before ...)
+ TODO: check
+CVE-2014-3165 (Use-after-free vulnerability in ...)
+ TODO: check
CVE-2014-3164
RESERVED
CVE-2014-3163
@@ -5137,8 +5241,8 @@
RESERVED
CVE-2014-3103
RESERVED
-CVE-2014-3102
- RESERVED
+CVE-2014-3102 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 ...)
+ TODO: check
CVE-2014-3101
RESERVED
CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...)
@@ -5169,8 +5273,8 @@
NOT-FOR-US: IBM Sametime
CVE-2014-3087
RESERVED
-CVE-2014-3086
- RESERVED
+CVE-2014-3086 (Unspecified vulnerability in the IBM Java Virtual Machine, as used in ...)
+ TODO: check
CVE-2014-3085
RESERVED
CVE-2014-3084
@@ -5189,22 +5293,22 @@
RESERVED
CVE-2014-3077
RESERVED
-CVE-2014-3076
- RESERVED
+CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote ...)
+ TODO: check
CVE-2014-3075
RESERVED
CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local ...)
NOT-FOR-US: IBM AIX
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for ...)
NOT-FOR-US: Novell Identity Manager
-CVE-2014-3072
- RESERVED
+CVE-2014-3072 (Unspecified vulnerability in the Automation Server in IBM Security ...)
+ TODO: check
CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
NOT-FOR-US: IBM InfoSphere
CVE-2014-3070
RESERVED
-CVE-2014-3069
- RESERVED
+CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access ...)
+ TODO: check
CVE-2014-3068
RESERVED
CVE-2014-3067
@@ -5279,8 +5383,8 @@
RESERVED
CVE-2014-3032
RESERVED
-CVE-2014-3031
- RESERVED
+CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business ...)
+ TODO: check
CVE-2014-3030
RESERVED
CVE-2014-3029
@@ -5323,8 +5427,8 @@
NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-3009
- RESERVED
+CVE-2014-3009 (The GDS component in IBM InfoSphere Master Data Management - ...)
+ TODO: check
CVE-2014-3008 (Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to ...)
NOT-FOR-US: Unitrends Enterprise Backup
CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might ...)
@@ -5792,46 +5896,46 @@
RESERVED
CVE-2014-2829 (Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly ...)
NOT-FOR-US: MongooseIM
-CVE-2014-2827
- RESERVED
-CVE-2014-2826
- RESERVED
-CVE-2014-2825
- RESERVED
-CVE-2014-2824
- RESERVED
-CVE-2014-2823
- RESERVED
-CVE-2014-2822
- RESERVED
-CVE-2014-2821
- RESERVED
-CVE-2014-2820
- RESERVED
-CVE-2014-2819
- RESERVED
-CVE-2014-2818
- RESERVED
-CVE-2014-2817
- RESERVED
-CVE-2014-2816
- RESERVED
-CVE-2014-2815
- RESERVED
+CVE-2014-2827 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2826 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2825 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2824 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2823 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2822 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2821 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2820 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2819 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2818 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2817 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2816 (Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint ...)
+ TODO: check
+CVE-2014-2815 (Microsoft OneNote 2007 SP3 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-2814 (Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and ...)
NOT-FOR-US: Microsoft Server
CVE-2014-2813 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2812
RESERVED
-CVE-2014-2811
- RESERVED
-CVE-2014-2810
- RESERVED
+CVE-2014-2811 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2810 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-2809 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-2808
- RESERVED
+CVE-2014-2808 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2807 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2806 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -5854,8 +5958,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2797 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-2796
- RESERVED
+CVE-2014-2796 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2795 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2794 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
@@ -5878,8 +5982,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2785 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-2784
- RESERVED
+CVE-2014-2784 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2783 (Microsoft Internet Explorer 7 through 11 does not prevent use of ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
@@ -5898,8 +6002,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2775 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-2774
- RESERVED
+CVE-2014-2774 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2773 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2772 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
@@ -6382,19 +6486,16 @@
RESERVED
CVE-2014-2632
RESERVED
-CVE-2014-2631
- RESERVED
+CVE-2014-2631 (Unspecified vulnerability in HP Application Lifecycle Management (aka ...)
NOT-FOR-US: HP Application Lifecycle Management / Quality Center
-CVE-2014-2630
- RESERVED
+CVE-2014-2630 (Unspecified vulnerability in HP Operations Agent 11.00, when Glance is ...)
NOT-FOR-US: HP Operations Agent
-CVE-2014-2629
- RESERVED
-CVE-2014-2628
- RESERVED
+CVE-2014-2629 (HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, ...)
+ TODO: check
+CVE-2014-2628 (Unspecified vulnerability in HP Enterprise Maps 1 allows remote ...)
NOT-FOR-US: HP Enterprise Maps
-CVE-2014-2627
- RESERVED
+CVE-2014-2627 (Unspecified vulnerability in HP NonStop NetBatch G06.14 through ...)
+ TODO: check
CVE-2014-2626 (Directory traversal vulnerability in the toServerObject function in HP ...)
NOT-FOR-US: HP Network Virtualization
CVE-2014-2625 (Directory traversal vulnerability in the storedNtxFile function in HP ...)
@@ -7117,8 +7218,8 @@
RESERVED
CVE-2014-2358
RESERVED
-CVE-2014-2357
- RESERVED
+CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in ...)
+ TODO: check
CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
NOT-FOR-US: Innominate mGuard
CVE-2014-2355
@@ -8645,10 +8746,10 @@
RESERVED
CVE-2014-1821
RESERVED
-CVE-2014-1820
- RESERVED
-CVE-2014-1819
- RESERVED
+CVE-2014-1820 (Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) ...)
+ TODO: check
+CVE-2014-1819 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2014-1818 (GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
NOT-FOR-US: Microsoft Windows
CVE-2014-1817 (usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft ...)
@@ -8657,8 +8758,8 @@
NOT-FOR-US: Microsoft XML Core Services
CVE-2014-1815 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1814
- RESERVED
+CVE-2014-1814 (The Windows Installer in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
CVE-2014-1813 (Microsoft Web Applications 2010 SP1 and SP2 allows remote ...)
NOT-FOR-US: Microsoft
CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, ...)
@@ -10389,8 +10490,7 @@
NOT-FOR-US: rexx Recruitment
CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx ...)
NOT-FOR-US: Telligent Evolution
-CVE-2014-1222
- RESERVED
+CVE-2014-1222 (Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM ...)
NOT-FOR-US: vTiger CRM
CVE-2014-1221
RESERVED
@@ -10490,8 +10590,8 @@
RESERVED
CVE-2014-0973
RESERVED
-CVE-2014-0972
- RESERVED
+CVE-2014-0972 (The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm ...)
+ TODO: check
CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote ...)
NOT-FOR-US: VASCO IAS
CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote ...)
@@ -10624,8 +10724,8 @@
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0953
- RESERVED
+CVE-2014-0953 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
+ TODO: check
CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM ...)
@@ -11676,24 +11776,24 @@
RESERVED
CVE-2014-0547
RESERVED
-CVE-2014-0546
- RESERVED
-CVE-2014-0545
- RESERVED
-CVE-2014-0544
- RESERVED
-CVE-2014-0543
- RESERVED
-CVE-2014-0542
- RESERVED
-CVE-2014-0541
- RESERVED
-CVE-2014-0540
- RESERVED
+CVE-2014-0546 (Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 ...)
+ TODO: check
+CVE-2014-0545 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
+ TODO: check
+CVE-2014-0544 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
+ TODO: check
+CVE-2014-0543 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
+ TODO: check
+CVE-2014-0542 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
+ TODO: check
+CVE-2014-0541 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
+ TODO: check
+CVE-2014-0540 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
+ TODO: check
CVE-2014-0539 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-0538
- RESERVED
+CVE-2014-0538 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 ...)
+ TODO: check
CVE-2014-0537 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
@@ -11810,8 +11910,7 @@
RESERVED
CVE-2014-0480
RESERVED
-CVE-2014-0479
- RESERVED
+CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows ...)
{DSA-2997-1}
- reportbug 6.5.0+nmu1
CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which ...)
@@ -13065,12 +13164,12 @@
RESERVED
CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...)
NOT-FOR-US: Microsoft
-CVE-2014-0318
- RESERVED
+CVE-2014-0318 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in ...)
NOT-FOR-US: Microsoft
-CVE-2014-0316
- RESERVED
+CVE-2014-0316 (Memory leak in the Local RPC (LRPC) server implementation in Microsoft ...)
+ TODO: check
CVE-2014-0315 (Untrusted search path vulnerability in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft
CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
@@ -13466,8 +13565,7 @@
[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport to 2.6.32)
CVE-2014-0180 (The wait_for_task function in ...)
NOT-FOR-US: RedHat CloudForms Management Engine
-CVE-2014-0179 [Unsafe parsing of XML documents allows arbitrary file read]
- RESERVED
+CVE-2014-0179 (libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...)
- libvirt 1.2.4-1 (unimportant)
NOTE: no ACL mechanism in squeeze and wheezy and all access is root-equivalent
CVE-2014-0178 (Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before ...)
@@ -14468,8 +14566,8 @@
RESERVED
CVE-2013-6772
RESERVED
-CVE-2013-6771
- RESERVED
+CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk ...)
+ TODO: check
CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for ...)
NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6769 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for ...)
@@ -17095,15 +17193,12 @@
CVE-2013-5760 (QNAP Photo Station before firmware 4.0.3 build0912 allows remote ...)
NOT-FOR-US: QNAP firmware
CVE-2013-5759
- RESERVED
-CVE-2013-5758
- RESERVED
+ REJECTED
+CVE-2013-5758 (cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote ...)
NOT-FOR-US: Yealink VoIP Phone
-CVE-2013-5757
- RESERVED
+CVE-2013-5757 (Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G ...)
NOT-FOR-US: Yealink VoIP Phone
-CVE-2013-5756
- RESERVED
+CVE-2013-5756 (Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G ...)
NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5755 (config/.htpasswd in Yealink IP Phone SIP-T38G have a hardcoded ...)
NOT-FOR-US: Yealink IP Phone
@@ -18023,8 +18118,8 @@
RESERVED
CVE-2013-5434
RESERVED
-CVE-2013-5433
- RESERVED
+CVE-2013-5433 (The Data Growth Solution for JD Edwards EnterpriseOne in IBM ...)
+ TODO: check
CVE-2013-5432
RESERVED
CVE-2013-5431 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
@@ -21452,8 +21547,7 @@
[wheezy] - lcms2 2.2+git20110628-2.2+deb7u1
NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
-CVE-2013-4159 [temporary file vulnerabilities]
- RESERVED
+CVE-2013-4159 (ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary ...)
- ctdb 2.5.1+debian0-1 (bug #749840)
[wheezy] - ctdb <no-dsa> (Minor issue)
[squeeze] - ctdb <no-dsa> (Minor issue)
@@ -38915,8 +39009,8 @@
RESERVED
CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...)
NOT-FOR-US: MF Gig Calendar
-CVE-2012-4241
- RESERVED
+CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 ...)
+ TODO: check
CVE-2012-4240
RESERVED
CVE-2012-4239
@@ -56080,8 +56174,8 @@
NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
NOT-FOR-US: RealNetworks RealPlayer
-CVE-2011-2944
- RESERVED
+CVE-2011-2944 (SQL injection vulnerability in login.php in MegaLab The Uploader ...)
+ TODO: check
CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in ...)
- pidgin 2.10.0-1 (bug #638709)
[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
@@ -57164,8 +57258,8 @@
CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...)
NOT-FOR-US: KMPlayer
NOTE: This is http://www.kmplayer.com and not our kmplayer package.
-CVE-2011-2593
- RESERVED
+CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX ...)
+ TODO: check
CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom ...)
NOT-FOR-US: ActiveX control for Citrix Access Gateway
CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow ...)
More information about the Secure-testing-commits
mailing list