[Secure-testing-commits] r28417 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Aug 21 21:14:12 UTC 2014
Author: joeyh
Date: 2014-08-21 21:14:12 +0000 (Thu, 21 Aug 2014)
New Revision: 28417
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-21 20:23:50 UTC (rev 28416)
+++ data/CVE/list 2014-08-21 21:14:12 UTC (rev 28417)
@@ -1,3 +1,135 @@
+CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
+CVE-2014-5381
+ RESERVED
+CVE-2014-5380
+ RESERVED
+CVE-2014-5379
+ RESERVED
+CVE-2014-5378
+ RESERVED
+CVE-2014-5377
+ RESERVED
+CVE-2014-5376
+ RESERVED
+CVE-2014-5375
+ RESERVED
+CVE-2014-5374
+ RESERVED
+CVE-2014-5373
+ RESERVED
+CVE-2014-5372
+ RESERVED
+CVE-2014-5371
+ RESERVED
+CVE-2014-5370
+ RESERVED
+CVE-2014-5369
+ RESERVED
+CVE-2014-5367
+ RESERVED
+CVE-2014-5366
+ RESERVED
+CVE-2014-5365
+ RESERVED
+CVE-2014-5364
+ RESERVED
+CVE-2014-5363
+ RESERVED
+CVE-2014-5362
+ RESERVED
+CVE-2014-5361
+ RESERVED
+CVE-2014-5360
+ RESERVED
+CVE-2014-5359
+ RESERVED
+CVE-2014-5358
+ RESERVED
+CVE-2014-5357
+ RESERVED
+CVE-2014-5355
+ RESERVED
+CVE-2014-5354
+ RESERVED
+CVE-2014-5353
+ RESERVED
+CVE-2014-5352
+ RESERVED
+CVE-2014-5351
+ RESERVED
+CVE-2014-5350 (Multiple directory traversal vulnerabilities in Bitdefender ...)
+ TODO: check
+CVE-2014-5349 (Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 ...)
+ TODO: check
+CVE-2014-5348 (Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in ...)
+ TODO: check
+CVE-2014-5347 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-5346 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-5345 (Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus ...)
+ TODO: check
+CVE-2014-5344 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud ...)
+ TODO: check
+CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...)
+ TODO: check
+CVE-2014-5342
+ RESERVED
+CVE-2014-5341
+ RESERVED
+CVE-2014-5340
+ RESERVED
+CVE-2014-5339
+ RESERVED
+CVE-2014-5338
+ RESERVED
+CVE-2014-5337
+ RESERVED
+CVE-2014-5335
+ RESERVED
+CVE-2014-5334
+ RESERVED
+CVE-2014-5332
+ RESERVED
+CVE-2014-5331
+ RESERVED
+CVE-2014-5330
+ RESERVED
+CVE-2014-5329
+ RESERVED
+CVE-2014-5328
+ RESERVED
+CVE-2014-5327
+ RESERVED
+CVE-2014-5326
+ RESERVED
+CVE-2014-5325
+ RESERVED
+CVE-2014-5324
+ RESERVED
+CVE-2014-5323
+ RESERVED
+CVE-2014-5322
+ RESERVED
+CVE-2014-5321
+ RESERVED
+CVE-2014-5320
+ RESERVED
+CVE-2014-5319
+ RESERVED
+CVE-2014-5318
+ RESERVED
+CVE-2014-5317
+ RESERVED
+CVE-2014-5316
+ RESERVED
+CVE-2014-5315
+ RESERVED
+CVE-2014-5314
+ RESERVED
+CVE-2014-5313
+ RESERVED
CVE-2014-XXXX [possible overflow in vararg functions]
- lua50 <undetermined>
- lua5.1 <unfixed>
@@ -6,15 +138,18 @@
NOTE: fixed in 5.2.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1132304#c7
TODO: check, reproducer also available
CVE-2014-5368
+ RESERVED
NOT-FOR-US: WordPress plugin wp-source-control
-CVE-2014-5333
+CVE-2014-5333 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
NOT-FOR-US: Adobe Flash
NOTE: assignment not from Adobe, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-5333
CVE-2014-5356 [Glance store DoS through disk space exhaustion]
+ RESERVED
- glance <unfixed>
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: Versions: up to 2013.2.3 and 2014.1 to 2014.1.2
CVE-2014-5336 [Denial of service]
+ RESERVED
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2014-5312
@@ -422,8 +557,7 @@
[wheezy] - wordpress <not-affected> (Vulnerable code not present)
[squeeze] - wordpress <not-affected> (Vulnerable code not present)
NOTE: https://core.trac.wordpress.org/changeset/29389
-CVE-2014-3528 [MD5 collision authentication leak]
- RESERVED
+CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before ...)
- subversion 1.8.10-1 (low)
[squeeze] - subversion <no-dsa> (Minor issue)
[wheezy] - subversion <no-dsa> (Minor issue)
@@ -791,8 +925,7 @@
- gcc-4.3 <removed>
[squeeze] - gcc-4.3 <no-dsa> (Minor issue, too intrusive to backport)
NOTE: https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
-CVE-2014-5033 [kauth authentication bypass]
- RESERVED
+CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly use ...)
{DSA-3004-1}
- kde4libs 4:4.13.3-2 (bug #755814)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
@@ -1057,8 +1190,7 @@
RESERVED
CVE-2014-4930
RESERVED
-CVE-2014-4929
- RESERVED
+CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...)
- owncloud 6.0.4~beta1+dfsg-1
NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
CVE-2014-4928
@@ -1405,10 +1537,10 @@
RESERVED
CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
NOT-FOR-US: IBM Security Access Manager
-CVE-2014-4750
- RESERVED
-CVE-2014-4749
- RESERVED
+CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP ...)
+ TODO: check
+CVE-2014-4749 (IBM PowerVC 1.2.0 before FixPack3 does not properly use the ...)
+ TODO: check
CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...)
NOT-FOR-US: IBM Sametime
CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...)
@@ -1793,8 +1925,7 @@
RESERVED
CVE-2014-4619
RESERVED
-CVE-2014-4618
- RESERVED
+CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4612
RESERVED
@@ -2043,8 +2174,7 @@
- python3.3 <removed>
- python3.4 3.4.0+20140417-1
NOTE: http://bugs.python.org/issue21529
-CVE-2014-4615
- RESERVED
+CVE-2014-4615 (The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, ...)
- neutron <unfixed>
- ceilometer <unfixed>
- python-pycadf 0.5.1-1
@@ -3427,14 +3557,14 @@
RESERVED
CVE-2014-3907
RESERVED
-CVE-2014-3906
- RESERVED
+CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and ...)
+ TODO: check
CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 ...)
TODO: check
CVE-2014-3904 (SQL injection vulnerability in lib/admin.php in tenfourzero Shutter ...)
TODO: check
-CVE-2014-3903
- RESERVED
+CVE-2014-3903 (Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x ...)
+ TODO: check
CVE-2014-3902 (The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android ...)
TODO: check
CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote ...)
@@ -4323,8 +4453,7 @@
RESERVED
CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c ...)
- apache2 <not-affected> (Affects only Windows systems)
-CVE-2014-3522 [incorrect SSL certificate validation in Serf RA (repository access) layer]
- RESERVED
+CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before ...)
- subversion 1.8.10-1
[wheezy] - subversion <unfixed> (unimportant)
[squeeze] - subversion <unfixed> (unimportant)
@@ -4352,8 +4481,7 @@
- php5 5.6.0~rc2+dfsg-1
[squeeze] - php5 5.3.3-7+squeeze21
NOTE: https://bugs.php.net/bug.php?id=67492
-CVE-2014-3514 [data validation bypass vulnerability]
- RESERVED
+CVE-2014-3514 (activerecord/lib/active_record/relation/query_methods.rb in Active ...)
- rails 2:4.1.5-1
[wheezy] - rails <not-affected> (Only affects 4.0.0 and all Later Versions)
- rails-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
@@ -4389,8 +4517,7 @@
CVE-2014-3505 (Double free vulnerability in d1_both.c in the DTLS implementation in ...)
{DSA-2998-1}
- openssl 1.0.1i-1
-CVE-2014-3504 [failure to properly handle a NUL character in the CommonName or SubjectAltNames fields]
- RESERVED
+CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) ...)
- serf 1.3.7-1 (bug #757965)
[wheezy] - serf <no-dsa> (Minor issue)
[squeeze] - serf <no-dsa> (Minor issue)
@@ -4436,8 +4563,7 @@
CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and ...)
- foreman <itp> (bug #663101)
NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881
-CVE-2014-3490
- RESERVED
+CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red ...)
NOT-FOR-US: RESTEasy framework for JBoss
CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
@@ -4523,8 +4649,7 @@
RESERVED
- horizon 2014.1.1-3 (bug #754255)
[wheezy] - horizon <no-dsa> (Minor issue)
-CVE-2014-3472
- RESERVED
+CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss ...)
NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2014-3471 [hw: pci: use after free triggered via guest]
RESERVED
@@ -4553,8 +4678,7 @@
CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS ...)
- gnutls26 <not-affected> (Affected code was introduced in 3.0)
- gnutls28 3.2.10-1
-CVE-2014-3464
- RESERVED
+CVE-2014-3464 (The EJB invocation handler implementation in Red Hat JBossWS, as used ...)
NOT-FOR-US: JBoss WS
CVE-2014-3463
REJECTED
@@ -4897,11 +5021,10 @@
RESERVED
CVE-2014-3342
RESERVED
-CVE-2014-3341
- RESERVED
+CVE-2014-3341 (The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 ...)
NOT-FOR-US: Cisco NX-OS
-CVE-2014-3340
- RESERVED
+CVE-2014-3340 (Directory traversal vulnerability in an unspecified PHP script in the ...)
+ TODO: check
CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web ...)
NOT-FOR-US: Cisco
CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) ...)
@@ -4918,8 +5041,8 @@
NOT-FOR-US: Cisco
CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an ...)
NOT-FOR-US: Cisco
-CVE-2014-3331
- RESERVED
+CVE-2014-3331 (The Session Manager component in Packet Data Network Gateway (aka PGW) ...)
+ TODO: check
CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly ...)
NOT-FOR-US: Cisco
CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
@@ -6959,23 +7082,19 @@
- libyaml 0.1.4-3.2 (bug #742732)
- libyaml-libyaml-perl 0.41-5
NOTE: http://www.ocert.org/advisories/ocert-2014-003.html
-CVE-2014-2521
- RESERVED
+CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2520
- RESERVED
+CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 ...)
NOT-FOR-US: EMC RecoverPoint Appliance
-CVE-2014-2518
- RESERVED
+CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC ...)
NOT-FOR-US: EMC Documentum
-CVE-2014-2517
- RESERVED
+CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before ...)
+ TODO: check
CVE-2014-2516
RESERVED
-CVE-2014-2515
- RESERVED
+CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, ...)
NOT-FOR-US: EMC Documentum
CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...)
NOT-FOR-US: EMC Documentum Content Server
@@ -6983,8 +7102,7 @@
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum eRoom
-CVE-2014-2511
- RESERVED
+CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum
CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 ...)
NOT-FOR-US: EMC Documentum Foundation Services
@@ -6996,8 +7114,8 @@
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2505
- RESERVED
+CVE-2014-2505 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers ...)
+ TODO: check
CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, ...)
NOT-FOR-US: EMC Documentum D2
CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager ...)
@@ -7112,8 +7230,7 @@
CVE-2014-2572 (mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2014-2524 [Insecure usage of temporary files]
- RESERVED
+CVE-2014-2524 (The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 ...)
- readline6 6.3-7 (low; bug #741953)
[wheezy] - readline6 <no-dsa> (Minor issue)
[squeeze] - readline6 <no-dsa> (Minor issue)
@@ -11699,10 +11816,10 @@
NOT-FOR-US: EMC RSA NetWitness and RSA Security Analytics
CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-0641
- RESERVED
-CVE-2014-0640
- RESERVED
+CVE-2014-0641 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC ...)
+ TODO: check
+CVE-2014-0640 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote ...)
+ TODO: check
CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
NOT-FOR-US: RSA Archer
CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)
More information about the Secure-testing-commits
mailing list