[Secure-testing-commits] r28417 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Thu Aug 21 21:14:12 UTC 2014


Author: joeyh
Date: 2014-08-21 21:14:12 +0000 (Thu, 21 Aug 2014)
New Revision: 28417

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-08-21 20:23:50 UTC (rev 28416)
+++ data/CVE/list	2014-08-21 21:14:12 UTC (rev 28417)
@@ -1,3 +1,135 @@
+CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+	TODO: check
+CVE-2014-5381
+	RESERVED
+CVE-2014-5380
+	RESERVED
+CVE-2014-5379
+	RESERVED
+CVE-2014-5378
+	RESERVED
+CVE-2014-5377
+	RESERVED
+CVE-2014-5376
+	RESERVED
+CVE-2014-5375
+	RESERVED
+CVE-2014-5374
+	RESERVED
+CVE-2014-5373
+	RESERVED
+CVE-2014-5372
+	RESERVED
+CVE-2014-5371
+	RESERVED
+CVE-2014-5370
+	RESERVED
+CVE-2014-5369
+	RESERVED
+CVE-2014-5367
+	RESERVED
+CVE-2014-5366
+	RESERVED
+CVE-2014-5365
+	RESERVED
+CVE-2014-5364
+	RESERVED
+CVE-2014-5363
+	RESERVED
+CVE-2014-5362
+	RESERVED
+CVE-2014-5361
+	RESERVED
+CVE-2014-5360
+	RESERVED
+CVE-2014-5359
+	RESERVED
+CVE-2014-5358
+	RESERVED
+CVE-2014-5357
+	RESERVED
+CVE-2014-5355
+	RESERVED
+CVE-2014-5354
+	RESERVED
+CVE-2014-5353
+	RESERVED
+CVE-2014-5352
+	RESERVED
+CVE-2014-5351
+	RESERVED
+CVE-2014-5350 (Multiple directory traversal vulnerabilities in Bitdefender ...)
+	TODO: check
+CVE-2014-5349 (Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 ...)
+	TODO: check
+CVE-2014-5348 (Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in ...)
+	TODO: check
+CVE-2014-5347 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2014-5346 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2014-5345 (Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus ...)
+	TODO: check
+CVE-2014-5344 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud ...)
+	TODO: check
+CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...)
+	TODO: check
+CVE-2014-5342
+	RESERVED
+CVE-2014-5341
+	RESERVED
+CVE-2014-5340
+	RESERVED
+CVE-2014-5339
+	RESERVED
+CVE-2014-5338
+	RESERVED
+CVE-2014-5337
+	RESERVED
+CVE-2014-5335
+	RESERVED
+CVE-2014-5334
+	RESERVED
+CVE-2014-5332
+	RESERVED
+CVE-2014-5331
+	RESERVED
+CVE-2014-5330
+	RESERVED
+CVE-2014-5329
+	RESERVED
+CVE-2014-5328
+	RESERVED
+CVE-2014-5327
+	RESERVED
+CVE-2014-5326
+	RESERVED
+CVE-2014-5325
+	RESERVED
+CVE-2014-5324
+	RESERVED
+CVE-2014-5323
+	RESERVED
+CVE-2014-5322
+	RESERVED
+CVE-2014-5321
+	RESERVED
+CVE-2014-5320
+	RESERVED
+CVE-2014-5319
+	RESERVED
+CVE-2014-5318
+	RESERVED
+CVE-2014-5317
+	RESERVED
+CVE-2014-5316
+	RESERVED
+CVE-2014-5315
+	RESERVED
+CVE-2014-5314
+	RESERVED
+CVE-2014-5313
+	RESERVED
 CVE-2014-XXXX [possible overflow in vararg functions]
 	- lua50 <undetermined>
 	- lua5.1 <unfixed>
@@ -6,15 +138,18 @@
 	NOTE: fixed in 5.2.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1132304#c7
 	TODO: check, reproducer also available
 CVE-2014-5368
+	RESERVED
 	NOT-FOR-US: WordPress plugin wp-source-control
-CVE-2014-5333
+CVE-2014-5333 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
 	NOT-FOR-US: Adobe Flash
 	NOTE: assignment not from Adobe, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-5333
 CVE-2014-5356 [Glance store DoS through disk space exhaustion]
+	RESERVED
 	- glance <unfixed>
 	[wheezy] - glance <not-affected> (Vulnerable code not present)
 	NOTE: Versions: up to 2013.2.3 and 2014.1 to 2014.1.2
 CVE-2014-5336 [Denial of service]
+	RESERVED
 	- monkey <removed> (low)
 	[squeeze] - monkey <no-dsa> (Minor issue)
 CVE-2014-5312
@@ -422,8 +557,7 @@
 	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
 	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: https://core.trac.wordpress.org/changeset/29389 
-CVE-2014-3528 [MD5 collision authentication leak]
-	RESERVED
+CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before ...)
 	- subversion 1.8.10-1 (low)
 	[squeeze] - subversion <no-dsa> (Minor issue)
 	[wheezy] - subversion <no-dsa> (Minor issue)
@@ -791,8 +925,7 @@
 	- gcc-4.3 <removed>
 	[squeeze] - gcc-4.3 <no-dsa> (Minor issue, too intrusive to backport)
 	NOTE: https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
-CVE-2014-5033 [kauth authentication bypass]
-	RESERVED
+CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly use ...)
 	{DSA-3004-1}
 	- kde4libs 4:4.13.3-2 (bug #755814)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
@@ -1057,8 +1190,7 @@
 	RESERVED
 CVE-2014-4930
 	RESERVED
-CVE-2014-4929
-	RESERVED
+CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...)
 	- owncloud 6.0.4~beta1+dfsg-1
 	NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
 CVE-2014-4928
@@ -1405,10 +1537,10 @@
 	RESERVED
 CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
 	NOT-FOR-US: IBM Security Access Manager
-CVE-2014-4750
-	RESERVED
-CVE-2014-4749
-	RESERVED
+CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP ...)
+	TODO: check
+CVE-2014-4749 (IBM PowerVC 1.2.0 before FixPack3 does not properly use the ...)
+	TODO: check
 CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...)
 	NOT-FOR-US: IBM Sametime
 CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...)
@@ -1793,8 +1925,7 @@
 	RESERVED
 CVE-2014-4619
 	RESERVED
-CVE-2014-4618
-	RESERVED
+CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
 	NOT-FOR-US: EMC Documentum Content Server
 CVE-2014-4612
 	RESERVED
@@ -2043,8 +2174,7 @@
 	- python3.3 <removed>
 	- python3.4 3.4.0+20140417-1
 	NOTE: http://bugs.python.org/issue21529
-CVE-2014-4615
-	RESERVED
+CVE-2014-4615 (The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, ...)
 	- neutron <unfixed>
 	- ceilometer <unfixed>
 	- python-pycadf 0.5.1-1
@@ -3427,14 +3557,14 @@
 	RESERVED
 CVE-2014-3907
 	RESERVED
-CVE-2014-3906
-	RESERVED
+CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and ...)
+	TODO: check
 CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 ...)
 	TODO: check
 CVE-2014-3904 (SQL injection vulnerability in lib/admin.php in tenfourzero Shutter ...)
 	TODO: check
-CVE-2014-3903
-	RESERVED
+CVE-2014-3903 (Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x ...)
+	TODO: check
 CVE-2014-3902 (The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android ...)
 	TODO: check
 CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote ...)
@@ -4323,8 +4453,7 @@
 	RESERVED
 CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c ...)
 	- apache2 <not-affected> (Affects only Windows systems)
-CVE-2014-3522 [incorrect SSL certificate validation in Serf RA (repository access) layer]
-	RESERVED
+CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before ...)
 	- subversion 1.8.10-1
 	[wheezy] - subversion <unfixed> (unimportant)
 	[squeeze] - subversion <unfixed> (unimportant)
@@ -4352,8 +4481,7 @@
 	- php5 5.6.0~rc2+dfsg-1
 	[squeeze] - php5 5.3.3-7+squeeze21
 	NOTE: https://bugs.php.net/bug.php?id=67492
-CVE-2014-3514 [data validation bypass vulnerability]
-	RESERVED
+CVE-2014-3514 (activerecord/lib/active_record/relation/query_methods.rb in Active ...)
 	- rails 2:4.1.5-1
 	[wheezy] - rails <not-affected> (Only affects 4.0.0 and all Later Versions)
 	- rails-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
@@ -4389,8 +4517,7 @@
 CVE-2014-3505 (Double free vulnerability in d1_both.c in the DTLS implementation in ...)
 	{DSA-2998-1}
 	- openssl 1.0.1i-1
-CVE-2014-3504 [failure to properly handle a NUL character in the CommonName or SubjectAltNames fields]
-	RESERVED
+CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) ...)
 	- serf 1.3.7-1 (bug #757965)
 	[wheezy] - serf <no-dsa> (Minor issue)
 	[squeeze] - serf <no-dsa> (Minor issue)
@@ -4436,8 +4563,7 @@
 CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and ...)
 	- foreman <itp> (bug #663101)
 	NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881
-CVE-2014-3490
-	RESERVED
+CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red ...)
 	NOT-FOR-US: RESTEasy framework for JBoss
 CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ...)
 	NOT-FOR-US: Red Hat CloudForms Management Engine
@@ -4523,8 +4649,7 @@
 	RESERVED
 	- horizon 2014.1.1-3 (bug #754255)
 	[wheezy] - horizon <no-dsa> (Minor issue)
-CVE-2014-3472
-	RESERVED
+CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss ...)
 	NOT-FOR-US: JBoss Enterprise Application Platform
 CVE-2014-3471 [hw: pci: use after free triggered via guest]
 	RESERVED
@@ -4553,8 +4678,7 @@
 CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS ...)
 	- gnutls26 <not-affected> (Affected code was introduced in 3.0)
 	- gnutls28 3.2.10-1
-CVE-2014-3464
-	RESERVED
+CVE-2014-3464 (The EJB invocation handler implementation in Red Hat JBossWS, as used ...)
 	NOT-FOR-US: JBoss WS
 CVE-2014-3463
 	REJECTED
@@ -4897,11 +5021,10 @@
 	RESERVED
 CVE-2014-3342
 	RESERVED
-CVE-2014-3341
-	RESERVED
+CVE-2014-3341 (The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 ...)
 	NOT-FOR-US: Cisco NX-OS
-CVE-2014-3340
-	RESERVED
+CVE-2014-3340 (Directory traversal vulnerability in an unspecified PHP script in the ...)
+	TODO: check
 CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) ...)
@@ -4918,8 +5041,8 @@
 	NOT-FOR-US: Cisco
 CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an ...)
 	NOT-FOR-US: Cisco
-CVE-2014-3331
-	RESERVED
+CVE-2014-3331 (The Session Manager component in Packet Data Network Gateway (aka PGW) ...)
+	TODO: check
 CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly ...)
 	NOT-FOR-US: Cisco
 CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
@@ -6959,23 +7082,19 @@
 	- libyaml 0.1.4-3.2 (bug #742732)
 	- libyaml-libyaml-perl 0.41-5
 	NOTE: http://www.ocert.org/advisories/ocert-2014-003.html
-CVE-2014-2521
-	RESERVED
+CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
 	NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2520
-	RESERVED
+CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
 	NOT-FOR-US: EMC Documentum Content Server
 CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 ...)
 	NOT-FOR-US: EMC RecoverPoint Appliance
-CVE-2014-2518
-	RESERVED
+CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC ...)
 	NOT-FOR-US: EMC Documentum
-CVE-2014-2517
-	RESERVED
+CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before ...)
+	TODO: check
 CVE-2014-2516
 	RESERVED
-CVE-2014-2515
-	RESERVED
+CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, ...)
 	NOT-FOR-US: EMC Documentum
 CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...)
 	NOT-FOR-US: EMC Documentum Content Server
@@ -6983,8 +7102,7 @@
 	NOT-FOR-US: EMC Documentum Content Server
 CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
 	NOT-FOR-US: EMC Documentum eRoom
-CVE-2014-2511
-	RESERVED
+CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
 	NOT-FOR-US: EMC Documentum
 CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 ...)
 	NOT-FOR-US: EMC Documentum Foundation Services
@@ -6996,8 +7114,8 @@
 	NOT-FOR-US: EMC Documentum Content Server
 CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
 	NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2505
-	RESERVED
+CVE-2014-2505 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers ...)
+	TODO: check
 CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, ...)
 	NOT-FOR-US: EMC Documentum D2
 CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager ...)
@@ -7112,8 +7230,7 @@
 CVE-2014-2572 (mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not ...)
 	- moodle 2.6.2-1
 	[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2014-2524 [Insecure usage of temporary files]
-	RESERVED
+CVE-2014-2524 (The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 ...)
 	- readline6 6.3-7 (low; bug #741953)
 	[wheezy] - readline6 <no-dsa> (Minor issue)
 	[squeeze] - readline6 <no-dsa> (Minor issue)
@@ -11699,10 +11816,10 @@
 	NOT-FOR-US: EMC RSA NetWitness and RSA Security Analytics
 CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...)
 	NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-0641
-	RESERVED
-CVE-2014-0640
-	RESERVED
+CVE-2014-0641 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC ...)
+	TODO: check
+CVE-2014-0640 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote ...)
+	TODO: check
 CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
 	NOT-FOR-US: RSA Archer
 CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)




More information about the Secure-testing-commits mailing list