[Secure-testing-commits] r28475 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Aug 26 21:14:11 UTC 2014
Author: joeyh
Date: 2014-08-26 21:14:11 +0000 (Tue, 26 Aug 2014)
New Revision: 28475
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-08-26 17:19:10 UTC (rev 28474)
+++ data/CVE/list 2014-08-26 21:14:11 UTC (rev 28475)
@@ -1,3 +1,149 @@
+CVE-2014-5458 (SQL injection vulnerability in sqrl_verify.php in php-sqrl allows ...)
+ TODO: check
+CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, ...)
+ TODO: check
+CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module ...)
+ TODO: check
+CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service in ...)
+ TODO: check
+CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in ...)
+ TODO: check
+CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: ...)
+ TODO: check
+CVE-2014-5452
+ RESERVED
+CVE-2014-5451
+ RESERVED
+CVE-2014-5446
+ RESERVED
+CVE-2014-5445
+ RESERVED
+CVE-2014-5444
+ RESERVED
+CVE-2014-5442
+ RESERVED
+CVE-2014-5441
+ RESERVED
+CVE-2014-5440
+ RESERVED
+CVE-2014-5439
+ RESERVED
+CVE-2014-5438
+ RESERVED
+CVE-2014-5437
+ RESERVED
+CVE-2014-5436
+ RESERVED
+CVE-2014-5435
+ RESERVED
+CVE-2014-5434
+ RESERVED
+CVE-2014-5433
+ RESERVED
+CVE-2014-5432
+ RESERVED
+CVE-2014-5431
+ RESERVED
+CVE-2014-5430
+ RESERVED
+CVE-2014-5429
+ RESERVED
+CVE-2014-5428
+ RESERVED
+CVE-2014-5427
+ RESERVED
+CVE-2014-5426
+ RESERVED
+CVE-2014-5425
+ RESERVED
+CVE-2014-5424
+ RESERVED
+CVE-2014-5423
+ RESERVED
+CVE-2014-5422
+ RESERVED
+CVE-2014-5421
+ RESERVED
+CVE-2014-5420
+ RESERVED
+CVE-2014-5419
+ RESERVED
+CVE-2014-5418
+ RESERVED
+CVE-2014-5417
+ RESERVED
+CVE-2014-5416
+ RESERVED
+CVE-2014-5415
+ RESERVED
+CVE-2014-5414
+ RESERVED
+CVE-2014-5413
+ RESERVED
+CVE-2014-5412
+ RESERVED
+CVE-2014-5411
+ RESERVED
+CVE-2014-5410
+ RESERVED
+CVE-2014-5409
+ RESERVED
+CVE-2014-5408
+ RESERVED
+CVE-2014-5407
+ RESERVED
+CVE-2014-5406
+ RESERVED
+CVE-2014-5405
+ RESERVED
+CVE-2014-5404
+ RESERVED
+CVE-2014-5403
+ RESERVED
+CVE-2014-5402
+ RESERVED
+CVE-2014-5401
+ RESERVED
+CVE-2014-5400
+ RESERVED
+CVE-2014-5399
+ RESERVED
+CVE-2014-5398
+ RESERVED
+CVE-2014-5397
+ RESERVED
+CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...)
+ TODO: check
+CVE-2014-5395
+ RESERVED
+CVE-2014-5394
+ RESERVED
+CVE-2014-5393
+ RESERVED
+CVE-2014-5392
+ RESERVED
+CVE-2014-5391
+ RESERVED
+CVE-2014-5390
+ RESERVED
+CVE-2014-5389
+ RESERVED
+CVE-2014-5387
+ RESERVED
+CVE-2014-5386
+ RESERVED
+CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 ...)
+ TODO: check
+CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...)
+ TODO: check
+CVE-2014-5383 (SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows ...)
+ TODO: check
+CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...)
+ TODO: check
+CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
+ TODO: check
+CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
+ TODO: check
CVE-2014-XXXX [unbound recursion in ISOFS]
- linux <unfixed>
- linux-2.6 <removed>
@@ -11,16 +157,22 @@
CVE-2014-XXXX [insecurely used the /tmp/ directory for cache data]
- php5 <unfixed> (bug #759282)
CVE-2014-5450
+ RESERVED
- zarafa <itp> (bug #658433)
CVE-2014-5449
+ RESERVED
- zarafa <itp> (bug #658433)
CVE-2014-5448
+ RESERVED
- zarafa <itp> (bug #658433)
CVE-2014-5447
+ RESERVED
- zarafa <itp> (bug #658433)
CVE-2014-5443
+ RESERVED
- seafile <itp> (bug #709295)
CVE-2014-5388 [array out of bounds]
+ RESERVED
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
@@ -122,14 +274,13 @@
- check-mk <unfixed> (bug #758883)
[wheezy] - check-mk <not-affected> (Vulnerable code not present)
NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18
-CVE-2014-5338 [Reflected Cross-Site Scripting (XSS)]
- RESERVED
+CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite ...)
- check-mk <not-affected> (Vulnerable code not present)
NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4b71709456bfc2ffc27a3583f13cc2ac0e726709
CVE-2014-5337
RESERVED
-CVE-2014-5335
- RESERVED
+CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2014-5334
RESERVED
CVE-2014-5332
@@ -179,14 +330,12 @@
NOTE: http://www.lua.org/bugs.html#5.2.2-1
NOTE: fixed in 5.2.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1132304#c7
TODO: check, reproducer also available
-CVE-2014-5368
- RESERVED
+CVE-2014-5368 (Directory traversal vulnerability in the file_get_contents function in ...)
NOT-FOR-US: WordPress plugin wp-source-control
CVE-2014-5333 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
NOT-FOR-US: Adobe Flash
NOTE: assignment not from Adobe, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-5333
-CVE-2014-5356 [Glance store DoS through disk space exhaustion]
- RESERVED
+CVE-2014-5356 (OpenStack Image Registry and Delivery Service (Glance) before ...)
- glance <unfixed>
[wheezy] - glance <not-affected> (Vulnerable code not present)
NOTE: Versions: up to 2013.2.3 and 2014.1 to 2014.1.2
@@ -282,8 +431,8 @@
RESERVED
CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows ...)
NOT-FOR-US: MyBB
-CVE-2014-5246
- RESERVED
+CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware ...)
+ TODO: check
CVE-2014-5245
RESERVED
CVE-2014-5244
@@ -302,12 +451,10 @@
RESERVED
CVE-2012-6654 (Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier ...)
NOT-FOR-US: ZPanel
-CVE-2014-5274 [XSS in view operations page]
- RESERVED
+CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page ...)
- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
-CVE-2014-5273 [Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages]
- RESERVED
+CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
CVE-2014-5268
@@ -333,13 +480,11 @@
- libav <unfixed>
[wheezy] - libav <not-affected> (Vulnerable code not present)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
-CVE-2014-5262 [SQL injection]
- RESERVED
+CVE-2014-5262 (SQL injection vulnerability in the graph settings script ...)
{DSA-3007-1}
- cacti 0.8.8b+dfsg-8
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
-CVE-2014-5261 [cacti remote code execution]
- RESERVED
+CVE-2014-5261 (The graph settings script (graph_settings.php) in Cacti 0.8.8b and ...)
{DSA-3007-1}
- cacti 0.8.8b+dfsg-8
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
@@ -374,20 +519,17 @@
- drupal7 7.31-1
- drupal6 <removed>
NOTE: https://www.drupal.org/SA-CORE-2014-004
-CVE-2014-5253 [vulnerabilities in Keystone revocation events]
- RESERVED
+CVE-2014-5253 (OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno ...)
- keystone 2014.1.2.1-1
[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
NOTE: https://launchpad.net/bugs/1349597
NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=317f9d34b4da20c21edd5b851889298b67c843e1
-CVE-2014-5252 [vulnerabilities in Keystone revocation events]
- RESERVED
+CVE-2014-5252 (The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 ...)
- keystone 2014.1.2.1-1
[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
NOTE: https://launchpad.net/bugs/1348820
NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
-CVE-2014-5251 [vulnerabilities in Keystone revocation events]
- RESERVED
+CVE-2014-5251 (The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x ...)
- keystone 2014.1.2.1-1
[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
NOTE: https://launchpad.net/bugs/1347961
@@ -427,19 +569,16 @@
[wheezy] - dhcpcd5 <no-dsa> (Minor issue)
- dhcpcd <not-affected> (Affects dhcpcd 4.0.0 to 6.4.2)
NOTE: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
-CVE-2014-5243 [Copy prevent-clickjacking between OutputPage and ParserOutput]
- RESERVED
+CVE-2014-5243 (MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and ...)
{DSA-3011-1}
- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65778
-CVE-2014-5242 [XSS]
- RESERVED
+CVE-2014-5242 (Cross-site scripting (XSS) vulnerability in ...)
- mediawiki <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=66608
NOTE: Introduced in 1.22wmf14, https://bugzilla.wikimedia.org/show_bug.cgi?id=66608#c18
-CVE-2014-5241 [Prepend jsonp callback with comment]
- RESERVED
+CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki ...)
{DSA-3011-1}
- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
[squeeze] - mediawiki <end-of-life>
@@ -490,8 +629,8 @@
RESERVED
CVE-2014-5211
RESERVED
-CVE-2014-5210
- RESERVED
+CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
+ TODO: check
CVE-2014-5209
RESERVED
CVE-2014-5208
@@ -558,11 +697,13 @@
CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt ...)
NOT-FOR-US: SAP
CVE-2013-7398 [No SSL HostName verification]
+ RESERVED
- async-http-client <unfixed>
NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/197
NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/3c9152e2c75f7e8b654beec40383748a14c6b51b
TODO: check
CVE-2013-7397 [SSL/TLS certificate verification disabled]
+ RESERVED
- async-http-client <unfixed>
NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/352
TODO: check
@@ -661,10 +802,10 @@
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
NOT-FOR-US: HP Data Protector
-CVE-2014-5159
- RESERVED
-CVE-2014-5158
- RESERVED
+CVE-2014-5159 (SQL injection vulnerability in the ossim-framework service in ...)
+ TODO: check
+CVE-2014-5158 (The (1) av-centerd SOAP service and (2) backup command in the ...)
+ TODO: check
CVE-2014-5157
REJECTED
CVE-2014-5156
@@ -681,8 +822,7 @@
RESERVED
CVE-2014-5150
RESERVED
-CVE-2014-5149 [XSA-97]
- RESERVED
+CVE-2014-5149 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when ...)
- xen <unfixed>
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
@@ -696,8 +836,7 @@
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code not present)
[squeeze] - xen <not-affected> (Vulnerable code not present)
-CVE-2014-5146 [XSA-97]
- RESERVED
+CVE-2014-5146 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x ...)
- xen <unfixed> (low)
[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
@@ -749,14 +888,11 @@
RESERVED
CVE-2014-5123
RESERVED
-CVE-2014-5122
- RESERVED
+CVE-2014-5122 (Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows ...)
NOT-FOR-US: ArcGIS
-CVE-2014-5121
- RESERVED
+CVE-2014-5121 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
NOT-FOR-US: ArcGIS
-CVE-2014-5120 [NUL byte injection in filenames passed to image handling functions]
- RESERVED
+CVE-2014-5120 (gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x ...)
- php5 <unfixed>
[squeeze] - php5 <not-affected> (Introduced in 5.4)
- libgd2 <not-affected> (Specific to integration of gd in PHP)
@@ -798,8 +934,8 @@
RESERVED
CVE-2014-5098
RESERVED
-CVE-2014-5097
- RESERVED
+CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR ...)
+ TODO: check
CVE-2014-5096
RESERVED
CVE-2014-5095
@@ -1522,8 +1658,8 @@
RESERVED
CVE-2014-4791
RESERVED
-CVE-2014-4790
- RESERVED
+CVE-2014-4790 (IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before ...)
+ TODO: check
CVE-2014-4789
RESERVED
CVE-2014-4788
@@ -1568,14 +1704,14 @@
RESERVED
CVE-2014-4768
RESERVED
-CVE-2014-4767
- RESERVED
+CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
+ TODO: check
CVE-2014-4766
RESERVED
CVE-2014-4765
RESERVED
-CVE-2014-4764
- RESERVED
+CVE-2014-4764 (IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x ...)
+ TODO: check
CVE-2014-4763
RESERVED
CVE-2014-4762
@@ -2634,8 +2770,8 @@
RESERVED
CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote ...)
- logstash <itp> (bug #664841)
-CVE-2014-4325
- RESERVED
+CVE-2014-4325 (The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) ...)
+ TODO: check
CVE-2014-4324
RESERVED
CVE-2014-4323
@@ -2958,8 +3094,8 @@
RESERVED
CVE-2014-4198
RESERVED
-CVE-2014-4197
- RESERVED
+CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
+ TODO: check
CVE-2014-4196
RESERVED
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in ...)
@@ -3512,8 +3648,8 @@
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
- kfreebsd-9 <unfixed> (bug #754236)
- kfreebsd-10 <unfixed>
-CVE-2014-3951
- RESERVED
+CVE-2014-3951 (The HZ module in the iconv implementation in FreeBSD 10.0 before p6 ...)
+ TODO: check
CVE-2014-3950
RESERVED
CVE-2014-3949 (Cross-site scripting (XSS) vulnerability in the layout wizard in the ...)
@@ -4294,8 +4430,7 @@
RESERVED
- pillow 2.5.3-1
- python-imaging <not-affected> (Vulnerable code not present)
-CVE-2014-3597 [segfault in dns_get_record]
- RESERVED
+CVE-2014-3597 (Multiple buffer overflows in the php_parserr function in ...)
{DSA-3008-1}
- php5 <unfixed>
NOTE: patch: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e
@@ -4309,8 +4444,7 @@
CVE-2014-3595
RESERVED
NOT-FOR-US: Red Hat Satellite
-CVE-2014-3594 [Persistent XSS in Horizon Host Aggregates interface]
- RESERVED
+CVE-2014-3594 (Cross-site scripting (XSS) vulnerability in the Host Aggregates ...)
- horizon 2014.1.2-3 (bug #758930)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
NOTE: up to 2013.2.3, and 2014.1 versions up to 2014.1.2
@@ -4324,8 +4458,7 @@
CVE-2014-3590
RESERVED
- foreman <itp> (bug #663101)
-CVE-2014-3589 [DoS in IcnsImagePlugin]
- RESERVED
+CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow ...)
{DSA-3009-1}
- pillow 2.5.3-1 (bug #758772)
- python-imaging <removed>
@@ -4333,8 +4466,7 @@
NOTE: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
CVE-2014-3588
RESERVED
-CVE-2014-3587
- RESERVED
+CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c in ...)
{DSA-3008-1}
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=67716
@@ -4358,8 +4490,7 @@
RESERVED
CVE-2014-3578
RESERVED
-CVE-2014-3577 [Hostname verification susceptible to MITM attack]
- RESERVED
+CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
- httpcomponents-client 4.3.5-1
CVE-2014-3576
RESERVED
@@ -4393,12 +4524,10 @@
- gpgme1.0 1.5.1-1 (bug #756651)
[squeeze] - gpgme1.0 1.2.0-1.2+deb6u1
NOTE: patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
-CVE-2014-3563
- RESERVED
+CVE-2014-3563 (Multiple unspecified vulnerabilities in Salt (aka SaltStack) before ...)
- salt 2014.1.10+ds-1
NOTE: http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
-CVE-2014-3562 [unauthenticated information disclosure]
- RESERVED
+CVE-2014-3562 (Red Hat Directory Server 8 and 389 Directory Server, when debugging is ...)
- 389-ds-base 1.3.2.21-1 (bug #757437)
CVE-2014-3561
RESERVED
@@ -4518,8 +4647,7 @@
- libspring-security-java <itp> (bug #582181)
CVE-2014-3526
RESERVED
-CVE-2014-3525
- RESERVED
+CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x ...)
- trafficserver 5.0.1-1
CVE-2014-3524
RESERVED
@@ -4914,8 +5042,8 @@
RESERVED
CVE-2014-3437
RESERVED
-CVE-2014-3436
- RESERVED
+CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...)
+ TODO: check
CVE-2014-3435
RESERVED
CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
@@ -5105,8 +5233,8 @@
NOT-FOR-US: Cisco
CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity ...)
NOT-FOR-US: Cisco
-CVE-2014-3335
- RESERVED
+CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
+ TODO: check
CVE-2014-3334
RESERVED
CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...)
@@ -5734,8 +5862,8 @@
RESERVED
CVE-2014-3090
RESERVED
-CVE-2014-3089
- RESERVED
+CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) ...)
+ TODO: check
CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client ...)
NOT-FOR-US: IBM Sametime
CVE-2014-3087 (callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 ...)
@@ -5746,8 +5874,8 @@
NOT-FOR-US: IBM
CVE-2014-3084
RESERVED
-CVE-2014-3083
- RESERVED
+CVE-2014-3083 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x ...)
+ TODO: check
CVE-2014-3082
RESERVED
CVE-2014-3081 (prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches ...)
@@ -5772,8 +5900,8 @@
NOT-FOR-US: IBM Security AppScan
CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
NOT-FOR-US: IBM InfoSphere
-CVE-2014-3070
- RESERVED
+CVE-2014-3070 (The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task ...)
+ TODO: check
CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access ...)
NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3068
@@ -5832,8 +5960,8 @@
NOT-FOR-US: IBM CICS Transaction Serve
CVE-2014-3041
RESERVED
-CVE-2014-3040
- RESERVED
+CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
+ TODO: check
CVE-2014-3039
RESERVED
CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop ...)
@@ -5846,8 +5974,8 @@
RESERVED
CVE-2014-3034
RESERVED
-CVE-2014-3033
- RESERVED
+CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing ...)
+ TODO: check
CVE-2014-3032
RESERVED
CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business ...)
@@ -5868,8 +5996,8 @@
RESERVED
CVE-2014-3023
RESERVED
-CVE-2014-3022
- RESERVED
+CVE-2014-3022 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...)
+ TODO: check
CVE-2014-3021
RESERVED
CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...)
@@ -6947,14 +7075,11 @@
RESERVED
CVE-2014-2635
RESERVED
-CVE-2014-2634
- RESERVED
+CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) ...)
NOT-FOR-US: HP Service Manager
-CVE-2014-2633
- RESERVED
+CVE-2014-2633 (Cross-site request forgery (CSRF) vulnerability in the server in HP ...)
NOT-FOR-US: HP Service Manager
-CVE-2014-2632
- RESERVED
+CVE-2014-2632 (Unspecified vulnerability in the WebTier component in HP Service ...)
NOT-FOR-US: HP Service Manager
CVE-2014-2631 (Unspecified vulnerability in HP Application Lifecycle Management (aka ...)
NOT-FOR-US: HP Application Lifecycle Management / Quality Center
@@ -8043,8 +8168,8 @@
RESERVED
CVE-2014-2217
RESERVED
-CVE-2014-2216
- RESERVED
+CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
+ TODO: check
CVE-2014-2215
RESERVED
CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
@@ -11060,10 +11185,10 @@
RESERVED
CVE-2014-0975
RESERVED
-CVE-2014-0974
- RESERVED
-CVE-2014-0973
- RESERVED
+CVE-2014-0974 (The boot_linux_from_mmc function in app/aboot/aboot.c in the Little ...)
+ TODO: check
+CVE-2014-0973 (The image_verify function in platform/msm_shared/image_verify.c in the ...)
+ TODO: check
CVE-2014-0972 (The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm ...)
TODO: check
CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote ...)
@@ -11174,8 +11299,8 @@
NOT-FOR-US: IBM InfoSphere
CVE-2014-0966 (SQL injection vulnerability in the GDS component in IBM InfoSphere ...)
NOT-FOR-US: IBM
-CVE-2014-0965
- RESERVED
+CVE-2014-0965 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...)
+ TODO: check
CVE-2014-0964 (IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0963 (The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in ...)
@@ -13862,8 +13987,7 @@
CVE-2014-0233
RESERVED
NOT-FOR-US: OpenShift
-CVE-2014-0232
- RESERVED
+CVE-2014-0232 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Apache OFBiz
CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...)
{DSA-2989-1}
@@ -16362,8 +16486,8 @@
- wireshark 1.10.3-1
[squeeze] - wireshark <not-affected> (code introduced in 1.6.0)
NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
-CVE-2013-6335
- RESERVED
+CVE-2013-6335 (The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for ...)
+ TODO: check
CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, ...)
NOT-FOR-US: IBM
CVE-2013-6333 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
@@ -16420,8 +16544,8 @@
NOT-FOR-US: IBM Marketing Platform
CVE-2013-6307 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2013-6306
- RESERVED
+CVE-2013-6306 (Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 ...)
+ TODO: check
CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
NOT-FOR-US: IBM Platform Symphony
CVE-2013-6304 (Multiple directory traversal vulnerabilities in Algo Risk Application ...)
@@ -16601,8 +16725,7 @@
NOT-FOR-US: Livezilla
CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and ...)
NOT-FOR-US: Livezilla
-CVE-2013-6222
- RESERVED
+CVE-2013-6222 (Cross-site scripting (XSS) vulnerability in the Mobility Web Client ...)
NOT-FOR-US: HP Service Manager
CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP ...)
NOT-FOR-US: HP Service Virtualization
More information about the Secure-testing-commits
mailing list