[Secure-testing-commits] r30682 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Dec 11 21:10:16 UTC 2014
Author: sectracker
Date: 2014-12-11 21:10:16 +0000 (Thu, 11 Dec 2014)
New Revision: 30682
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-11 20:49:27 UTC (rev 30681)
+++ data/CVE/list 2014-12-11 21:10:16 UTC (rev 30682)
@@ -1,3 +1,133 @@
+CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in ...)
+ TODO: check
+CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...)
+ TODO: check
+CVE-2014-9362 (Cross-site scripting (XSS) vulnerability in the path-based meta tag ...)
+ TODO: check
+CVE-2014-9361 (The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not ...)
+ TODO: check
+CVE-2014-9360 (XML external entity (XXE) vulnerability in Scalix Web Access ...)
+ TODO: check
+CVE-2014-9359
+ RESERVED
+CVE-2014-9358
+ RESERVED
+CVE-2014-9357
+ RESERVED
+CVE-2014-9356
+ RESERVED
+CVE-2014-9355
+ RESERVED
+CVE-2014-9354
+ RESERVED
+CVE-2014-9353
+ RESERVED
+CVE-2014-9352 (Cross-site scripting (XSS) vulnerability in the mail administration ...)
+ TODO: check
+CVE-2014-9350 (TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build ...)
+ TODO: check
+CVE-2014-9349 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-9348 (SQL injection vulnerability in the formulaireRobot function in ...)
+ TODO: check
+CVE-2014-9347 (SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 ...)
+ TODO: check
+CVE-2014-9346 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-9345 (SQL injection vulnerability in Guruperl.net Advertise With Pleasure! ...)
+ TODO: check
+CVE-2014-9344 (Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before ...)
+ TODO: check
+CVE-2014-9343 (Open redirect vulnerability in ...)
+ TODO: check
+CVE-2014-9342 (Cross-site scripting (XSS) vulnerability in the tree view ...)
+ TODO: check
+CVE-2014-9341
+ RESERVED
+CVE-2014-9340
+ RESERVED
+CVE-2014-9339
+ RESERVED
+CVE-2014-9338
+ RESERVED
+CVE-2014-9337
+ RESERVED
+CVE-2014-9336
+ RESERVED
+CVE-2014-9335
+ RESERVED
+CVE-2014-9334
+ RESERVED
+CVE-2014-9333
+ RESERVED
+CVE-2014-9332
+ RESERVED
+CVE-2014-9331
+ RESERVED
+CVE-2014-9330
+ RESERVED
+CVE-2014-9329
+ RESERVED
+CVE-2014-9328
+ RESERVED
+CVE-2014-9327
+ RESERVED
+CVE-2014-9326
+ RESERVED
+CVE-2014-9325
+ RESERVED
+CVE-2014-9324
+ RESERVED
+CVE-2014-9323
+ RESERVED
+CVE-2014-9322
+ RESERVED
+CVE-2014-9321
+ RESERVED
+CVE-2014-9320
+ RESERVED
+CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg ...)
+ TODO: check
+CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
+ TODO: check
+CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
+ TODO: check
+CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
+ TODO: check
+CVE-2014-9315
+ RESERVED
+CVE-2014-9314
+ RESERVED
+CVE-2014-9313
+ RESERVED
+CVE-2014-9312
+ RESERVED
+CVE-2014-9311
+ RESERVED
+CVE-2014-9310
+ RESERVED
+CVE-2014-9309
+ RESERVED
+CVE-2014-9308
+ RESERVED
+CVE-2014-9307
+ RESERVED
+CVE-2014-9306
+ RESERVED
+CVE-2014-9305 (SQL injection vulnerability in the shortcodeProductsTable function in ...)
+ TODO: check
+CVE-2014-9304 (Plex Media Server before 0.9.9.3 allows remote attackers to bypass the ...)
+ TODO: check
+CVE-2014-9303 (EntryPass N5200 Active Network Control Panel allows remote attackers ...)
+ TODO: check
+CVE-2014-9302 (Server-side request forgery (SSRF) vulnerability in the cmisbrowser ...)
+ TODO: check
+CVE-2014-9301 (Server-side request forgery (SSRF) vulnerability in the proxy servlet ...)
+ TODO: check
+CVE-2014-9300 (Cross-site request forgery (CSRF) vulnerability in the cmisbrowser ...)
+ TODO: check
+CVE-2014-9299
+ RESERVED
CVE-2014-XXXX
- asterisk <unfixed>
[wheezy] - asterisk <not-affected> (Web socket code not yet present)
@@ -45,18 +175,18 @@
RESERVED
CVE-2014-9282
RESERVED
-CVE-2014-9268
- RESERVED
-CVE-2014-9267
- RESERVED
-CVE-2014-9266
- RESERVED
-CVE-2014-9265
- RESERVED
+CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) ...)
+ TODO: check
+CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows ...)
+ TODO: check
+CVE-2014-9266 (The STWConfig ActiveX control in Samsung SmartViewer does not properly ...)
+ TODO: check
+CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ...)
+ TODO: check
CVE-2014-9264
RESERVED
-CVE-2014-9263
- RESERVED
+CVE-2014-9263 (Multiple buffer overflows in the ...)
+ TODO: check
CVE-2014-9262
RESERVED
CVE-2014-9261
@@ -141,8 +271,8 @@
RESERVED
CVE-2014-9221
RESERVED
-CVE-2014-9217
- RESERVED
+CVE-2014-9217 (Graylog2 before 0.92 allows remote attackers to bypass LDAP ...)
+ TODO: check
CVE-2014-9216
RESERVED
CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in ...)
@@ -354,18 +484,15 @@
RESERVED
CVE-2015-0301
RESERVED
-CVE-2014-9275 [crashes]
- RESERVED
+CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service ...)
- unrtf <unfixed> (bug #772811)
NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1170233
-CVE-2014-9274 [out-of-bounds memory access]
- RESERVED
+CVE-2014-9274 (UnRTF allows remote attackers to cause a denial of service (crash) and ...)
- unrtf <unfixed> (bug #772811)
NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1170233
-CVE-2014-9278 [~/.k5users unexpectedly grants remote login]
- RESERVED
+CVE-2014-9278 (The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 ...)
- openssh <not-affected> (patch not applied to Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169843
NOTE: Patch https://bugzilla.mindrot.org/show_bug.cgi?id=1867 from not applied in Debian
@@ -384,14 +511,12 @@
NOTE: No special expand templates before 1.23.x but available as extension.
CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x ...)
NOT-FOR-US: OpenVAS Manager
-CVE-2014-9219 [XSS vulnerability in redirection mechanism]
- RESERVED
+CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...)
- phpmyadmin <unfixed>
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
TODO: check older versions
-CVE-2014-9218 [DoS vulnerability with long passwords]
- RESERVED
+CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x ...)
- phpmyadmin <unfixed>
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
@@ -408,27 +533,24 @@
RESERVED
CVE-2014-9167
RESERVED
-CVE-2014-9166
- RESERVED
-CVE-2014-9165
- RESERVED
-CVE-2014-9164
- RESERVED
+CVE-2014-9166 (Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows ...)
+ TODO: check
+CVE-2014-9165 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-9164 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-9163
- RESERVED
+CVE-2014-9163 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-9162
- RESERVED
+CVE-2014-9162 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-9161
RESERVED
CVE-2014-9160
RESERVED
-CVE-2014-9159
- RESERVED
-CVE-2014-9158
- RESERVED
+CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
CVE-2014-9155 (Directory traversal vulnerability in the Avatar Uploader module ...)
NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2014-9154 (The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly ...)
@@ -493,8 +615,7 @@
RESERVED
CVE-2014-9121
RESERVED
-CVE-2014-9120
- RESERVED
+CVE-2014-9120 (Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 ...)
NOT-FOR-US: Subrion CMS
CVE-2014-9119
RESERVED
@@ -582,13 +703,11 @@
RESERVED
CVE-2014-9067
RESERVED
-CVE-2014-9066 [XSA-111]
- RESERVED
+CVE-2014-9066 (Xen 4.4.x and earlier, when using a large number of VCPUs, does not ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
-CVE-2014-9065 [XSA-114]
- RESERVED
+CVE-2014-9065 (common/spinlock.c in Xen 4.4.x and earlier does not properly handle ...)
- xen 4.4.1-6
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
@@ -638,8 +757,7 @@
RESERVED
CVE-2014-9040
RESERVED
-CVE-2014-9029 [input sanitization errors]
- RESERVED
+CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) ...)
{DSA-3089-1 DLA-101-1}
- jasper 1.900.1-debian1-2.2 (bug #772036)
CVE-2014-9027 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
@@ -721,8 +839,7 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/05378e00
NOTE: http://www.mantisbt.org/bugs/view.php?id=17297
-CVE-2014-9281 [XSS in admin panel / copy_field.php]
- RESERVED
+CVE-2014-9281 (Cross-site scripting (XSS) vulnerability in admin/copy_field.php in ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a
@@ -733,8 +850,7 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17874
NOTE: http://github.com/mantisbt/mantisbt/commit/9fb8cf36f
-CVE-2014-9270 [XSS in projax_api.php]
- RESERVED
+CVE-2014-9270 (Cross-site scripting (XSS) vulnerability in the ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec
@@ -745,14 +861,12 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc
NOTE: http://www.mantisbt.org/bugs/view.php?id=17890
-CVE-2014-9280 [PHP Object Injection in MantisBT filter API]
- RESERVED
+CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2
NOTE: http://www.mantisbt.org/bugs/view.php?id=17875
-CVE-2014-9279 [DB credentials disclosure in MantisBT's unattended upgrade script]
- RESERVED
+CVE-2014-9279 (The print_test_result function in admin/upgrade_unattended.php in ...)
- mantis <removed> (unimportant)
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/0826cef8
@@ -763,16 +877,14 @@
- tcpdump 4.6.2-3
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda
NOTE: http://seclists.org/tcpdump/2014/q4/72
-CVE-2014-9130 [denial-of-service/application crash with untrusted yaml input]
- RESERVED
+CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...)
- libyaml 0.1.6-3 (bug #771366)
- libyaml-libyaml-perl 0.41-6 (bug #771365)
- pyyaml <unfixed> (bug #772815)
NOTE: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
NOTE: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE
-CVE-2014-9117 [CAPTCHA bypass]
- RESERVED
+CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
@@ -801,8 +913,7 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://www.mantisbt.org/bugs/view.php?id=17841
NOTE: http://github.com/mantisbt/mantisbt/commit/b0021673
-CVE-2014-9273 [does not properly handle small-sized hive files]
- RESERVED
+CVE-2014-9273 (lib/handle.c in Hivex before 1.3.11 allows local users to execute ...)
- hivex 1.3.11-1 (low)
[wheezy] - hivex <no-dsa> (Minor issue)
[squeeze] - hivex <no-dsa> (Minor issue)
@@ -815,6 +926,7 @@
NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
NOTE: Upstream commit: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7
CVE-2014-9157 (Format string vulnerability in the yyerror function in ...)
+ {DSA-3098-1}
- graphviz 2.38.0-7 (bug #772648)
NOTE: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
CVE-2014-XXXX [parse_datetime() bug]
@@ -831,7 +943,7 @@
- python3.3 <removed>
- python3.4 <unfixed>
TODO: check
-CVE-2014-9351 [denial-of-service]
+CVE-2014-9351 (engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote ...)
- teeworlds 0.6.2+dfsg-2 (bug #770514)
[wheezy] - teeworlds <no-dsa> (Minor issue)
[squeeze] - teeworlds <not-affected> (Vulnerable code not present)
@@ -1618,8 +1730,8 @@
RESERVED
CVE-2014-8967
RESERVED
-CVE-2014-8966
- RESERVED
+CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
CVE-2014-8965
RESERVED
CVE-2014-8964 [pcre: heap buffer overflow]
@@ -1838,8 +1950,7 @@
RESERVED
CVE-2014-8869
RESERVED
-CVE-2014-8868
- RESERVED
+CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly ...)
NOT-FOR-US: EntryPass N5200
CVE-2014-8867 (The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, ...)
- xen 4.4.1-5 (bug #770230)
@@ -2105,8 +2216,7 @@
NOT-FOR-US: Drupal module Organic Groups Menu
CVE-2014-8733
RESERVED
-CVE-2014-8730
- RESERVED
+CVE-2014-8730 (The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 ...)
NOT-FOR-US: SSL/TLS implementation error in F5 products (and historic NSS releases)
CVE-2014-8729
RESERVED
@@ -2192,8 +2302,7 @@
NOT-FOR-US: Go Git Service
CVE-2014-8681 (SQL injection vulnerability in the GetIssues function in ...)
NOT-FOR-US: Go Git Service
-CVE-2014-8680 [Defects in GeoIP features can cause BIND to crash]
- RESERVED
+CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows ...)
- bind9 <not-affected> (Only affects 9.10 to 9.11)
NOTE: https://kb.isc.org/article/AA-01217/0
CVE-2014-8679
@@ -2286,11 +2395,9 @@
RESERVED
CVE-2014-8633
RESERVED
-CVE-2014-8632
- RESERVED
+CVE-2014-8632 (The structured-clone implementation in Mozilla Firefox before 34.0 and ...)
- iceweasel <not-affected> (Only affects Firefox 33)
-CVE-2014-8631
- RESERVED
+CVE-2014-8631 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
- iceweasel <not-affected> (Only affects Firefox 33)
CVE-2014-8630
RESERVED
@@ -2341,19 +2448,16 @@
RESERVED
CVE-2014-8603
RESERVED
-CVE-2014-8602
- RESERVED
+CVE-2014-8602 (iterator.c in NLnet Labs Unbound before 1.5.1 does not limit ...)
{DSA-3097-1}
- unbound 1.4.22-3 (bug #772622)
NOTE: http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html
-CVE-2014-8601
- RESERVED
- {DSA-3096-1}
+CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining, ...)
+ {DSA-3096-1 DLA-104-1}
- pdns-recursor 3.6.2-1
NOTE: http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
NOTE: Backported patches available at https://downloads.powerdns.com/patches/2014-02/
-CVE-2014-8600 [Insufficient Input Validation By IO Slaves and Webkit Part]
- RESERVED
+CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime ...)
- kde-runtime 4:4.14.2-2 (bug #769632)
[wheezy] - kde-runtime <no-dsa> (Minor issue)
[squeeze] - kdebase-runtime <no-dsa> (Minor issue)
@@ -2412,8 +2516,7 @@
- binutils 2.24.90.20141124-1
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
-CVE-2014-8737 [Directory traversal vulnerability allowing random files deleteion/creation]
- RESERVED
+CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
- binutils 2.24.90.20141124-1
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
@@ -2613,8 +2716,7 @@
TODO: check
CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote ...)
NOT-FOR-US: ALLPlayer
-CVE-2014-8651 [Privilege Escalation via KDE Clock KCM polkit helper]
- RESERVED
+CVE-2014-8651 (The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...)
- kde-workspace 4:4.11.13-2 (unimportant)
NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6
NOTE: On Debian changing the clock requires authentication, so it's not exploitable
@@ -2706,32 +2808,27 @@
NOT-FOR-US: Etiko CMS
CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
NOT-FOR-US: Etiko CMS
-CVE-2014-8504 [stack overflow in the SREC parser]
- RESERVED
+CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
- binutils 2.24.90.20141104-1
NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
-CVE-2014-8503 [stack overflow in objdump when parsing specially crafted ihex file]
- RESERVED
+CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
- binutils 2.24.90.20141104-1
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
-CVE-2014-8502 [heap overflow in objdump]
- RESERVED
+CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in ...)
- binutils 2.24.90.20141104-1
NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
-CVE-2014-8501 [out-of-bounds write when parsing specially crafted PE executable]
- RESERVED
+CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
- binutils 2.24.90.20141104-1
- gdb <unfixed> (unimportant)
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
-CVE-2014-8500 [A Defect in Delegation Handling Can Be Exploited to Crash BIND]
- RESERVED
+CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...)
{DSA-3094-1}
- bind9 <unfixed> (bug #772610)
NOTE: https://kb.isc.org/article/AA-01216/0
@@ -2741,8 +2838,8 @@
NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2014-8497
RESERVED
-CVE-2014-8496
- RESERVED
+CVE-2014-8496 (Digicom DG-5514T ADSL router with firmware 3.2 generates predictable ...)
+ TODO: check
CVE-2014-8495 (Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 ...)
NOT-FOR-US: Citrix XenMobile MDX Toolkit
CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) ...)
@@ -2809,8 +2906,7 @@
CVE-2014-8489
RESERVED
NOT-FOR-US: PingFederate SP Endpoints
-CVE-2014-8488
- RESERVED
+CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
NOT-FOR-US: yourls
CVE-2014-8487
RESERVED
@@ -2879,14 +2975,12 @@
- linux-2.6 <not-affected> (Introduced in 3.17)
NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
-CVE-2014-8485 [lack of range checking leading to controlled write in _bfd_elf_setup_sections()]
- RESERVED
+CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 ...)
- binutils 2.24.90.20141104-1
NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
-CVE-2014-8484 [Invalid read flaw in libbfd]
- RESERVED
+CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
- binutils 2.24.51.20140903-1
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
@@ -2905,44 +2999,43 @@
RESERVED
CVE-2014-8462
RESERVED
-CVE-2014-8461
- RESERVED
-CVE-2014-8460
- RESERVED
-CVE-2014-8459
- RESERVED
-CVE-2014-8458
- RESERVED
-CVE-2014-8457
- RESERVED
-CVE-2014-8456
- RESERVED
-CVE-2014-8455
- RESERVED
-CVE-2014-8454
- RESERVED
-CVE-2014-8453
- RESERVED
-CVE-2014-8452
- RESERVED
-CVE-2014-8451
- RESERVED
+CVE-2014-8461 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8460 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-8459 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8458 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8457 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-8456 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8455 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-8454 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-8453 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8452 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8451 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
CVE-2014-8450
RESERVED
-CVE-2014-8449
- RESERVED
-CVE-2014-8448
- RESERVED
-CVE-2014-8447
- RESERVED
-CVE-2014-8446
- RESERVED
-CVE-2014-8445
- RESERVED
+CVE-2014-8449 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and ...)
+ TODO: check
+CVE-2014-8448 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-8447 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8446 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
+CVE-2014-8445 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
+ TODO: check
CVE-2014-8444
RESERVED
-CVE-2014-8443
- RESERVED
+CVE-2014-8443 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-8442 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
@@ -3113,8 +3206,7 @@
CVE-2014-8372
RESERVED
NOT-FOR-US: VMware AirWatch
-CVE-2014-8371
- RESERVED
+CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...)
NOT-FOR-US: VMware vSphere
CVE-2014-8370
RESERVED
@@ -3296,8 +3388,8 @@
RESERVED
CVE-2014-8299
RESERVED
-CVE-2014-8298
- RESERVED
+CVE-2014-8298 (The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before ...)
+ TODO: check
CVE-2014-8297
RESERVED
CVE-2014-8296 (Cross-site scripting (XSS) vulnerability in the Modal Frame API module ...)
@@ -3759,8 +3851,7 @@
RESERVED
CVE-2014-8107
RESERVED
-CVE-2014-8106 [insufficient blit region check]
- RESERVED
+CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator ...)
{DSA-3088-1 DSA-3087-1}
- qemu 2.1+dfsg-9 (bug #772025)
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
@@ -3769,57 +3860,44 @@
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2014-12/msg00508.html
CVE-2014-8105
RESERVED
-CVE-2014-8103 [out of bounds access in DRI3 & Present extensions]
- RESERVED
+CVE-2014-8103 (X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x ...)
- xorg-server 2:1.16.2.901-1
[wheezy] - xorg-server <not-affected> (Introduced in 1.15.0)
[squeeze] - xorg-server <not-affected> (Introduced in 1.15.0)
-CVE-2014-8102 [out of bounds access in XFixes extension]
- RESERVED
+CVE-2014-8102 (The SProcXFixesSelectSelectionInput function in the XFixes extension ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8101 [out of bounds access in RandR extension]
- RESERVED
+CVE-2014-8101 (The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8100 [out of bounds access in Render extension]
- RESERVED
+CVE-2014-8100 (The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8099 [out of bounds access in XVideo extension]
- RESERVED
+CVE-2014-8099 (The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8098 [out of bounds access in GLX extension]
- RESERVED
+CVE-2014-8098 (The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8097 [out of bounds access in DBE extension]
- RESERVED
+CVE-2014-8097 (The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8096 [out of bounds access in XC-MISC extension]
- RESERVED
+CVE-2014-8096 (The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8095 [out of bounds access in XInput extensions]
- RESERVED
+CVE-2014-8095 (The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8094 [integer overflows in DRI2 extensions]
- RESERVED
+CVE-2014-8094 (Integer overflow in the ProcDRI2GetBuffers function in the DRI2 ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8093 [integer overflows in GLX extension]
- RESERVED
+CVE-2014-8093 (Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8092 [intger overflows in X11 core protocol requests]
- RESERVED
+CVE-2014-8092 (Multiple integer overflows in X.Org X Window System (aka X11 or X) ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
-CVE-2014-8091 [denial of service due to unchecked malloc in client authentication]
- RESERVED
+CVE-2014-8091 (X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka ...)
{DSA-3095-1}
- xorg-server 2:1.16.2.901-1
CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x ...)
@@ -4025,10 +4103,10 @@
RESERVED
CVE-2014-8011
RESERVED
-CVE-2014-8010
- RESERVED
-CVE-2014-8009
- RESERVED
+CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 ...)
+ TODO: check
+CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System 2.1(3f) and ...)
+ TODO: check
CVE-2014-8008
RESERVED
CVE-2014-8007
@@ -4039,8 +4117,8 @@
NOT-FOR-US: Cisco
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Cisco
-CVE-2014-8003
- RESERVED
+CVE-2014-8003 (Cisco Integrated Management Controller in Cisco Unified Computing ...)
+ TODO: check
CVE-2014-8002 (Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 ...)
NOT-FOR-US: Cisco
CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier ...)
@@ -4298,8 +4376,8 @@
RESERVED
CVE-2014-7880
RESERVED
-CVE-2014-7879
- RESERVED
+CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration ...)
+ TODO: check
CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
NOT-FOR-US: HP Helion Cloud Development Platform
CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
@@ -4324,8 +4402,8 @@
TODO: check
CVE-2014-7867 (SQL injection vulnerability in the ...)
TODO: check
-CVE-2014-7866
- RESERVED
+CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine ...)
+ TODO: check
CVE-2014-7865
RESERVED
CVE-2014-7864
@@ -4500,6 +4578,7 @@
NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
CVE-2014-7824 (D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and ...)
+ {DSA-3099-1}
- dbus 1.8.10-1
[wheezy] - dbus <no-dsa> (Minor issue, will be fixed trough a stable proposed update)
[squeeze] - dbus <not-affected> (dbus 1.2.x does not support FD passing)
@@ -4559,13 +4638,12 @@
RESERVED
CVE-2014-7810
RESERVED
-CVE-2014-7809
- RESERVED
+CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable ...)
- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.3)
CVE-2014-7808
RESERVED
-CVE-2014-7807
- RESERVED
+CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows ...)
+ TODO: check
CVE-2014-7806
RESERVED
CVE-2014-7805
@@ -5691,8 +5769,7 @@
TODO: check
CVE-2014-7252 (Multiple unspecified vulnerabilities in the Syslink driver for Texas ...)
TODO: check
-CVE-2014-7251
- RESERVED
+CVE-2014-7251 (XML external entity (XXE) vulnerability in the WebHMI server in ...)
NOT-FOR-US: Yokogawa
CVE-2014-7250
RESERVED
@@ -5882,8 +5959,8 @@
CVE-2014-7193 [Crumb CORS Token Disclosure]
RESERVED
NOT-FOR-US: Crumb
-CVE-2014-7192
- RESERVED
+CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package ...)
+ TODO: check
CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact ...)
- node-qs 2.2.4-1
NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
@@ -7783,50 +7860,50 @@
NOT-FOR-US: Juniper Junos
CVE-2014-6377 (Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-6376
- RESERVED
-CVE-2014-6375
- RESERVED
-CVE-2014-6374
- RESERVED
-CVE-2014-6373
- RESERVED
+CVE-2014-6376 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6375 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6374 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6373 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-6372
RESERVED
CVE-2014-6371
RESERVED
CVE-2014-6370
RESERVED
-CVE-2014-6369
- RESERVED
-CVE-2014-6368
- RESERVED
+CVE-2014-6369 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6368 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...)
+ TODO: check
CVE-2014-6367
RESERVED
-CVE-2014-6366
- RESERVED
-CVE-2014-6365
- RESERVED
-CVE-2014-6364
- RESERVED
-CVE-2014-6363
- RESERVED
+CVE-2014-6366 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6365 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6364 (Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; ...)
+ TODO: check
+CVE-2014-6363 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
+ TODO: check
CVE-2014-6362
RESERVED
-CVE-2014-6361
- RESERVED
-CVE-2014-6360
- RESERVED
+CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, ...)
+ TODO: check
+CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility ...)
+ TODO: check
CVE-2014-6359
RESERVED
CVE-2014-6358
RESERVED
-CVE-2014-6357
- RESERVED
-CVE-2014-6356
- RESERVED
-CVE-2014-6355
- RESERVED
+CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 ...)
+ TODO: check
+CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and ...)
+ TODO: check
+CVE-2014-6355 (The Graphics Component in Microsoft Windows Server 2003 SP2, Windows ...)
+ TODO: check
CVE-2014-6354
RESERVED
CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
@@ -7863,8 +7940,8 @@
RESERVED
CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-6336
- RESERVED
+CVE-2014-6336 (Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and ...)
+ TODO: check
CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
NOT-FOR-US: Microsoft Office
CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
@@ -7875,18 +7952,18 @@
NOT-FOR-US: Microsoft
CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and ...)
NOT-FOR-US: Microsoft
-CVE-2014-6330
- RESERVED
-CVE-2014-6329
- RESERVED
-CVE-2014-6328
- RESERVED
-CVE-2014-6327
- RESERVED
-CVE-2014-6326
- RESERVED
-CVE-2014-6325
- RESERVED
+CVE-2014-6330 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6329 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6328 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6327 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6326 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
+ TODO: check
+CVE-2014-6325 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
+ TODO: check
CVE-2014-6324 (The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server ...)
TODO: check
CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
@@ -7897,8 +7974,8 @@
NOT-FOR-US: Microsoft
CVE-2014-6320
RESERVED
-CVE-2014-6319
- RESERVED
+CVE-2014-6319 (Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, ...)
+ TODO: check
CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
@@ -8336,8 +8413,7 @@
RESERVED
CVE-2014-6141
RESERVED
-CVE-2014-6140
- RESERVED
+CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before ...)
NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
CVE-2014-6139
RESERVED
@@ -8389,8 +8465,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2014-6115
RESERVED
-CVE-2014-6114
- RESERVED
+CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Server ...)
+ TODO: check
CVE-2014-6113
RESERVED
CVE-2014-6112
@@ -9702,8 +9778,8 @@
NOT-FOR-US: WordPress plugin Download Shortcode
CVE-2014-5463
RESERVED
-CVE-2014-5462
- RESERVED
+CVE-2014-5462 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and ...)
+ TODO: check
CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow ...)
NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2013-7399
@@ -9810,8 +9886,7 @@
RESERVED
CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before ...)
NOT-FOR-US: ABB RobotStudio
-CVE-2014-5429
- RESERVED
+CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and ...)
NOT-FOR-US: Elipse SCADA
CVE-2014-5428
RESERVED
@@ -11283,8 +11358,8 @@
RESERVED
CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates ...)
NOT-FOR-US: PartyTrack library for Android
-CVE-2014-4880
- RESERVED
+CVE-2014-4880 (Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, ...)
+ TODO: check
CVE-2014-4879
RESERVED
CVE-2014-4878
@@ -11918,13 +11993,11 @@
RESERVED
CVE-2014-4632
RESERVED
-CVE-2014-4631
- RESERVED
+CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when ...)
NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-4630
RESERVED
-CVE-2014-4629
- RESERVED
+CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4628
RESERVED
@@ -12286,28 +12359,28 @@
RESERVED
CVE-2014-4476
RESERVED
-CVE-2014-4475
- RESERVED
-CVE-2014-4474
- RESERVED
-CVE-2014-4473
- RESERVED
-CVE-2014-4472
- RESERVED
-CVE-2014-4471
- RESERVED
-CVE-2014-4470
- RESERVED
-CVE-2014-4469
- RESERVED
-CVE-2014-4468
- RESERVED
+CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4473 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4472 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4471 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4470 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4469 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
CVE-2014-4467
RESERVED
-CVE-2014-4466
- RESERVED
-CVE-2014-4465
- RESERVED
+CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
+ TODO: check
+CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before ...)
+ TODO: check
CVE-2014-4464
RESERVED
CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...)
@@ -13914,8 +13987,7 @@
REJECTED
CVE-2014-3798
RESERVED
-CVE-2014-3797
- RESERVED
+CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter Server ...)
NOT-FOR-US: VMware vSphere
CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) ...)
NOT-FOR-US: VMware NSX and vCNS
@@ -14405,8 +14477,7 @@
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619
-CVE-2014-3616 [reuse cached SSL sessions in unrelated contexts]
- RESERVED
+CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ...)
{DSA-3029-1 DLA-55-1}
- nginx 1.6.2-1 (bug #761940)
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
@@ -15680,8 +15751,7 @@
[squeeze] - emacs23 <no-dsa> (Minor issue)
- emacs24 24.3+1-4
NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
-CVE-2014-9091
- RESERVED
+CVE-2014-9091 (Icecast before 2.4.0 does not change the supplementary group ...)
- icecast2 2.4.0-1 (low)
[squeeze] - icecast2 <no-dsa> (Minor issue)
[wheezy] - icecast2 <no-dsa> (Minor issue)
@@ -16068,8 +16138,7 @@
NOT-FOR-US: IBM Rational ClearQuest
CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...)
NOT-FOR-US: Android service KeyStore
-CVE-2014-3099
- RESERVED
+CVE-2014-3099 (Unspecified vulnerability in the Security component in IBM Systems ...)
NOT-FOR-US: IBM Systems Director
CVE-2014-3098
RESERVED
@@ -17359,8 +17428,7 @@
NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and ...)
NOT-FOR-US: HP Software Executive Scorecard
-CVE-2014-2608
- RESERVED
+CVE-2014-2608 (Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 ...)
NOT-FOR-US: HP Smart Update Manager
CVE-2014-2607 (Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 ...)
NOT-FOR-US: HP Operations Manager
@@ -19986,8 +20054,7 @@
{DSA-2867-1}
- otrs2 3.3.4-1 (low)
NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
-CVE-2014-1693
- RESERVED
+CVE-2014-1693 (Multiple CRLF injection vulnerabilities in the FTP module in ...)
- erlang 1:16.b.3.1-dfsg-3 (low; bug #738132)
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - erlang 1:15.b.1-dfsg-4+deb7u1
@@ -20223,52 +20290,43 @@
NOT-FOR-US: i-doit
CVE-2014-1596
RESERVED
-CVE-2014-1595
- RESERVED
+CVE-2014-1595 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and ...)
- iceweasel <not-affected> (Specific to MacOS X)
- icedove <not-affected> (Specific to MacOS X)
-CVE-2014-1594
- RESERVED
+CVE-2014-1594 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird ...)
{DSA-3092-1 DSA-3090-1}
- iceweasel 31.3.0esr-1
- icedove 31.3.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1593
- RESERVED
+CVE-2014-1593 (Stack-based buffer overflow in the mozilla::FileBlockCache::Read ...)
{DSA-3092-1 DSA-3090-1}
- iceweasel 31.3.0esr-1
- icedove 31.3.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1592
- RESERVED
+CVE-2014-1592 (Use-after-free vulnerability in the nsHtml5TreeOperation function in ...)
{DSA-3092-1 DSA-3090-1}
- iceweasel 31.3.0esr-1
- icedove 31.3.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1591
- RESERVED
+CVE-2014-1591 (Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in ...)
- iceweasel <not-affected> (Only affects Firefox 33)
- icedove <not-affected> (Only affects Firefox 33)
-CVE-2014-1590
- RESERVED
+CVE-2014-1590 (The XMLHttpRequest.prototype.send method in Mozilla Firefox before ...)
{DSA-3092-1 DSA-3090-1}
- iceweasel 31.3.0esr-1
- icedove 31.3.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1589
- RESERVED
+CVE-2014-1589 (Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide ...)
- iceweasel <not-affected> (Only affects Firefox 33)
- icedove <not-affected> (Only affects Firefox 33)
-CVE-2014-1588
- RESERVED
+CVE-2014-1588 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 33)
- icedove <not-affected> (Only affects Firefox 33)
-CVE-2014-1587
- RESERVED
+CVE-2014-1587 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-3092-1 DSA-3090-1}
- iceweasel 31.3.0esr-1
- icedove 31.3.0-1
@@ -22690,8 +22748,7 @@
NOT-FOR-US: Adobe Flash Player
CVE-2014-0588 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0587
- RESERVED
+CVE-2014-0587 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0586 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
@@ -22705,8 +22762,7 @@
NOT-FOR-US: Adobe Flash Player
CVE-2014-0581 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0580
- RESERVED
+CVE-2014-0580 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0579
RESERVED
@@ -35951,8 +36007,8 @@
RESERVED
CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
NOT-FOR-US: Catapult DNP3 I/O driver
-CVE-2013-2810
- RESERVED
+CVE-2013-2810 (Emerson Process Management ROC800 RTU with software 3.50 and earlier, ...)
+ TODO: check
CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)
NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information ...)
More information about the Secure-testing-commits
mailing list