[Secure-testing-commits] r30950 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Dec 23 21:10:14 UTC 2014
Author: sectracker
Date: 2014-12-23 21:10:14 +0000 (Tue, 23 Dec 2014)
New Revision: 30950
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-23 20:50:54 UTC (rev 30949)
+++ data/CVE/list 2014-12-23 21:10:14 UTC (rev 30950)
@@ -1,3 +1,459 @@
+CVE-2015-0551
+ RESERVED
+CVE-2015-0550
+ RESERVED
+CVE-2015-0549
+ RESERVED
+CVE-2015-0548
+ RESERVED
+CVE-2015-0547
+ RESERVED
+CVE-2015-0546
+ RESERVED
+CVE-2015-0545
+ RESERVED
+CVE-2015-0544
+ RESERVED
+CVE-2015-0543
+ RESERVED
+CVE-2015-0542
+ RESERVED
+CVE-2015-0541
+ RESERVED
+CVE-2015-0540
+ RESERVED
+CVE-2015-0539
+ RESERVED
+CVE-2015-0538
+ RESERVED
+CVE-2015-0537
+ RESERVED
+CVE-2015-0536
+ RESERVED
+CVE-2015-0535
+ RESERVED
+CVE-2015-0534
+ RESERVED
+CVE-2015-0533
+ RESERVED
+CVE-2015-0532
+ RESERVED
+CVE-2015-0531
+ RESERVED
+CVE-2015-0530
+ RESERVED
+CVE-2015-0529
+ RESERVED
+CVE-2015-0528
+ RESERVED
+CVE-2015-0527
+ RESERVED
+CVE-2015-0526
+ RESERVED
+CVE-2015-0525
+ RESERVED
+CVE-2015-0524
+ RESERVED
+CVE-2015-0523
+ RESERVED
+CVE-2015-0522
+ RESERVED
+CVE-2015-0521
+ RESERVED
+CVE-2015-0520
+ RESERVED
+CVE-2015-0519
+ RESERVED
+CVE-2015-0518
+ RESERVED
+CVE-2015-0517
+ RESERVED
+CVE-2015-0516
+ RESERVED
+CVE-2015-0515
+ RESERVED
+CVE-2015-0514
+ RESERVED
+CVE-2015-0513
+ RESERVED
+CVE-2015-0512
+ RESERVED
+CVE-2015-0511
+ RESERVED
+CVE-2015-0510
+ RESERVED
+CVE-2015-0509
+ RESERVED
+CVE-2015-0508
+ RESERVED
+CVE-2015-0507
+ RESERVED
+CVE-2015-0506
+ RESERVED
+CVE-2015-0505
+ RESERVED
+CVE-2015-0504
+ RESERVED
+CVE-2015-0503
+ RESERVED
+CVE-2015-0502
+ RESERVED
+CVE-2015-0501
+ RESERVED
+CVE-2015-0500
+ RESERVED
+CVE-2015-0499
+ RESERVED
+CVE-2015-0498
+ RESERVED
+CVE-2015-0497
+ RESERVED
+CVE-2015-0496
+ RESERVED
+CVE-2015-0495
+ RESERVED
+CVE-2015-0494
+ RESERVED
+CVE-2015-0493
+ RESERVED
+CVE-2015-0492
+ RESERVED
+CVE-2015-0491
+ RESERVED
+CVE-2015-0490
+ RESERVED
+CVE-2015-0489
+ RESERVED
+CVE-2015-0488
+ RESERVED
+CVE-2015-0487
+ RESERVED
+CVE-2015-0486
+ RESERVED
+CVE-2015-0485
+ RESERVED
+CVE-2015-0484
+ RESERVED
+CVE-2015-0483
+ RESERVED
+CVE-2015-0482
+ RESERVED
+CVE-2015-0481
+ RESERVED
+CVE-2015-0480
+ RESERVED
+CVE-2015-0479
+ RESERVED
+CVE-2015-0478
+ RESERVED
+CVE-2015-0477
+ RESERVED
+CVE-2015-0476
+ RESERVED
+CVE-2015-0475
+ RESERVED
+CVE-2015-0474
+ RESERVED
+CVE-2015-0473
+ RESERVED
+CVE-2015-0472
+ RESERVED
+CVE-2015-0471
+ RESERVED
+CVE-2015-0470
+ RESERVED
+CVE-2015-0469
+ RESERVED
+CVE-2015-0468
+ RESERVED
+CVE-2015-0467
+ RESERVED
+CVE-2015-0466
+ RESERVED
+CVE-2015-0465
+ RESERVED
+CVE-2015-0464
+ RESERVED
+CVE-2015-0463
+ RESERVED
+CVE-2015-0462
+ RESERVED
+CVE-2015-0461
+ RESERVED
+CVE-2015-0460
+ RESERVED
+CVE-2015-0459
+ RESERVED
+CVE-2015-0458
+ RESERVED
+CVE-2015-0457
+ RESERVED
+CVE-2015-0456
+ RESERVED
+CVE-2015-0455
+ RESERVED
+CVE-2015-0454
+ RESERVED
+CVE-2015-0453
+ RESERVED
+CVE-2015-0452
+ RESERVED
+CVE-2015-0451
+ RESERVED
+CVE-2015-0450
+ RESERVED
+CVE-2015-0449
+ RESERVED
+CVE-2015-0448
+ RESERVED
+CVE-2015-0447
+ RESERVED
+CVE-2015-0446
+ RESERVED
+CVE-2015-0445
+ RESERVED
+CVE-2015-0444
+ RESERVED
+CVE-2015-0443
+ RESERVED
+CVE-2015-0442
+ RESERVED
+CVE-2015-0441
+ RESERVED
+CVE-2015-0440
+ RESERVED
+CVE-2015-0439
+ RESERVED
+CVE-2015-0438
+ RESERVED
+CVE-2015-0437
+ RESERVED
+CVE-2015-0436
+ RESERVED
+CVE-2015-0435
+ RESERVED
+CVE-2015-0434
+ RESERVED
+CVE-2015-0433
+ RESERVED
+CVE-2015-0432
+ RESERVED
+CVE-2015-0431
+ RESERVED
+CVE-2015-0430
+ RESERVED
+CVE-2015-0429
+ RESERVED
+CVE-2015-0428
+ RESERVED
+CVE-2015-0427
+ RESERVED
+CVE-2015-0426
+ RESERVED
+CVE-2015-0425
+ RESERVED
+CVE-2015-0424
+ RESERVED
+CVE-2015-0423
+ RESERVED
+CVE-2015-0422
+ RESERVED
+CVE-2015-0421
+ RESERVED
+CVE-2015-0420
+ RESERVED
+CVE-2015-0419
+ RESERVED
+CVE-2015-0418
+ RESERVED
+CVE-2015-0417
+ RESERVED
+CVE-2015-0416
+ RESERVED
+CVE-2015-0415
+ RESERVED
+CVE-2015-0414
+ RESERVED
+CVE-2015-0413
+ RESERVED
+CVE-2015-0412
+ RESERVED
+CVE-2015-0411
+ RESERVED
+CVE-2015-0410
+ RESERVED
+CVE-2015-0409
+ RESERVED
+CVE-2015-0408
+ RESERVED
+CVE-2015-0407
+ RESERVED
+CVE-2015-0406
+ RESERVED
+CVE-2015-0405
+ RESERVED
+CVE-2015-0404
+ RESERVED
+CVE-2015-0403
+ RESERVED
+CVE-2015-0402
+ RESERVED
+CVE-2015-0401
+ RESERVED
+CVE-2015-0400
+ RESERVED
+CVE-2015-0399
+ RESERVED
+CVE-2015-0398
+ RESERVED
+CVE-2015-0397
+ RESERVED
+CVE-2015-0396
+ RESERVED
+CVE-2015-0395
+ RESERVED
+CVE-2015-0394
+ RESERVED
+CVE-2015-0393
+ RESERVED
+CVE-2015-0392
+ RESERVED
+CVE-2015-0391
+ RESERVED
+CVE-2015-0390
+ RESERVED
+CVE-2015-0389
+ RESERVED
+CVE-2015-0388
+ RESERVED
+CVE-2015-0387
+ RESERVED
+CVE-2015-0386
+ RESERVED
+CVE-2015-0385
+ RESERVED
+CVE-2015-0384
+ RESERVED
+CVE-2015-0383
+ RESERVED
+CVE-2015-0382
+ RESERVED
+CVE-2015-0381
+ RESERVED
+CVE-2015-0380
+ RESERVED
+CVE-2015-0379
+ RESERVED
+CVE-2015-0378
+ RESERVED
+CVE-2015-0377
+ RESERVED
+CVE-2015-0376
+ RESERVED
+CVE-2015-0375
+ RESERVED
+CVE-2015-0374
+ RESERVED
+CVE-2015-0373
+ RESERVED
+CVE-2015-0372
+ RESERVED
+CVE-2015-0371
+ RESERVED
+CVE-2015-0370
+ RESERVED
+CVE-2015-0369
+ RESERVED
+CVE-2015-0368
+ RESERVED
+CVE-2015-0367
+ RESERVED
+CVE-2015-0366
+ RESERVED
+CVE-2015-0365
+ RESERVED
+CVE-2015-0364
+ RESERVED
+CVE-2015-0363
+ RESERVED
+CVE-2015-0362
+ RESERVED
+CVE-2015-0361
+ RESERVED
+CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
+ TODO: check
+CVE-2014-9411
+ RESERVED
+CVE-2014-9410
+ RESERVED
+CVE-2014-9409
+ RESERVED
+CVE-2014-9408 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
+ TODO: check
+CVE-2014-9407 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive ...)
+ TODO: check
+CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT ...)
+ TODO: check
+CVE-2014-9405
+ RESERVED
+CVE-2014-9404
+ RESERVED
+CVE-2014-9401
+ RESERVED
+CVE-2014-9400
+ RESERVED
+CVE-2014-9399
+ RESERVED
+CVE-2014-9398
+ RESERVED
+CVE-2014-9397
+ RESERVED
+CVE-2014-9396
+ RESERVED
+CVE-2014-9395
+ RESERVED
+CVE-2014-9394
+ RESERVED
+CVE-2014-9393
+ RESERVED
+CVE-2014-9392
+ RESERVED
+CVE-2014-9391
+ RESERVED
+CVE-2014-9389
+ RESERVED
+CVE-2014-9388 (bug_report.php in MantisBT before 1.2.18 allows remote attackers to ...)
+ TODO: check
+CVE-2014-9387 (SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2014-9386 (Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the ...)
+ TODO: check
+CVE-2014-9385 (Cross-site request forgery (CSRF) vulnerability in Zenoss Core through ...)
+ TODO: check
+CVE-2014-9384
+ RESERVED
+CVE-2014-9383
+ RESERVED
+CVE-2014-9382
+ RESERVED
+CVE-2014-9375
+ RESERVED
+CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet ...)
+ TODO: check
+CVE-2014-9372 (Directory traversal vulnerability in the UploadAccountActivities ...)
+ TODO: check
+CVE-2014-9371 (The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 ...)
+ TODO: check
+CVE-2014-9370
+ RESERVED
+CVE-2014-9369
+ RESERVED
+CVE-2014-9368 (Cross-site request forgery (CSRF) vulnerability in the twitterDash ...)
+ TODO: check
+CVE-2014-9367
+ RESERVED
+CVE-2014-9366
+ RESERVED
CVE-2014-XXXX [Glance v2 API unrestricted path traversal]
- glance <unfixed> (bug #773836)
NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
@@ -23,31 +479,32 @@
NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d
TODO: check
CVE-2014-9390 [arbitrary command execution vulnerability on case-insensitive file systems]
+ RESERVED
- git 1:2.1.4-1
- libgit2 <unfixed>
- jgit <unfixed>
- mercurial <unfixed> (bug #773640)
[wheezy] - mercurial <no-dsa> (Minor issue)
[squeeze] - mercurial <no-dsa> (Minor issue)
-CVE-2014-9376
+CVE-2014-9376 (Integer underflow in Ettercap 8.1 allows remote attackers to cause a ...)
- ettercap 1:0.8.1-3 (bug #773416)
[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
-CVE-2014-9377
+CVE-2014-9377 (Heap-based buffer overflow in the nbns_spoof function in ...)
- ettercap 1:0.8.1-3 (bug #773416)
[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
-CVE-2014-9378
+CVE-2014-9378 (Ettercap 8.1 does not validate certain return values, which allows ...)
- ettercap 1:0.8.1-3 (bug #773416)
[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
-CVE-2014-9379
+CVE-2014-9379 (The radius_get_attribute function in dissectors/ec_radius.c in ...)
- ettercap 1:0.8.1-3 (bug #773416)
[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
-CVE-2014-9380
+CVE-2014-9380 (The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 ...)
- ettercap 1:0.8.1-3 (bug #773416)
NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
-CVE-2014-9381
+CVE-2014-9381 (Integer signedness error in the dissector_cvs function in ...)
- ettercap 1:0.8.1-3 (bug #773416)
NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
-CVE-2014-9403
+CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC ...)
- znc 1.2-4 (bug #744712)
[wheezy] - znc <no-dsa> (Minor issue)
[squeeze] - znc <no-dsa> (Minor issue)
@@ -77,6 +534,7 @@
NOTE: http://bugs.gw.com/view.php?id=398
NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
CVE-2014-9402 [endless loop in getaddr_r]
+ RESERVED
{DLA-122-1}
- glibc <unfixed>
- eglibc <removed>
@@ -99,17 +557,15 @@
NOT-FOR-US: Scalix Web Access
CVE-2014-9359
RESERVED
-CVE-2014-9358 [Path traversal and spoofing opportunities presented through image identifiers]
- RESERVED
+CVE-2014-9358 (Docker before 1.3.3 does not properly validate image IDs, which allows ...)
- docker.io 1.3.3~dfsg1-1 (bug #772909)
-CVE-2014-9357 [Escalation of privileges during decompression of LZMA (.xz) archives]
- RESERVED
+CVE-2014-9357 (Docker 1.3.2 allows remote attackers to execute arbitrary code with ...)
- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9356 [Path traversal during processing of absolute symlinks]
RESERVED
- docker.io 1.3.3~dfsg1-1 (bug #772909)
-CVE-2014-9355
- RESERVED
+CVE-2014-9355 (Puppet Enterprise before 3.7.1 allows remote authenticated users to ...)
+ TODO: check
CVE-2014-9354
RESERVED
CVE-2014-9353
@@ -134,20 +590,20 @@
NOT-FOR-US: Snowfox CMS
CVE-2014-9342 (Cross-site scripting (XSS) vulnerability in the tree view ...)
NOT-FOR-US: F5 BIG-IP
-CVE-2014-9341
- RESERVED
-CVE-2014-9340
- RESERVED
-CVE-2014-9339
- RESERVED
-CVE-2014-9338
- RESERVED
-CVE-2014-9337
- RESERVED
-CVE-2014-9336
- RESERVED
-CVE-2014-9335
- RESERVED
+CVE-2014-9341 (Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ...)
+ TODO: check
+CVE-2014-9340 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-9339 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-9338 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-9337 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-9336 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2014-9334
RESERVED
CVE-2014-9333
@@ -170,13 +626,11 @@
RESERVED
CVE-2014-9325
RESERVED
-CVE-2014-9324
- RESERVED
+CVE-2014-9324 (The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x ...)
- otrs2 3.3.9-3
[squeeze] - otrs2 <not-affected> (Problematic module got introduced later)
NOTE: https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/
-CVE-2014-9322 [x86: local privesc due to bad_iret and paranoid entry incompatibility]
- RESERVED
+CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not ...)
- linux 3.16.7-ckt2-1
[wheezy] - linux 3.2.63-2+deb7u2
- linux-2.6 <removed>
@@ -242,14 +696,13 @@
NOT-FOR-US: Alfreso Community Edition
CVE-2014-9299
RESERVED
-CVE-2014-9374
+CVE-2014-9374 (Double free vulnerability in the WebSocket Server (res_http_websocket ...)
- asterisk <unfixed> (bug #773230)
[wheezy] - asterisk <not-affected> (Web socket code not yet present)
[squeeze] - asterisk <not-affected> (Web socket code not yet present)
NOTE: http://downloads.digium.com/pub/security/AST-2014-019.html
-CVE-2014-9323 [denial of service]
- RESERVED
- {DSA-3109-1}
+CVE-2014-9323 (The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x ...)
+ {DSA-3109-1 DLA-123-1}
- firebird2.5 2.5.3.26778.ds4-5 (bug #772880)
- firebird2.1 <removed>
NOTE: http://sourceforge.net/p/firebird/code/60331
@@ -261,25 +714,21 @@
RESERVED
CVE-2014-9297
RESERVED
-CVE-2014-9296 [receive() missing return on error]
- RESERVED
+CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 ...)
{DSA-3108-1 DLA-116-1}
- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2670 (not yet open)
-CVE-2014-9295 [Multiple buffer overflows via specially-crafted packets]
- RESERVED
+CVE-2014-9295 (Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 ...)
{DSA-3108-1 DLA-116-1}
- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2667 (not yet open)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2668 (not yet open)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2669 (not yet open)
-CVE-2014-9294 [ntp-keygen uses weak random number generator and seed when generating MD5 keys]
- RESERVED
+CVE-2014-9294 (util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak ...)
{DSA-3108-1 DLA-116-1}
- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2666 (not yet open)
-CVE-2014-9293 [automatic generation of weak default key in config_auth()]
- RESERVED
+CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...)
{DSA-3108-1 DLA-116-1}
- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=2665 (not yet open)
@@ -313,8 +762,8 @@
NOT-FOR-US: Samsung SmartViewer
CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ...)
NOT-FOR-US: Samsung SmartViewer
-CVE-2014-9264
- RESERVED
+CVE-2014-9264 (Stack-based buffer overflow in the .NET Data Provider in SAP SQL ...)
+ TODO: check
CVE-2014-9263 (Multiple buffer overflows in the ...)
NOT-FOR-US: 3S Pocketnet Tech VMS
CVE-2014-9262
@@ -325,8 +774,7 @@
RESERVED
CVE-2014-9259
RESERVED
-CVE-2014-9258 [ajax/getDropdownValue.php SQL injection]
- RESERVED
+CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...)
- glpi <unfixed>
NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-9257
@@ -337,27 +785,26 @@
RESERVED
CVE-2014-9254
RESERVED
-CVE-2014-9253 [XSS]
- RESERVED
+CVE-2014-9253 (The default file type whitelist configuration in conf/mime.conf in the ...)
- dokuwiki <unfixed> (bug #773429)
NOTE: https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
NOTE: Advisory: http://security.szurek.pl/dokuwiki-20140929a-xss.html
-CVE-2014-9252
- RESERVED
-CVE-2014-9251
- RESERVED
-CVE-2014-9250
- RESERVED
-CVE-2014-9249
- RESERVED
-CVE-2014-9248
- RESERVED
-CVE-2014-9247
- RESERVED
+CVE-2014-9252 (Zenoss Core through 5 Beta 3 stores cleartext passwords in the session ...)
+ TODO: check
+CVE-2014-9251 (Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, ...)
+ TODO: check
+CVE-2014-9250 (Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a ...)
+ TODO: check
+CVE-2014-9249 (The default configuration of Zenoss Core before 5 allows remote ...)
+ TODO: check
+CVE-2014-9248 (Zenoss Core through 5 Beta 3 does not require complex passwords, which ...)
+ TODO: check
+CVE-2014-9247 (Zenoss Core through 5 Beta 3 allows remote authenticated users to ...)
+ TODO: check
CVE-2014-9246
- RESERVED
-CVE-2014-9245
- RESERVED
+ REJECTED
+CVE-2014-9245 (Zenoss Core through 5 Beta 3 allows remote attackers to obtain ...)
+ TODO: check
CVE-2014-9244
RESERVED
CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker ...)
@@ -464,10 +911,10 @@
RESERVED
CVE-2014-9194
RESERVED
-CVE-2014-9193
- RESERVED
-CVE-2014-9192
- RESERVED
+CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 ...)
+ TODO: check
+CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
+ TODO: check
CVE-2014-9191
RESERVED
CVE-2014-9190
@@ -480,8 +927,8 @@
RESERVED
CVE-2014-9186
RESERVED
-CVE-2014-9185
- RESERVED
+CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 ...)
+ TODO: check
CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...)
NOT-FOR-US: ZTE ZXDSL Modem
CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin ...)
@@ -738,8 +1185,8 @@
RESERVED
CVE-2014-9136
RESERVED
-CVE-2014-9135
- RESERVED
+CVE-2014-9135 (The PackageInstaller module in Huawei P7-L10 smartphones before ...)
+ TODO: check
CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube Wireless ...)
NOT-FOR-US: Huawei Wireless Router
CVE-2014-9133
@@ -771,8 +1218,8 @@
NOT-FOR-US: WordPress plugin db-backup
CVE-2014-9118
RESERVED
-CVE-2014-9115
- RESERVED
+CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in ...)
+ TODO: check
CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 ...)
NOT-FOR-US: PFX Engagement
CVE-2014-9111
@@ -874,8 +1321,8 @@
NOT-FOR-US: Moodle LTI Module
CVE-2014-9058
RESERVED
-CVE-2014-9057
- RESERVED
+CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...)
+ TODO: check
CVE-2014-9056
RESERVED
CVE-2014-9055
@@ -1090,7 +1537,7 @@
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
-CVE-2014-9365 [certificate verification by default for stdlib http clients]
+CVE-2014-9365 (The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ...)
- python2.5 <removed>
[squeeze] - python2.5 <no-dsa> (Too intrusive to backport)
- python2.6 <removed>
@@ -1223,8 +1670,8 @@
NOT-FOR-US: Maarch LetterBox
CVE-2014-8993
RESERVED
-CVE-2014-8992
- RESERVED
+CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...)
- xen 4.4.1-4 (low; bug #770230)
[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
@@ -1891,14 +2338,13 @@
RESERVED
CVE-2014-8968
RESERVED
-CVE-2014-8967
- RESERVED
+CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows ...)
+ TODO: check
CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
NOT-FOR-US: Internet Explorer
CVE-2014-8965
RESERVED
-CVE-2014-8964 [pcre: heap buffer overflow]
- RESERVED
+CVE-2014-8964 (Heap-based buffer overflow in PCRE 8.36 and earlier allows remote ...)
- pcre3 2:8.35-3.3 (bug #770478)
[wheezy] - pcre3 <no-dsa> (Minor issue)
[squeeze] - pcre3 <no-dsa> (Minor issue)
@@ -1938,8 +2384,7 @@
NOTE: to be backported to 3.4
CVE-2014-8957
RESERVED
-CVE-2014-8956
- RESERVED
+CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode driver ...)
NOT-FOR-US: K7 Computing
CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...)
NOT-FOR-US: WordPress plugin clean-and-simple-contact-form-by-meg-nicholas
@@ -2047,20 +2492,20 @@
RESERVED
CVE-2014-8903
RESERVED
-CVE-2014-8902
- RESERVED
-CVE-2014-8901
- RESERVED
+CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM ...)
+ TODO: check
+CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...)
+ TODO: check
CVE-2014-8900
RESERVED
-CVE-2014-8899
- RESERVED
-CVE-2014-8898
- RESERVED
-CVE-2014-8897
- RESERVED
-CVE-2014-8896
- RESERVED
+CVE-2014-8899 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
+ TODO: check
+CVE-2014-8898 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
+ TODO: check
+CVE-2014-8897 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
+ TODO: check
+CVE-2014-8896 (The Collaboration Server in IBM InfoSphere Master Data Management ...)
+ TODO: check
CVE-2014-8895
RESERVED
CVE-2014-8894
@@ -2071,8 +2516,8 @@
RESERVED
CVE-2014-8891
RESERVED
-CVE-2014-8890
- RESERVED
+CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...)
+ TODO: check
CVE-2014-8889
RESERVED
CVE-2014-8888
@@ -2099,8 +2544,7 @@
NOT-FOR-US: CreativeMinds CM Downloads Manager plugin for WordPress
CVE-2014-8876
RESERVED
-CVE-2014-8875
- RESERVED
+CVE-2014-8875 (The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver ...)
NOT-FOR-US: Revive Adserver
CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses ...)
NOT-FOR-US: TYPO3 Extension ke_questionnaire
@@ -2266,8 +2710,7 @@
RESERVED
CVE-2014-8794
RESERVED
-CVE-2014-8793
- RESERVED
+CVE-2014-8793 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Revive Adserver
CVE-2014-8792
RESERVED
@@ -2389,8 +2832,8 @@
RESERVED
CVE-2014-8725
RESERVED
-CVE-2014-8724
- RESERVED
+CVE-2014-8724 (Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin ...)
+ TODO: check
CVE-2014-8723
RESERVED
CVE-2014-8722
@@ -2592,12 +3035,11 @@
RESERVED
CVE-2014-8611
RESERVED
-CVE-2014-8610
- RESERVED
-CVE-2014-8609
- RESERVED
-CVE-2014-8608
- RESERVED
+CVE-2014-8610 (AndroidManifest.xml in Android before 5.0.0 does not require the ...)
+ TODO: check
+CVE-2014-8609 (The addAccount method in ...)
+ TODO: check
+CVE-2014-8608 (The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) ...)
NOT-FOR-US: K7 Computing
CVE-2014-8607
RESERVED
@@ -2817,8 +3259,7 @@
RESERVED
CVE-2014-8555 (Directory traversal vulnerability in report/reportViewAction.jsp in ...)
NOT-FOR-US: Progress Software OpenEdge
-CVE-2014-8553 [information disclosure]
- RESERVED
+CVE-2014-8553 (The mci_account_get_array_by_id function in ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://www.mantisbt.org/bugs/view.php?id=17243 (currently private)
@@ -2895,8 +3336,7 @@
NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6
NOTE: On Debian changing the clock requires authentication, so it's not exploitable
NOTE: in the standard setup
-CVE-2014-8583
- RESERVED
+CVE-2014-8583 (mod_wsgi before 4.2.4 for Apache, when creating a daemon process ...)
- mod-wsgi 4.2.7-1
[wheezy] - mod-wsgi <no-dsa> (Minor issue)
[squeeze] - mod-wsgi <no-dsa> (Minor issue)
@@ -2960,8 +3400,8 @@
NOT-FOR-US: McAfee
CVE-2014-8516
RESERVED
-CVE-2014-8515
- RESERVED
+CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute ...)
+ TODO: check
CVE-2014-8514
RESERVED
CVE-2014-8513
@@ -2976,8 +3416,8 @@
NOT-FOR-US: BitTorrent bootstrap-dht (aka Bootstrap)
CVE-2014-8508 (Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon ...)
NOT-FOR-US: Denon devices
-CVE-2014-8507
- RESERVED
+CVE-2014-8507 (Multiple SQL injection vulnerabilities in the queryLastApp method in ...)
+ TODO: check
CVE-2014-8506 (Multiple SQL injection vulnerabilities in Etiko CMS allow remote ...)
NOT-FOR-US: Etiko CMS
CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
@@ -3079,8 +3519,7 @@
- imagemagick 8:6.8.9.9-1 (bug #764872)
[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
[squeeze] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
-CVE-2014-8489
- RESERVED
+CVE-2014-8489 (Open redirect vulnerability in startSSO.ping in the SP Endpoints in ...)
NOT-FOR-US: PingFederate SP Endpoints
CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
NOT-FOR-US: yourls
@@ -3377,10 +3816,9 @@
NOT-FOR-US: WordPress plugin GB Gallery Slideshow
CVE-2014-8374
RESERVED
-CVE-2014-8373
- RESERVED
-CVE-2014-8372
- RESERVED
+CVE-2014-8373 (The VMware Remote Console (VMRC) function in VMware vCloud Automation ...)
+ TODO: check
+CVE-2014-8372 (AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote ...)
NOT-FOR-US: VMware AirWatch
CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...)
NOT-FOR-US: VMware vSphere
@@ -3448,8 +3886,7 @@
RESERVED
CVE-2014-8341
RESERVED
-CVE-2014-8340
- RESERVED
+CVE-2014-8340 (SQL injection vulnerability in Php/Functions/log_function.php in ...)
NOT-FOR-US: phpTrafficA
CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...)
NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
@@ -3622,8 +4059,7 @@
RESERVED
CVE-2014-8752
RESERVED
-CVE-2014-8751
- RESERVED
+CVE-2014-8751 (Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress ...)
NOT-FOR-US: goYWP WebPress
CVE-2014-8749 (Server-side request forgery (SSRF) vulnerability in ...)
NOT-FOR-US: BulletProof Security plugin for WordPress
@@ -3679,14 +4115,14 @@
RESERVED
CVE-2014-8273
RESERVED
-CVE-2014-8272
- RESERVED
+CVE-2014-8272 (The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 ...)
+ TODO: check
CVE-2014-8271
RESERVED
-CVE-2014-8270
- RESERVED
-CVE-2014-8269
- RESERVED
+CVE-2014-8270 (BMC Track-It! 11.3 allows remote attackers to gain privileges and ...)
+ TODO: check
+CVE-2014-8269 (Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) ...)
+ TODO: check
CVE-2014-8268
RESERVED
CVE-2014-8267
@@ -3727,12 +4163,12 @@
RESERVED
CVE-2014-8249
RESERVED
-CVE-2014-8248
- RESERVED
-CVE-2014-8247
- RESERVED
-CVE-2014-8246
- RESERVED
+CVE-2014-8248 (SQL injection vulnerability in CA Release Automation (formerly iTKO ...)
+ TODO: check
+CVE-2014-8247 (Cross-site scripting (XSS) vulnerability in CA Release Automation ...)
+ TODO: check
+CVE-2014-8246 (Cross-site request forgery (CSRF) vulnerability in CA Release ...)
+ TODO: check
CVE-2014-8245
RESERVED
CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...)
@@ -3929,14 +4365,14 @@
RESERVED
CVE-2014-8145 [two heap-based buffer overflows]
RESERVED
+ {DSA-3112-1}
- sox <unfixed> (bug #773720)
CVE-2014-8144
RESERVED
NOT-FOR-US: doorkeeper OAuth provider
CVE-2014-8143
RESERVED
-CVE-2014-8142 [use after free vulnerability in unserialize()]
- RESERVED
+CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ...)
- php5 <unfixed> (unimportant)
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
@@ -3958,21 +4394,17 @@
RESERVED
{DSA-3106-1 DLA-121-1}
- jasper 1.900.1-debian1-2.3 (bug #773463)
-CVE-2014-8136 [local denial of service in qemu/qemu_driver.c]
- RESERVED
+CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 ...)
- libvirt <unfixed>
NOTE: Upstream commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2bdcd29c713dfedd813c89f56ae98f6f3898313d (v1.2.11-rc2)
-CVE-2014-8135 [local denial of service in storage/storage_driver.c]
- RESERVED
+CVE-2014-8135 (The storageVolUpload function in storage/storage_driver.c in libvirt ...)
- libvirt <unfixed>
NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984 (v1.2.11-rc1)
-CVE-2014-8134 [x86: espfix not working for 32-bit KVM paravirt guests]
- RESERVED
+CVE-2014-8134 (The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://www.spinics.net/lists/kvm/msg111458.html
-CVE-2014-8133 [espfix bypass using set_thread_area]
- RESERVED
+CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=41bdc78544b8a93a9c6814b8bbbfef966272abbe
@@ -4002,8 +4434,7 @@
RESERVED
CVE-2014-8125
RESERVED
-CVE-2014-8124 [Horizon denial of service attack through login page]
- RESERVED
+CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before ...)
- horizon 2014.1.3-6 (bug #772710)
- python-django-openstack-auth 1.1.6-5 (bug #772712)
NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
@@ -4011,24 +4442,20 @@
RESERVED
CVE-2014-8121
RESERVED
-CVE-2014-8120
- RESERVED
+CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...)
NOT-FOR-US: Thermostat Hotspot instrumentation
CVE-2014-8119
RESERVED
-CVE-2014-8118 [integer overflow in CPIO header parsing]
- RESERVED
+CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to ...)
- rpm 4.11.3-1.1 (bug #773101)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1168715
-CVE-2014-8117
- RESERVED
+CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, ...)
- file 1:5.21+15-1 (low; bug #773148)
- php5 <unfixed>
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
NOTE: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
-CVE-2014-8116
- RESERVED
+CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...)
- file 1:5.21+15-1 (low; bug #773148)
- php5 <unfixed>
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
@@ -4052,8 +4479,7 @@
- apache2 2.4.10-9
[wheezy] - apache2 <not-affected> (mod_lua only in 2.4)
[squeeze] - apache2 <not-affected> (mod_lua only in 2.4)
-CVE-2014-8108
- RESERVED
+CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x ...)
- subversion 1.8.10-5 (bug #773315)
[wheezy] - subversion <not-affected> (Introduced in 1.7.0)
[squeeze] - subversion <not-affected> (Introduced in 1.7.0)
@@ -4280,12 +4706,12 @@
RESERVED
CVE-2014-8027
RESERVED
-CVE-2014-8026
- RESERVED
-CVE-2014-8025
- RESERVED
-CVE-2014-8024
- RESERVED
+CVE-2014-8026 (Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco ...)
+ TODO: check
+CVE-2014-8025 (The API in the Guest Server in Cisco Jabber, when HTML5 is used, ...)
+ TODO: check
+CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS ...)
+ TODO: check
CVE-2014-8023
RESERVED
CVE-2014-8022
@@ -4294,22 +4720,22 @@
RESERVED
CVE-2014-8020
RESERVED
-CVE-2014-8019
- RESERVED
-CVE-2014-8018
- RESERVED
-CVE-2014-8017
- RESERVED
-CVE-2014-8016
- RESERVED
-CVE-2014-8015
- RESERVED
-CVE-2014-8014
- RESERVED
+CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
+ TODO: check
+CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice ...)
+ TODO: check
+CVE-2014-8017 (The periodic-backup feature in Cisco Identity Services Engine (ISE) ...)
+ TODO: check
+CVE-2014-8016 (The Cisco IronPort Email Security Appliance (ESA) allows remote ...)
+ TODO: check
+CVE-2014-8015 (The Sponsor Portal in Cisco Identity Services Engine (ISE) allows ...)
+ TODO: check
+CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
+ TODO: check
CVE-2014-8013
RESERVED
-CVE-2014-8012
- RESERVED
+CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login ...)
+ TODO: check
CVE-2014-8011
RESERVED
CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 ...)
@@ -4318,10 +4744,10 @@
NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8008
RESERVED
-CVE-2014-8007
- RESERVED
-CVE-2014-8006
- RESERVED
+CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to read ...)
+ TODO: check
+CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E ...)
+ TODO: check
CVE-2014-8005 (Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier ...)
NOT-FOR-US: Cisco
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
@@ -4500,8 +4926,8 @@
RESERVED
CVE-2014-7912
RESERVED
-CVE-2014-7911
- RESERVED
+CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...)
+ TODO: check
CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 39.0.2171.71-1
[squeeze] - chromium-browser <end-of-life>
@@ -4583,8 +5009,8 @@
RESERVED
CVE-2014-7881
RESERVED
-CVE-2014-7880
- RESERVED
+CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP ...)
+ TODO: check
CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration ...)
NOT-FOR-US: HP-UX
CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
@@ -4669,8 +5095,7 @@
RESERVED
CVE-2014-7853
RESERVED
-CVE-2014-7852
- RESERVED
+CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used ...)
NOT-FOR-US: RichFaces
CVE-2014-7851
RESERVED
@@ -4717,8 +5142,7 @@
- linux 3.16.7-ckt2-1
- linux-2.6 <removed>
NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5)
-CVE-2014-7840 [insufficient parameter validation during ram load]
- RESERVED
+CVE-2014-7840 (The host_from_stream_offset function in arch_init.c in QEMU, when ...)
- qemu 2.1+dfsg-8 (low; bug #769451)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -5888,10 +6312,10 @@
RESERVED
CVE-2014-7287
RESERVED
-CVE-2014-7286
- RESERVED
-CVE-2014-7285
- RESERVED
+CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ...)
+ TODO: check
+CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance ...)
+ TODO: check
CVE-2014-7282
RESERVED
CVE-2014-7281 (Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda ...)
@@ -5947,24 +6371,24 @@
RESERVED
CVE-2014-7269
RESERVED
-CVE-2014-7268
- RESERVED
-CVE-2014-7267
- RESERVED
+CVE-2014-7268 (Cross-site scripting (XSS) vulnerability in the data-export feature in ...)
+ TODO: check
+CVE-2014-7267 (Cross-site scripting (XSS) vulnerability in the output-page generator ...)
+ TODO: check
CVE-2014-7266
RESERVED
-CVE-2014-7265
- RESERVED
-CVE-2014-7264
- RESERVED
-CVE-2014-7263
- RESERVED
-CVE-2014-7262
- RESERVED
-CVE-2014-7261
- RESERVED
-CVE-2014-7260
- RESERVED
+CVE-2014-7265 (Cross-site scripting (XSS) vulnerability in LinPHA allows remote ...)
+ TODO: check
+CVE-2014-7264 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-7263 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...)
+ TODO: check
+CVE-2014-7262 (Cross-site scripting (XSS) vulnerability in the Omake BBS component in ...)
+ TODO: check
+CVE-2014-7261 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...)
+ TODO: check
+CVE-2014-7260 (The Server Side Includes (SSI) implementation in the File Upload BBS ...)
+ TODO: check
CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for ...)
NOT-FOR-US: SQUARE ENIX
CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 ...)
@@ -5983,10 +6407,10 @@
NOT-FOR-US: ARROWS
CVE-2014-7251 (XML external entity (XXE) vulnerability in the WebHMI server in ...)
NOT-FOR-US: Yokogawa
-CVE-2014-7250
- RESERVED
-CVE-2014-7249
- RESERVED
+CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...)
+ TODO: check
+CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, ...)
+ TODO: check
CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...)
NOT-FOR-US: IPA iLogScanner
CVE-2014-7247 (Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; ...)
@@ -6002,8 +6426,8 @@
NOT-FOR-US: LG Routers
CVE-2014-7242
RESERVED
-CVE-2014-7241
- RESERVED
+CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote ...)
+ TODO: check
CVE-2014-7240
RESERVED
CVE-2014-7239
@@ -6069,8 +6493,7 @@
RESERVED
CVE-2014-7209
RESERVED
-CVE-2014-7208 [OS Command Execution]
- RESERVED
+CVE-2014-7208 (GParted before 0.15.0 allows local users to execute arbitrary commands ...)
- gparted 0.16.1-1
CVE-2014-7207 (A certain Debian patch to the IPv6 implementation in the Linux kernel ...)
{DSA-3060-1}
@@ -6208,8 +6631,8 @@
RESERVED
CVE-2014-7171
RESERVED
-CVE-2014-7170
- RESERVED
+CVE-2014-7170 (Race condition in Puppet Server 0.2.0 allows local users to obtain ...)
+ TODO: check
CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a ...)
{DSA-3042-1 DLA-69-1}
- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
@@ -6327,8 +6750,7 @@
NOT-FOR-US: WordPress plugin Google Calendar Events
CVE-2014-7137 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before ...)
- dolibarr 3.5.5+dfsg1-1 (bug #770313)
-CVE-2014-7136
- RESERVED
+CVE-2014-7136 (Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka ...)
NOT-FOR-US: K7 Computing
CVE-2014-7135 (The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for ...)
NOT-FOR-US: Ayuntamiento de Coana (aka com.wInfoCoa) application for Android
@@ -7909,11 +8331,9 @@
RESERVED
CVE-2014-6409 (Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and ...)
NOT-FOR-US: M/Monit
-CVE-2014-6408 [Security options applied to image could lead to container escalation]
- RESERVED
+CVE-2014-6408 (Docker 1.3.0 through 1.3.1 allows remote attackers to modify the ...)
- docker.io 1.3.2~dfsg1-1
-CVE-2014-6407 [Archive extraction allowing host privilege escalation]
- RESERVED
+CVE-2014-6407 (Docker before 1.3.2 allows remote attackers to write to arbitrary ...)
- docker.io 1.3.2~dfsg1-1
CVE-2014-6406
RESERVED
@@ -7935,12 +8355,10 @@
RESERVED
CVE-2014-6397
RESERVED
-CVE-2014-6396
- RESERVED
+CVE-2014-6396 (The dissector_postgresql function in dissectors/ec_postgresql.c in ...)
- ettercap 1:0.8.1-3 (bug #773416)
[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
-CVE-2014-6395
- RESERVED
+CVE-2014-6395 (Heap-based buffer overflow in the dissector_postgresql function in ...)
- ettercap 1:0.8.1-3 (bug #773416)
[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison ...)
@@ -8067,8 +8485,8 @@
RESERVED
CVE-2014-6382
RESERVED
-CVE-2014-6381
- RESERVED
+CVE-2014-6381 (Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, ...)
+ TODO: check
CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, ...)
NOT-FOR-US: Juniper Junos
CVE-2014-6379 (Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, ...)
@@ -8197,8 +8615,7 @@
NOT-FOR-US: Microsoft
CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
NOT-FOR-US: Microsoft
-CVE-2014-6316 [URL redirection issue]
- RESERVED
+CVE-2014-6316 (core/string_api.php in MantisBT before 1.2.18 does not properly ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/e66ecc9f
@@ -8326,24 +8743,24 @@
RESERVED
CVE-2014-6262
RESERVED
-CVE-2014-6261
- RESERVED
-CVE-2014-6260
- RESERVED
-CVE-2014-6259
- RESERVED
-CVE-2014-6258
- RESERVED
-CVE-2014-6257
- RESERVED
-CVE-2014-6256
- RESERVED
-CVE-2014-6255
- RESERVED
-CVE-2014-6254
- RESERVED
-CVE-2014-6253
- RESERVED
+CVE-2014-6261 (Zenoss Core through 5 Beta 3 does not properly implement the Check For ...)
+ TODO: check
+CVE-2014-6260 (Zenoss Core through 5 Beta 3 does not require a password for modifying ...)
+ TODO: check
+CVE-2014-6259 (Zenoss Core through 5 Beta 3 does not properly detect recursion during ...)
+ TODO: check
+CVE-2014-6258 (An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote ...)
+ TODO: check
+CVE-2014-6257 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2014-6256 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2014-6255 (Open redirect vulnerability in the login form in Zenoss Core before ...)
+ TODO: check
+CVE-2014-6254 (Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core ...)
+ TODO: check
+CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...)
+ TODO: check
CVE-2013-7400
RESERVED
NOT-FOR-US: TYPO3 extension direct_mail
@@ -8479,8 +8896,8 @@
RESERVED
CVE-2014-6216
RESERVED
-CVE-2014-6215
- RESERVED
+CVE-2014-6215 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
+ TODO: check
CVE-2014-6214
RESERVED
CVE-2014-6213
@@ -8489,10 +8906,10 @@
RESERVED
CVE-2014-6211
RESERVED
-CVE-2014-6210
- RESERVED
-CVE-2014-6209
- RESERVED
+CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...)
+ TODO: check
+CVE-2014-6209 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...)
+ TODO: check
CVE-2014-6208
RESERVED
CVE-2014-6207
@@ -8523,8 +8940,8 @@
RESERVED
CVE-2014-6194
RESERVED
-CVE-2014-6193
- RESERVED
+CVE-2014-6193 (IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, ...)
+ TODO: check
CVE-2014-6192
RESERVED
CVE-2014-6191
@@ -8545,8 +8962,8 @@
RESERVED
CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before ...)
NOT-FOR-US: IBM Security Network Protection
-CVE-2014-6182
- RESERVED
+CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...)
+ TODO: check
CVE-2014-6181
RESERVED
CVE-2014-6180
@@ -8557,34 +8974,34 @@
RESERVED
CVE-2014-6177
RESERVED
-CVE-2014-6176
- RESERVED
+CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus ...)
+ TODO: check
CVE-2014-6175
RESERVED
-CVE-2014-6174
- RESERVED
-CVE-2014-6173
- RESERVED
+CVE-2014-6174 (IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before ...)
+ TODO: check
+CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in ...)
+ TODO: check
CVE-2014-6172
RESERVED
-CVE-2014-6171
- RESERVED
+CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
+ TODO: check
CVE-2014-6170
RESERVED
CVE-2014-6169
RESERVED
CVE-2014-6168
RESERVED
-CVE-2014-6167
- RESERVED
-CVE-2014-6166
- RESERVED
+CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
+ TODO: check
+CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM WebSphere ...)
+ TODO: check
CVE-2014-6165
RESERVED
-CVE-2014-6164
- RESERVED
-CVE-2014-6163
- RESERVED
+CVE-2014-6164 (IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x ...)
+ TODO: check
+CVE-2014-6163 (Cross-site scripting (XSS) vulnerability on the IBM WebSphere ...)
+ TODO: check
CVE-2014-6162
RESERVED
CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...)
@@ -8619,12 +9036,12 @@
RESERVED
CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...)
NOT-FOR-US: IBM
-CVE-2014-6145
- RESERVED
+CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
+ TODO: check
CVE-2014-6144
RESERVED
-CVE-2014-6143
- RESERVED
+CVE-2014-6143 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
+ TODO: check
CVE-2014-6142
RESERVED
CVE-2014-6141
@@ -8633,14 +9050,14 @@
NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
CVE-2014-6139
RESERVED
-CVE-2014-6138
- RESERVED
+CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
+ TODO: check
CVE-2014-6137
RESERVED
CVE-2014-6136
RESERVED
-CVE-2014-6135
- RESERVED
+CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
+ TODO: check
CVE-2014-6134
RESERVED
CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...)
@@ -8665,14 +9082,14 @@
RESERVED
CVE-2014-6123
RESERVED
-CVE-2014-6122
- RESERVED
-CVE-2014-6121
- RESERVED
+CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
+ TODO: check
+CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
+ TODO: check
CVE-2014-6120
RESERVED
-CVE-2014-6119
- RESERVED
+CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
+ TODO: check
CVE-2014-6118
RESERVED
CVE-2014-6117
@@ -8731,34 +9148,34 @@
NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6090
RESERVED
-CVE-2014-6089
- RESERVED
-CVE-2014-6088
- RESERVED
-CVE-2014-6087
- RESERVED
-CVE-2014-6086
- RESERVED
+CVE-2014-6089 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
+CVE-2014-6088 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
+CVE-2014-6087 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
+CVE-2014-6086 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
CVE-2014-6085
RESERVED
-CVE-2014-6084
- RESERVED
-CVE-2014-6083
- RESERVED
-CVE-2014-6082
- RESERVED
+CVE-2014-6084 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
+CVE-2014-6083 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
+CVE-2014-6082 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
CVE-2014-6081
RESERVED
-CVE-2014-6080
- RESERVED
+CVE-2014-6080 (SQL injection vulnerability in IBM Security Access Manager for Mobile ...)
+ TODO: check
CVE-2014-6079 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
NOT-FOR-US: IBM Security Access Manager
-CVE-2014-6078
- RESERVED
-CVE-2014-6077
- RESERVED
-CVE-2014-6076
- RESERVED
+CVE-2014-6078 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
+CVE-2014-6077 (Cross-site request forgery (CSRF) vulnerability in IBM Security Access ...)
+ TODO: check
+CVE-2014-6076 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
+ TODO: check
CVE-2014-6075 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-6074 (IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated ...)
@@ -8813,13 +9230,11 @@
NOTE: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548 (required for sparc)
NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
-CVE-2014-6053 [Server crash on a very large ClientCutText message]
- RESERVED
+CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
{DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
-CVE-2014-6052 [Lack of malloc() return value checking on client side]
- RESERVED
+CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in ...)
{DSA-3081-1}
- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
@@ -9988,8 +10403,8 @@
RESERVED
CVE-2014-5467
RESERVED
-CVE-2014-5466
- RESERVED
+CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk ...)
+ TODO: check
CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the ...)
NOT-FOR-US: WordPress plugin Download Shortcode
CVE-2014-5463
@@ -10013,14 +10428,12 @@
- nodejs <unfixed> (bug #760385)
CVE-2014-7402 (The SK encar (aka com.encardirect.app) application @7F050000 for ...)
NOT-FOR-US: SK encar (aka com.encardirect.app) application for Android
-CVE-2013-7402
- RESERVED
+CVE-2013-7402 (Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x ...)
{DSA-3101-1}
- c-icap 1:0.3.1-1
NOTE: http://sourceforge.net/p/c-icap/code/1018/
NOTE: http://sourceforge.net/p/c-icap/code/1021
-CVE-2013-7401
- RESERVED
+CVE-2013-7401 (The parse_request function in request.c in c-icap 0.2.x allows remote ...)
{DSA-3101-1}
- c-icap 1:0.3.1-1
NOTE: http://sourceforge.net/p/c-icap/bugs/59/
@@ -10086,11 +10499,9 @@
NOT-FOR-US: MX-SmartTimer
CVE-2014-5439
RESERVED
-CVE-2014-5438
- RESERVED
+CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT ...)
NOT-FOR-US: Arris Touchstone
-CVE-2014-5437
- RESERVED
+CVE-2014-5437 (Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS ...)
NOT-FOR-US: Arris Touchstone
CVE-2014-5436
RESERVED
@@ -10297,22 +10708,20 @@
RESERVED
CVE-2014-5360
RESERVED
-CVE-2014-5359
- RESERVED
+CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service ...)
+ TODO: check
CVE-2014-5358
RESERVED
CVE-2014-5357
RESERVED
CVE-2014-5355
RESERVED
-CVE-2014-5354 [kadmin crashes on keyless principals]
- RESERVED
+CVE-2014-5354 (plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka ...)
- krb5 1.12.1+dfsg-16 (bug #773228)
[wheezy] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
[squeeze] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
NOTE: Upstream commit: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
-CVE-2014-5353 [misused policy name crashes KDC]
- RESERVED
+CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in ...)
- krb5 1.12.1+dfsg-16 (bug #773226)
[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to trigger crash)
NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
@@ -10719,26 +11128,26 @@
RESERVED
CVE-2014-5218
RESERVED
-CVE-2014-5217
- RESERVED
-CVE-2014-5216
- RESERVED
-CVE-2014-5215
- RESERVED
-CVE-2014-5214
- RESERVED
-CVE-2014-5213
- RESERVED
-CVE-2014-5212
- RESERVED
+CVE-2014-5217 (Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc ...)
+ TODO: check
+CVE-2014-5216 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
+ TODO: check
+CVE-2014-5215 (NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote ...)
+ TODO: check
+CVE-2014-5214 (nps/servlet/webacc in iManager in the Administration Console server in ...)
+ TODO: check
+CVE-2014-5213 (nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in ...)
+ TODO: check
+CVE-2014-5212 (Cross-site scripting (XSS) vulnerability in nds/search/data in ...)
+ TODO: check
CVE-2014-5211
RESERVED
CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
NOT-FOR-US: AlienVault OSSIM
CVE-2014-5209
RESERVED
-CVE-2014-5208
- RESERVED
+CVE-2014-5208 (BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS ...)
+ TODO: check
CVE-2014-5202 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
NOT-FOR-US: WordPress plugin compfight
CVE-2014-5201 (SQL injection vulnerability in the Gallery Objects plugin 0.4 for ...)
@@ -11492,8 +11901,8 @@
NOT-FOR-US: WordPress plugin
CVE-2014-4937 (Directory traversal vulnerability in includes/bookx_export.php BookX ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-4936
- RESERVED
+CVE-2014-4936 (The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer ...)
+ TODO: check
CVE-2014-4935
RESERVED
CVE-2014-4934
@@ -11676,8 +12085,8 @@
NOT-FOR-US: WordPress plugin
CVE-2014-4845 (Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-4844
- RESERVED
+CVE-2014-4844 (The import/export functionality in IBM Business Process Manager (BPM) ...)
+ TODO: check
CVE-2014-4843
RESERVED
CVE-2014-4842
@@ -11734,8 +12143,8 @@
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2014-4816 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2014-4815
- RESERVED
+CVE-2014-4815 (Session fixation vulnerability in IBM Rational Lifecycle Integration ...)
+ TODO: check
CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4813
@@ -11762,8 +12171,8 @@
RESERVED
CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...)
NOT-FOR-US: IBM Business Process Manager
-CVE-2014-4801
- RESERVED
+CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
+ TODO: check
CVE-2014-4800
RESERVED
CVE-2014-4799
@@ -12229,8 +12638,7 @@
RESERVED
CVE-2014-4634
RESERVED
-CVE-2014-4633
- RESERVED
+CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC ...)
NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-4632
RESERVED
@@ -12240,13 +12648,12 @@
RESERVED
CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-4628
- RESERVED
+CVE-2014-4628 (Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x ...)
NOT-FOR-US: EMC Isilon InsightIQ
CVE-2014-4627 (SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before ...)
NOT-FOR-US: EMC RSA Web Threat Detection
-CVE-2014-4626
- RESERVED
+CVE-2014-4626 (EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, ...)
+ TODO: check
CVE-2014-4625
RESERVED
CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and ...)
@@ -12924,8 +13331,8 @@
NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-4324
RESERVED
-CVE-2014-4323
- RESERVED
+CVE-2014-4323 (The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP ...)
+ TODO: check
CVE-2014-4322
RESERVED
CVE-2014-4321
@@ -14848,8 +15255,7 @@
RESERVED
CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before ...)
NOT-FOR-US: Apache CXF
-CVE-2014-3583 [mod_proxy_fcgi buffer overread]
- RESERVED
+CVE-2014-3583 (The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ...)
- apache2 2.4.10-8 (low)
[wheezy] - apache2 <no-dsa> (minor issue)
[squeeze] - apache2 <no-dsa> (minor issue)
@@ -14862,8 +15268,7 @@
- apache2 2.4.10-3
[wheezy] - apache2 <not-affected> (Only affects 2.4)
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6
-CVE-2014-3580
- RESERVED
+CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x ...)
{DSA-3107-1 DLA-119-1}
- subversion 1.8.10-5 (bug #773263)
NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
@@ -15545,8 +15950,8 @@
NOT-FOR-US: Juniper Junos Space
CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...)
NOT-FOR-US: Juniper NSM
-CVE-2014-3410
- RESERVED
+CVE-2014-3410 (The syslog-management subsystem in Cisco Adaptive Security Appliance ...)
+ TODO: check
CVE-2014-3409 (The Ethernet Connectivity Fault Management (CFM) handling feature in ...)
NOT-FOR-US: Cisco IOS
CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
@@ -15637,8 +16042,8 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3365
RESERVED
-CVE-2014-3364
- RESERVED
+CVE-2014-3364 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
CVE-2014-3363 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
NOT-FOR-US: Cisco
CVE-2014-3362 (Memory leak in Cisco TelePresence System Edge MXP Series Software ...)
@@ -16465,8 +16870,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2014-3059 (Unspecified vulnerability in the Administrative Console on the IBM ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-3058
- RESERVED
+CVE-2014-3058 (Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere ...)
+ TODO: check
CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3056 (The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and ...)
@@ -16680,7 +17085,7 @@
CVE-2014-2974 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Silver Peak VX
CVE-2014-2973
- RESERVED
+ REJECTED
CVE-2014-2972 (expand.c in Exim before 4.83 expands mathematical comparisons twice, ...)
- exim4 4.82.1-2 (low)
[squeeze] - exim4 <no-dsa> (Minor issue)
@@ -17369,8 +17774,7 @@
NOT-FOR-US: ASUS routers
CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier ...)
NOT-FOR-US: Honeywell FALCON XLWeb controller
-CVE-2014-2716
- RESERVED
+CVE-2014-2716 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
NOT-FOR-US: Ekahau Real-Time Location Tracking System
CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Drupal plugin
@@ -17840,8 +18244,7 @@
NOT-FOR-US: EMC Documentum
CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before ...)
NOT-FOR-US: EMC RSA Archer GRC Platform
-CVE-2014-2516
- RESERVED
+CVE-2014-2516 (Open redirect vulnerability in EMC RSA Authentication Manager 8.x ...)
NOT-FOR-US: EMC RSA Authentication Manager
CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, ...)
NOT-FOR-US: EMC Documentum
@@ -19237,8 +19640,7 @@
NOT-FOR-US: Blue Coat ProxySG
CVE-2014-2028
RESERVED
-CVE-2014-2026
- RESERVED
+CVE-2014-2026 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
NOT-FOR-US: Intrexx
CVE-2014-2025
RESERVED
@@ -20665,8 +21067,7 @@
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE-2014-1570
RESERVED
-CVE-2014-1569
- RESERVED
+CVE-2014-1569 (The definite_length_decoder function in lib/util/quickder.c in Mozilla ...)
- nss <unfixed> (bug #773625)
CVE-2014-1568 (Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...)
{DSA-3037-1 DSA-3034-1 DSA-3033-1 DLA-62-1}
@@ -26855,8 +27256,7 @@
- libvirt 1.2.0-1
[squeeze] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
[wheezy] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
-CVE-2013-6435 [rpm race condition in the installation process]
- RESERVED
+CVE-2013-6435 (Race condition in RPM 4.11.1 and earlier allows remote attackers to ...)
- rpm 4.11.3-1.1 (bug #773101)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039811
CVE-2013-6434 (The remote-viewer in Red Hat Enterprise Virtualization Manager ...)
@@ -31956,8 +32356,7 @@
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1470435
CVE-2013-4443
REJECTED
-CVE-2013-4442 [Silent fallback to insecure entropy]
- RESERVED
+CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated ...)
- pwgen 2.07-1 (unimportant; bug #767008)
NOTE: /dev/random is universally available, if an attacker can create an environment
NOTE: where it's not available that opens a far bigger can of worms
@@ -31965,8 +32364,7 @@
RESERVED
- pwgen <unfixed> (unimportant; bug #726578)
NOTE: pwgen is documented to generate memorable passwords, so this is by design
-CVE-2013-4440 [non-tty passwords are trivially weak by default]
- RESERVED
+CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty ...)
- pwgen 2.07-1 (unimportant; bug #725507)
NOTE: Documented shortcoming
CVE-2013-4439 (Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote ...)
@@ -32094,8 +32492,7 @@
[squeeze] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1015228#c3
-CVE-2013-4399 [unprivileged user can crash libvirtd when ACLs are enabled]
- RESERVED
+CVE-2013-4399 (The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...)
- libvirt 1.1.4-1
[wheezy] - libvirt <not-affected> (Introduced in 1.1.0)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.0)
@@ -105322,7 +105719,7 @@
NOT-FOR-US: IntelliTamper
CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows ...)
NOT-FOR-US: BulletProof FTP Client
-CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 allows ...)
+CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 ...)
NOT-FOR-US: BulletProof FTP Client
CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip ...)
NOT-FOR-US: Page Flip Image Gallery plugin for WordPress
More information about the Secure-testing-commits
mailing list