[Secure-testing-commits] r27555 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Jul 1 21:14:09 UTC 2014
Author: joeyh
Date: 2014-07-01 21:14:09 +0000 (Tue, 01 Jul 2014)
New Revision: 27555
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-01 20:04:32 UTC (rev 27554)
+++ data/CVE/list 2014-07-01 21:14:09 UTC (rev 27555)
@@ -1,3 +1,93 @@
+CVE-2014-4700
+ RESERVED
+CVE-2014-4699
+ RESERVED
+CVE-2014-4698
+ RESERVED
+CVE-2014-4697
+ RESERVED
+CVE-2014-4696
+ RESERVED
+CVE-2014-4695
+ RESERVED
+CVE-2014-4694
+ RESERVED
+CVE-2014-4693
+ RESERVED
+CVE-2014-4692
+ RESERVED
+CVE-2014-4691
+ RESERVED
+CVE-2014-4690
+ RESERVED
+CVE-2014-4689
+ RESERVED
+CVE-2014-4688
+ RESERVED
+CVE-2014-4687
+ RESERVED
+CVE-2014-4686
+ RESERVED
+CVE-2014-4685
+ RESERVED
+CVE-2014-4684
+ RESERVED
+CVE-2014-4683
+ RESERVED
+CVE-2014-4682
+ RESERVED
+CVE-2014-4681
+ RESERVED
+CVE-2014-4680
+ RESERVED
+CVE-2014-4679
+ RESERVED
+CVE-2014-4678
+ RESERVED
+CVE-2014-4677
+ RESERVED
+CVE-2014-4676
+ RESERVED
+CVE-2014-4675
+ RESERVED
+CVE-2014-4674
+ RESERVED
+CVE-2014-4673
+ RESERVED
+CVE-2014-4672
+ RESERVED
+CVE-2014-4671
+ RESERVED
+CVE-2014-4670
+ RESERVED
+CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read ...)
+ TODO: check
+CVE-2014-4666
+ RESERVED
+CVE-2014-4665
+ RESERVED
+CVE-2014-4664
+ RESERVED
+CVE-2014-4663
+ RESERVED
+CVE-2014-4662
+ RESERVED
+CVE-2014-4661
+ RESERVED
+CVE-2014-4651
+ RESERVED
+CVE-2014-4647
+ RESERVED
+CVE-2014-4646
+ RESERVED
+CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link ...)
+ TODO: check
+CVE-2014-4644 (SQL injection vulnerability in superlinks.php in the superlinks plugin ...)
+ TODO: check
+CVE-2014-4643 (Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 ...)
+ TODO: check
+CVE-2012-6649
+ RESERVED
CVE-2014-XXXX [Type Confusion Information Leak]
- php5 5.6.0~rc1+dfsg-2
NOTE: https://bugs.php.net/bug.php?id=67498
@@ -2,21 +92,28 @@
CVE-2014-4668
+ RESERVED
- cherokee <removed> (low)
[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2014-4667 [sctp: sk_ack_backlog wrap-around problem]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee (v3.16-rc1)
CVE-2014-4656
+ RESERVED
- linux 3.14.9-1
- linux-2.6 <removed>
CVE-2014-4655
+ RESERVED
- linux 3.14.9-1
- linux-2.6 <removed>
CVE-2014-4654
+ RESERVED
- linux 3.14.9-1
- linux-2.6 <removed>
CVE-2014-4653
+ RESERVED
- linux 3.14.9-1
- linux-2.6 <removed>
CVE-2014-4652
+ RESERVED
- linux 3.14.9-1 (low)
@@ -29,19 +126,24 @@
NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff0
NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
CVE-2014-4660
+ RESERVED
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
CVE-2014-4659
+ RESERVED
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
CVE-2014-4658
+ RESERVED
- ansible 1.5.5+dfsg-1
NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
CVE-2014-4657
+ RESERVED
- ansible <unfixed>
NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c
NOTE: Invalid fix, maintainer working on this issue
CVE-2014-4650
+ RESERVED
- python2.6 <removed> (low)
[squeeze] - python2.6 <no-dsa> (Minor issue)
[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -54,10 +156,10 @@
- python3.3 <removed> (low)
- python3.4 <unfixed> (low)
NOTE: http://bugs.python.org/issue21766
-CVE-2014-4649
+CVE-2014-4649 (SQL injection vulnerability in the photo-edit subsystem in Piwigo ...)
- piwigo <removed> (low)
[squeeze] - piwigo <no-dsa> (Minor issue)
-CVE-2014-4648
+CVE-2014-4648 (Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact ...)
- piwigo <removed> (low)
[squeeze] - piwigo <no-dsa> (Minor issue)
CVE-2014-4642
@@ -1311,8 +1413,8 @@
NOT-FOR-US: Fiyo CMS
CVE-2014-4031
RESERVED
-CVE-2014-4030
- RESERVED
+CVE-2014-4030 (Cross-site request forgery (CSRF) vulnerability in the JW Player ...)
+ TODO: check
CVE-2014-4029
RESERVED
CVE-2014-4028
@@ -1694,8 +1796,8 @@
NOT-FOR-US: Usermin
CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...)
NOT-FOR-US: WordPress plugin login-rebuilder
-CVE-2014-3881
- RESERVED
+CVE-2014-3881 (Cross-site request forgery (CSRF) vulnerability in Intercom Web ...)
+ TODO: check
CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...)
{DSA-2952-1}
- kfreebsd-8 <removed>
@@ -2674,14 +2776,17 @@
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
CVE-2014-4703 [check_dhcp: Race Condition]
+ RESERVED
- nagios-plugins <unfixed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
NOTE: http://seclists.org/fulldisclosure/2014/Jun/141
CVE-2014-4702 [vulerability in check_icmp]
+ RESERVED
- nagios-plugins <unfixed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2014/May/74
NOTE: check_imcp is not installed with root suid permissions in Debian
CVE-2014-4701 [check_dhcp: arbitray option file read]
+ RESERVED
- nagios-plugins <unfixed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
NOTE: http://seclists.org/fulldisclosure/2014/May/74
@@ -2803,10 +2908,10 @@
RESERVED
CVE-2014-3434
RESERVED
-CVE-2014-3433
- RESERVED
-CVE-2014-3432
- RESERVED
+CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...)
+ TODO: check
+CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in ...)
+ TODO: check
CVE-2014-3431 (Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x ...)
NOT-FOR-US: Symantec PGP Desktop
CVE-2014-3429
@@ -3755,8 +3860,8 @@
NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program ...)
NOT-FOR-US: IBM Curam Social Program Management
-CVE-2014-3011
- RESERVED
+CVE-2014-3011 (IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers ...)
+ TODO: check
CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
NOT-FOR-US: IBM WebSphere
CVE-2014-3009
@@ -4846,11 +4951,9 @@
RESERVED
CVE-2014-2614
RESERVED
-CVE-2014-2613
- RESERVED
+CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
NOT-FOR-US: HP Release Control
-CVE-2014-2612
- RESERVED
+CVE-2014-2612 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
NOT-FOR-US: HP Release Control
CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP ...)
NOT-FOR-US: HP Software Executive Scorecard
@@ -5028,15 +5131,13 @@
RESERVED
CVE-2014-2513
RESERVED
-CVE-2014-2512
- RESERVED
+CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum eRoom
CVE-2014-2511
RESERVED
CVE-2014-2510
RESERVED
-CVE-2014-2509
- RESERVED
+CVE-2014-2509 (Session fixation vulnerability in the Report Advisor (RA) component in ...)
NOT-FOR-US: EMC NCM
CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
NOT-FOR-US: EMC Documentum Content Server
@@ -6403,8 +6504,8 @@
RESERVED
CVE-2014-2007
RESERVED
-CVE-2014-2006
- RESERVED
+CVE-2014-2006 (Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x ...)
+ TODO: check
CVE-2014-2005 (Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) ...)
NOT-FOR-US: Sophos Enterprise Console
CVE-2014-2004 (The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 ...)
@@ -8377,84 +8478,84 @@
RESERVED
CVE-2014-1384
RESERVED
-CVE-2014-1383
- RESERVED
-CVE-2014-1382
- RESERVED
-CVE-2014-1381
- RESERVED
-CVE-2014-1380
- RESERVED
-CVE-2014-1379
- RESERVED
-CVE-2014-1378
- RESERVED
-CVE-2014-1377
- RESERVED
-CVE-2014-1376
- RESERVED
-CVE-2014-1375
- RESERVED
+CVE-2014-1383 (Apple TV before 6.1.2 allows remote authenticated users to bypass an ...)
+ TODO: check
+CVE-2014-1382 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1381 (Thunderbolt in Apple OS X before 10.9.4 does not properly restrict ...)
+ TODO: check
+CVE-2014-1380 (The Security - Keychain component in Apple OS X before 10.9.4 does not ...)
+ TODO: check
+CVE-2014-1379 (Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain ...)
+ TODO: check
+CVE-2014-1378 (IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to ...)
+ TODO: check
+CVE-2014-1377 (Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 ...)
+ TODO: check
+CVE-2014-1376 (Intel Compute in Apple OS X before 10.9.4 does not properly restrict ...)
+ TODO: check
+CVE-2014-1375 (Intel Graphics Driver in Apple OS X before 10.9.4 allows local users ...)
+ TODO: check
CVE-2014-1374
RESERVED
-CVE-2014-1373
- RESERVED
-CVE-2014-1372
- RESERVED
-CVE-2014-1371
- RESERVED
-CVE-2014-1370
- RESERVED
-CVE-2014-1369
- RESERVED
-CVE-2014-1368
- RESERVED
-CVE-2014-1367
- RESERVED
-CVE-2014-1366
- RESERVED
-CVE-2014-1365
- RESERVED
-CVE-2014-1364
- RESERVED
-CVE-2014-1363
- RESERVED
-CVE-2014-1362
- RESERVED
-CVE-2014-1361
- RESERVED
-CVE-2014-1360
- RESERVED
-CVE-2014-1359
- RESERVED
-CVE-2014-1358
- RESERVED
-CVE-2014-1357
- RESERVED
-CVE-2014-1356
- RESERVED
-CVE-2014-1355
- RESERVED
-CVE-2014-1354
- RESERVED
-CVE-2014-1353
- RESERVED
-CVE-2014-1352
- RESERVED
-CVE-2014-1351
- RESERVED
-CVE-2014-1350
- RESERVED
-CVE-2014-1349
- RESERVED
-CVE-2014-1348
- RESERVED
+CVE-2014-1373 (Intel Graphics Driver in Apple OS X before 10.9.4 does not properly ...)
+ TODO: check
+CVE-2014-1372 (Graphics Driver in Apple OS X before 10.9.4 does not properly restrict ...)
+ TODO: check
+CVE-2014-1371 (Array index error in Dock in Apple OS X before 10.9.4 allows attackers ...)
+ TODO: check
+CVE-2014-1370 (The byte-swapping implementation in copyfile in Apple OS X before ...)
+ TODO: check
+CVE-2014-1369 (WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows ...)
+ TODO: check
+CVE-2014-1368 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1367 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1366 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1365 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1364 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1363 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1362 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
+CVE-2014-1361 (Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, ...)
+ TODO: check
+CVE-2014-1360 (Lockdown in Apple iOS before 7.1.2 does not properly verify data from ...)
+ TODO: check
+CVE-2014-1359 (Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X ...)
+ TODO: check
+CVE-2014-1358 (Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X ...)
+ TODO: check
+CVE-2014-1357 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...)
+ TODO: check
+CVE-2014-1356 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...)
+ TODO: check
+CVE-2014-1355 (The IOKit implementation in the kernel in Apple iOS before 7.1.2 and ...)
+ TODO: check
+CVE-2014-1354 (CoreGraphics in Apple iOS before 7.1.2 does not properly restrict ...)
+ TODO: check
+CVE-2014-1353 (Lock Screen in Apple iOS before 7.1.2 does not properly manage the ...)
+ TODO: check
+CVE-2014-1352 (Lock Screen in Apple iOS before 7.1.2 does not properly enforce the ...)
+ TODO: check
+CVE-2014-1351 (Siri in Apple iOS before 7.1.2 allows physically proximate attackers ...)
+ TODO: check
+CVE-2014-1350 (Settings in Apple iOS before 7.1.2 allows physically proximate ...)
+ TODO: check
+CVE-2014-1349 (Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 ...)
+ TODO: check
+CVE-2014-1348 (Mail in Apple iOS before 7.1.2 advertises the availability of data ...)
+ TODO: check
CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for ...)
NOT-FOR-US: Apple iTunes
CVE-2014-1346 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1345
- RESERVED
+CVE-2014-1345 (WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x ...)
+ TODO: check
CVE-2014-1344 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1343 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
@@ -8463,8 +8564,8 @@
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1341 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1340
- RESERVED
+CVE-2014-1340 (WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, ...)
+ TODO: check
CVE-2014-1339 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1338 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
@@ -8493,8 +8594,8 @@
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1326 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1325
- RESERVED
+CVE-2014-1325 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
+ TODO: check
CVE-2014-1324 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1323 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
@@ -8509,8 +8610,8 @@
NOT-FOR-US: Apple
CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not ...)
NOT-FOR-US: Apple
-CVE-2014-1317
- RESERVED
+CVE-2014-1317 (iBooks Commerce in Apple OS X before 10.9.4 places Apple ID ...)
+ TODO: check
CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers ...)
NOT-FOR-US: Apple
CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X ...)
@@ -9056,8 +9157,8 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 ...)
NOT-FOR-US: IBM
-CVE-2014-0891
- RESERVED
+CVE-2014-0891 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...)
+ TODO: check
CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
NOT-FOR-US: IBM Sametime
CVE-2014-0889
@@ -11352,6 +11453,7 @@
CVE-2013-6921
RESERVED
CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in ...)
+ {DSA-2963-1}
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
CVE-2014-0325
RESERVED
@@ -14103,14 +14205,14 @@
RESERVED
CVE-2013-6312 (Unspecified vulnerability in IBM Rational Service Tester 8.3.x and ...)
NOT-FOR-US: IBM
-CVE-2013-6311
- RESERVED
-CVE-2013-6310
- RESERVED
-CVE-2013-6309
- RESERVED
-CVE-2013-6308
- RESERVED
+CVE-2013-6311 (SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 ...)
+ TODO: check
+CVE-2013-6310 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 ...)
+ TODO: check
+CVE-2013-6309 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated ...)
+ TODO: check
+CVE-2013-6308 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated ...)
+ TODO: check
CVE-2013-6307 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-6306
@@ -58811,8 +58913,8 @@
RESERVED
CVE-2011-1382
RESERVED
-CVE-2011-1381
- RESERVED
+CVE-2011-1381 (Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before ...)
+ TODO: check
CVE-2011-1380
RESERVED
CVE-2011-1379
More information about the Secure-testing-commits
mailing list