[Secure-testing-commits] r27637 - data/CVE

Joey Hess joeyh at moszumanska.debian.org
Mon Jul 7 21:14:12 UTC 2014


Author: joeyh
Date: 2014-07-07 21:14:12 +0000 (Mon, 07 Jul 2014)
New Revision: 27637

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-07-07 20:49:16 UTC (rev 27636)
+++ data/CVE/list	2014-07-07 21:14:12 UTC (rev 27637)
@@ -1,3 +1,39 @@
+CVE-2014-4720 (Email::Address module before 1.904 for Perl uses an inefficient ...)
+	TODO: check
+CVE-2014-4719 (Cross-site scripting (XSS) vulnerability in the login panel ...)
+	TODO: check
+CVE-2014-4718 (Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar ...)
+	TODO: check
+CVE-2014-4717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2014-4716 (Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR ...)
+	TODO: check
+CVE-2014-4714
+	RESERVED
+CVE-2014-4713
+	RESERVED
+CVE-2014-4712
+	RESERVED
+CVE-2014-4711
+	RESERVED
+CVE-2014-4710
+	RESERVED
+CVE-2014-4709
+	RESERVED
+CVE-2014-4708
+	RESERVED
+CVE-2014-4707
+	RESERVED
+CVE-2014-4706
+	RESERVED
+CVE-2014-4705
+	RESERVED
+CVE-2014-4704
+	RESERVED
+CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
+	TODO: check
+CVE-2012-6650
+	RESERVED
 CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable]
 	- quassel 0.10.0-2 (low)
 	[wheezy] - quassel <no-dsa> (Minor issue)
@@ -17,7 +53,7 @@
 	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
 	NOTE: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
-CVE-2014-4715 [LZ4_decompress_generic() integer overflow (32-bit arches)]
+CVE-2014-4715 (Yann Collet LZ4 before r119, when used on certain 32-bit platforms ...)
 	- lz4 <unfixed>
 	NOTE: https://code.google.com/p/lz4/issues/detail?id=134
 	NOTE: https://code.google.com/p/lz4/source/detail?r=119
@@ -33,26 +69,26 @@
 	RESERVED
 CVE-2014-4697
 	RESERVED
-CVE-2014-4696
-	RESERVED
-CVE-2014-4695
-	RESERVED
-CVE-2014-4694
-	RESERVED
-CVE-2014-4693
-	RESERVED
-CVE-2014-4692
-	RESERVED
-CVE-2014-4691
-	RESERVED
-CVE-2014-4690
-	RESERVED
-CVE-2014-4689
-	RESERVED
-CVE-2014-4688
-	RESERVED
-CVE-2014-4687
-	RESERVED
+CVE-2014-4696 (Multiple open redirect vulnerabilities in the Suricata package before ...)
+	TODO: check
+CVE-2014-4695 (Multiple open redirect vulnerabilities in the Snort package before ...)
+	TODO: check
+CVE-2014-4694 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4693 (Multiple cross-site scripting (XSS) vulnerabilities in the Snort ...)
+	TODO: check
+CVE-2014-4692 (pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly ...)
+	TODO: check
+CVE-2014-4691 (Session fixation vulnerability in pfSense before 2.1.4 allows remote ...)
+	TODO: check
+CVE-2014-4690 (Multiple directory traversal vulnerabilities in pfSense before 2.1.4 ...)
+	TODO: check
+CVE-2014-4689 (Absolute path traversal vulnerability in pkg_edit.php in pfSense ...)
+	TODO: check
+CVE-2014-4688 (pfSense before 2.1.4 allows remote authenticated users to execute ...)
+	TODO: check
+CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...)
+	TODO: check
 CVE-2014-4686
 	RESERVED
 CVE-2014-4685
@@ -79,8 +115,8 @@
 	RESERVED
 CVE-2014-4673
 	RESERVED
-CVE-2014-4672
-	RESERVED
+CVE-2014-4672 (The CDetailView widget in Yii PHP Framework before 1.1.15 allows ...)
+	TODO: check
 CVE-2014-4671
 	RESERVED
 CVE-2014-4670
@@ -114,41 +150,34 @@
 	NOT-FOR-US: Core FTP client
 CVE-2012-6649
 	RESERVED
-CVE-2014-4721 [Type Confusion Information Leak]
+CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...)
 	- php5 5.6.0~rc1+dfsg-2
 	NOTE: https://bugs.php.net/bug.php?id=67498
 	NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
-CVE-2014-4668
-	RESERVED
+CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in ...)
 	- cherokee <removed> (low)
 	[squeeze] - cherokee <no-dsa> (Minor issue)
-CVE-2014-4667 [sctp: sk_ack_backlog wrap-around problem]
-	RESERVED
+CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the ...)
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee (v3.16-rc1)
-CVE-2014-4656
-	RESERVED
+CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control ...)
 	- linux 3.14.9-1
 	[wheezy] - linux 3.2.60-1
 	- linux-2.6 <removed>
-CVE-2014-4655
-	RESERVED
+CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA ...)
 	- linux 3.14.9-1
 	[wheezy] - linux 3.2.60-1
 	- linux-2.6 <removed>
-CVE-2014-4654
-	RESERVED
+CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA ...)
 	- linux 3.14.9-1
 	[wheezy] - linux 3.2.60-1
 	- linux-2.6 <removed>
-CVE-2014-4653
-	RESERVED
+CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux ...)
 	- linux 3.14.9-1
 	[wheezy] - linux 3.2.60-1
 	- linux-2.6 <removed>
-CVE-2014-4652
-	RESERVED
+CVE-2014-4652 (Race condition in the tlv handler functionality in the ...)
 	- linux 3.14.9-1 (low)
 	[wheezy] - linux 3.2.60-1
 	- linux-2.6 <removed> (low)
@@ -246,8 +275,7 @@
 	RESERVED
 CVE-2014-4612
 	RESERVED
-CVE-2014-4611
-	RESERVED
+CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in Yann ...)
 	- linux <unfixed> (unimportant)
 	[wheezy] - linux <not-affected> (LZ4 support introduced in 3.11)
 	- linux-2.6 <not-affected> (LZ4 support introduced in 3.11)
@@ -261,8 +289,7 @@
 	RESERVED
 	- libav 6:10.2-1
 	NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
-CVE-2014-4608
-	RESERVED
+CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe ...)
 	- linux 3.14.9-1
 	- linux-2.6 <removed> (unimportant)
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
@@ -271,194 +298,194 @@
 	RESERVED
 	- lzo <removed>
 	- lzo2 <unfixed> (bug #752861)
-CVE-2014-4606
-	RESERVED
-CVE-2014-4605
-	RESERVED
-CVE-2014-4604
-	RESERVED
-CVE-2014-4603
-	RESERVED
-CVE-2014-4602
-	RESERVED
-CVE-2014-4601
-	RESERVED
-CVE-2014-4600
-	RESERVED
-CVE-2014-4599
-	RESERVED
-CVE-2014-4598
-	RESERVED
-CVE-2014-4597
-	RESERVED
-CVE-2014-4596
-	RESERVED
-CVE-2014-4595
-	RESERVED
-CVE-2014-4594
-	RESERVED
-CVE-2014-4593
-	RESERVED
+CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php ...)
+	TODO: check
+CVE-2014-4605 (Cross-site scripting (XSS) vulnerability in cal/test.php in the ...)
+	TODO: check
+CVE-2014-4604 (Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in ...)
+	TODO: check
+CVE-2014-4603 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4602 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4601 (Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the ...)
+	TODO: check
+CVE-2014-4600 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4599 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4598 (Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php ...)
+	TODO: check
+CVE-2014-4597 (Cross-site scripting (XSS) vulnerability in test.php in the WP Social ...)
+	TODO: check
+CVE-2014-4596 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4595 (Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful ...)
+	TODO: check
+CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
+	TODO: check
+CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php ...)
+	TODO: check
 CVE-2014-4592
 	RESERVED
-CVE-2014-4591
-	RESERVED
-CVE-2014-4590
-	RESERVED
-CVE-2014-4589
-	RESERVED
-CVE-2014-4588
-	RESERVED
-CVE-2014-4587
-	RESERVED
+CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the ...)
+	TODO: check
+CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP ...)
+	TODO: check
+CVE-2014-4589 (Cross-site scripting (XSS) vulnerability in uploader.php in the WP ...)
+	TODO: check
+CVE-2014-4588 (Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the ...)
+	TODO: check
+CVE-2014-4587 (Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap ...)
+	TODO: check
 CVE-2014-4586
 	RESERVED
-CVE-2014-4585
-	RESERVED
-CVE-2014-4584
-	RESERVED
-CVE-2014-4583
-	RESERVED
-CVE-2014-4582
-	RESERVED
-CVE-2014-4581
-	RESERVED
-CVE-2014-4580
-	RESERVED
-CVE-2014-4579
-	RESERVED
-CVE-2014-4578
-	RESERVED
+CVE-2014-4585 (Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin ...)
+	TODO: check
+CVE-2014-4584 (Cross-site scripting (XSS) vulnerability in admin/editFacility.php in ...)
+	TODO: check
+CVE-2014-4583 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4582 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-4581 (Cross-site scripting (XSS) vulnerability in facture.php in the WPCB ...)
+	TODO: check
+CVE-2014-4580 (Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP ...)
+	TODO: check
+CVE-2014-4579 (Cross-site scripting (XSS) vulnerability in js/test.php in the ...)
+	TODO: check
+CVE-2014-4578 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2014-4577
 	RESERVED
-CVE-2014-4576
-	RESERVED
-CVE-2014-4575
-	RESERVED
-CVE-2014-4574
-	RESERVED
-CVE-2014-4573
-	RESERVED
-CVE-2014-4572
-	RESERVED
-CVE-2014-4571
-	RESERVED
-CVE-2014-4570
-	RESERVED
-CVE-2014-4569
-	RESERVED
-CVE-2014-4568
-	RESERVED
+CVE-2014-4576 (Cross-site scripting (XSS) vulnerability in services/diagnostics.php ...)
+	TODO: check
+CVE-2014-4575 (Cross-site scripting (XSS) vulnerability in js/window.php in the ...)
+	TODO: check
+CVE-2014-4574 (Cross-site scripting (XSS) vulnerability in resize.php in the ...)
+	TODO: check
+CVE-2014-4573 (Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php ...)
+	TODO: check
+CVE-2014-4572 (Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount ...)
+	TODO: check
+CVE-2014-4571 (Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in ...)
+	TODO: check
+CVE-2014-4570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the ...)
+	TODO: check
+CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2014-4567
 	RESERVED
-CVE-2014-4566
-	RESERVED
-CVE-2014-4565
-	RESERVED
-CVE-2014-4564
-	RESERVED
-CVE-2014-4563
-	RESERVED
+CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...)
+	TODO: check
+CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in ...)
+	TODO: check
+CVE-2014-4564 (Cross-site scripting (XSS) vulnerability in check.php in the Validated ...)
+	TODO: check
+CVE-2014-4563 (Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak & ...)
+	TODO: check
 CVE-2014-4562
 	RESERVED
 CVE-2014-4561
 	RESERVED
-CVE-2014-4560
-	RESERVED
+CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in ...)
+	TODO: check
 CVE-2014-4559
 	RESERVED
 CVE-2014-4558
 	RESERVED
-CVE-2014-4557
-	RESERVED
-CVE-2014-4556
-	RESERVED
-CVE-2014-4555
-	RESERVED
-CVE-2014-4554
-	RESERVED
+CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the ...)
+	TODO: check
+CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the ...)
+	TODO: check
+CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the ...)
+	TODO: check
+CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in templates/download.php in ...)
+	TODO: check
 CVE-2014-4553
 	RESERVED
-CVE-2014-4552
-	RESERVED
-CVE-2014-4551
-	RESERVED
+CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in ...)
+	TODO: check
 CVE-2014-4550
 	RESERVED
-CVE-2014-4549
-	RESERVED
+CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2014-4548
 	RESERVED
-CVE-2014-4547
-	RESERVED
-CVE-2014-4546
-	RESERVED
-CVE-2014-4545
-	RESERVED
+CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...)
+	TODO: check
+CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php ...)
+	TODO: check
 CVE-2014-4544
 	RESERVED
-CVE-2014-4543
-	RESERVED
-CVE-2014-4542
-	RESERVED
-CVE-2014-4541
-	RESERVED
-CVE-2014-4540
-	RESERVED
+CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl ...)
+	TODO: check
+CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2014-4539
 	RESERVED
-CVE-2014-4538
-	RESERVED
-CVE-2014-4537
-	RESERVED
+CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...)
+	TODO: check
+CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the ...)
+	TODO: check
 CVE-2014-4536
 	RESERVED
 CVE-2014-4535
 	RESERVED
-CVE-2014-4534
-	RESERVED
-CVE-2014-4533
-	RESERVED
-CVE-2014-4532
-	RESERVED
-CVE-2014-4531
-	RESERVED
+CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php in the ...)
+	TODO: check
+CVE-2014-4532 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in the Game ...)
+	TODO: check
 CVE-2014-4530
 	RESERVED
-CVE-2014-4529
-	RESERVED
-CVE-2014-4528
-	RESERVED
-CVE-2014-4527
-	RESERVED
-CVE-2014-4526
-	RESERVED
+CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in the ...)
+	TODO: check
+CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...)
+	TODO: check
 CVE-2014-4525
 	RESERVED
-CVE-2014-4524
-	RESERVED
+CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2014-4523
 	RESERVED
-CVE-2014-4522
-	RESERVED
-CVE-2014-4521
-	RESERVED
-CVE-2014-4520
-	RESERVED
+CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the ...)
+	TODO: check
+CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the ...)
+	TODO: check
+CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA ...)
+	TODO: check
 CVE-2014-4519
 	RESERVED
-CVE-2014-4518
-	RESERVED
+CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the ...)
+	TODO: check
 CVE-2014-4517
 	RESERVED
-CVE-2014-4516
-	RESERVED
-CVE-2014-4515
-	RESERVED
+CVE-2014-4516 (Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php ...)
+	TODO: check
+CVE-2014-4515 (Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in ...)
+	TODO: check
 CVE-2014-4514
 	RESERVED
-CVE-2014-4513
-	RESERVED
+CVE-2014-4513 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2014-4512
 	RESERVED
 CVE-2014-4511
@@ -494,8 +521,7 @@
 	- neutron <unfixed>
 	- ceilometer <unfixed>
 	- python-pycadf 0.5.1-1
-CVE-2014-4614
-	RESERVED
+CVE-2014-4614 (Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo ...)
 	- piwigo <removed> (low)
 	[squeeze] - piwigo <no-dsa> (Minor issue)
 CVE-2014-4613
@@ -1128,8 +1154,8 @@
 	RESERVED
 CVE-2014-4196
 	RESERVED
-CVE-2014-4195
-	RESERVED
+CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in ...)
+	TODO: check
 CVE-2014-4194
 	RESERVED
 CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable]
@@ -1476,8 +1502,7 @@
 CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows ...)
 	NOT-FOR-US: www.jzip.com
 	NOTE: This is the jzip Z-code interpreter in Debian.
-CVE-2014-4168 [authentication bypass]
-	RESERVED
+CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote ...)
 	{DSA-2964-1}
 	- iodine 0.6.0~rc1-19 (bug #751834)
 	[squeeze] - iodine 0.6.0~rc1-2+deb6u1
@@ -1555,8 +1580,7 @@
 	NOT-FOR-US: SAP
 CVE-2014-4003 (The System Landscape Directory (SLD) in SAP NetWeaver allows remote ...)
 	NOT-FOR-US: SAP
-CVE-2014-4002 [Cross-Site Scripting]
-	RESERVED
+CVE-2014-4002 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...)
 	{DSA-2970-1}
 	- cacti 0.8.8b+dfsg-6 (bug #752573)
 	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573)
@@ -1752,8 +1776,8 @@
 	- linux-2.6 <not-affected> (Only exploitable in 3.12 and later)
 CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux ...)
 	- sosreport <not-affected> (RedHat-specific issue)
-CVE-2014-3920
-	RESERVED
+CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before ...)
+	TODO: check
 CVE-2014-3919
 	RESERVED
 CVE-2014-3918
@@ -1815,10 +1839,10 @@
 	RESERVED
 CVE-2014-3891
 	RESERVED
-CVE-2014-3890
-	RESERVED
-CVE-2014-3889
-	RESERVED
+CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
+	TODO: check
+CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
+	TODO: check
 CVE-2014-3888
 	RESERVED
 CVE-2014-3887
@@ -1889,8 +1913,8 @@
 	NOTE: https://kb.isc.org/article/AA-01166
 CVE-2014-3858
 	RESERVED
-CVE-2014-3857
-	RESERVED
+CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control Statistics in ...)
+	TODO: check
 CVE-2014-3856
 	RESERVED
 	- fish <unfixed> (low; bug #746259)
@@ -2176,8 +2200,7 @@
 	RESERVED
 CVE-2014-3740
 	RESERVED
-CVE-2014-3737
-	RESERVED
+CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Storesprite
 CVE-2014-3736
 	RESERVED
@@ -2565,8 +2588,7 @@
 	NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
 CVE-2014-3539
 	RESERVED
-CVE-2014-3538 [Incomplete fix for CVE-2013-7345]
-	RESERVED
+CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read ...)
 	- file 1:5.19-1
 	NOTE: fix relies on the new feature that introduced regex/<length> syntax, might be too intrusive for backporting.
 CVE-2014-3537
@@ -2663,8 +2685,7 @@
 	- docker.io <not-affected> (RHEL specific, socket based activation not shipped)
 CVE-2014-3498
 	RESERVED
-CVE-2014-3497 [XSS in Swift requests through WWW-Authenticate header]
-	RESERVED
+CVE-2014-3497 (Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 ...)
 	- swift 1.13.1-1 (bug #752087)
 	[wheezy] - swift <not-affected> (Only affects 1.11.0 to 1.13.1)
 CVE-2014-3496 (cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 ...)
@@ -2674,8 +2695,7 @@
 	- duplicity <unfixed> (low; bug #751902)
 	[wheezy] - duplicity <no-dsa> (Minor issue)
 	[squeeze] - duplicity <no-dsa> (Minor issue)
-CVE-2014-3494 [KMail/KIO POP3 SSL MITM Flaw]
-	RESERVED
+CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs ...)
 	- kde4libs <unfixed> (bug #752052)
 	[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
 	[squeeze] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
@@ -2686,10 +2706,9 @@
 	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
 	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
 	NOTE: https://www.samba.org/samba/security/CVE-2014-3493
-CVE-2014-3492
-	RESERVED
-CVE-2014-3491
-	RESERVED
+CVE-2014-3492 (Multiple cross-site scripting (XSS) vulnerabilities in the host YAML ...)
+	TODO: check
+CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and ...)
 	- foreman <itp> (bug #663101)
 	NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881
 CVE-2014-3490
@@ -2716,8 +2735,7 @@
 CVE-2014-3484 [stack-based buffer overflow]
 	RESERVED
 	- musl <unfixed> (bug #750815)
-CVE-2014-3483 [SQL Injection Vulnerability in 'range' quoting]
-	RESERVED
+CVE-2014-3483 (SQL injection vulnerability in ...)
 	- ruby-activerecord-2.3 <removed>
 	- ruby-activerecord-3.2 <removed>
 	- rails <unfixed>
@@ -2725,8 +2743,7 @@
 	- rails-3.2 <unfixed>
 	- rails-4.0 <unfixed>
 	TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
-CVE-2014-3482 [SQL Injection Vulnerability in 'bitstring' quoting]
-	RESERVED
+CVE-2014-3482 (SQL injection vulnerability in ...)
 	- ruby-activerecord-2.3 <removed>
 	- ruby-activerecord-3.2 <removed>
 	- rails <unfixed>
@@ -2755,8 +2772,7 @@
 	NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
 	- php5 5.6.0~rc1+dfsg-1
 	NOTE: http://bugs.php.net/bug.php?id=67410
-CVE-2014-3477
-	RESERVED
+CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...)
 	{DSA-2971-1}
 	- dbus 1.8.4-1 (low)
 	[squeeze] - dbus <no-dsa> (Minor issue)
@@ -3210,11 +3226,10 @@
 	RESERVED
 CVE-2014-3309
 	RESERVED
-CVE-2014-3308
-	RESERVED
+CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static ...)
 	NOT-FOR-US: Cisco IOS XR
-CVE-2014-3307
-	RESERVED
+CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on ...)
+	TODO: check
 CVE-2014-3306
 	RESERVED
 CVE-2014-3305
@@ -3227,15 +3242,14 @@
 	RESERVED
 CVE-2014-3301
 	RESERVED
-CVE-2014-3300
-	RESERVED
+CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
 CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial of ...)
 	NOT-FOR-US: Cisco IOS
-CVE-2014-3298
-	RESERVED
-CVE-2014-3297
-	RESERVED
+CVE-2014-3298 (Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco ...)
+	TODO: check
+CVE-2014-3297 (Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not ...)
+	TODO: check
 CVE-2014-3296 (The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server ...)
 	NOT-FOR-US: Cisco WebEx
 CVE-2014-3295 (The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows ...)
@@ -3632,8 +3646,8 @@
 	RESERVED
 CVE-2014-3150
 	RESERVED
-CVE-2014-3149
-	RESERVED
+CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
+	TODO: check
 CVE-2014-3148
 	RESERVED
 CVE-2014-3147
@@ -3727,8 +3741,8 @@
 CVE-2014-3114
 	RESERVED
 	NOT-FOR-US: WordPress plugin ezpz-one-click-backup
-CVE-2014-3113
-	RESERVED
+CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 ...)
+	TODO: check
 CVE-2014-3112
 	RESERVED
 CVE-2014-3110
@@ -3751,8 +3765,8 @@
 	RESERVED
 CVE-2014-3101
 	RESERVED
-CVE-2014-3100
-	RESERVED
+CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...)
+	TODO: check
 CVE-2014-3099
 	RESERVED
 CVE-2014-3098
@@ -3775,8 +3789,8 @@
 	RESERVED
 CVE-2014-3089
 	RESERVED
-CVE-2014-3088
-	RESERVED
+CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client ...)
+	TODO: check
 CVE-2014-3087
 	RESERVED
 CVE-2014-3086
@@ -3803,8 +3817,8 @@
 	RESERVED
 CVE-2014-3075
 	RESERVED
-CVE-2014-3074
-	RESERVED
+CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local ...)
+	TODO: check
 CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for ...)
 	NOT-FOR-US: Novell Identity Manager
 CVE-2014-3072
@@ -3819,8 +3833,8 @@
 	RESERVED
 CVE-2014-3067
 	RESERVED
-CVE-2014-3066
-	RESERVED
+CVE-2014-3066 (IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote ...)
+	TODO: check
 CVE-2014-3065
 	RESERVED
 CVE-2014-3064
@@ -4054,16 +4068,16 @@
 	RESERVED
 CVE-2014-2970
 	RESERVED
-CVE-2014-2969
-	RESERVED
+CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a ...)
+	TODO: check
 CVE-2014-2968
 	RESERVED
-CVE-2014-2967
-	RESERVED
+CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers ...)
+	TODO: check
 CVE-2014-2966
 	RESERVED
-CVE-2014-2965
-	RESERVED
+CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php in ...)
+	TODO: check
 CVE-2014-2964
 	RESERVED
 CVE-2014-2963
@@ -5014,17 +5028,13 @@
 	RESERVED
 CVE-2014-2618
 	RESERVED
-CVE-2014-2617
-	RESERVED
+CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
 	NOT-FOR-US: HP Universal CMDB
-CVE-2014-2616
-	RESERVED
+CVE-2014-2616 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
 	NOT-FOR-US: HP Universal CMDB
-CVE-2014-2615
-	RESERVED
+CVE-2014-2615 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
 	NOT-FOR-US: HP Universal CMDB
-CVE-2014-2614
-	RESERVED
+CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and ...)
 	NOT-FOR-US: HP SiteScope
 CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
 	NOT-FOR-US: HP Release Control 
@@ -6078,11 +6088,9 @@
 	NOT-FOR-US: Cisco
 CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, ...)
 	NOT-FOR-US: Cisco WebEx
-CVE-2014-2198
-	RESERVED
+CVE-2014-2198 (Cisco Unified Communications Domain Manager (CDM) in Unified CDM ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
-CVE-2014-2197
-	RESERVED
+CVE-2014-2197 (The Administration GUI in the web framework in Cisco Unified ...)
 	NOT-FOR-US: Cisco Unified Communications Domain Manager
 CVE-2014-2196 (Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when ...)
 	NOT-FOR-US: Cisco Wide Area Application Services
@@ -9237,8 +9245,8 @@
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
 	NOT-FOR-US: IBM SPSS
-CVE-2014-0894
-	RESERVED
+CVE-2014-0894 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
+	TODO: check
 CVE-2014-0893 (Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM ...)
 	NOT-FOR-US: IBM Maximo Asset Management
 CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 ...)
@@ -9275,38 +9283,38 @@
 	RESERVED
 CVE-2014-0876
 	RESERVED
-CVE-2014-0875
-	RESERVED
+CVE-2014-0875 (Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 ...)
+	TODO: check
 CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x ...)
 	NOT-FOR-US: IBM Content Navigator
 CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
 	NOT-FOR-US: IBM InfoSphere
 CVE-2014-0872
 	RESERVED
-CVE-2014-0871
-	RESERVED
-CVE-2014-0870
-	RESERVED
-CVE-2014-0869
-	RESERVED
-CVE-2014-0868
-	RESERVED
-CVE-2014-0867
-	RESERVED
-CVE-2014-0866
-	RESERVED
-CVE-2014-0865
-	RESERVED
-CVE-2014-0864
-	RESERVED
+CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
+	TODO: check
+CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM ...)
+	TODO: check
+CVE-2014-0869 (The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) ...)
+	TODO: check
+CVE-2014-0868 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
+	TODO: check
+CVE-2014-0867 (rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ...)
+	TODO: check
+CVE-2014-0866 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
+	TODO: check
+CVE-2014-0865 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
+	TODO: check
+CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in Executer ...)
+	TODO: check
 CVE-2014-0863
 	RESERVED
 CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational ...)
 	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
 CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
 	NOT-FOR-US: IBM Cognos Business Intelligence
-CVE-2014-0860
-	RESERVED
+CVE-2014-0860 (The firmware before 3.66E in IBM BladeCenter Advanced Management ...)
+	TODO: check
 CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS) 7.x ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote ...)
@@ -9942,8 +9950,8 @@
 	RESERVED
 CVE-2014-0603
 	RESERVED
-CVE-2014-0602
-	RESERVED
+CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in the ...)
+	TODO: check
 CVE-2014-0601
 	RESERVED
 CVE-2014-0600
@@ -10313,8 +10321,7 @@
 	{DSA-2958-1}
 	- apt 1.0.4 (bug #749795)
 	[squeeze] - apt 0.8.10.3+squeeze2
-CVE-2014-0477 [DoS in Email::Address::parse]
-	RESERVED
+CVE-2014-0477 (The parse function in Email::Address module before 1.905 for Perl uses ...)
 	{DSA-2969-1}
 	- libemail-address-perl 1.905-1
 	[squeeze] - libemail-address-perl 1.889-2+deb6u1
@@ -11542,8 +11549,8 @@
 CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in ...)
 	{DSA-2963-1}
 	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
-CVE-2014-0325
-	RESERVED
+CVE-2014-0325 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
+	TODO: check
 CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
@@ -11703,8 +11710,7 @@
 CVE-2014-0248
 	RESERVED
 	NOT-FOR-US: JBoss Seam
-CVE-2014-0247
-	RESERVED
+CVE-2014-0247 (LibreOffice 4.2.4 executes unspecified VBA macros automatically, which ...)
 	- libreoffice 1:4.2.5-1
 	[wheezy] - libreoffice <not-affected> (vulnerable code not present)
 CVE-2014-0246 (SOSreport stores the md5 hash of the GRUB bootloader password in an ...)
@@ -11762,7 +11768,8 @@
 	[wheezy] - php5 <not-affected> (Vulnerable code not present)
 	[squeeze] - php5 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.php.net/bug.php?id=67329
-CVE-2014-0235 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+CVE-2014-0235
+	REJECTED
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2014-0234
 	RESERVED
@@ -16511,8 +16518,8 @@
 	NOT-FOR-US: IBM WebSphere
 CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass ...)
 	NOT-FOR-US: IBM Flex System Manager
-CVE-2013-5423
-	RESERVED
+CVE-2013-5423 (IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows ...)
+	TODO: check
 CVE-2013-5422 (The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, ...)
 	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2013-5421 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
@@ -20394,8 +20401,8 @@
 	NOT-FOR-US: IBM
 CVE-2013-3994
 	RESERVED
-CVE-2013-3993
-	RESERVED
+CVE-2013-3993 (IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated ...)
+	TODO: check
 CVE-2013-3992 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
 	NOT-FOR-US: IBM
 CVE-2013-3991
@@ -21135,12 +21142,12 @@
 	NOT-FOR-US: LG Hidden Menu
 CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT ...)
 	NOT-FOR-US: AutoCAD
-CVE-2013-3664
-	RESERVED
+CVE-2013-3664 (Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) ...)
+	TODO: check
 CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
 	NOT-FOR-US: Trimble SketchUp
-CVE-2013-3662
-	RESERVED
+CVE-2013-3662 (Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 ...)
+	TODO: check
 CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode ...)
@@ -22593,8 +22600,8 @@
 	NOT-FOR-US: IBM JDK
 CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, ...)
 	NOT-FOR-US: TFTP client in IBM AIX
-CVE-2013-3004
-	RESERVED
+CVE-2013-3004 (Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli ...)
+	TODO: check
 CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite ...)
 	NOT-FOR-US: IBM
 CVE-2013-3002




More information about the Secure-testing-commits mailing list