[Secure-testing-commits] r27743 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Jul 16 21:14:11 UTC 2014
Author: joeyh
Date: 2014-07-16 21:14:11 +0000 (Wed, 16 Jul 2014)
New Revision: 27743
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-16 20:49:34 UTC (rev 27742)
+++ data/CVE/list 2014-07-16 21:14:11 UTC (rev 27743)
@@ -1,3 +1,492 @@
+CVE-2014-4975
+ RESERVED
+CVE-2014-4974
+ RESERVED
+CVE-2014-4973
+ RESERVED
+CVE-2014-4972
+ RESERVED
+CVE-2014-4971
+ RESERVED
+CVE-2014-4970
+ RESERVED
+CVE-2014-4969
+ RESERVED
+CVE-2014-4968
+ RESERVED
+CVE-2014-4967
+ RESERVED
+CVE-2014-4966
+ RESERVED
+CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopize 1.1.5 ...)
+ TODO: check
+CVE-2014-4964 (Multiple cross-site request forgery (CSRF) vulnerabilities in Shopize ...)
+ TODO: check
+CVE-2014-4963 (Shopizer 1.1.5 and earlier allows remote attackers to modify the ...)
+ TODO: check
+CVE-2014-4962 (Shopizer 1.1.5 and earlier allows remote attackers to reduce the total ...)
+ TODO: check
+CVE-2014-4961
+ RESERVED
+CVE-2014-4960
+ RESERVED
+CVE-2014-4959
+ RESERVED
+CVE-2014-4958
+ RESERVED
+CVE-2014-4957
+ RESERVED
+CVE-2014-4956
+ RESERVED
+CVE-2014-4955
+ RESERVED
+CVE-2014-4954
+ RESERVED
+CVE-2014-4953
+ RESERVED
+CVE-2014-4952
+ RESERVED
+CVE-2014-4951
+ RESERVED
+CVE-2014-4950
+ RESERVED
+CVE-2014-4949
+ RESERVED
+CVE-2014-4948
+ RESERVED
+CVE-2014-4947
+ RESERVED
+CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
+ TODO: check
+CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
+ TODO: check
+CVE-2014-4944 (Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in ...)
+ TODO: check
+CVE-2014-4943
+ RESERVED
+CVE-2014-4942 (The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows ...)
+ TODO: check
+CVE-2014-4941 (Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) ...)
+ TODO: check
+CVE-2014-4940 (Multiple directory traversal vulnerabilities in Tera Charts ...)
+ TODO: check
+CVE-2014-4939 (SQL injection vulnerability in the ENL Newsletter (enl-newsletter) ...)
+ TODO: check
+CVE-2014-4938 (SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) ...)
+ TODO: check
+CVE-2014-4937 (Directory traversal vulnerability in includes/bookx_export.php BookX ...)
+ TODO: check
+CVE-2014-4936
+ RESERVED
+CVE-2014-4935
+ RESERVED
+CVE-2014-4934
+ RESERVED
+CVE-2014-4933
+ RESERVED
+CVE-2014-4932
+ RESERVED
+CVE-2014-4931
+ RESERVED
+CVE-2014-4930
+ RESERVED
+CVE-2014-4929
+ RESERVED
+CVE-2014-4928
+ RESERVED
+CVE-2014-4927
+ RESERVED
+CVE-2014-4926
+ RESERVED
+CVE-2014-4925
+ RESERVED
+CVE-2014-4924
+ RESERVED
+CVE-2014-4923
+ RESERVED
+CVE-2014-4922
+ RESERVED
+CVE-2014-4921
+ RESERVED
+CVE-2014-4920
+ RESERVED
+CVE-2014-4919
+ RESERVED
+CVE-2014-4918
+ RESERVED
+CVE-2014-4917
+ RESERVED
+CVE-2014-4916
+ RESERVED
+CVE-2014-4915
+ RESERVED
+CVE-2014-4912
+ RESERVED
+CVE-2014-4906
+ RESERVED
+CVE-2014-4905
+ RESERVED
+CVE-2014-4904
+ RESERVED
+CVE-2014-4903
+ RESERVED
+CVE-2014-4902
+ RESERVED
+CVE-2014-4901
+ RESERVED
+CVE-2014-4900
+ RESERVED
+CVE-2014-4899
+ RESERVED
+CVE-2014-4898
+ RESERVED
+CVE-2014-4897
+ RESERVED
+CVE-2014-4896
+ RESERVED
+CVE-2014-4895
+ RESERVED
+CVE-2014-4894
+ RESERVED
+CVE-2014-4893
+ RESERVED
+CVE-2014-4892
+ RESERVED
+CVE-2014-4891
+ RESERVED
+CVE-2014-4890
+ RESERVED
+CVE-2014-4889
+ RESERVED
+CVE-2014-4888
+ RESERVED
+CVE-2014-4887
+ RESERVED
+CVE-2014-4886
+ RESERVED
+CVE-2014-4885
+ RESERVED
+CVE-2014-4884
+ RESERVED
+CVE-2014-4883
+ RESERVED
+CVE-2014-4882
+ RESERVED
+CVE-2014-4881
+ RESERVED
+CVE-2014-4880
+ RESERVED
+CVE-2014-4879
+ RESERVED
+CVE-2014-4878
+ RESERVED
+CVE-2014-4877
+ RESERVED
+CVE-2014-4876
+ RESERVED
+CVE-2014-4875
+ RESERVED
+CVE-2014-4874
+ RESERVED
+CVE-2014-4873
+ RESERVED
+CVE-2014-4872
+ RESERVED
+CVE-2014-4871
+ RESERVED
+CVE-2014-4870
+ RESERVED
+CVE-2014-4869
+ RESERVED
+CVE-2014-4868
+ RESERVED
+CVE-2014-4867
+ RESERVED
+CVE-2014-4866
+ RESERVED
+CVE-2014-4865
+ RESERVED
+CVE-2014-4864
+ RESERVED
+CVE-2014-4863
+ RESERVED
+CVE-2014-4862
+ RESERVED
+CVE-2014-4861
+ RESERVED
+CVE-2014-4860
+ RESERVED
+CVE-2014-4859
+ RESERVED
+CVE-2014-4858
+ RESERVED
+CVE-2014-4857
+ RESERVED
+CVE-2014-4856 (Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & ...)
+ TODO: check
+CVE-2014-4855 (Cross-site scripting (XSS) vulnerability in the Polylang plugin before ...)
+ TODO: check
+CVE-2014-4854 (Cross-site scripting (XSS) vulnerability in the WP Construction Mode ...)
+ TODO: check
+CVE-2014-4853 (Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan ...)
+ TODO: check
+CVE-2014-4852 (SQL injection vulnerability in admin/uploads.php in The Digital Craft ...)
+ TODO: check
+CVE-2014-4851 (Open redirect vulnerability in msg.php in FoeCMS allows remote ...)
+ TODO: check
+CVE-2014-4850 (SQL injection vulnerability in index.php in FoeCMS allows remote ...)
+ TODO: check
+CVE-2014-4849 (Multiple cross-site scripting (XSS) vulnerabilities in msg.php in ...)
+ TODO: check
+CVE-2014-4848 (Cross-site scripting (XSS) vulnerability in the Blogstand Banner ...)
+ TODO: check
+CVE-2014-4847 (Cross-site scripting (XSS) vulnerability in the Random Banner plugin ...)
+ TODO: check
+CVE-2014-4846 (Cross-site scripting (XSS) vulnerability in the Meta Slider ...)
+ TODO: check
+CVE-2014-4845 (Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 ...)
+ TODO: check
+CVE-2014-4844
+ RESERVED
+CVE-2014-4843
+ RESERVED
+CVE-2014-4842
+ RESERVED
+CVE-2014-4841
+ RESERVED
+CVE-2014-4840
+ RESERVED
+CVE-2014-4839
+ RESERVED
+CVE-2014-4838
+ RESERVED
+CVE-2014-4837
+ RESERVED
+CVE-2014-4836
+ RESERVED
+CVE-2014-4835
+ RESERVED
+CVE-2014-4834
+ RESERVED
+CVE-2014-4833
+ RESERVED
+CVE-2014-4832
+ RESERVED
+CVE-2014-4831
+ RESERVED
+CVE-2014-4830
+ RESERVED
+CVE-2014-4829
+ RESERVED
+CVE-2014-4828
+ RESERVED
+CVE-2014-4827
+ RESERVED
+CVE-2014-4826
+ RESERVED
+CVE-2014-4825
+ RESERVED
+CVE-2014-4824
+ RESERVED
+CVE-2014-4823
+ RESERVED
+CVE-2014-4822
+ RESERVED
+CVE-2014-4821
+ RESERVED
+CVE-2014-4820
+ RESERVED
+CVE-2014-4819
+ RESERVED
+CVE-2014-4818
+ RESERVED
+CVE-2014-4817
+ RESERVED
+CVE-2014-4816
+ RESERVED
+CVE-2014-4815
+ RESERVED
+CVE-2014-4814
+ RESERVED
+CVE-2014-4813
+ RESERVED
+CVE-2014-4812
+ RESERVED
+CVE-2014-4811
+ RESERVED
+CVE-2014-4810
+ RESERVED
+CVE-2014-4809
+ RESERVED
+CVE-2014-4808
+ RESERVED
+CVE-2014-4807
+ RESERVED
+CVE-2014-4806
+ RESERVED
+CVE-2014-4805
+ RESERVED
+CVE-2014-4804
+ RESERVED
+CVE-2014-4803
+ RESERVED
+CVE-2014-4802
+ RESERVED
+CVE-2014-4801
+ RESERVED
+CVE-2014-4800
+ RESERVED
+CVE-2014-4799
+ RESERVED
+CVE-2014-4798
+ RESERVED
+CVE-2014-4797
+ RESERVED
+CVE-2014-4796
+ RESERVED
+CVE-2014-4795
+ RESERVED
+CVE-2014-4794
+ RESERVED
+CVE-2014-4793
+ RESERVED
+CVE-2014-4792
+ RESERVED
+CVE-2014-4791
+ RESERVED
+CVE-2014-4790
+ RESERVED
+CVE-2014-4789
+ RESERVED
+CVE-2014-4788
+ RESERVED
+CVE-2014-4787
+ RESERVED
+CVE-2014-4786
+ RESERVED
+CVE-2014-4785
+ RESERVED
+CVE-2014-4784
+ RESERVED
+CVE-2014-4783
+ RESERVED
+CVE-2014-4782
+ RESERVED
+CVE-2014-4781
+ RESERVED
+CVE-2014-4780
+ RESERVED
+CVE-2014-4779
+ RESERVED
+CVE-2014-4778
+ RESERVED
+CVE-2014-4777
+ RESERVED
+CVE-2014-4776
+ RESERVED
+CVE-2014-4775
+ RESERVED
+CVE-2014-4774
+ RESERVED
+CVE-2014-4773
+ RESERVED
+CVE-2014-4772
+ RESERVED
+CVE-2014-4771
+ RESERVED
+CVE-2014-4770
+ RESERVED
+CVE-2014-4769
+ RESERVED
+CVE-2014-4768
+ RESERVED
+CVE-2014-4767
+ RESERVED
+CVE-2014-4766
+ RESERVED
+CVE-2014-4765
+ RESERVED
+CVE-2014-4764
+ RESERVED
+CVE-2014-4763
+ RESERVED
+CVE-2014-4762
+ RESERVED
+CVE-2014-4761
+ RESERVED
+CVE-2014-4760
+ RESERVED
+CVE-2014-4759
+ RESERVED
+CVE-2014-4758
+ RESERVED
+CVE-2014-4757
+ RESERVED
+CVE-2014-4756
+ RESERVED
+CVE-2014-4755
+ RESERVED
+CVE-2014-4754
+ RESERVED
+CVE-2014-4753
+ RESERVED
+CVE-2014-4752
+ RESERVED
+CVE-2014-4751
+ RESERVED
+CVE-2014-4750
+ RESERVED
+CVE-2014-4749
+ RESERVED
+CVE-2014-4748
+ RESERVED
+CVE-2014-4747
+ RESERVED
+CVE-2014-4746
+ RESERVED
+CVE-2014-4745
+ RESERVED
+CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket before ...)
+ TODO: check
+CVE-2014-4743 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in system/class_link.php in ...)
+ TODO: check
+CVE-2014-4741 (SQL injection vulnerability in demo/ads.php in Artifectx xClassified ...)
+ TODO: check
+CVE-2014-4740
+ REJECTED
+ TODO: check
+CVE-2014-4739
+ RESERVED
+CVE-2014-4738 (Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard ...)
+ TODO: check
+CVE-2014-4737
+ RESERVED
+CVE-2014-4736
+ RESERVED
+CVE-2014-4735
+ RESERVED
+CVE-2014-4734
+ RESERVED
+CVE-2014-4733
+ RESERVED
+CVE-2014-4732
+ RESERVED
+CVE-2014-4731
+ RESERVED
+CVE-2014-4730
+ RESERVED
+CVE-2014-4729
+ RESERVED
+CVE-2014-4728
+ RESERVED
+CVE-2014-4727
+ RESERVED
+CVE-2014-4726
+ RESERVED
+CVE-2014-4725
+ RESERVED
CVE-2014-XXXX [libressl before 2.0.2 under linux PRNG failure]
- libressl <itp> (bug #754513)
NOTE: http://www.openwall.com/lists/oss-security/2014/07/16/6
@@ -9,31 +498,36 @@
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
CVE-2014-4909 [peer communication vulnerability]
+ RESERVED
- transmission <unfixed>
NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84
-CVE-2013-7389
+CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...)
NOT-FOR-US: D-Link router
-CVE-2014-4723
+CVE-2014-4723 (Cross-site scripting (XSS) vulnerability in the Easy Banners plugin ...)
NOT-FOR-US: WordPress plugin Easy Banners
-CVE-2014-4724
+CVE-2014-4724 (Cross-site scripting (XSS) vulnerability in the Custom Banners plugin ...)
NOT-FOR-US: WordPress plugin Custom Banners
-CVE-2014-4722
+CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...)
- ocsinventory-server <unfixed> (unimportant)
NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2014-4914 [ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select]
+ RESERVED
- zendframework <unfixed> (bug #754201)
NOTE: http://framework.zend.com/security/advisory/ZF2014-04
NOTE: https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
CVE-2014-4913 [ZF2014-03: Potential XSS vector in multiple view helpers]
+ RESERVED
- zendframework <undetermined>
NOTE: http://framework.zend.com/security/advisory/ZF2014-03
TODO: check
CVE-2014-4911 [polarssl: Denial of Service against GCM enabled servers and clients]
+ RESERVED
- polarssl 1.3.7-2.1 (bug #754655)
NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
NOTE: commit for 1.3.x branch: https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c
NOTE: commit for 1.2.x branch: https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a
CVE-2014-4910
+ RESERVED
- xserver-xorg-video-intel <not-affected> (Vulnerable code not present)
NOTE: http://lists.x.org/archives/xorg-commit/2014-July/036840.html
NOTE: only experimental, and xf86-video-intel-backlight-helper not installed setuid in Debian
@@ -79,14 +573,14 @@
- quassel 0.10.0-2 (low)
[wheezy] - quassel 0.8.0-1+deb7u2
[squeeze] - quassel <no-dsa> (Minor issue)
-CVE-2014-4908 [XSS via views/kohana_error_page.php and views/template.php]
+CVE-2014-4908 (Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios ...)
- pnp4nagios <unfixed> (low)
[wheezy] - pnp4nagios <no-dsa> (Minor issue)
NOTE: https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516078
NOTE: https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516140
-CVE-2014-4907 [XSS - input is not properly sanitised in views/kohana_error_page.php]
+CVE-2014-4907 (Cross-site scripting (XSS) vulnerability in ...)
- pnp4nagios <unfixed> (low)
[wheezy] - pnp4nagios <no-dsa> (Minor issue)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
@@ -95,17 +589,16 @@
- lz4 0.0~r119-1
NOTE: https://code.google.com/p/lz4/issues/detail?id=134
NOTE: https://code.google.com/p/lz4/source/detail?r=119
-CVE-2014-4700
- RESERVED
-CVE-2014-4699 [ptrace bug]
- RESERVED
+CVE-2014-4700 (Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups ...)
+ TODO: check
+CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not properly ...)
{DSA-2972-1}
- linux 3.14.10-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 2.6.32-48squeeze8
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
-CVE-2014-4698
- RESERVED
+CVE-2014-4698 (Use-after-free vulnerability in ext/spl/spl_array.c in the SPL ...)
+ TODO: check
CVE-2014-4697
RESERVED
CVE-2014-4696 (Multiple open redirect vulnerabilities in the Suricata package before ...)
@@ -156,11 +649,10 @@
RESERVED
CVE-2014-4672 (The CDetailView widget in Yii PHP Framework before 1.1.15 allows ...)
- yii-framework-php <itp> (bug #683810)
-CVE-2014-4671
- RESERVED
+CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-4670
- RESERVED
+CVE-2014-4670 (Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL ...)
+ TODO: check
CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read ...)
NOT-FOR-US: HP Enterprise Maps
CVE-2014-4666
@@ -169,8 +661,7 @@
RESERVED
CVE-2014-4664
RESERVED
-CVE-2014-4663
- RESERVED
+CVE-2014-4663 (TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is ...)
NOT-FOR-US: WordPress timthumb
CVE-2014-4662
RESERVED
@@ -180,8 +671,7 @@
RESERVED
CVE-2014-4647
RESERVED
-CVE-2014-4646
- RESERVED
+CVE-2014-4646 (Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK ...)
NOT-FOR-US: Foxit PDF SDK
CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link ...)
NOT-FOR-US: D-Link hardware
@@ -1276,8 +1766,8 @@
RESERVED
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in ...)
NOT-FOR-US: ZeroCMS
-CVE-2014-4194
- RESERVED
+CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in ZeroCMS ...)
+ TODO: check
CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable]
- softhsm <unfixed> (low; bug #752092)
[squeeze] - softhsm <no-dsa> (Minor issue)
@@ -1594,8 +2084,8 @@
NOT-FOR-US: Epignosis eFront
CVE-2014-4032 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Fiyo CMS
-CVE-2014-4031
- RESERVED
+CVE-2014-4031 (The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x ...)
+ TODO: check
CVE-2014-4030 (Cross-site request forgery (CSRF) vulnerability in the JW Player ...)
NOT-FOR-US: WordPress plugin JW Player
CVE-2014-4029
@@ -1610,8 +2100,7 @@
RESERVED
CVE-2014-4023
RESERVED
-CVE-2014-4022 [XSA-101]
- RESERVED
+CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, ...)
- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
CVE-2014-4019
RESERVED
@@ -1627,8 +2116,7 @@
- iodine 0.6.0~rc1-19 (bug #751834)
[squeeze] - iodine 0.6.0~rc1-2+deb6u1
NOTE: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850
-CVE-2014-4167 [Neutron L3-agent DoS through IPv6 subnet]
- RESERVED
+CVE-2014-4167 (The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before ...)
- neutron 2014.1.1-1 (bug #752021)
NOTE: https://launchpad.net/bugs/1309195
CVE-2014-4157 (arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 ...)
@@ -1678,8 +2166,8 @@
RESERVED
CVE-2014-4015
RESERVED
-CVE-2014-4013
- RESERVED
+CVE-2014-4013 (SQL injection vulnerability in the Policy Manager in Aruba Networks ...)
+ TODO: check
CVE-2014-4012 (SAP Open Hub Service has hardcoded credentials, which makes it easier ...)
NOT-FOR-US: SAP
CVE-2014-4011 (SAP Capacity Leveling has hardcoded credentials, which makes it easier ...)
@@ -1719,10 +2207,10 @@
RESERVED
CVE-2014-3993
RESERVED
-CVE-2014-3992
- RESERVED
-CVE-2014-3991
- RESERVED
+CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow ...)
+ TODO: check
+CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
+ TODO: check
CVE-2014-3990
RESERVED
CVE-2014-3989
@@ -1811,15 +2299,13 @@
RESERVED
CVE-2014-3954
RESERVED
-CVE-2014-3953 [SCTP kernel memory disclosures]
- RESERVED
+CVE-2014-3953 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 ...)
- kfreebsd-8 <removed>
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
- kfreebsd-9 <unfixed> (bug #754237)
- kfreebsd-10 <unfixed>
-CVE-2014-3952 [sockbuf CMSG kernel memory disclosure]
- RESERVED
+CVE-2014-3952 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 ...)
- kfreebsd-8 <removed>
[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
@@ -1967,14 +2453,14 @@
RESERVED
CVE-2014-3892
RESERVED
-CVE-2014-3891
- RESERVED
+CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows ...)
+ TODO: check
CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
NOT-FOR-US: silex device
CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
NOT-FOR-US: silex device
-CVE-2014-3888
- RESERVED
+CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS ...)
+ TODO: check
CVE-2014-3887
RESERVED
CVE-2014-3886
@@ -2171,22 +2657,22 @@
RESERVED
CVE-2014-3823
RESERVED
-CVE-2014-3822
- RESERVED
-CVE-2014-3821
- RESERVED
+CVE-2014-3822 (Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before ...)
+ TODO: check
+CVE-2014-3821 (Cross-site scripting (XSS) vulnerability in SRX Web Authentication ...)
+ TODO: check
CVE-2014-3820
RESERVED
-CVE-2014-3819
- RESERVED
+CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before ...)
+ TODO: check
CVE-2014-3818
RESERVED
-CVE-2014-3817
- RESERVED
-CVE-2014-3816
- RESERVED
-CVE-2014-3815
- RESERVED
+CVE-2014-3817 (Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 ...)
+ TODO: check
+CVE-2014-3816 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before ...)
+ TODO: check
+CVE-2014-3815 (Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before ...)
+ TODO: check
CVE-2014-3814 (The Juniper Networks NetScreen Firewall devices with ScreenOS before ...)
NOT-FOR-US: Juniper Networks NetScreen Firewall
CVE-2014-3813 (Unspecified vulnerability in the Juniper Networks NetScreen Firewall ...)
@@ -2715,7 +3201,7 @@
CVE-2014-3541
RESERVED
CVE-2014-3540
- RESERVED
+ REJECTED
NOTE: To be rejected
CVE-2014-3539
RESERVED
@@ -2781,8 +3267,7 @@
RESERVED
CVE-2014-3516
RESERVED
-CVE-2014-3515 [unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion]
- RESERVED
+CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...)
{DSA-2974-1}
- php5 5.6.0~rc2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=67492
@@ -2808,8 +3293,7 @@
RESERVED
CVE-2014-3504
RESERVED
-CVE-2014-3503
- RESERVED
+CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate ...)
NOT-FOR-US: Apache Syncope
CVE-2014-3502
RESERVED
@@ -2817,8 +3301,7 @@
RESERVED
CVE-2014-3500
RESERVED
-CVE-2014-3499 [systemd socket activation results in privilege escalation]
- RESERVED
+CVE-2014-3499 (Docker 1.0.0 uses world-readable and world-writable permissions on the ...)
- docker.io <not-affected> (RHEL specific, socket based activation not shipped)
CVE-2014-3498
RESERVED
@@ -2851,26 +3334,22 @@
NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881
CVE-2014-3490
RESERVED
-CVE-2014-3489
- RESERVED
+CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3488 [DoS]
RESERVED
- netty <not-affected> (Introduced in 3.9.0)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects 3.9.0 and 3.9.1
-CVE-2014-3487 [cdf_read_property_info insufficient boundary check]
- RESERVED
+CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in ...)
{DSA-2974-1}
- file 1:5.19-1
NOTE: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
- php5 5.6.0~rc1+dfsg-1
[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
NOTE: https://bugs.php.net/bug.php?id=67413
-CVE-2014-3486
- RESERVED
+CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2014-3485
- RESERVED
+CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat ...)
NOT-FOR-US: ovirt-engine-api / RHEV
CVE-2014-3484 [stack-based buffer overflow]
RESERVED
@@ -2891,26 +3370,22 @@
- rails-3.2 <unfixed>
- rails-4.0 <unfixed>
TODO: check, additionally rails is now again a sourcepackage e.g. providing ruby-activerecord-3.2
-CVE-2014-3481
- RESERVED
+CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2014-3480 [cdf_count_chain insufficient boundary check]
- RESERVED
+CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...)
{DSA-2974-1}
- file 1:5.19-1
NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
- php5 5.6.0~rc1+dfsg-1
NOTE: http://bugs.php.net/bug.php?id=67412
-CVE-2014-3479 [cdf_check_stream_offset insufficient boundary check]
- RESERVED
+CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...)
{DSA-2974-1}
- file 1:5.19-1
NOTE: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
- php5 5.6.0~rc1+dfsg-1
[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
NOTE: https://bugs.php.net/bug.php?id=67411
-CVE-2014-3478 [mconvert incorrect handling of truncated pascal string size]
- RESERVED
+CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file before ...)
{DSA-2974-1}
- file 1:5.19-1
NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
@@ -3158,10 +3633,10 @@
RESERVED
CVE-2014-3420
RESERVED
-CVE-2014-3419
- RESERVED
-CVE-2014-3418
- RESERVED
+CVE-2014-3419 (Infoblox NetMRI before 6.8.5 has a default password of admin for the ...)
+ TODO: check
+CVE-2014-3418 (config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows ...)
+ TODO: check
CVE-2014-3417 (uPortal before 4.0.13.1 does not properly check the CONFIG permission, ...)
NOT-FOR-US: uPortal
CVE-2014-3416 (uPortal before 4.0.13.1 does not properly check the MANAGE ...)
@@ -3358,28 +3833,28 @@
RESERVED
CVE-2014-3320
RESERVED
-CVE-2014-3319
- RESERVED
-CVE-2014-3318
- RESERVED
-CVE-2014-3317
- RESERVED
-CVE-2014-3316
- RESERVED
-CVE-2014-3315
- RESERVED
+CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool ...)
+ TODO: check
+CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the ...)
+ TODO: check
+CVE-2014-3317 (Directory traversal vulnerability in the Multiple Analyzer in the ...)
+ TODO: check
+CVE-2014-3316 (The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in ...)
+ TODO: check
+CVE-2014-3315 (Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the ...)
+ TODO: check
CVE-2014-3314
RESERVED
-CVE-2014-3313
- RESERVED
-CVE-2014-3312
- RESERVED
-CVE-2014-3311
- RESERVED
-CVE-2014-3310
- RESERVED
-CVE-2014-3309
- RESERVED
+CVE-2014-3313 (Cross-site scripting (XSS) vulnerability in the web user interface on ...)
+ TODO: check
+CVE-2014-3312 (The debug console interface on Cisco Small Business SPA300 and SPA500 ...)
+ TODO: check
+CVE-2014-3311 (Heap-based buffer overflow in the file-sharing feature in WebEx ...)
+ TODO: check
+CVE-2014-3310 (The File Transfer feature in WebEx Meetings Client in Cisco WebEx ...)
+ TODO: check
+CVE-2014-3309 (The NTP implementation in Cisco IOS and IOS XE does not properly ...)
+ TODO: check
CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static ...)
NOT-FOR-US: Cisco IOS XR
CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on ...)
@@ -4237,8 +4712,8 @@
NOT-FOR-US: SpamTitan
CVE-2014-2964
RESERVED
-CVE-2014-2963
- RESERVED
+CVE-2014-2963 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...)
NOT-FOR-US: Belkin router
CVE-2014-2961
@@ -4256,20 +4731,20 @@
[wheezy] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
NOTE: https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
NOTE: EXPERIMENTAL_DMARC not enabled
-CVE-2014-2956
- RESERVED
-CVE-2014-2955
- RESERVED
+CVE-2014-2956 (ScriptHelperApi in the AVG ScriptHelper ActiveX control in ...)
+ TODO: check
+CVE-2014-2955 (Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers ...)
+ TODO: check
CVE-2014-2954
RESERVED
CVE-2014-2953
RESERVED
CVE-2014-2952
RESERVED
-CVE-2014-2951
- RESERVED
-CVE-2014-2950
- RESERVED
+CVE-2014-2951 (Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded ...)
+ TODO: check
+CVE-2014-2950 (Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require ...)
+ TODO: check
CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager ...)
NOT-FOR-US: F5 ARX Data Manager
CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM ...)
@@ -4316,8 +4791,8 @@
NOT-FOR-US: F5 BIG-IP
CVE-2014-2927
RESERVED
-CVE-2014-2926
- RESERVED
+CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before ...)
+ TODO: check
CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: ASUS RT series
CVE-2014-2924
@@ -4595,76 +5070,76 @@
RESERVED
CVE-2014-2815
RESERVED
-CVE-2014-2814
- RESERVED
-CVE-2014-2813
- RESERVED
+CVE-2014-2814 (Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and ...)
+ TODO: check
+CVE-2014-2813 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2812
RESERVED
CVE-2014-2811
RESERVED
CVE-2014-2810
RESERVED
-CVE-2014-2809
- RESERVED
+CVE-2014-2809 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2808
RESERVED
-CVE-2014-2807
- RESERVED
-CVE-2014-2806
- RESERVED
+CVE-2014-2807 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2806 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-2805
RESERVED
-CVE-2014-2804
- RESERVED
-CVE-2014-2803
- RESERVED
-CVE-2014-2802
- RESERVED
-CVE-2014-2801
- RESERVED
-CVE-2014-2800
- RESERVED
+CVE-2014-2804 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2803 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2802 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2801 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2800 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2799
RESERVED
-CVE-2014-2798
- RESERVED
-CVE-2014-2797
- RESERVED
+CVE-2014-2798 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2797 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
CVE-2014-2796
RESERVED
-CVE-2014-2795
- RESERVED
-CVE-2014-2794
- RESERVED
+CVE-2014-2795 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2794 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-2793
RESERVED
-CVE-2014-2792
- RESERVED
-CVE-2014-2791
- RESERVED
-CVE-2014-2790
- RESERVED
-CVE-2014-2789
- RESERVED
-CVE-2014-2788
- RESERVED
-CVE-2014-2787
- RESERVED
-CVE-2014-2786
- RESERVED
-CVE-2014-2785
- RESERVED
+CVE-2014-2792 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2791 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2790 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2789 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2788 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2787 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2785 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-2784
RESERVED
-CVE-2014-2783
- RESERVED
+CVE-2014-2783 (Microsoft Internet Explorer 7 through 11 does not prevent use of ...)
+ TODO: check
CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-2781
- RESERVED
-CVE-2014-2780
- RESERVED
+CVE-2014-2781 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2014-2780 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
+ TODO: check
CVE-2014-2779 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 ...)
NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
@@ -5177,20 +5652,15 @@
RESERVED
CVE-2014-2623
RESERVED
-CVE-2014-2622
- RESERVED
+CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2014-2621
- RESERVED
+CVE-2014-2621 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2014-2620
- RESERVED
+CVE-2014-2620 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2014-2619
- RESERVED
+CVE-2014-2619 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2014-2618
- RESERVED
+CVE-2014-2618 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
NOT-FOR-US: HP Universal CMDB
@@ -5214,11 +5684,9 @@
RESERVED
CVE-2014-2607 (Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 ...)
NOT-FOR-US: HP Operations Manager
-CVE-2014-2606
- RESERVED
+CVE-2014-2606 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and ...)
NOT-FOR-US: HP StoreVirtual
-CVE-2014-2605
- RESERVED
+CVE-2014-2605 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and ...)
NOT-FOR-US: HP StoreVirtual
CVE-2014-2604 (Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP ...)
NOT-FOR-US: HP IceWall
@@ -5378,18 +5846,15 @@
RESERVED
CVE-2014-2515
RESERVED
-CVE-2014-2514
- RESERVED
+CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2513
- RESERVED
+CVE-2014-2513 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
NOT-FOR-US: EMC Documentum eRoom
CVE-2014-2511
RESERVED
-CVE-2014-2510
- RESERVED
+CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 ...)
NOT-FOR-US: EMC Documentum Foundation Services
CVE-2014-2509 (Session fixation vulnerability in the Report Advisor (RA) component in ...)
NOT-FOR-US: EMC NCM
@@ -7408,8 +7873,8 @@
NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1825
RESERVED
-CVE-2014-1824
- RESERVED
+CVE-2014-1824 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
+ TODO: check
CVE-2014-1823 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...)
NOT-FOR-US: Microsoft Lync Server
CVE-2014-1822
@@ -7522,15 +7987,15 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1768
RESERVED
-CVE-2014-1767
- RESERVED
+CVE-2014-1767 (Double free vulnerability in the Ancillary Function Driver (AFD) in ...)
+ TODO: check
CVE-2014-1766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Windows
CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1764 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 11 allows ...)
+CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 9 through ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -8451,8 +8916,7 @@
- icedove 24.3.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1474
- RESERVED
+CVE-2014-1474 (Algorithmic complexity vulnerability in Email::Address::List before ...)
- libemail-address-list-perl 0.03-1
NOTE: http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html
CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...)
@@ -10383,13 +10847,11 @@
RESERVED
CVE-2014-0540
RESERVED
-CVE-2014-0539
- RESERVED
+CVE-2014-0539 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
CVE-2014-0538
RESERVED
-CVE-2014-0537
- RESERVED
+CVE-2014-0537 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
NOT-FOR-US: Adobe Flash
CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
NOT-FOR-US: Adobe Flash
@@ -11900,8 +12362,7 @@
- sssd <unfixed> (low; bug #749569)
[squeeze] - sssd <no-dsa> (Minor issue)
[wheezy] - sssd <no-dsa> (Minor issue)
-CVE-2014-0248
- RESERVED
+CVE-2014-0248 (org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework ...)
NOT-FOR-US: JBoss Seam
CVE-2014-0247 (LibreOffice 4.2.4 executes unspecified VBA macros automatically, which ...)
- libreoffice 1:4.2.5-1
@@ -12057,8 +12518,7 @@
CVE-2014-0208
RESERVED
- foreman <itp> (bug #663101)
-CVE-2014-0207 [cdf_read_short_sector insufficient boundary check]
- RESERVED
+CVE-2014-0207 (The cdf_read_short_sector function in cdf.c in file before 5.19, as ...)
{DSA-2974-1}
- file 1:5.19-1
NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
@@ -12135,8 +12595,7 @@
- php5 5.5.12+dfsg-1
[squeeze] - php5 <not-affected> (FPM SAPI only enabled in 5.3.5-1)
NOTE: https://bugs.php.net/bug.php?id=67060
-CVE-2014-0184
- RESERVED
+CVE-2014-0184 (Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0183
RESERVED
@@ -12151,8 +12610,7 @@
- linux 3.14.9-1 (bug #746738)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport to 2.6.32)
-CVE-2014-0180
- RESERVED
+CVE-2014-0180 (The wait_for_task function in ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0179 [Unsafe parsing of XML documents allows arbitrary file read]
RESERVED
@@ -12166,13 +12624,11 @@
NOTE: server packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
CVE-2014-0177 (The am function in lib/hub/commands.rb in hub before 1.12.1 allows ...)
NOT-FOR-US: Github client
-CVE-2014-0176
- RESERVED
+CVE-2014-0176 (Cross-site scripting (XSS) vulnerability in application/panel_control ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0175
RESERVED
-CVE-2014-0174
- RESERVED
+CVE-2014-0174 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
NOT-FOR-US: Cumin
CVE-2014-0173 (The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x ...)
NOT-FOR-US: WordPress plugin Jetpack
@@ -12385,7 +12841,7 @@
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
CVE-2014-0115
RESERVED
-CVE-2014-0114 (The ActionForm object in Apache Struts 1.x through 1.3.10 allows ...)
+CVE-2014-0114 (Apache Commons BeanUtils, as distributed in ...)
{DSA-2940-1}
- libstruts1.2-java 1.2.9-9 (bug #745897)
NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
@@ -12684,11 +13140,9 @@
NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with ...)
NOT-FOR-US: rbovirt
-CVE-2014-0035
- RESERVED
+CVE-2014-0035 (The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before ...)
NOT-FOR-US: Apache CFX
-CVE-2014-0034
- RESERVED
+CVE-2014-0034 (The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x ...)
NOT-FOR-US: Apache CFX
CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat ...)
- tomcat6 6.0.39
@@ -13312,8 +13766,8 @@
NOT-FOR-US: Cisco
CVE-2013-6692 (Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool ...)
NOT-FOR-US: Cisco
-CVE-2013-6691
- RESERVED
+CVE-2013-6691 (The WebVPN CIFS implementation in Cisco Adaptive Security Appliance ...)
+ TODO: check
CVE-2013-6690 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
NOT-FOR-US: Cisco
CVE-2013-6689 (Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier ...)
@@ -14914,8 +15368,7 @@
RESERVED
CVE-2013-6118
RESERVED
-CVE-2013-6117
- RESERVED
+CVE-2013-6117 (Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to ...)
NOT-FOR-US: Dahua DVR
CVE-2013-6116
RESERVED
@@ -16434,8 +16887,8 @@
REJECTED
CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2013-5567
- RESERVED
+CVE-2013-5567 (Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, ...)
+ TODO: check
CVE-2013-5566 (Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote ...)
NOT-FOR-US: Cisco NX-OS
CVE-2013-5565 (The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers ...)
@@ -35291,8 +35744,8 @@
NOT-FOR-US: OpenX
CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in ...)
NOT-FOR-US: OpenX
-CVE-2012-4988
- RESERVED
+CVE-2012-4988 (Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or ...)
+ TODO: check
CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 ...)
NOT-FOR-US: RealPlayer
CVE-2012-4986
@@ -49223,7 +49676,7 @@
CVE-2012-0057 (PHP before 5.3.9 has improper libxslt security settings, which allows ...)
{DSA-2399-1}
- php5 5.3.9-1 (bug #656308)
-CVE-2012-0056 (The mem_write function in Linux kernel 2.6.39 and other versions, when ...)
+CVE-2012-0056 (The mem_write function in the Linux kernel before 3.2.2, when ASLR is ...)
- linux-2.6 3.2.1-2
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.39)
More information about the Secure-testing-commits
mailing list