[Secure-testing-commits] r28030 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Jul 31 21:14:10 UTC 2014
Author: joeyh
Date: 2014-07-31 21:14:10 +0000 (Thu, 31 Jul 2014)
New Revision: 28030
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-31 19:50:30 UTC (rev 28029)
+++ data/CVE/list 2014-07-31 21:14:10 UTC (rev 28030)
@@ -1,3 +1,245 @@
+CVE-2014-5170
+ RESERVED
+CVE-2014-5169
+ RESERVED
+CVE-2014-5168
+ RESERVED
+CVE-2014-5167
+ RESERVED
+CVE-2014-5166
+ RESERVED
+CVE-2014-5165
+ RESERVED
+CVE-2014-5164
+ RESERVED
+CVE-2014-5163
+ RESERVED
+CVE-2014-5162
+ RESERVED
+CVE-2014-5161
+ RESERVED
+CVE-2014-5160
+ RESERVED
+CVE-2014-5159
+ RESERVED
+CVE-2014-5158
+ RESERVED
+CVE-2014-5157
+ RESERVED
+CVE-2014-5156
+ RESERVED
+CVE-2014-5155
+ RESERVED
+CVE-2014-5154
+ RESERVED
+CVE-2014-5153
+ RESERVED
+CVE-2014-5152
+ RESERVED
+CVE-2014-5151
+ RESERVED
+CVE-2014-5150
+ RESERVED
+CVE-2014-5149
+ RESERVED
+CVE-2014-5148
+ RESERVED
+CVE-2014-5147
+ RESERVED
+CVE-2014-5146
+ RESERVED
+CVE-2014-5145
+ RESERVED
+CVE-2014-5144
+ RESERVED
+CVE-2014-5143
+ RESERVED
+CVE-2014-5142
+ RESERVED
+CVE-2014-5141
+ RESERVED
+CVE-2014-5140
+ RESERVED
+CVE-2014-5139
+ RESERVED
+CVE-2014-5138
+ RESERVED
+CVE-2014-5137
+ RESERVED
+CVE-2014-5136
+ RESERVED
+CVE-2014-5135
+ RESERVED
+CVE-2014-5134
+ RESERVED
+CVE-2014-5133
+ RESERVED
+CVE-2014-5132
+ RESERVED
+CVE-2014-5131
+ RESERVED
+CVE-2014-5130
+ RESERVED
+CVE-2014-5129
+ RESERVED
+CVE-2014-5128
+ RESERVED
+CVE-2014-5127
+ RESERVED
+CVE-2014-5126
+ RESERVED
+CVE-2014-5125
+ RESERVED
+CVE-2014-5124
+ RESERVED
+CVE-2014-5123
+ RESERVED
+CVE-2014-5122
+ RESERVED
+CVE-2014-5121
+ RESERVED
+CVE-2014-5120
+ RESERVED
+CVE-2014-5119
+ RESERVED
+CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...)
+ TODO: check
+CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...)
+ TODO: check
+CVE-2014-5113 (Multiple cross-site scripting (XSS) vulnerabilities in test.php in ...)
+ TODO: check
+CVE-2014-5112 (maint/modules/home/index.php in Fonality trixbox allows remote ...)
+ TODO: check
+CVE-2014-5111 (Multiple directory traversal vulnerabilities in Fonality trixbox allow ...)
+ TODO: check
+CVE-2014-5110 (Cross-site scripting (XSS) vulnerability in user/help/html/index.php ...)
+ TODO: check
+CVE-2014-5109 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2014-5108 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-5107 (concrete5 before 5.6.3 allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2014-5106 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
+ TODO: check
+CVE-2014-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce ...)
+ TODO: check
+CVE-2014-5104 (Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow ...)
+ TODO: check
+CVE-2014-5103 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog ...)
+ TODO: check
+CVE-2014-5102 (SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 ...)
+ TODO: check
+CVE-2014-5101 (Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 ...)
+ TODO: check
+CVE-2014-5100 (Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka ...)
+ TODO: check
+CVE-2014-5099
+ RESERVED
+CVE-2014-5098
+ RESERVED
+CVE-2014-5097
+ RESERVED
+CVE-2014-5096
+ RESERVED
+CVE-2014-5095
+ RESERVED
+CVE-2014-5094
+ RESERVED
+CVE-2014-5093
+ RESERVED
+CVE-2014-5092
+ RESERVED
+CVE-2014-5091
+ RESERVED
+CVE-2014-5090
+ RESERVED
+CVE-2014-5089
+ RESERVED
+CVE-2014-5088
+ RESERVED
+CVE-2014-5087
+ RESERVED
+CVE-2014-5086
+ RESERVED
+CVE-2014-5085
+ RESERVED
+CVE-2014-5084
+ RESERVED
+CVE-2014-5083
+ RESERVED
+CVE-2014-5082
+ RESERVED
+CVE-2014-5081
+ RESERVED
+CVE-2014-5080
+ RESERVED
+CVE-2014-5079
+ RESERVED
+CVE-2014-5078
+ RESERVED
+CVE-2014-5076
+ RESERVED
+CVE-2014-5075
+ RESERVED
+CVE-2014-5074
+ RESERVED
+CVE-2014-5073
+ RESERVED
+CVE-2014-5072
+ RESERVED
+CVE-2014-5071
+ RESERVED
+CVE-2014-5070
+ RESERVED
+CVE-2014-5069
+ RESERVED
+CVE-2014-5068
+ RESERVED
+CVE-2014-5067
+ RESERVED
+CVE-2014-5066
+ RESERVED
+CVE-2014-5065
+ RESERVED
+CVE-2014-5064
+ RESERVED
+CVE-2014-5063
+ RESERVED
+CVE-2014-5062
+ RESERVED
+CVE-2014-5061
+ RESERVED
+CVE-2014-5060
+ RESERVED
+CVE-2014-5059
+ RESERVED
+CVE-2014-5058
+ RESERVED
+CVE-2014-5057
+ RESERVED
+CVE-2014-5056
+ RESERVED
+CVE-2014-5055
+ RESERVED
+CVE-2014-5054
+ RESERVED
+CVE-2014-5053
+ RESERVED
+CVE-2014-5052
+ RESERVED
+CVE-2014-5051
+ RESERVED
+CVE-2014-5050
+ RESERVED
+CVE-2014-5049
+ RESERVED
+CVE-2014-5048
+ RESERVED
+CVE-2014-5047
+ RESERVED
+CVE-2014-5046
+ RESERVED
CVE-2014-XXXX [Insecure use of temporary files]
- libxml-dt-perl <unfixed> (bug #756566)
[wheezy] - libxml-dt-perl <no-dsa> (Minor issue)
@@ -7,14 +249,16 @@
- dhcpcd <not-affected> (Affects dhcpcd 4.0.0 to 6.4.2)
NOTE: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
CVE-2014-5118
+ RESERVED
NOT-FOR-US: tboot
-CVE-2014-5117
+CVE-2014-5117 (Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...)
{DSA-2993-1}
- tor 0.2.4.23-1
-CVE-2014-5116 [NULL pointer dereference in cairo_image_surface_get_data()]
+CVE-2014-5116 (The cairo_image_surface_get_data function in Cairo 1.10.2, as used in ...)
- cairo <undetermined>
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9761
CVE-2014-5077 [net: SCTP: NULL pointer dereference]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
@@ -64,7 +308,7 @@
RESERVED
CVE-2014-5005
RESERVED
-CVE-2013-7393 [svnwcsub.py and irkerbridge.py are vulnerable to symlink attack]
+CVE-2013-7393 (The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local ...)
- subversion 1.8.5-1 (unimportant)
NOTE: Optional admin-side utilities in Subversion 1.8.x
NOTE: split form CVE-2013-4262
@@ -77,10 +321,12 @@
CVE-2011-5281
RESERVED
CVE-2014-5045 [vfs: refcount issues during unmount on symlink]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2014/7/21/98
CVE-2014-5044 [gfortran integer overflows]
+ RESERVED
- gcc-4.9 4.9.1-4 (bug #756325)
- gcc-4.8 <unfixed> (bug #756325)
- gcc-4.7 <unfixed> (bug #756325)
@@ -98,20 +344,17 @@
- glpi <unfixed> (unimportant)
NOTE: CVE request http://www.openwall.com/lists/oss-security/2014/07/22/6
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2014-5031 [file/directory does not have world read permissions for dirctory index files]
- RESERVED
+CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have ...)
{DSA-2990-1}
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://cups.org/str.php?L4455
-CVE-2014-5030 [dissalow symlinks for directory index files]
- RESERVED
+CVE-2014-5030 (CUPS before 2.0 allows local users to read arbitrary files via a ...)
{DSA-2990-1}
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
NOTE: https://cups.org/str.php?L4455
-CVE-2014-5029 [Incomplete fix CVE-2014-3537]
- RESERVED
+CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp group to ...)
{DSA-2990-1}
- cups 1.7.4-2
[squeeze] - cups 1.4.4-7+squeeze6
@@ -119,8 +362,7 @@
CVE-2014-5028
RESERVED
- reviewboard <itp> (bug #653113)
-CVE-2014-5027
- RESERVED
+CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before ...)
- reviewboard <itp> (bug #653113)
CVE-2014-5026 [XSS vulnerability]
RESERVED
@@ -130,11 +372,9 @@
RESERVED
- cacti 0.8.8b+dfsg-7
NOTE: http://bugs.cacti.net/view.php?id=2456
-CVE-2014-5024
- RESERVED
+CVE-2014-5024 (Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell ...)
NOT-FOR-US: DELL SonicWALL GMS
-CVE-2014-5015 [basic http authentication bypass]
- RESERVED
+CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in ...)
- bozohttpd <unfixed> (bug #755197)
[wheezy] - bozohttpd <no-dsa> (Minor issue)
[squeeze] - bozohttpd <no-dsa> (Minor issue)
@@ -214,10 +454,10 @@
RESERVED
CVE-2014-4981
RESERVED
-CVE-2014-4980
- RESERVED
-CVE-2014-4979
- RESERVED
+CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for ...)
+ TODO: check
+CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or ...)
+ TODO: check
CVE-2014-4977 (Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer ...)
NOT-FOR-US: SonicWall
CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...)
@@ -256,8 +496,8 @@
RESERVED
CVE-2014-4972
RESERVED
-CVE-2014-4971
- RESERVED
+CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ...)
+ TODO: check
CVE-2014-4970
RESERVED
CVE-2014-4969
@@ -359,8 +599,8 @@
RESERVED
CVE-2014-4928
RESERVED
-CVE-2014-4927
- RESERVED
+CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and ...)
+ TODO: check
CVE-2014-4926
RESERVED
CVE-2014-4925
@@ -483,10 +723,10 @@
RESERVED
CVE-2014-4859
RESERVED
-CVE-2014-4858
- RESERVED
-CVE-2014-4857
- RESERVED
+CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre ...)
+ TODO: check
+CVE-2014-4857 (Cross-site scripting (XSS) vulnerability in Gurock TestRail before ...)
+ TODO: check
CVE-2014-4856 (Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & ...)
NOT-FOR-US: WordPress plugin
CVE-2014-4855 (Cross-site scripting (XSS) vulnerability in the Polylang plugin before ...)
@@ -703,10 +943,10 @@
RESERVED
CVE-2014-4749
RESERVED
-CVE-2014-4748
- RESERVED
-CVE-2014-4747
- RESERVED
+CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...)
+ TODO: check
+CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...)
+ TODO: check
CVE-2014-4746
RESERVED
CVE-2014-4745
@@ -727,8 +967,8 @@
NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-4737
RESERVED
-CVE-2014-4736
- RESERVED
+CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote ...)
+ TODO: check
CVE-2014-4735
RESERVED
CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 ...)
@@ -747,10 +987,10 @@
RESERVED
CVE-2014-4727
RESERVED
-CVE-2014-4726
- RESERVED
-CVE-2014-4725
- RESERVED
+CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters ...)
+ TODO: check
+CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for ...)
+ TODO: check
CVE-2014-XXXX [libressl before 2.0.2 under linux PRNG failure]
- libressl <itp> (bug #754513)
NOTE: http://www.openwall.com/lists/oss-security/2014/07/16/6
@@ -762,8 +1002,7 @@
CVE-2014-XXXX [glibc locale issues]
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
-CVE-2014-4909 [peer communication vulnerability]
- RESERVED
+CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in ...)
{DSA-2988-1}
- transmission <unfixed> (bug #755985)
NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84
@@ -793,8 +1032,7 @@
NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
NOTE: commit for 1.3.x branch: https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c
NOTE: commit for 1.2.x branch: https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a
-CVE-2014-4910
- RESERVED
+CVE-2014-4910 (Directory traversal vulnerability in tools/backlight_helper.c in X.Org ...)
- xserver-xorg-video-intel <not-affected> (Vulnerable code not present)
NOTE: http://lists.x.org/archives/xorg-commit/2014-July/036840.html
NOTE: only experimental, and xf86-video-intel-backlight-helper not installed setuid in Debian
@@ -818,8 +1056,8 @@
RESERVED
CVE-2014-4711
RESERVED
-CVE-2014-4710
- RESERVED
+CVE-2014-4710 (Cross-site scripting (XSS) vulnerability in zero_user_account.php in ...)
+ TODO: check
CVE-2014-4709
RESERVED
CVE-2014-4708
@@ -837,6 +1075,7 @@
CVE-2012-6652
NOT-FOR-US: WordPress plugin wppageflip
CVE-2012-6651
+ RESERVED
NOT-FOR-US: WordPress plugin vitamin
CVE-2012-6650
RESERVED
@@ -893,16 +1132,16 @@
NOT-FOR-US: pfSense
CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...)
NOT-FOR-US: pfSense
-CVE-2014-4686
- RESERVED
-CVE-2014-4685
- RESERVED
-CVE-2014-4684
- RESERVED
-CVE-2014-4683
- RESERVED
-CVE-2014-4682
- RESERVED
+CVE-2014-4686 (The Project administration application in Siemens SIMATIC WinCC before ...)
+ TODO: check
+CVE-2014-4685 (Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, ...)
+ TODO: check
+CVE-2014-4684 (The database server in Siemens SIMATIC WinCC before 7.3, as used in ...)
+ TODO: check
+CVE-2014-4683 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used ...)
+ TODO: check
+CVE-2014-4682 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used ...)
+ TODO: check
CVE-2014-4681
RESERVED
CVE-2014-4680
@@ -1350,12 +1589,12 @@
NOTE: http://article.gmane.org/gmane.linux.kernel/1726110
CVE-2014-4504
RESERVED
-CVE-2014-4503
- RESERVED
-CVE-2014-4502
- RESERVED
-CVE-2014-4501
- RESERVED
+CVE-2014-4503 (The parse_notify function in util.c in sgminer before 4.2.2 and ...)
+ TODO: check
+CVE-2014-4502 (Multiple heap-based buffer overflows in the parse_notify function in ...)
+ TODO: check
+CVE-2014-4501 (Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer ...)
+ TODO: check
CVE-2014-4500
RESERVED
CVE-2014-4499
@@ -2607,10 +2846,10 @@
NOT-FOR-US: TYPO3 extension powermail
CVE-2014-3947
RESERVED
-CVE-2014-3939
- RESERVED
-CVE-2014-3938
- RESERVED
+CVE-2014-3939 (Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 ...)
+ TODO: check
+CVE-2014-3938 (Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote ...)
+ TODO: check
CVE-2014-3937 (SQL injection vulnerability in the Contextual Related Posts plugin ...)
NOT-FOR-US: WordPress plugin contextual-related-posts
CVE-2014-3936 (Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi ...)
@@ -2727,12 +2966,12 @@
RESERVED
CVE-2014-3898
RESERVED
-CVE-2014-3897
- RESERVED
-CVE-2014-3896
- RESERVED
-CVE-2014-3895
- RESERVED
+CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
+ TODO: check
+CVE-2014-3896 (Multiple cross-site request forgery (CSRF) vulnerabilities in CGI ...)
+ TODO: check
+CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, ...)
+ TODO: check
CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional ...)
NOT-FOR-US: PHP Kobo Multifunctional MailForm
CVE-2014-3893
@@ -3459,72 +3698,58 @@
RESERVED
CVE-2014-3556
RESERVED
-CVE-2014-3555 [Denial of Service in Neutron allowed address pair]
- RESERVED
+CVE-2014-3555 (OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno ...)
- neutron 2014.1.1-3 (bug #755134)
CVE-2014-3554 [buffer overflow]
RESERVED
- libndp 1.4-1 (bug #756389)
-CVE-2014-3553 [Forum group posting issue]
- RESERVED
+CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
-CVE-2014-3552 [Identity confusion in Shibboleth authentication]
- RESERVED
+CVE-2014-3552 (The Shibboleth authentication plugin in auth/shibboleth/index.php in ...)
- moodle 2.6.1-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
-CVE-2014-3551 [Cross-site scripting in advanced grading methods]
- RESERVED
+CVE-2014-3551 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
-CVE-2014-3550 [Cross-site scripting though scheduled task error messages]
- RESERVED
+CVE-2014-3550 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- moodle <not-affected> (Only affects 2.7.x)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227
-CVE-2014-3549 [Cross-site scripting through logs of failed logins]
- RESERVED
+CVE-2014-3549 (Cross-site scripting (XSS) vulnerability in the get_description ...)
- moodle <not-affected> (Only affects 2.7.x)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201
-CVE-2014-3548 [Cross-site scripting vulnerability in exception dialogues]
- RESERVED
+CVE-2014-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
-CVE-2014-3547 [Cross-site scripting possible in external badges]
- RESERVED
+CVE-2014-3547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
-CVE-2014-3546 [Information leak in profile and notes pages]
- RESERVED
+CVE-2014-3546 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
-CVE-2014-3545 [Remote code execution in Quiz]
- RESERVED
+CVE-2014-3545 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
-CVE-2014-3544 [Cross-site scripting vulnerability in profile field]
- RESERVED
+CVE-2014-3544 (Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
-CVE-2014-3543 [XML External Entity vulnerability in IMSCC and IMSCP]
- RESERVED
+CVE-2014-3543 (mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417
-CVE-2014-3542 [XML External Entity vulnerability in LTI module]
- RESERVED
+CVE-2014-3542 (mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
-CVE-2014-3541 [Code injection in Repositories]
- RESERVED
+CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before ...)
- moodle <unfixed>
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
@@ -3535,8 +3760,7 @@
CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read ...)
- file 1:5.19-1
NOTE: fix relies on the new feature that introduced regex/<length> syntax, might be too intrusive for backporting.
-CVE-2014-3537 [Insufficient checking leads to privilege escalation]
- RESERVED
+CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the lp ...)
{DSA-2990-1}
- cups 1.7.4-1
[squeeze] - cups 1.4.4-7+squeeze6
@@ -4153,22 +4377,22 @@
RESERVED
CVE-2014-3330
RESERVED
-CVE-2014-3329
- RESERVED
-CVE-2014-3328
- RESERVED
+CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
+ TODO: check
+CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server ...)
+ TODO: check
CVE-2014-3327
RESERVED
-CVE-2014-3326
- RESERVED
+CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security ...)
+ TODO: check
CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2014-3324
- RESERVED
+CVE-2014-3324 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
+ TODO: check
CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center ...)
NOT-FOR-US: Cisco
-CVE-2014-3322
- RESERVED
+CVE-2014-3322 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
+ TODO: check
CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...)
NOT-FOR-US: Cisco
CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in ...)
@@ -4201,16 +4425,16 @@
NOT-FOR-US: Cisco Small Cell
CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, ...)
NOT-FOR-US: Cisco
-CVE-2014-3305
- RESERVED
-CVE-2014-3304
- RESERVED
-CVE-2014-3303
- RESERVED
+CVE-2014-3305 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+ TODO: check
+CVE-2014-3304 (The OutlookAction Class in Cisco WebEx Meetings Server allows remote ...)
+ TODO: check
+CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly ...)
+ TODO: check
CVE-2014-3302
RESERVED
-CVE-2014-3301
- RESERVED
+CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) ...)
+ TODO: check
CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial of ...)
@@ -4702,8 +4926,7 @@
CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape ...)
{DSA-2925-1}
- rxvt-unicode 9.20-1 (bug #746593)
-CVE-2014-3120 [remote code execution flaw via dynamic scripting]
- RESERVED
+CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dynamic ...)
- elasticsearch <itp> (bug #660826)
CVE-2014-3119
RESERVED
@@ -4722,8 +4945,8 @@
NOT-FOR-US: RealPlayer
CVE-2014-3112
RESERVED
-CVE-2014-3110
- RESERVED
+CVE-2014-3110 (Multiple cross-site scripting (XSS) vulnerabilities on Honeywell ...)
+ TODO: check
CVE-2014-3109
RESERVED
CVE-2014-3108
@@ -4800,8 +5023,8 @@
NOT-FOR-US: Novell Identity Manager
CVE-2014-3072
RESERVED
-CVE-2014-3071
- RESERVED
+CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
+ TODO: check
CVE-2014-3070
RESERVED
CVE-2014-3069
@@ -4828,22 +5051,22 @@
RESERVED
CVE-2014-3058
RESERVED
-CVE-2014-3057
- RESERVED
-CVE-2014-3056
- RESERVED
-CVE-2014-3055
- RESERVED
-CVE-2014-3054
- RESERVED
+CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List ...)
+ TODO: check
+CVE-2014-3056 (The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and ...)
+ TODO: check
+CVE-2014-3055 (SQL injection vulnerability in the Unified Task List (UTL) Portlet for ...)
+ TODO: check
+CVE-2014-3054 (Multiple open redirect vulnerabilities in the Unified Task List (UTL) ...)
+ TODO: check
CVE-2014-3053 (The Local Management Interface (LMI) in IBM Security Access Manager ...)
NOT-FOR-US: IBM ISAM
CVE-2014-3052 (The reverse-proxy feature in IBM Security Access Manager (ISAM) for ...)
NOT-FOR-US: IBM ISAM
CVE-2014-3051
RESERVED
-CVE-2014-3050
- RESERVED
+CVE-2014-3050 (IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before ...)
+ TODO: check
CVE-2014-3049
RESERVED
CVE-2014-3048 (Unspecified vulnerability on the IBM System Storage Virtualization ...)
@@ -4890,10 +5113,10 @@
RESERVED
CVE-2014-3027
RESERVED
-CVE-2014-3026
- RESERVED
-CVE-2014-3025
- RESERVED
+CVE-2014-3026 (CRLF injection vulnerability in IBM Maximo Asset Management 7.5 ...)
+ TODO: check
+CVE-2014-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
+ TODO: check
CVE-2014-3024
RESERVED
CVE-2014-3023
@@ -4902,8 +5125,8 @@
RESERVED
CVE-2014-3021
RESERVED
-CVE-2014-3020
- RESERVED
+CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...)
+ TODO: check
CVE-2014-3019
RESERVED
CVE-2014-3018
@@ -5034,10 +5257,10 @@
- directfb <not-affected> (Vulnerable code was introduced in 1.4.13)
CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
NOT-FOR-US: Sixnet SixView
-CVE-2014-2975
- RESERVED
-CVE-2014-2974
- RESERVED
+CVE-2014-2975 (Cross-site scripting (XSS) vulnerability in php/user_account.php in ...)
+ TODO: check
+CVE-2014-2974 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2014-2973
RESERVED
CVE-2014-2972
@@ -5045,18 +5268,18 @@
- exim4 4.82.1-2 (low)
[squeeze] - exim4 <no-dsa> (Minor issue)
[wheezy] - exim4 <no-dsa> (Minor issue)
-CVE-2014-2971
- RESERVED
+CVE-2014-2971 (Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in ...)
+ TODO: check
CVE-2014-2970
- RESERVED
+ REJECTED
CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a ...)
NOT-FOR-US: NETGEAR GS108PE Prosafe Plus switches
-CVE-2014-2968
- RESERVED
+CVE-2014-2968 (Cross-site scripting (XSS) vulnerability in the web interface on the ...)
+ TODO: check
CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers ...)
NOT-FOR-US: Autodesk VRED Professional
-CVE-2014-2966
- RESERVED
+CVE-2014-2966 (The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly ...)
+ TODO: check
CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php in ...)
NOT-FOR-US: SpamTitan
CVE-2014-2964
@@ -5717,8 +5940,8 @@
NOT-FOR-US: ASUS RT series routers
CVE-2014-2718
RESERVED
-CVE-2014-2717
- RESERVED
+CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier ...)
+ TODO: check
CVE-2014-2716
RESERVED
CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -5993,10 +6216,9 @@
RESERVED
CVE-2014-2627
RESERVED
-CVE-2014-2626
- RESERVED
-CVE-2014-2625
- RESERVED
+CVE-2014-2626 (Directory traversal vulnerability in the toServerObject function in HP ...)
+ TODO: check
+CVE-2014-2625 (Directory traversal vulnerability in the storedNtxFile function in HP ...)
NOT-FOR-US: HP Network Virtualization
CVE-2014-2624
RESERVED
@@ -6687,10 +6909,10 @@
RESERVED
CVE-2014-2371
RESERVED
-CVE-2014-2370
- RESERVED
-CVE-2014-2369
- RESERVED
+CVE-2014-2370 (Cross-site scripting (XSS) vulnerability in the web application on ...)
+ TODO: check
+CVE-2014-2369 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
+ TODO: check
CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech ...)
NOT-FOR-US: Advantech WebAccess
CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...)
@@ -6701,22 +6923,22 @@
NOT-FOR-US: Advantech WebAccess
CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
NOT-FOR-US: Advantech WebAccess
-CVE-2014-2363
- RESERVED
-CVE-2014-2362
- RESERVED
-CVE-2014-2361
- RESERVED
-CVE-2014-2360
- RESERVED
+CVE-2014-2363 (Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which ...)
+ TODO: check
+CVE-2014-2362 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
+ TODO: check
+CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, ...)
+ TODO: check
+CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
+ TODO: check
CVE-2014-2359
RESERVED
CVE-2014-2358
RESERVED
CVE-2014-2357
RESERVED
-CVE-2014-2356
- RESERVED
+CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
+ TODO: check
CVE-2014-2355
RESERVED
CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password ...)
@@ -7043,11 +7265,9 @@
RESERVED
CVE-2014-2228
RESERVED
-CVE-2014-2227
- RESERVED
+CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti ...)
NOT-FOR-US: Ubiquiti Networks
-CVE-2014-2226
- RESERVED
+CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative ...)
NOT-FOR-US: Ubiquiti Networks
CVE-2014-2225
RESERVED
@@ -9267,11 +9487,12 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1492 (The cert_TestHostName function in lib/certdb/certdb.c in the ...)
+ {DSA-2994-1}
- nss 2:3.16-1
- iceweasel <not-affected> (Only affects Firefox 28)
- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...)
- {DSA-2858-1}
+ {DSA-2994-1 DSA-2858-1}
- iceweasel 24.3.0esr-1
- icedove 24.3.0-1
- nss 2:3.15.4-1
@@ -9526,8 +9747,7 @@
RESERVED
CVE-2014-1420
RESERVED
-CVE-2014-1419
- RESERVED
+CVE-2014-1419 (Race condition in the power policy functions in policy-funcs in ...)
{DSA-2984-1}
- acpi-support 0.142-2
CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...)
@@ -10219,10 +10439,10 @@
RESERVED
CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0948
- RESERVED
-CVE-2014-0947
- RESERVED
+CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design ...)
+ TODO: check
+CVE-2014-0947 (Unspecified vulnerability in the server in IBM Rational Software ...)
+ TODO: check
CVE-2014-0946 (The RES Console in Rule Execution Server in IBM Operational Decision ...)
NOT-FOR-US: IBM
CVE-2014-0945 (Cross-site scripting (XSS) vulnerability in the RES Console in Rule ...)
@@ -10285,10 +10505,10 @@
NOT-FOR-US: IBM Eclipse Help System
CVE-2014-0916
RESERVED
-CVE-2014-0915
- RESERVED
-CVE-2014-0914
- RESERVED
+CVE-2014-0915 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
+ TODO: check
+CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino ...)
NOT-FOR-US: IBM iNotes
CVE-2014-0912
@@ -10337,8 +10557,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
NOT-FOR-US: IBM Sametime
-CVE-2014-0889
- RESERVED
+CVE-2014-0889 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite ...)
+ TODO: check
CVE-2014-0888
RESERVED
CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
@@ -11022,8 +11242,8 @@
RESERVED
CVE-2014-0608
RESERVED
-CVE-2014-0607
- RESERVED
+CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream ...)
+ TODO: check
CVE-2014-0606
RESERVED
CVE-2014-0605
@@ -11410,8 +11630,7 @@
{DSA-2945-1}
- chkrootkit 0.49-5
[squeeze] - chkrootkit 0.49-4+deb6u1
-CVE-2014-0475 [directory traversal in LC_* locale handling]
- RESERVED
+CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka ...)
{DSA-2976-1}
- glibc 2.19-6
- eglibc <removed>
@@ -13320,8 +13539,7 @@
NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient
CVE-2014-0104
RESERVED
-CVE-2014-0103
- RESERVED
+CVE-2014-0103 (WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores ...)
- zarafa <itp> (bug #658433)
CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyring.c ...)
- linux 3.13.6-1
@@ -17137,6 +17355,7 @@
{DSA-2820-1}
- nspr 2:4.10.2-1
CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla ...)
+ {DSA-2994-1}
- nss 2:3.15.3-1 (bug #735105)
CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 ...)
{DSA-2800-1}
@@ -18881,8 +19100,7 @@
NOT-FOR-US: HP iLO
CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in ...)
NOT-FOR-US: HP StoreVirtual
-CVE-2013-4840
- RESERVED
+CVE-2013-4840 (Unspecified vulnerability in HP and H3C VPN Firewall Module products ...)
NOT-FOR-US: HP and H3C VPN Firewall Module
CVE-2013-4839 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
NOT-FOR-US: HP LoadRunner
@@ -19965,7 +20183,7 @@
[squeeze] - samba <not-affected> (Doesn't provide AD functionality)
- samba4 <removed> (low)
[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
-CVE-2013-4475 (Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, ...)
+CVE-2013-4475 (Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and ...)
{DSA-2812-1}
- samba 2:4.0.11+dfsg-1 (low)
- samba4 <removed> (low)
@@ -20694,8 +20912,7 @@
- libav <undetermined>
NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
NOTE: libav and ffmpeg code bases have diverged too much, unclear whether libav is affected
-CVE-2013-4262 [svnwcsub.py and irkerbridge.py are vulnerable to symlink attack]
- RESERVED
+CVE-2013-4262 (svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile ...)
- subversion 1.8.5-1 (unimportant)
NOTE: Optional admin-side utilities in Subversion 1.8.x
CVE-2013-4261 (OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using ...)
@@ -27493,6 +27710,7 @@
- bugzilla4 <itp> (bug #669643)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...)
+ {DSA-2994-1}
- nss 2:3.15.3-1 (bug #735105)
NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla ...)
More information about the Secure-testing-commits
mailing list