[Secure-testing-commits] r27336 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Jun 17 21:14:21 UTC 2014
Author: joeyh
Date: 2014-06-17 21:14:21 +0000 (Tue, 17 Jun 2014)
New Revision: 27336
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-17 19:34:31 UTC (rev 27335)
+++ data/CVE/list 2014-06-17 21:14:21 UTC (rev 27336)
@@ -1,3 +1,335 @@
+CVE-2014-4193 (The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for ...)
+ TODO: check
+CVE-2014-4192 (The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share ...)
+ TODO: check
+CVE-2014-4191 (The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C ...)
+ TODO: check
+CVE-2014-4190 (Multiple heap-based buffer overflows in Huawei Campus Series Switches ...)
+ TODO: check
+CVE-2014-4189 (Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager ...)
+ TODO: check
+CVE-2014-4188 (Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning ...)
+ TODO: check
+CVE-2014-4187 (Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket ...)
+ TODO: check
+CVE-2014-4186
+ RESERVED
+CVE-2014-4185
+ RESERVED
+CVE-2014-4184
+ RESERVED
+CVE-2014-4183
+ RESERVED
+CVE-2014-4182
+ RESERVED
+CVE-2014-4181
+ RESERVED
+CVE-2014-4180
+ RESERVED
+CVE-2014-4179
+ RESERVED
+CVE-2014-4178
+ RESERVED
+CVE-2014-4177
+ RESERVED
+CVE-2014-4176
+ RESERVED
+CVE-2014-4175
+ RESERVED
+CVE-2014-4174
+ RESERVED
+CVE-2014-4173
+ RESERVED
+CVE-2014-4172
+ RESERVED
+CVE-2014-4171
+ RESERVED
+CVE-2014-4170
+ RESERVED
+CVE-2014-4169
+ RESERVED
+CVE-2014-4168
+ RESERVED
+CVE-2014-4167
+ RESERVED
+CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in ...)
+ TODO: check
+CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote ...)
+ TODO: check
+CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlogoSec FireFlow 6.3-b230 ...)
+ TODO: check
+CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-4162 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-4161 (Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP ...)
+ TODO: check
+CVE-2014-4160 (Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas ...)
+ TODO: check
+CVE-2014-4159 (Open redirect vulnerability in SAP Supplier Relationship Management ...)
+ TODO: check
+CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4157
+ RESERVED
+CVE-2014-4156
+ RESERVED
+CVE-2014-4155
+ RESERVED
+CVE-2014-4154
+ RESERVED
+CVE-2014-4153
+ RESERVED
+CVE-2014-4152
+ RESERVED
+CVE-2014-4151
+ RESERVED
+CVE-2014-4149
+ RESERVED
+CVE-2014-4148
+ RESERVED
+CVE-2014-4147
+ RESERVED
+CVE-2014-4146
+ RESERVED
+CVE-2014-4145
+ RESERVED
+CVE-2014-4144
+ RESERVED
+CVE-2014-4143
+ RESERVED
+CVE-2014-4142
+ RESERVED
+CVE-2014-4141
+ RESERVED
+CVE-2014-4140
+ RESERVED
+CVE-2014-4139
+ RESERVED
+CVE-2014-4138
+ RESERVED
+CVE-2014-4137
+ RESERVED
+CVE-2014-4136
+ RESERVED
+CVE-2014-4135
+ RESERVED
+CVE-2014-4134
+ RESERVED
+CVE-2014-4133
+ RESERVED
+CVE-2014-4132
+ RESERVED
+CVE-2014-4131
+ RESERVED
+CVE-2014-4130
+ RESERVED
+CVE-2014-4129
+ RESERVED
+CVE-2014-4128
+ RESERVED
+CVE-2014-4127
+ RESERVED
+CVE-2014-4126
+ RESERVED
+CVE-2014-4125
+ RESERVED
+CVE-2014-4124
+ RESERVED
+CVE-2014-4123
+ RESERVED
+CVE-2014-4122
+ RESERVED
+CVE-2014-4121
+ RESERVED
+CVE-2014-4120
+ RESERVED
+CVE-2014-4119
+ RESERVED
+CVE-2014-4118
+ RESERVED
+CVE-2014-4117
+ RESERVED
+CVE-2014-4116
+ RESERVED
+CVE-2014-4115
+ RESERVED
+CVE-2014-4114
+ RESERVED
+CVE-2014-4113
+ RESERVED
+CVE-2014-4112
+ RESERVED
+CVE-2014-4111
+ RESERVED
+CVE-2014-4110
+ RESERVED
+CVE-2014-4109
+ RESERVED
+CVE-2014-4108
+ RESERVED
+CVE-2014-4107
+ RESERVED
+CVE-2014-4106
+ RESERVED
+CVE-2014-4105
+ RESERVED
+CVE-2014-4104
+ RESERVED
+CVE-2014-4103
+ RESERVED
+CVE-2014-4102
+ RESERVED
+CVE-2014-4101
+ RESERVED
+CVE-2014-4100
+ RESERVED
+CVE-2014-4099
+ RESERVED
+CVE-2014-4098
+ RESERVED
+CVE-2014-4097
+ RESERVED
+CVE-2014-4096
+ RESERVED
+CVE-2014-4095
+ RESERVED
+CVE-2014-4094
+ RESERVED
+CVE-2014-4093
+ RESERVED
+CVE-2014-4092
+ RESERVED
+CVE-2014-4091
+ RESERVED
+CVE-2014-4090
+ RESERVED
+CVE-2014-4089
+ RESERVED
+CVE-2014-4088
+ RESERVED
+CVE-2014-4087
+ RESERVED
+CVE-2014-4086
+ RESERVED
+CVE-2014-4085
+ RESERVED
+CVE-2014-4084
+ RESERVED
+CVE-2014-4083
+ RESERVED
+CVE-2014-4082
+ RESERVED
+CVE-2014-4081
+ RESERVED
+CVE-2014-4080
+ RESERVED
+CVE-2014-4079
+ RESERVED
+CVE-2014-4078
+ RESERVED
+CVE-2014-4077
+ RESERVED
+CVE-2014-4076
+ RESERVED
+CVE-2014-4075
+ RESERVED
+CVE-2014-4074
+ RESERVED
+CVE-2014-4073
+ RESERVED
+CVE-2014-4072
+ RESERVED
+CVE-2014-4071
+ RESERVED
+CVE-2014-4070
+ RESERVED
+CVE-2014-4069
+ RESERVED
+CVE-2014-4068
+ RESERVED
+CVE-2014-4067
+ RESERVED
+CVE-2014-4066
+ RESERVED
+CVE-2014-4065
+ RESERVED
+CVE-2014-4064
+ RESERVED
+CVE-2014-4063
+ RESERVED
+CVE-2014-4062
+ RESERVED
+CVE-2014-4061
+ RESERVED
+CVE-2014-4060
+ RESERVED
+CVE-2014-4059
+ RESERVED
+CVE-2014-4058
+ RESERVED
+CVE-2014-4057
+ RESERVED
+CVE-2014-4056
+ RESERVED
+CVE-2014-4055
+ RESERVED
+CVE-2014-4054
+ RESERVED
+CVE-2014-4053
+ RESERVED
+CVE-2014-4052
+ RESERVED
+CVE-2014-4051
+ RESERVED
+CVE-2014-4050
+ RESERVED
+CVE-2014-4042
+ RESERVED
+CVE-2014-4041
+ RESERVED
+CVE-2014-4039 (ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does ...)
+ TODO: check
+CVE-2014-4038 (ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a ...)
+ TODO: check
+CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
+ TODO: check
+CVE-2014-4035 (Cross-site scripting (XSS) vulnerability in booking_details.php in ...)
+ TODO: check
+CVE-2014-4034 (SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 ...)
+ TODO: check
+CVE-2014-4033 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4032 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4031
+ RESERVED
+CVE-2014-4030
+ RESERVED
+CVE-2014-4029
+ RESERVED
+CVE-2014-4028
+ RESERVED
+CVE-2014-4026
+ RESERVED
+CVE-2014-4025
+ RESERVED
+CVE-2014-4024
+ RESERVED
+CVE-2014-4023
+ RESERVED
+CVE-2014-4022
+ RESERVED
+CVE-2014-4019
+ RESERVED
+CVE-2014-4018
+ RESERVED
+CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
+ TODO: check
+CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows ...)
+ TODO: check
CVE-2014-XXXX [authentication bypass]
- iodine 0.6.0~rc1-19 (bug #751834)
NOTE: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850
@@ -11,36 +343,40 @@
- commons-beanutils 1.9.2-1
NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
CVE-2014-4049 [PHP heap-based buffer overflow in DNS TXT record parsing]
+ RESERVED
{DSA-2961-1}
- php5 5.6.0~beta4+dfsg-3 (bug #751364)
NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
-CVE-2014-4048
+CVE-2014-4048 (The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows ...)
- asterisk <not-affected> (Only affects Asterisk 12.x)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-008.html
-CVE-2014-4047
+CVE-2014-4047 (Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and ...)
- asterisk 1:11.10.2~dfsg-1 (low)
[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-007.html
-CVE-2014-4046
+CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and ...)
- asterisk 1:11.10.2~dfsg-1 (low)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-006.html
-CVE-2014-4045 [remote crash in PJSIP Channel Drivers Publish/Subscribe Framework]
+CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in ...)
- asterisk <not-affected> (Only affects Asterisk 12.x)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-005.html
-CVE-2014-4044 [TMAY fileserver crashes]
+CVE-2014-4044 (OpenAFS 1.6.8 does no properly clear the fields in the host structure, ...)
- openafs 1.6.9-1
[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
CVE-2014-4043 [posix_spawn_file_actions_addopen fails to copy the path argument]
+ RESERVED
- eglibc 2.19-2 (low; bug #751774)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
-CVE-2014-4040
+CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...)
- ppc64-diag <itp> (bug #740179)
CVE-2014-4021 [XSA-100]
+ RESERVED
- xen <unfixed> (bug #751894)
CVE-2014-4020 [Frame metadissector crash (wnpa-sec-2014-07)]
+ RESERVED
- wireshark <unfixed>
[wheezy] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
[squeeze] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
@@ -106,10 +442,12 @@
- libav 6:0.8.12-1
NOTE: Fairly pointless CVE assignment...
CVE-2014-4150 [Insecure use of temporary file]
+ RESERVED
- scheme48 1.9-4 (bug #748766)
[wheezy] - scheme48 <no-dsa> (Minor issue)
[squeeze] - scheme48 1.8+dfsg-1+deb6u1
CVE-2014-4027
+ RESERVED
- linux 3.14.2-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.38)
@@ -123,11 +461,9 @@
- lynis 1.5.5-1 (bug #751083)
[squeeze] - lynis <no-dsa> (Minor issue)
[wheezy] - lynis <no-dsa> (Minor issue)
-CVE-2014-3995
- RESERVED
+CVE-2014-3995 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Djblets
-CVE-2014-3994
- RESERVED
+CVE-2014-3994 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Djblets
CVE-2014-3983
RESERVED
@@ -170,8 +506,7 @@
NOT-FOR-US: WordPress plugin Participants Database
CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
NOT-FOR-US: OpenNMS
-CVE-2014-3980 [Local privilege escalation]
- RESERVED
+CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...)
- libfep <itp> (bug #658575)
CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the ...)
NOT-FOR-US: F5
@@ -239,8 +574,7 @@
TODO: check
CVE-2014-3969 (Xen 4.4.x, when running on an ARM system, does not properly check ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
-CVE-2014-3970 [pulseaudio: crash due to empty UDP packet]
- RESERVED
+CVE-2014-3970 (The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv ...)
- pulseaudio <unfixed> (low)
[squeeze] - pulseaudio <no-dsa> (Minor issue)
[wheezy] - pulseaudio <no-dsa> (Minor issue)
@@ -280,16 +614,16 @@
- ruby1.9.1 <unfixed> (unimportant)
- ruby1.8 <unfixed> (unimportant)
NOTE: Only exploitable on Windows
-CVE-2014-3915
- RESERVED
+CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...)
+ TODO: check
CVE-2014-3914
RESERVED
CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow ...)
TODO: check
CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList method in ...)
TODO: check
-CVE-2014-3911
- RESERVED
+CVE-2014-3911 (Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to ...)
+ TODO: check
CVE-2014-3910
RESERVED
CVE-2014-3909
@@ -398,8 +732,7 @@
RESERVED
CVE-2014-3860
RESERVED
-CVE-2014-3859 [BIND named can crash due to a defect in EDNS printing processing]
- RESERVED
+CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS ...)
- bind9 <not-affected> (Only affects 9.10.0, 9.10.0-P1)
NOTE: https://kb.isc.org/article/AA-01166
CVE-2014-3858
@@ -426,8 +759,8 @@
CVE-2014-3851
RESERVED
NOT-FOR-US: Pyplate
-CVE-2014-3850
- RESERVED
+CVE-2014-3850 (Cross-site request forgery (CSRF) vulnerability in the Member Approval ...)
+ TODO: check
CVE-2014-3849 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not ...)
NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3848 (The iMember360 plugin before 3.9.001 for WordPress does not properly ...)
@@ -545,12 +878,12 @@
RESERVED
CVE-2014-3815
RESERVED
-CVE-2014-3814
- RESERVED
-CVE-2014-3813
- RESERVED
-CVE-2014-3812
- RESERVED
+CVE-2014-3814 (The Juniper Networks NetScreen Firewall devices with ScreenOS before ...)
+ TODO: check
+CVE-2014-3813 (Unspecified vulnerability in the Juniper Networks NetScreen Firewall ...)
+ TODO: check
+CVE-2014-3812 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with ...)
+ TODO: check
CVE-2014-3811
RESERVED
CVE-2014-3810
@@ -563,10 +896,10 @@
NOT-FOR-US: BarracudaDrive
CVE-2014-3806 (Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo ...)
NOT-FOR-US: VMTurbo Operations Manager
-CVE-2014-3805
- RESERVED
-CVE-2014-3804
- RESERVED
+CVE-2014-3805 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
+ TODO: check
+CVE-2014-3804 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
+ TODO: check
CVE-2014-3803 (The SpeechInput feature in Blink, as used in Google Chrome before ...)
{DSA-2939-1}
- chromium-browser 35.0.1916.114-1
@@ -620,11 +953,9 @@
RESERVED
CVE-2014-3783 (SQL injection vulnerability in admin/categories.php in Dotclear before ...)
- dotclear 2.6.3+dfsg-1
-CVE-2014-3782 [(Media Manager) Unrestricted File Upload Vulnerability]
- RESERVED
+CVE-2014-3782 (Multiple incomplete blacklist vulnerabilities in the ...)
- dotclear 2.6.3+dfsg-1
-CVE-2014-3781 [(XML-RPC Interface) Authentication Bypass Vulnerability]
- RESERVED
+CVE-2014-3781 (The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in ...)
- dotclear 2.6.3+dfsg-1
CVE-2014-3780 (Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 ...)
NOT-FOR-US: Citrix
@@ -1210,8 +1541,7 @@
- dbus 1.8.4-1 (low)
[squeeze] - dbus <no-dsa> (Minor issue)
[wheezy] - dbus <no-dsa> (Minor issue)
-CVE-2014-3476 [privilege escalation through trust chained delegation]
- RESERVED
+CVE-2014-3476 (OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...)
- keystone 2014.1.1-2 (bug #751454)
[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2014-3475
@@ -1417,8 +1747,8 @@
RESERVED
CVE-2014-3429
RESERVED
-CVE-2014-3428
- RESERVED
+CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...)
+ TODO: check
CVE-2014-3427
RESERVED
CVE-2014-3420
@@ -1671,8 +2001,8 @@
RESERVED
CVE-2014-3296
RESERVED
-CVE-2014-3295
- RESERVED
+CVE-2014-3295 (The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows ...)
+ TODO: check
CVE-2014-3294 (Cisco WebEx Meeting Server does not properly restrict the content of ...)
TODO: check
CVE-2014-3293
@@ -1681,8 +2011,8 @@
TODO: check
CVE-2014-3291 (Cisco Wireless LAN Controller (WLC) devices allow remote attackers to ...)
TODO: check
-CVE-2014-3290
- RESERVED
+CVE-2014-3290 (The mDNS implementation in Cisco IOS XE 3.12S does not properly ...)
+ TODO: check
CVE-2014-3289 (Cross-site scripting (XSS) vulnerability in the web management ...)
TODO: check
CVE-2014-3288
@@ -1767,8 +2097,7 @@
[squeeze] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
[wheezy] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250
-CVE-2014-3249
- RESERVED
+CVE-2014-3249 (Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
CVE-2014-3248
@@ -2380,8 +2709,7 @@
RESERVED
- zabbix <unfixed> (bug #751910)
NOTE: http://seclists.org/fulldisclosure/2014/Jun/87
-CVE-2014-3004
- RESERVED
+CVE-2014-3004 (The default configuration for the Xerces SAX Parser in Castor before ...)
NOT-FOR-US: Castor
CVE-2014-3003
RESERVED
@@ -2463,11 +2791,9 @@
RESERVED
CVE-2014-2979
RESERVED
-CVE-2014-2978 [directfb: remote out-of-bounds write]
- RESERVED
+CVE-2014-2978 (The Dispatch_Write function in ...)
- directfb <not-affected> (Vulnerable code was introduced in 1.4.4)
-CVE-2014-2977 [directfb: integer signedness]
- RESERVED
+CVE-2014-2977 (Multiple integer signedness errors in the Dispatch_Write function in ...)
- directfb <not-affected> (Vulnerable code was introduced in 1.4.13)
CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
NOT-FOR-US: Sixnet SixView
@@ -4255,8 +4581,8 @@
RESERVED
CVE-2014-2304
RESERVED
-CVE-2014-2303
- RESERVED
+CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ...)
+ TODO: check
CVE-2014-2302
RESERVED
CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...)
@@ -4524,8 +4850,7 @@
RESERVED
CVE-2014-2177
RESERVED
-CVE-2014-2176
- RESERVED
+CVE-2014-2176 (Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a ...)
NOT-FOR-US: Cisco IOS
CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
NOT-FOR-US: Cisco
@@ -4992,12 +5317,12 @@
RESERVED
CVE-2014-2005
RESERVED
-CVE-2014-2004
- RESERVED
-CVE-2014-2003
- RESERVED
-CVE-2014-2002
- RESERVED
+CVE-2014-2004 (The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 ...)
+ TODO: check
+CVE-2014-2003 (JustSystems JUST Online Update, as used in Ichitaro through 2014 and ...)
+ TODO: check
+CVE-2014-2002 (Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and ...)
+ TODO: check
CVE-2014-2001
RESERVED
CVE-2014-2000
@@ -6343,7 +6668,7 @@
CVE-2014-1546
RESERVED
CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote ...)
- {DSA-2960-1 DSA-2955-1}
+ {DSA-2962-1 DSA-2960-1 DSA-2955-1}
- nspr <unfixed>
- iceweasel 30.0-1
- icedove <unfixed>
@@ -7503,8 +7828,8 @@
RESERVED
CVE-2014-0961 (Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity ...)
NOT-FOR-US: IBM Tivoli Identity Manager
-CVE-2014-0960
- RESERVED
+CVE-2014-0960 (IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before ...)
+ TODO: check
CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through ...)
@@ -8707,8 +9032,7 @@
RESERVED
CVE-2014-0479
RESERVED
-CVE-2014-0478 [apt: source packages not verified]
- RESERVED
+CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which ...)
{DSA-2958-1}
- apt 1.0.4 (bug #749795)
[squeeze] - apt 0.8.10.3+squeeze2
@@ -9497,7 +9821,7 @@
- typo3-src 4.5.32+dfsg1-1 (bug #731999)
NOTE: https://review.typo3.org/#/c/26180/
CVE-2013-7072
- RESERVED
+ REJECTED
NOT-FOR-US: Monitorix
CVE-2013-7071
RESERVED
@@ -10090,8 +10414,7 @@
RESERVED
- freerdp <unfixed> (unimportant; bug #749585)
NOTE: A malicious RDP server has many more ways to mess with an RDP client
-CVE-2014-0249
- RESERVED
+CVE-2014-0249 (The System Security Services Daemon (SSSD) 1.11.6 does not properly ...)
- sssd <unfixed> (low; bug #749569)
[squeeze] - sssd <no-dsa> (Minor issue)
[wheezy] - sssd <no-dsa> (Minor issue)
@@ -10288,8 +10611,7 @@
CVE-2014-0187 (The openvswitch-agent process in OpenStack Neutron 2013.1 before ...)
- neutron <unfixed>
[wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and 2014.1)
-CVE-2014-0186
- RESERVED
+CVE-2014-0186 (A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise ...)
- tomcat7 <undetermined>
TODO: check, is this regression affecting also a patch which Debian has already applied?
CVE-2014-0185 (sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...)
@@ -12362,9 +12684,11 @@
- adequate 0.8.1 (bug #730691)
NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee
CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does ...)
+ {DSA-2963-1}
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
NOTE: https://issues.apache.org/jira/browse/SOLR-4881
CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows ...)
+ {DSA-2963-1}
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
NOTE: https://issues.apache.org/jira/browse/SOLR-3895
CVE-2013-6406
@@ -12400,6 +12724,7 @@
CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...)
NOT-FOR-US: Apache CloudStack
CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...)
+ {DSA-2963-1}
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
NOTE: https://issues.apache.org/jira/browse/SOLR-4882
CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...)
@@ -13141,8 +13466,8 @@
RESERVED
CVE-2013-6079 (Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 ...)
NOT-FOR-US: MostGear Soft Easy LAN Folder Share
-CVE-2013-6078
- RESERVED
+CVE-2013-6078 (The default configuration of EMC RSA BSAFE Toolkits and RSA Data ...)
+ TODO: check
CVE-2013-6077 (Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not ...)
NOT-FOR-US: Citrix XenDesktop
CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a ...)
@@ -15004,16 +15329,16 @@
NOT-FOR-US: Google Picasa
CVE-2013-5357 (Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
NOT-FOR-US: Google Picasa
-CVE-2013-5356
- RESERVED
+CVE-2013-5356 (Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict ...)
+ TODO: check
CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Sharetronix
CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow ...)
NOT-FOR-US: Sharetronix
-CVE-2013-5353
- RESERVED
-CVE-2013-5352
- RESERVED
+CVE-2013-5353 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2013-5352 (Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to ...)
+ TODO: check
CVE-2013-5351 (Heap-based buffer overflow in IrfanView before 4.37 allows remote ...)
NOT-FOR-US: IrfanView
CVE-2013-5350 (The "Remember me" feature in the ...)
@@ -18492,8 +18817,8 @@
CVE-2013-4100
RESERVED
NOT-FOR-US: Cryptocat
-CVE-2013-4099
- RESERVED
+CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...)
+ TODO: check
CVE-2013-4098 (ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote ...)
NOT-FOR-US: DS3 Authentication Server
CVE-2013-4097 (ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows ...)
@@ -19313,8 +19638,7 @@
TODO: check
CVE-2013-3738
RESERVED
-CVE-2013-3843
- RESERVED
+CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process function ...)
- monkey <removed>
[squeeze] - monkey <no-dsa> (Minor issue)
NOTE: http://bugs.monkey-project.com/ticket/182
@@ -19495,8 +19819,8 @@
NOT-FOR-US: AutoCAD
CVE-2013-3664
RESERVED
-CVE-2013-3663
- RESERVED
+CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
+ TODO: check
CVE-2013-3662
RESERVED
CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP ...)
@@ -23233,8 +23557,7 @@
RESERVED
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
-CVE-2013-2182 [monkey security rules bypass]
- RESERVED
+CVE-2013-2182 (The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before ...)
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2181 (Cross-site scripting (XSS) vulnerability in the Directory Listing ...)
@@ -23293,8 +23616,7 @@
{DSA-2766-1 DSA-2745-1}
- linux-2.6 <removed> (low)
- linux 3.9.8-1 (low)
-CVE-2013-2163 [monkey denial of service]
- RESERVED
+CVE-2013-2163 (Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to ...)
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2162 (Race condition in the post-installation script ...)
@@ -24392,8 +24714,7 @@
CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x ...)
{DSA-2646-1}
- typo3-src 4.5.19+dfsg1-5 (bug #702574)
-CVE-2013-1841 [Reverse lookup issue in Net::Server]
- RESERVED
+CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
- libnet-server-perl <unfixed> (low; bug #702914)
[wheezy] - libnet-server-perl <no-dsa> (Minor issue)
[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
@@ -37505,12 +37826,10 @@
- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
- inn2 2.5.3-1 (low; bug #685581)
[squeeze] - inn2 <no-dsa> (Minor issue)
-CVE-2012-3522 [geshi XSS in contrib/langwiz.php]
- RESERVED
+CVE-2012-3522 (Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in ...)
- geshi <not-affected> (Vulnerable code not present, see bug #685323)
[squeeze] - geshi <no-dsa> (shipped as example/.gz)
-CVE-2012-3521 [geshi information disclosure in contrib/cssgen.php]
- RESERVED
+CVE-2012-3521 (Multiple directory traversal vulnerabilities in the cssgen contrib ...)
- geshi 1.0.8.4-2 (bug #685324)
[squeeze] - geshi 1.0.8.4-1+squeeze1
CVE-2012-3520 (The Netlink implementation in the Linux kernel before 3.2.30 does not ...)
@@ -40361,8 +40680,7 @@
RESERVED
CVE-2010-5112
RESERVED
-CVE-2010-5111 [echoping buffer overflows]
- RESERVED
+CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...)
- echoping 6.0.2-4 (low; bug #606808)
[squeeze] - echoping <no-dsa> (Minor issue)
NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/
@@ -50753,8 +51071,7 @@
[squeeze] - clamav 0.97.3+dfsg-1~squeeze1
CVE-2011-3626 (Double free vulnerability in the prepare_exec function in src/exec.c ...)
NOT-FOR-US: Logsurfer
-CVE-2011-3625 [mplayer SAMI subtitle parsing buffer overflow]
- RESERVED
+CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in ...)
- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
[squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes)
- mplayer2 2.0-134-g84d8671-9 (bug #646937)
More information about the Secure-testing-commits
mailing list