[Secure-testing-commits] r27371 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri Jun 20 21:14:10 UTC 2014
Author: joeyh
Date: 2014-06-20 21:14:10 +0000 (Fri, 20 Jun 2014)
New Revision: 27371
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-20 21:10:49 UTC (rev 27370)
+++ data/CVE/list 2014-06-20 21:14:10 UTC (rev 27371)
@@ -1,3 +1,620 @@
+CVE-2014-4504
+ RESERVED
+CVE-2014-4503
+ RESERVED
+CVE-2014-4502
+ RESERVED
+CVE-2014-4501
+ RESERVED
+CVE-2014-4500
+ RESERVED
+CVE-2014-4499
+ RESERVED
+CVE-2014-4498
+ RESERVED
+CVE-2014-4497
+ RESERVED
+CVE-2014-4496
+ RESERVED
+CVE-2014-4495
+ RESERVED
+CVE-2014-4494
+ RESERVED
+CVE-2014-4493
+ RESERVED
+CVE-2014-4492
+ RESERVED
+CVE-2014-4491
+ RESERVED
+CVE-2014-4490
+ RESERVED
+CVE-2014-4489
+ RESERVED
+CVE-2014-4488
+ RESERVED
+CVE-2014-4487
+ RESERVED
+CVE-2014-4486
+ RESERVED
+CVE-2014-4485
+ RESERVED
+CVE-2014-4484
+ RESERVED
+CVE-2014-4483
+ RESERVED
+CVE-2014-4482
+ RESERVED
+CVE-2014-4481
+ RESERVED
+CVE-2014-4480
+ RESERVED
+CVE-2014-4479
+ RESERVED
+CVE-2014-4478
+ RESERVED
+CVE-2014-4477
+ RESERVED
+CVE-2014-4476
+ RESERVED
+CVE-2014-4475
+ RESERVED
+CVE-2014-4474
+ RESERVED
+CVE-2014-4473
+ RESERVED
+CVE-2014-4472
+ RESERVED
+CVE-2014-4471
+ RESERVED
+CVE-2014-4470
+ RESERVED
+CVE-2014-4469
+ RESERVED
+CVE-2014-4468
+ RESERVED
+CVE-2014-4467
+ RESERVED
+CVE-2014-4466
+ RESERVED
+CVE-2014-4465
+ RESERVED
+CVE-2014-4464
+ RESERVED
+CVE-2014-4463
+ RESERVED
+CVE-2014-4462
+ RESERVED
+CVE-2014-4461
+ RESERVED
+CVE-2014-4460
+ RESERVED
+CVE-2014-4459
+ RESERVED
+CVE-2014-4458
+ RESERVED
+CVE-2014-4457
+ RESERVED
+CVE-2014-4456
+ RESERVED
+CVE-2014-4455
+ RESERVED
+CVE-2014-4454
+ RESERVED
+CVE-2014-4453
+ RESERVED
+CVE-2014-4452
+ RESERVED
+CVE-2014-4451
+ RESERVED
+CVE-2014-4450
+ RESERVED
+CVE-2014-4449
+ RESERVED
+CVE-2014-4448
+ RESERVED
+CVE-2014-4447
+ RESERVED
+CVE-2014-4446
+ RESERVED
+CVE-2014-4445
+ RESERVED
+CVE-2014-4444
+ RESERVED
+CVE-2014-4443
+ RESERVED
+CVE-2014-4442
+ RESERVED
+CVE-2014-4441
+ RESERVED
+CVE-2014-4440
+ RESERVED
+CVE-2014-4439
+ RESERVED
+CVE-2014-4438
+ RESERVED
+CVE-2014-4437
+ RESERVED
+CVE-2014-4436
+ RESERVED
+CVE-2014-4435
+ RESERVED
+CVE-2014-4434
+ RESERVED
+CVE-2014-4433
+ RESERVED
+CVE-2014-4432
+ RESERVED
+CVE-2014-4431
+ RESERVED
+CVE-2014-4430
+ RESERVED
+CVE-2014-4429
+ RESERVED
+CVE-2014-4428
+ RESERVED
+CVE-2014-4427
+ RESERVED
+CVE-2014-4426
+ RESERVED
+CVE-2014-4425
+ RESERVED
+CVE-2014-4424
+ RESERVED
+CVE-2014-4423
+ RESERVED
+CVE-2014-4422
+ RESERVED
+CVE-2014-4421
+ RESERVED
+CVE-2014-4420
+ RESERVED
+CVE-2014-4419
+ RESERVED
+CVE-2014-4418
+ RESERVED
+CVE-2014-4417
+ RESERVED
+CVE-2014-4416
+ RESERVED
+CVE-2014-4415
+ RESERVED
+CVE-2014-4414
+ RESERVED
+CVE-2014-4413
+ RESERVED
+CVE-2014-4412
+ RESERVED
+CVE-2014-4411
+ RESERVED
+CVE-2014-4410
+ RESERVED
+CVE-2014-4409
+ RESERVED
+CVE-2014-4408
+ RESERVED
+CVE-2014-4407
+ RESERVED
+CVE-2014-4406
+ RESERVED
+CVE-2014-4405
+ RESERVED
+CVE-2014-4404
+ RESERVED
+CVE-2014-4403
+ RESERVED
+CVE-2014-4402
+ RESERVED
+CVE-2014-4401
+ RESERVED
+CVE-2014-4400
+ RESERVED
+CVE-2014-4399
+ RESERVED
+CVE-2014-4398
+ RESERVED
+CVE-2014-4397
+ RESERVED
+CVE-2014-4396
+ RESERVED
+CVE-2014-4395
+ RESERVED
+CVE-2014-4394
+ RESERVED
+CVE-2014-4393
+ RESERVED
+CVE-2014-4392
+ RESERVED
+CVE-2014-4391
+ RESERVED
+CVE-2014-4390
+ RESERVED
+CVE-2014-4389
+ RESERVED
+CVE-2014-4388
+ RESERVED
+CVE-2014-4387
+ RESERVED
+CVE-2014-4386
+ RESERVED
+CVE-2014-4385
+ RESERVED
+CVE-2014-4384
+ RESERVED
+CVE-2014-4383
+ RESERVED
+CVE-2014-4382
+ RESERVED
+CVE-2014-4381
+ RESERVED
+CVE-2014-4380
+ RESERVED
+CVE-2014-4379
+ RESERVED
+CVE-2014-4378
+ RESERVED
+CVE-2014-4377
+ RESERVED
+CVE-2014-4376
+ RESERVED
+CVE-2014-4375
+ RESERVED
+CVE-2014-4374
+ RESERVED
+CVE-2014-4373
+ RESERVED
+CVE-2014-4372
+ RESERVED
+CVE-2014-4371
+ RESERVED
+CVE-2014-4370
+ RESERVED
+CVE-2014-4369
+ RESERVED
+CVE-2014-4368
+ RESERVED
+CVE-2014-4367
+ RESERVED
+CVE-2014-4366
+ RESERVED
+CVE-2014-4365
+ RESERVED
+CVE-2014-4364
+ RESERVED
+CVE-2014-4363
+ RESERVED
+CVE-2014-4362
+ RESERVED
+CVE-2014-4361
+ RESERVED
+CVE-2014-4360
+ RESERVED
+CVE-2014-4359
+ RESERVED
+CVE-2014-4358
+ RESERVED
+CVE-2014-4357
+ RESERVED
+CVE-2014-4356
+ RESERVED
+CVE-2014-4355
+ RESERVED
+CVE-2014-4354
+ RESERVED
+CVE-2014-4353
+ RESERVED
+CVE-2014-4352
+ RESERVED
+CVE-2014-4351
+ RESERVED
+CVE-2014-4350
+ RESERVED
+CVE-2014-4349
+ RESERVED
+CVE-2014-4348
+ RESERVED
+CVE-2014-4347
+ RESERVED
+CVE-2014-4346
+ RESERVED
+CVE-2014-4345
+ RESERVED
+CVE-2014-4344
+ RESERVED
+CVE-2014-4343
+ RESERVED
+CVE-2014-4342
+ RESERVED
+CVE-2014-4341
+ RESERVED
+CVE-2014-4340
+ RESERVED
+CVE-2014-4339
+ RESERVED
+CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
+ TODO: check
+CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before ...)
+ TODO: check
+CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2014-4332
+ RESERVED
+CVE-2014-4331
+ RESERVED
+CVE-2014-4330
+ RESERVED
+CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...)
+ TODO: check
+CVE-2014-4328
+ RESERVED
+CVE-2014-4327
+ RESERVED
+CVE-2014-4326
+ RESERVED
+CVE-2014-4325
+ RESERVED
+CVE-2014-4324
+ RESERVED
+CVE-2014-4323
+ RESERVED
+CVE-2014-4322
+ RESERVED
+CVE-2014-4321
+ RESERVED
+CVE-2014-4320
+ RESERVED
+CVE-2014-4319
+ RESERVED
+CVE-2014-4318
+ RESERVED
+CVE-2014-4317
+ RESERVED
+CVE-2014-4316
+ RESERVED
+CVE-2014-4315
+ RESERVED
+CVE-2014-4314
+ RESERVED
+CVE-2014-4313
+ RESERVED
+CVE-2014-4312
+ RESERVED
+CVE-2014-4311
+ RESERVED
+CVE-2014-4310
+ RESERVED
+CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...)
+ TODO: check
+CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording ...)
+ TODO: check
+CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan before ...)
+ TODO: check
+CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan before ...)
+ TODO: check
+CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka ...)
+ TODO: check
+CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy ...)
+ TODO: check
+CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme ...)
+ TODO: check
+CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D ...)
+ TODO: check
+CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-4300
+ RESERVED
+CVE-2014-4299
+ RESERVED
+CVE-2014-4298
+ RESERVED
+CVE-2014-4297
+ RESERVED
+CVE-2014-4296
+ RESERVED
+CVE-2014-4295
+ RESERVED
+CVE-2014-4294
+ RESERVED
+CVE-2014-4293
+ RESERVED
+CVE-2014-4292
+ RESERVED
+CVE-2014-4291
+ RESERVED
+CVE-2014-4290
+ RESERVED
+CVE-2014-4289
+ RESERVED
+CVE-2014-4288
+ RESERVED
+CVE-2014-4287
+ RESERVED
+CVE-2014-4286
+ REJECTED
+ TODO: check
+CVE-2014-4285
+ RESERVED
+CVE-2014-4284
+ RESERVED
+CVE-2014-4283
+ RESERVED
+CVE-2014-4282
+ RESERVED
+CVE-2014-4281
+ RESERVED
+CVE-2014-4280
+ RESERVED
+CVE-2014-4279
+ RESERVED
+CVE-2014-4278
+ RESERVED
+CVE-2014-4277
+ RESERVED
+CVE-2014-4276
+ RESERVED
+CVE-2014-4275
+ RESERVED
+CVE-2014-4274
+ RESERVED
+CVE-2014-4273
+ RESERVED
+CVE-2014-4272
+ RESERVED
+CVE-2014-4271
+ RESERVED
+CVE-2014-4270
+ RESERVED
+CVE-2014-4269
+ RESERVED
+CVE-2014-4268
+ RESERVED
+CVE-2014-4267
+ RESERVED
+CVE-2014-4266
+ RESERVED
+CVE-2014-4265
+ RESERVED
+CVE-2014-4264
+ RESERVED
+CVE-2014-4263
+ RESERVED
+CVE-2014-4262
+ RESERVED
+CVE-2014-4261
+ RESERVED
+CVE-2014-4260
+ RESERVED
+CVE-2014-4259
+ RESERVED
+CVE-2014-4258
+ RESERVED
+CVE-2014-4257
+ RESERVED
+CVE-2014-4256
+ RESERVED
+CVE-2014-4255
+ RESERVED
+CVE-2014-4254
+ RESERVED
+CVE-2014-4253
+ RESERVED
+CVE-2014-4252
+ RESERVED
+CVE-2014-4251
+ RESERVED
+CVE-2014-4250
+ RESERVED
+CVE-2014-4249
+ RESERVED
+CVE-2014-4248
+ RESERVED
+CVE-2014-4247
+ RESERVED
+CVE-2014-4246
+ RESERVED
+CVE-2014-4245
+ RESERVED
+CVE-2014-4244
+ RESERVED
+CVE-2014-4243
+ RESERVED
+CVE-2014-4242
+ RESERVED
+CVE-2014-4241
+ RESERVED
+CVE-2014-4240
+ RESERVED
+CVE-2014-4239
+ RESERVED
+CVE-2014-4238
+ RESERVED
+CVE-2014-4237
+ RESERVED
+CVE-2014-4236
+ RESERVED
+CVE-2014-4235
+ RESERVED
+CVE-2014-4234
+ RESERVED
+CVE-2014-4233
+ RESERVED
+CVE-2014-4232
+ RESERVED
+CVE-2014-4231
+ RESERVED
+CVE-2014-4230
+ RESERVED
+CVE-2014-4229
+ RESERVED
+CVE-2014-4228
+ RESERVED
+CVE-2014-4227
+ RESERVED
+CVE-2014-4226
+ RESERVED
+CVE-2014-4225
+ RESERVED
+CVE-2014-4224
+ RESERVED
+CVE-2014-4223
+ RESERVED
+CVE-2014-4222
+ RESERVED
+CVE-2014-4221
+ RESERVED
+CVE-2014-4220
+ RESERVED
+CVE-2014-4219
+ RESERVED
+CVE-2014-4218
+ RESERVED
+CVE-2014-4217
+ RESERVED
+CVE-2014-4216
+ RESERVED
+CVE-2014-4215
+ RESERVED
+CVE-2014-4214
+ RESERVED
+CVE-2014-4213
+ RESERVED
+CVE-2014-4212
+ RESERVED
+CVE-2014-4211
+ RESERVED
+CVE-2014-4210
+ RESERVED
+CVE-2014-4209
+ RESERVED
+CVE-2014-4208
+ RESERVED
+CVE-2014-4207
+ RESERVED
+CVE-2014-4206
+ RESERVED
+CVE-2014-4205
+ RESERVED
+CVE-2014-4204
+ RESERVED
+CVE-2014-4203
+ RESERVED
+CVE-2014-4202
+ RESERVED
+CVE-2014-4201
+ RESERVED
+CVE-2014-4200
+ RESERVED
+CVE-2014-4199
+ RESERVED
+CVE-2014-4198
+ RESERVED
+CVE-2014-4197
+ RESERVED
+CVE-2014-4196
+ RESERVED
+CVE-2014-4195
+ RESERVED
+CVE-2014-4194
+ RESERVED
CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable]
- softhsm <unfixed> (bug #752092)
CVE-2014-XXXX [docker VMM breakout]
@@ -40,8 +657,8 @@
RESERVED
CVE-2014-4175
RESERVED
-CVE-2014-4174
- RESERVED
+CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x ...)
+ TODO: check
CVE-2014-4173
RESERVED
CVE-2014-4172
@@ -59,7 +676,7 @@
TODO: check
CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote ...)
- ntop <unfixed> (bug #751946)
-CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlogoSec FireFlow 6.3-b230 ...)
+CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 ...)
NOT-FOR-US: AlogoSec FireFlow
CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
TODO: check
@@ -75,16 +692,16 @@
TODO: check
CVE-2014-4156
RESERVED
-CVE-2014-4155
- RESERVED
+CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...)
+ TODO: check
CVE-2014-4154
RESERVED
-CVE-2014-4153
- RESERVED
-CVE-2014-4152
- RESERVED
-CVE-2014-4151
- RESERVED
+CVE-2014-4153 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
+ TODO: check
+CVE-2014-4152 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
+ TODO: check
+CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
+ TODO: check
CVE-2014-4149
RESERVED
CVE-2014-4148
@@ -346,8 +963,7 @@
CVE-2014-XXXX [Class loader vulnerability in DefaultResolver]
- commons-beanutils 1.9.2-1
NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
-CVE-2014-4049 [PHP heap-based buffer overflow in DNS TXT record parsing]
- RESERVED
+CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ...)
{DSA-2961-1}
- php5 5.6.0~beta4+dfsg-3 (bug #751364)
NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
@@ -365,7 +981,7 @@
CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in ...)
- asterisk <not-affected> (Only affects Asterisk 12.x)
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-005.html
-CVE-2014-4044 (OpenAFS 1.6.8 does no properly clear the fields in the host structure, ...)
+CVE-2014-4044 (OpenAFS 1.6.8 does not properly clear the fields in the host structure, ...)
- openafs 1.6.9-1
[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
@@ -376,11 +992,9 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...)
- ppc64-diag <itp> (bug #740179)
-CVE-2014-4021 [XSA-100]
- RESERVED
+CVE-2014-4021 (Xen 3.2.x through 4.4.x does not properly clean memory pages recovered ...)
- xen <unfixed> (bug #751894)
-CVE-2014-4020 [Frame metadissector crash (wnpa-sec-2014-07)]
- RESERVED
+CVE-2014-4020 (The dissect_frame function in epan/dissectors/packet-frame.c in the ...)
- wireshark 1.10.8-1
[wheezy] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
[squeeze] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
@@ -695,13 +1309,11 @@
RESERVED
CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
NOT-FOR-US: IPSwitch IMail
-CVE-2014-3877
- RESERVED
+CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...)
- fex 20140530-1
[wheezy] - fex <no-dsa> (non-free not supported)
NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
-CVE-2014-3876
- RESERVED
+CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast ...)
- fex 20140530-1
[wheezy] - fex <no-dsa> (non-free not supported)
NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
@@ -890,8 +1502,8 @@
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3811
RESERVED
-CVE-2014-3810
- RESERVED
+CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx ...)
+ TODO: check
CVE-2014-3809
RESERVED
CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
@@ -965,8 +1577,8 @@
NOT-FOR-US: Citrix
CVE-2014-3779
RESERVED
-CVE-2014-3778
- RESERVED
+CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2014-3777
RESERVED
CVE-2014-3770
@@ -2695,10 +3307,10 @@
NOT-FOR-US: IBM Sametime
CVE-2014-3014 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...)
NOT-FOR-US: IBM Sametime
-CVE-2014-3013
- RESERVED
-CVE-2014-3012
- RESERVED
+CVE-2014-3013 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam ...)
+ TODO: check
+CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program ...)
+ TODO: check
CVE-2014-3011
RESERVED
CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
@@ -2781,13 +3393,16 @@
NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
CVE-2014-4338 [handle BrowseAllow directive securely]
+ RESERVED
- cups-filters 1.0.53-1
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
CVE-2014-4337 [OOB accesses in the process_browse_data function when reading the packet variable]
+ RESERVED
- cups-filters 1.0.53-1
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
CVE-2014-4336 [incomplete fix for CVE-2014-2707]
+ RESERVED
- cups-filters 1.0.53-1
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: incomplete fix was applied
@@ -2837,8 +3452,8 @@
RESERVED
CVE-2014-2963
RESERVED
-CVE-2014-2962
- RESERVED
+CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...)
+ TODO: check
CVE-2014-2961
RESERVED
CVE-2014-2960
@@ -2868,8 +3483,8 @@
RESERVED
CVE-2014-2950
RESERVED
-CVE-2014-2949
- RESERVED
+CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager ...)
+ TODO: check
CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM ...)
NOT-FOR-US: Bizagi BPM
CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM ...)
@@ -3256,14 +3871,14 @@
RESERVED
CVE-2014-2783
RESERVED
-CVE-2014-2782
- RESERVED
+CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2781
RESERVED
CVE-2014-2780
RESERVED
-CVE-2014-2779
- RESERVED
+CVE-2014-2779 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 ...)
+ TODO: check
CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2777 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
@@ -3785,14 +4400,11 @@
RESERVED
CVE-2014-2612
RESERVED
-CVE-2014-2611
- RESERVED
+CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP ...)
NOT-FOR-US: HP Software Executive Scorecard
-CVE-2014-2610
- RESERVED
+CVE-2014-2610 (Directory traversal vulnerability in the Content Acceleration Pack ...)
NOT-FOR-US: HP Software Executive Scorecard
-CVE-2014-2609
- RESERVED
+CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and ...)
NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2608
RESERVED
@@ -4917,8 +5529,8 @@
RESERVED
CVE-2014-2152
RESERVED
-CVE-2014-2151
- RESERVED
+CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software ...)
+ TODO: check
CVE-2014-2150
RESERVED
CVE-2014-2149
@@ -5340,10 +5952,10 @@
TODO: check
CVE-2014-2002 (Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and ...)
TODO: check
-CVE-2014-2001
- RESERVED
-CVE-2014-2000
- RESERVED
+CVE-2014-2001 (The East Japan Railway Company JR East Japan application before 1.2.0 ...)
+ TODO: check
+CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...)
+ TODO: check
CVE-2014-1999
RESERVED
CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of ...)
@@ -6448,12 +7060,12 @@
RESERVED
CVE-2014-1653
RESERVED
-CVE-2014-1652
- RESERVED
-CVE-2014-1651
- RESERVED
-CVE-2014-1650
- RESERVED
+CVE-2014-1652 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
+ TODO: check
+CVE-2014-1651 (SQL injection vulnerability in clientreport.php in the management ...)
+ TODO: check
+CVE-2014-1650 (SQL injection vulnerability in user.php in the management console in ...)
+ TODO: check
CVE-2014-1649 (The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 ...)
NOT-FOR-US: Symantec Workspace Streaming
CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...)
@@ -7946,8 +8558,8 @@
RESERVED
CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2014-0910
- RESERVED
+CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
+ TODO: check
CVE-2014-0909
RESERVED
CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager ...)
@@ -8689,10 +9301,10 @@
RESERVED
CVE-2014-0600
RESERVED
-CVE-2014-0599
- RESERVED
-CVE-2014-0598
- RESERVED
+CVE-2014-0599 (Cross-site scripting (XSS) vulnerability in iPrint in Novell Open ...)
+ TODO: check
+CVE-2014-0598 (Directory traversal vulnerability in iPrint in Novell Open Enterprise ...)
+ TODO: check
CVE-2014-0597
RESERVED
CVE-2014-0596
@@ -13196,8 +13808,7 @@
NOT-FOR-US: Livezilla
CVE-2013-6222
RESERVED
-CVE-2013-6221
- RESERVED
+CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP ...)
NOT-FOR-US: HP Service Virtualization
CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
NOT-FOR-US: HP
@@ -16049,8 +16660,8 @@
- strongswan <not-affected> (Only affects 5.0.4 from experimental)
NOTE: The PEM aspect is under control of the administrator, so not a security issue
NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4
-CVE-2013-5017
- RESERVED
+CVE-2013-5017 (SNMPConfig.php in the management console in Symantec Web Gateway (SWG) ...)
+ TODO: check
CVE-2013-5016 (Symantec Critical System Protection (SCSP) before 5.2.9, when ...)
NOT-FOR-US: Symantec
CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec ...)
@@ -27042,8 +27653,8 @@
NOT-FOR-US: Ubuntu MAAS
CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable ...)
NOT-FOR-US: Ubuntu MAAS
-CVE-2013-1068
- RESERVED
+CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before ...)
+ TODO: check
CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...)
- apport 2.12.6-1 (bug #727661)
NOTE: apport only in experimental, so we cannot track this in security-tracker
@@ -40254,8 +40865,8 @@
RESERVED
CVE-2012-2593
RESERVED
-CVE-2012-2592
- RESERVED
+CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 ...)
+ TODO: check
CVE-2012-2591
RESERVED
CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...)
@@ -40295,14 +40906,14 @@
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...)
NOT-FOR-US: Symantec Web Gateway
-CVE-2012-2572
- RESERVED
+CVE-2012-2572 (Cross-site scripting (XSS) vulnerability in the ThreeWP Email ...)
+ TODO: check
CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail ...)
NOT-FOR-US: WinWebMail
CVE-2012-2570 (Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart ...)
NOT-FOR-US: X-Cart Gold
-CVE-2012-2569
- RESERVED
+CVE-2012-2569 (Cross-site scripting (XSS) vulnerability in Synametrics Technologies ...)
+ TODO: check
CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web server on ...)
NOT-FOR-US: Seagate BlackArmor
CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses ...)
@@ -41717,8 +42328,8 @@
[squeeze] - redmine <no-dsa> (Minor issue)
CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass ...)
NOT-FOR-US: F5 Firepass
-CVE-2012-2052
- RESERVED
+CVE-2012-2052 (Stack-based buffer overflow in the U3D.8BI library plugin in Adobe ...)
+ TODO: check
CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
NOT-FOR-US: Adobe Reader
CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...)
@@ -41765,9 +42376,9 @@
NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2012-2028 (Buffer overflow in Adobe Photoshop before CS6 allows remote attackers ...)
+CVE-2012-2028 (Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 ...)
NOT-FOR-US: Adobe Photoshop
-CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop before CS6 allows ...)
+CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 ...)
NOT-FOR-US: Adobe Photoshop
CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
NOT-FOR-US: Adobe Illustrator
@@ -42775,8 +43386,7 @@
CVE-2012-1622
RESERVED
NOT-FOR-US: Apache OFBiz
-CVE-2012-1621
- RESERVED
+CVE-2012-1621 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For ...)
NOT-FOR-US: Apache OFBiz
CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the ...)
- suckless-tools <unfixed> (unimportant; bug #667796)
@@ -48685,8 +49295,8 @@
NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development ...)
NOT-FOR-US: Adobe Cold Fusion
-CVE-2011-4367
- RESERVED
+CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer ...)
+ TODO: check
CVE-2011-4366
RESERVED
NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090
@@ -54281,8 +54891,8 @@
NOTE: This is http://www.kmplayer.com and not our kmplayer package.
CVE-2011-2593
RESERVED
-CVE-2011-2592
- RESERVED
+CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom ...)
+ TODO: check
CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow ...)
NOT-FOR-US: Provideo ActiveX
CVE-2011-2590 (The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 ...)
More information about the Secure-testing-commits
mailing list