[Secure-testing-commits] r26011 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Sat Mar 8 09:14:11 UTC 2014
Author: joeyh
Date: 2014-03-08 09:14:11 +0000 (Sat, 08 Mar 2014)
New Revision: 26011
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-08 07:36:50 UTC (rev 26010)
+++ data/CVE/list 2014-03-08 09:14:11 UTC (rev 26011)
@@ -1,3 +1,61 @@
+CVE-2014-2312
+ RESERVED
+CVE-2014-2311
+ RESERVED
+CVE-2014-2308
+ RESERVED
+CVE-2014-2307
+ RESERVED
+CVE-2014-2306
+ RESERVED
+CVE-2014-2305
+ RESERVED
+CVE-2014-2304
+ RESERVED
+CVE-2014-2303
+ RESERVED
+CVE-2014-2302
+ RESERVED
+CVE-2014-2301
+ RESERVED
+CVE-2014-2300
+ RESERVED
+CVE-2014-2299
+ RESERVED
+CVE-2014-2298
+ RESERVED
+CVE-2014-2297
+ RESERVED
+CVE-2014-2296
+ RESERVED
+CVE-2014-2295
+ RESERVED
+CVE-2014-2294
+ RESERVED
+CVE-2014-2293
+ RESERVED
+CVE-2014-2292
+ RESERVED
+CVE-2014-2291
+ RESERVED
+CVE-2014-2290
+ RESERVED
+CVE-2014-2289
+ RESERVED
+CVE-2014-2288
+ RESERVED
+CVE-2014-2287
+ RESERVED
+CVE-2014-2286
+ RESERVED
+CVE-2014-2283
+ RESERVED
+CVE-2014-2282
+ RESERVED
+CVE-2014-2281
+ RESERVED
+CVE-2013-7333
+ RESERVED
CVE-2014-XXXX [thermald: insecure tmp file]
- thermald <unfixed>
CVE-2014-XXXX [insecure temporary file usage]
@@ -5,15 +63,18 @@
[wheezy] - perltidy <no-dsa> (Minor issue)
[squeeze] - perltidy <no-dsa> (Minor issue)
CVE-2014-2309 [IPv6: crash due to router advertisement flooding]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in v3.0)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0
NOTE: Fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
CVE-2014-2310 [agentx: Oversized Object ID]
+ RESERVED
- net-snmp 5.7.2~dfsg-3 (bug #684388)
NOTE: http://sourceforge.net/p/net-snmp/patches/1113/
CVE-2012-6639
+ RESERVED
- cloud-init 0.7.1-1
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299
CVE-2014-2280
@@ -373,10 +434,12 @@
CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2014-2285 [snmptrapd crash when using a trap with empty community string]
+ RESERVED
- net-snmp <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
TODO: check
CVE-2014-2284 [denial of service flaw in Linux implementation of ICMP-MIB]
+ RESERVED
- net-snmp <unfixed>
[wheezy] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
[squeeze] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
@@ -398,8 +461,7 @@
NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
CVE-2014-5795
NOT-FOR-US: Oracle Demantra
-CVE-2014-2245
- RESERVED
+CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple ...)
- cmsms <itp> (bug #608888)
CVE-2014-2244 (Cross-site scripting (XSS) vulnerability in the formatHTML function in ...)
- mediawiki <not-affected> (vulnerable code not present)
@@ -413,8 +475,7 @@
- mediawiki 1:1.19.12+dfsg-1
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=60771
NOTE: https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z
-CVE-2014-2238 [mantis: sql injection]
- RESERVED
+CVE-2014-2238 (SQL injection vulnerability in the manage configuration page ...)
- mantis <removed>
[squeeze] - mantis <no-dsa> (Minor issue)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
@@ -422,11 +483,9 @@
RESERVED
- keystone <unfixed>
NOTE: https://launchpad.net/bugs/1260080
-CVE-2014-2236 [multiple XSS issues]
- RESERVED
+CVE-2014-2236 (Multiple cross-site scripting (XSS) vulnerabilities in Askbot before ...)
- askbot <itp> (bug #687966)
-CVE-2014-2235 [XSS issue]
- RESERVED
+CVE-2014-2235 (Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 ...)
- askbot <itp> (bug #687966)
CVE-2014-2214
RESERVED
@@ -439,8 +498,7 @@
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in POSH ...)
NOT-FOR-US: POSH web app (different from src:posh)
-CVE-2014-2206
- RESERVED
+CVE-2014-2206 (Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, ...)
NOT-FOR-US: GetGo Download Manager
CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 ...)
- catfish 1.0.1-1 (low; bug #739958)
@@ -814,8 +872,7 @@
CVE-2014-2014
RESERVED
- imapsync <removed>
-CVE-2014-1959 [GNUTLS-SA-2014-1]
- RESERVED
+CVE-2014-1959 (lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 ...)
{DSA-2866-1}
- gnutls26 2.12.23-12
[squeeze] - gnutls26 <not-affected> (does not allow X.509 v1 certificates by default)
@@ -873,16 +930,16 @@
NOT-FOR-US: Command School Student Management System
CVE-2014-1913
RESERVED
-CVE-2014-1911
- RESERVED
+CVE-2014-1911 (The Foscam FI8910W camera with firmware before 11.37.2.55 allows ...)
+ TODO: check
CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...)
TODO: check
CVE-2014-1908
RESERVED
-CVE-2014-1907
- RESERVED
-CVE-2014-1906
- RESERVED
+CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live ...)
+ TODO: check
+CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2014-1905
RESERVED
CVE-2014-1904
@@ -2983,8 +3040,8 @@
RESERVED
CVE-2014-0891
RESERVED
-CVE-2014-0890
- RESERVED
+CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
+ TODO: check
CVE-2014-0889
RESERVED
CVE-2014-0888
@@ -3414,25 +3471,19 @@
NOT-FOR-US: Cisco UCS Director
CVE-2014-0708
RESERVED
-CVE-2014-0707
- RESERVED
+CVE-2014-0707 (Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before ...)
NOT-FOR-US: Cisco Wireless LAN Controller
-CVE-2014-0706
- RESERVED
+CVE-2014-0706 (Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, ...)
NOT-FOR-US: Cisco Wireless LAN Controller
-CVE-2014-0705
- RESERVED
+CVE-2014-0705 (The multicast listener discovery (MLD) service on Cisco Wireless LAN ...)
NOT-FOR-US: Cisco Wireless LAN Controller
-CVE-2014-0704
- RESERVED
+CVE-2014-0704 (The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices ...)
NOT-FOR-US: Cisco Wireless LAN Controller
-CVE-2014-0703
- RESERVED
+CVE-2014-0703 (Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 ...)
NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0702
RESERVED
-CVE-2014-0701
- RESERVED
+CVE-2014-0701 (Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, ...)
NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0700
RESERVED
@@ -3468,8 +3519,7 @@
RESERVED
CVE-2014-0684
RESERVED
-CVE-2014-0683
- RESERVED
+CVE-2014-0683 (The web management interface on the Cisco RV110W firewall with ...)
NOT-FOR-US: Cisco
CVE-2014-0682 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
NOT-FOR-US: Cisco WebEx Meetings Server
@@ -3575,11 +3625,9 @@
RESERVED
CVE-2014-0631
RESERVED
-CVE-2014-0630
- RESERVED
+CVE-2014-0630 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
NOT-FOR-US: EMC
-CVE-2014-0629
- RESERVED
+CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
NOT-FOR-US: EMC
CVE-2014-0628
RESERVED
@@ -3589,8 +3637,7 @@
NOT-FOR-US: EMC RSA
CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC ...)
NOT-FOR-US: EMC RSA
-CVE-2014-0624
- RESERVED
+CVE-2014-0624 (EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not ...)
NOT-FOR-US: EMC RSA
CVE-2014-0623
RESERVED
@@ -3650,8 +3697,7 @@
RESERVED
CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 ...)
NOT-FOR-US: ProjectForge
-CVE-2009-5138 [gnutls: incorrect handling of V1 intermediate certificates]
- RESERVED
+CVE-2009-5138 (GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag ...)
- gnutls26 2.7.12-1
- gnutls28 <not-affected> (Only affects versions before 2.7.6)
NOTE: Only affects version prior of 2.7.6, fix: https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd
@@ -3791,8 +3837,7 @@
RESERVED
CVE-2013-7197
RESERVED
-CVE-2012-6619 [MongoDB memory over-read via incorrect BSON object length]
- RESERVED
+CVE-2012-6619 (The default configuration for MongoDB before 2.3.2 does not validate ...)
- mongodb 1:2.4.1-1
[wheezy] - mongodb <no-dsa> (Workaround exists, intrusive change)
[squeeze] - mongodb <no-dsa> (Workaround exists, intrusive change)
@@ -4889,10 +4934,10 @@
RESERVED
CVE-2014-0337
RESERVED
-CVE-2014-0336
- RESERVED
-CVE-2014-0335
- RESERVED
+CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in ...)
+ TODO: check
+CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
+ TODO: check
CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
NOT-FOR-US: CMS Made Simple
CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive ...)
@@ -5700,8 +5745,7 @@
CVE-2014-0093
RESERVED
NOT-FOR-US: JBoss EAP
-CVE-2014-0092
- RESERVED
+CVE-2014-0092 (lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...)
{DSA-2869-1}
- gnutls26 2.12.23-13
- gnutls28 3.2.11-2
@@ -6457,10 +6501,10 @@
NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service ...)
NOT-FOR-US: IBM WebSphere Service Registry and Repository
-CVE-2013-6720
- RESERVED
-CVE-2013-6719
- RESERVED
+CVE-2013-6720 (Directory traversal vulnerability in the Passive Capture Application ...)
+ TODO: check
+CVE-2013-6719 (The Passive Capture Application (PCA) web console in IBM Tealeaf CX ...)
+ TODO: check
CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and ...)
NOT-FOR-US: IBM firmware
CVE-2013-6717 (The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 ...)
@@ -7234,8 +7278,7 @@
NOT-FOR-US: Candlepin
CVE-2013-6438
RESERVED
-CVE-2013-6437 [DoS through ephemeral disk backing files]
- RESERVED
+CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ...)
- nova 2013.2.2
CVE-2013-6436 (The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...)
- libvirt 1.2.0-1
@@ -7632,10 +7675,10 @@
RESERVED
CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2013-6315
- RESERVED
-CVE-2013-6314
- RESERVED
+CVE-2013-6315 (IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and ...)
+ TODO: check
+CVE-2013-6314 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise ...)
+ TODO: check
CVE-2013-6313
RESERVED
CVE-2013-6312 (Unspecified vulnerability in IBM Rational Service Tester 8.3.x and ...)
@@ -7654,8 +7697,8 @@
RESERVED
CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
NOT-FOR-US: IBM Platform Symphony
-CVE-2013-6304
- RESERVED
+CVE-2013-6304 (Multiple directory traversal vulnerabilities in Algo Risk Application ...)
+ TODO: check
CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in MetaData ...)
NOT-FOR-US: IBM Algo One
CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in MetaData ...)
@@ -7876,8 +7919,8 @@
NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP ...)
NOT-FOR-US: HP Service Manager
-CVE-2013-6201
- RESERVED
+CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, ...)
+ TODO: check
CVE-2013-6200
RESERVED
CVE-2013-6199
@@ -14339,8 +14382,8 @@
NOT-FOR-US: Novell iPrint Client
CVE-2013-3707 (The HTTPSTK service in the novell-nrm package before ...)
NOT-FOR-US: Novell Open Enterprise Server 2
-CVE-2013-3706
- RESERVED
+CVE-2013-3706 (Directory traversal vulnerability in the PreBoot service in Novell ...)
+ TODO: check
CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on ...)
NOT-FOR-US: Novell Client
CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 and ...)
@@ -14869,8 +14912,8 @@
NOT-FOR-US: Sagelight
CVE-2013-3479 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...)
NOT-FOR-US: WordPress plugin ShareThis
-CVE-2013-3478
- RESERVED
+CVE-2013-3478 (SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, ...)
+ TODO: check
CVE-2013-3477
RESERVED
CVE-2013-3476
@@ -47138,8 +47181,7 @@
RESERVED
- update-manager <not-affected> (ubuntu-specific issue)
NOTE: see bug #650307
-CVE-2011-3153
- RESERVED
+CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows ...)
- lightdm 1.0.6-2
CVE-2011-3152
RESERVED
More information about the Secure-testing-commits
mailing list