[Secure-testing-commits] r26977 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue May 20 09:14:11 UTC 2014
Author: joeyh
Date: 2014-05-20 09:14:11 +0000 (Tue, 20 May 2014)
New Revision: 26977
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-20 05:04:22 UTC (rev 26976)
+++ data/CVE/list 2014-05-20 09:14:11 UTC (rev 26977)
@@ -1,3 +1,631 @@
+CVE-2014-3786
+ RESERVED
+CVE-2014-3785
+ RESERVED
+CVE-2014-3784
+ RESERVED
+CVE-2014-3783
+ RESERVED
+CVE-2014-3782
+ RESERVED
+CVE-2014-3781
+ RESERVED
+CVE-2014-3780
+ RESERVED
+CVE-2014-3779
+ RESERVED
+CVE-2014-3778
+ RESERVED
+CVE-2014-3777
+ RESERVED
+CVE-2014-3770
+ RESERVED
+CVE-2014-3769
+ RESERVED
+CVE-2014-3768
+ RESERVED
+CVE-2014-3767
+ RESERVED
+CVE-2014-3766
+ RESERVED
+CVE-2014-3765
+ RESERVED
+CVE-2014-3764
+ RESERVED
+CVE-2014-3763
+ RESERVED
+CVE-2014-3762
+ RESERVED
+CVE-2014-3761 (Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with ...)
+ TODO: check
+CVE-2014-3760 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+ TODO: check
+CVE-2014-3759 (Multiple SQL injection vulnerabilities in the BibTex Publications ...)
+ TODO: check
+CVE-2014-3758 (Cross-site scripting (XSS) vulnerability in the BibTex Publications ...)
+ TODO: check
+CVE-2014-3757 (SQL injection vulnerability in sorter.php in the phpManufaktur kitForm ...)
+ TODO: check
+CVE-2014-3754
+ RESERVED
+CVE-2014-3753
+ RESERVED
+CVE-2014-3752
+ RESERVED
+CVE-2014-3751
+ RESERVED
+CVE-2014-3750 (The Bilyoner application before 2.3.1 for Android and before 4.6.2 for ...)
+ TODO: check
+CVE-2014-3748
+ RESERVED
+CVE-2014-3747
+ RESERVED
+CVE-2014-3746
+ RESERVED
+CVE-2014-3745
+ RESERVED
+CVE-2014-3744
+ RESERVED
+CVE-2014-3743
+ RESERVED
+CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js ...)
+ TODO: check
+CVE-2014-3741
+ RESERVED
+CVE-2014-3740
+ RESERVED
+CVE-2014-3737
+ RESERVED
+CVE-2014-3736
+ RESERVED
+CVE-2014-3735
+ RESERVED
+CVE-2014-3734
+ RESERVED
+CVE-2014-3733
+ RESERVED
+CVE-2014-3732
+ RESERVED
+CVE-2014-3731
+ RESERVED
+CVE-2014-3729
+ RESERVED
+CVE-2014-3728
+ RESERVED
+CVE-2014-3727
+ RESERVED
+CVE-2014-3726
+ RESERVED
+CVE-2014-3725
+ RESERVED
+CVE-2014-3724
+ RESERVED
+CVE-2014-3723
+ RESERVED
+CVE-2014-3722
+ RESERVED
+CVE-2014-3721
+ RESERVED
+CVE-2014-3720
+ RESERVED
+CVE-2014-3718
+ RESERVED
+CVE-2014-3713
+ RESERVED
+CVE-2014-3712
+ RESERVED
+CVE-2014-3711
+ RESERVED
+CVE-2014-3710
+ RESERVED
+CVE-2014-3709
+ RESERVED
+CVE-2014-3708
+ RESERVED
+CVE-2014-3707
+ RESERVED
+CVE-2014-3706
+ RESERVED
+CVE-2014-3705
+ RESERVED
+CVE-2014-3704
+ RESERVED
+CVE-2014-3703
+ RESERVED
+CVE-2014-3702
+ RESERVED
+CVE-2014-3701
+ RESERVED
+CVE-2014-3700
+ RESERVED
+CVE-2014-3699
+ RESERVED
+CVE-2014-3698
+ RESERVED
+CVE-2014-3697
+ RESERVED
+CVE-2014-3696
+ RESERVED
+CVE-2014-3695
+ RESERVED
+CVE-2014-3694
+ RESERVED
+CVE-2014-3693
+ RESERVED
+CVE-2014-3692
+ RESERVED
+CVE-2014-3691
+ RESERVED
+CVE-2014-3690
+ RESERVED
+CVE-2014-3689
+ RESERVED
+CVE-2014-3688
+ RESERVED
+CVE-2014-3687
+ RESERVED
+CVE-2014-3686
+ RESERVED
+CVE-2014-3685
+ RESERVED
+CVE-2014-3684
+ RESERVED
+CVE-2014-3683
+ RESERVED
+CVE-2014-3682
+ RESERVED
+CVE-2014-3681
+ RESERVED
+CVE-2014-3680
+ RESERVED
+CVE-2014-3679
+ RESERVED
+CVE-2014-3678
+ RESERVED
+CVE-2014-3677
+ RESERVED
+CVE-2014-3676
+ RESERVED
+CVE-2014-3675
+ RESERVED
+CVE-2014-3674
+ RESERVED
+CVE-2014-3673
+ RESERVED
+CVE-2014-3672
+ RESERVED
+CVE-2014-3671
+ RESERVED
+CVE-2014-3670
+ RESERVED
+CVE-2014-3669
+ RESERVED
+CVE-2014-3668
+ RESERVED
+CVE-2014-3667
+ RESERVED
+CVE-2014-3666
+ RESERVED
+CVE-2014-3665
+ RESERVED
+CVE-2014-3664
+ RESERVED
+CVE-2014-3663
+ RESERVED
+CVE-2014-3662
+ RESERVED
+CVE-2014-3661
+ RESERVED
+CVE-2014-3660
+ RESERVED
+CVE-2014-3659
+ RESERVED
+CVE-2014-3658
+ RESERVED
+CVE-2014-3657
+ RESERVED
+CVE-2014-3656
+ RESERVED
+CVE-2014-3655
+ RESERVED
+CVE-2014-3654
+ RESERVED
+CVE-2014-3653
+ RESERVED
+CVE-2014-3652
+ RESERVED
+CVE-2014-3651
+ RESERVED
+CVE-2014-3650
+ RESERVED
+CVE-2014-3649
+ RESERVED
+CVE-2014-3648
+ RESERVED
+CVE-2014-3647
+ RESERVED
+CVE-2014-3646
+ RESERVED
+CVE-2014-3645
+ RESERVED
+CVE-2014-3644
+ RESERVED
+CVE-2014-3643
+ RESERVED
+CVE-2014-3642
+ RESERVED
+CVE-2014-3641
+ RESERVED
+CVE-2014-3640
+ RESERVED
+CVE-2014-3639
+ RESERVED
+CVE-2014-3638
+ RESERVED
+CVE-2014-3637
+ RESERVED
+CVE-2014-3636
+ RESERVED
+CVE-2014-3635
+ RESERVED
+CVE-2014-3634
+ RESERVED
+CVE-2014-3633
+ RESERVED
+CVE-2014-3632
+ RESERVED
+CVE-2014-3631
+ RESERVED
+CVE-2014-3630
+ RESERVED
+CVE-2014-3629
+ RESERVED
+CVE-2014-3628
+ RESERVED
+CVE-2014-3627
+ RESERVED
+CVE-2014-3626
+ RESERVED
+CVE-2014-3625
+ RESERVED
+CVE-2014-3624
+ RESERVED
+CVE-2014-3623
+ RESERVED
+CVE-2014-3622
+ RESERVED
+CVE-2014-3621
+ RESERVED
+CVE-2014-3620
+ RESERVED
+CVE-2014-3619
+ RESERVED
+CVE-2014-3618
+ RESERVED
+CVE-2014-3617
+ RESERVED
+CVE-2014-3616
+ RESERVED
+CVE-2014-3615
+ RESERVED
+CVE-2014-3614
+ RESERVED
+CVE-2014-3613
+ RESERVED
+CVE-2014-3612
+ RESERVED
+CVE-2014-3611
+ RESERVED
+CVE-2014-3610
+ RESERVED
+CVE-2014-3609
+ RESERVED
+CVE-2014-3608
+ RESERVED
+CVE-2014-3607
+ RESERVED
+CVE-2014-3606
+ RESERVED
+CVE-2014-3605
+ RESERVED
+CVE-2014-3604
+ RESERVED
+CVE-2014-3603
+ RESERVED
+CVE-2014-3602
+ RESERVED
+CVE-2014-3601
+ RESERVED
+CVE-2014-3600
+ RESERVED
+CVE-2014-3599
+ RESERVED
+CVE-2014-3598
+ RESERVED
+CVE-2014-3597
+ RESERVED
+CVE-2014-3596
+ RESERVED
+CVE-2014-3595
+ RESERVED
+CVE-2014-3594
+ RESERVED
+CVE-2014-3593
+ RESERVED
+CVE-2014-3592
+ RESERVED
+CVE-2014-3591
+ RESERVED
+CVE-2014-3590
+ RESERVED
+CVE-2014-3589
+ RESERVED
+CVE-2014-3588
+ RESERVED
+CVE-2014-3587
+ RESERVED
+CVE-2014-3586
+ RESERVED
+CVE-2014-3585
+ RESERVED
+CVE-2014-3584
+ RESERVED
+CVE-2014-3583
+ RESERVED
+CVE-2014-3582
+ RESERVED
+CVE-2014-3581
+ RESERVED
+CVE-2014-3580
+ RESERVED
+CVE-2014-3579
+ RESERVED
+CVE-2014-3578
+ RESERVED
+CVE-2014-3577
+ RESERVED
+CVE-2014-3576
+ RESERVED
+CVE-2014-3575
+ RESERVED
+CVE-2014-3574
+ RESERVED
+CVE-2014-3573
+ RESERVED
+CVE-2014-3572
+ RESERVED
+CVE-2014-3571
+ RESERVED
+CVE-2014-3570
+ RESERVED
+CVE-2014-3569
+ RESERVED
+CVE-2014-3568
+ RESERVED
+CVE-2014-3567
+ RESERVED
+CVE-2014-3566
+ RESERVED
+CVE-2014-3565
+ RESERVED
+CVE-2014-3564
+ RESERVED
+CVE-2014-3563
+ RESERVED
+CVE-2014-3562
+ RESERVED
+CVE-2014-3561
+ RESERVED
+CVE-2014-3560
+ RESERVED
+CVE-2014-3559
+ RESERVED
+CVE-2014-3558
+ RESERVED
+CVE-2014-3557
+ RESERVED
+CVE-2014-3556
+ RESERVED
+CVE-2014-3555
+ RESERVED
+CVE-2014-3554
+ RESERVED
+CVE-2014-3553
+ RESERVED
+CVE-2014-3552
+ RESERVED
+CVE-2014-3551
+ RESERVED
+CVE-2014-3550
+ RESERVED
+CVE-2014-3549
+ RESERVED
+CVE-2014-3548
+ RESERVED
+CVE-2014-3547
+ RESERVED
+CVE-2014-3546
+ RESERVED
+CVE-2014-3545
+ RESERVED
+CVE-2014-3544
+ RESERVED
+CVE-2014-3543
+ RESERVED
+CVE-2014-3542
+ RESERVED
+CVE-2014-3541
+ RESERVED
+CVE-2014-3540
+ RESERVED
+CVE-2014-3539
+ RESERVED
+CVE-2014-3538
+ RESERVED
+CVE-2014-3537
+ RESERVED
+CVE-2014-3536
+ RESERVED
+CVE-2014-3535
+ RESERVED
+CVE-2014-3534
+ RESERVED
+CVE-2014-3533
+ RESERVED
+CVE-2014-3532
+ RESERVED
+CVE-2014-3531
+ RESERVED
+CVE-2014-3530
+ RESERVED
+CVE-2014-3529
+ RESERVED
+CVE-2014-3528
+ RESERVED
+CVE-2014-3527
+ RESERVED
+CVE-2014-3526
+ RESERVED
+CVE-2014-3525
+ RESERVED
+CVE-2014-3524
+ RESERVED
+CVE-2014-3523
+ RESERVED
+CVE-2014-3522
+ RESERVED
+CVE-2014-3521
+ RESERVED
+CVE-2014-3520
+ RESERVED
+CVE-2014-3519
+ RESERVED
+CVE-2014-3518
+ RESERVED
+CVE-2014-3517
+ RESERVED
+CVE-2014-3516
+ RESERVED
+CVE-2014-3515
+ RESERVED
+CVE-2014-3514
+ RESERVED
+CVE-2014-3513
+ RESERVED
+CVE-2014-3512
+ RESERVED
+CVE-2014-3511
+ RESERVED
+CVE-2014-3510
+ RESERVED
+CVE-2014-3509
+ RESERVED
+CVE-2014-3508
+ RESERVED
+CVE-2014-3507
+ RESERVED
+CVE-2014-3506
+ RESERVED
+CVE-2014-3505
+ RESERVED
+CVE-2014-3504
+ RESERVED
+CVE-2014-3503
+ RESERVED
+CVE-2014-3502
+ RESERVED
+CVE-2014-3501
+ RESERVED
+CVE-2014-3500
+ RESERVED
+CVE-2014-3499
+ RESERVED
+CVE-2014-3498
+ RESERVED
+CVE-2014-3497
+ RESERVED
+CVE-2014-3496
+ RESERVED
+CVE-2014-3495
+ RESERVED
+CVE-2014-3494
+ RESERVED
+CVE-2014-3493
+ RESERVED
+CVE-2014-3492
+ RESERVED
+CVE-2014-3491
+ RESERVED
+CVE-2014-3490
+ RESERVED
+CVE-2014-3489
+ RESERVED
+CVE-2014-3488
+ RESERVED
+CVE-2014-3487
+ RESERVED
+CVE-2014-3486
+ RESERVED
+CVE-2014-3485
+ RESERVED
+CVE-2014-3484
+ RESERVED
+CVE-2014-3483
+ RESERVED
+CVE-2014-3482
+ RESERVED
+CVE-2014-3481
+ RESERVED
+CVE-2014-3480
+ RESERVED
+CVE-2014-3479
+ RESERVED
+CVE-2014-3478
+ RESERVED
+CVE-2014-3477
+ RESERVED
+CVE-2014-3476
+ RESERVED
+CVE-2014-3475
+ RESERVED
+CVE-2014-3474
+ RESERVED
+CVE-2014-3473
+ RESERVED
+CVE-2014-3472
+ RESERVED
+CVE-2014-3471
+ RESERVED
+CVE-2014-3470
+ RESERVED
+CVE-2014-3469
+ RESERVED
+CVE-2014-3468
+ RESERVED
+CVE-2014-3467
+ RESERVED
+CVE-2014-3466
+ RESERVED
+CVE-2014-3465
+ RESERVED
+CVE-2014-3464
+ RESERVED
+CVE-2014-3463
+ RESERVED
+CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and ...)
+ TODO: check
+CVE-2013-7381
+ RESERVED
+CVE-2013-7380
+ RESERVED
+CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not ...)
+ TODO: check
+CVE-2013-7378
+ RESERVED
+CVE-2013-7377
+ RESERVED
+CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
+ TODO: check
CVE-2014-XXXX [passwords are stored in plain xml file]
- xbmc <unfixed> (bug #747428)
NOTE: http://trac.xbmc.org/ticket/15198
@@ -2,6 +630,8 @@
CVE-2014-3774 [Multiple XSS vectors in items.php]
+ RESERVED
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
CVE-2014-3773 [Multiple SQL injection vectors in sources/main.queries.php]
+ RESERVED
- teampass <itp> (bug #730180)
@@ -11,43 +641,57 @@
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
CVE-2014-3772 [File execution protection bypass via incorrect use of session variables]
+ RESERVED
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
CVE-2014-3771 [File execution protection bypass via language path injection]
+ RESERVED
- teampass <itp> (bug #730180)
NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
CVE-2014-XXXX [check_dhcp: arbitray option file read]
- nagios-plugins <unfixed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
CVE-2014-3776 [buffer overrun in some uses ofread-u8vect]
+ RESERVED
- chicken <unfixed>
NOTE: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
TODO: check affected versions, at least unstable is (4.8.0.5, fixed with 4.8.0.7)
CVE-2014-3775 [memory corruption]
+ RESERVED
- libgadu 1:1.12.0~rc3-1
CVE-2014-3749
+ RESERVED
NOT-FOR-US: Construtiva CIS Manager CMS
CVE-2014-3719
+ RESERVED
NOT-FOR-US: ALEPH500 Integrated library management system
CVE-2014-3717
+ RESERVED
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3716
+ RESERVED
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3715
+ RESERVED
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3714
+ RESERVED
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3739
+ RESERVED
- zenoss <itp> (bug #361253)
CVE-2014-3738
+ RESERVED
- zenoss <itp> (bug #361253)
CVE-2014-3756 [Mumble-SA-2014-006]
+ RESERVED
- mumble 1.2.6-1 (bug #748189)
[squeeze] - mumble <no-dsa> (Minor issue)
[wheezy] - mumble <no-dsa> (Minor issue)
NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt
CVE-2014-3755 [Mumble-SA-2014-005]
+ RESERVED
- mumble 1.2.6-1 (bug #748189)
[squeeze] - mumble <no-dsa> (Minor issue)
[wheezy] - mumble <no-dsa> (Minor issue)
@@ -72,8 +716,8 @@
TODO: check
CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
-CVE-2014-3452
- RESERVED
+CVE-2014-3452 (Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier ...)
+ TODO: check
CVE-2014-3451
RESERVED
CVE-2014-3450
@@ -88,7 +732,7 @@
RESERVED
CVE-2014-3445
RESERVED
-CVE-2014-3730 [Malformed URLs from user input incorrectly validated]
+CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...)
{DSA-2934-1}
- python-django 1.6.5-1
NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
@@ -98,17 +742,16 @@
RESERVED
- encfs <unfixed> (bug #736066)
NOTE: https://defuse.ca/audits/encfs.htm
-CVE-2014-3453
- RESERVED
+CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
NOT-FOR-US: Drupal module
CVE-2014-3444
RESERVED
-CVE-2014-3443
- RESERVED
+CVE-2014-3443 (JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to ...)
+ TODO: check
CVE-2014-3442
RESERVED
-CVE-2014-3441
- RESERVED
+CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows ...)
+ TODO: check
CVE-2014-3440
RESERVED
CVE-2014-3439
@@ -449,10 +1092,10 @@
RESERVED
CVE-2014-3264
RESERVED
-CVE-2014-3263
- RESERVED
-CVE-2014-3262
- RESERVED
+CVE-2014-3263 (The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to ...)
+ TODO: check
+CVE-2014-3262 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...)
+ TODO: check
CVE-2014-3261
RESERVED
CVE-2014-3260
@@ -481,8 +1124,8 @@
RESERVED
CVE-2014-3248
RESERVED
-CVE-2014-3247
- RESERVED
+CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows ...)
+ TODO: check
CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote ...)
TODO: check
CVE-2014-3245
@@ -530,6 +1173,7 @@
CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...)
NOT-FOR-US: F5 BIG-IQ
CVE-2013-7383 [X2Go Server privilege escalation]
+ RESERVED
- x2goserver <itp> (bug #465821)
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
NOT-FOR-US: PHP-Fusion
@@ -545,8 +1189,7 @@
NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
-CVE-2014-3430 [dovecot: DoS]
- RESERVED
+CVE-2014-3430 (Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x ...)
- dovecot 1:2.2.13~rc1-1 (low; bug #747549)
NOTE: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of ...)
@@ -736,8 +1379,7 @@
RESERVED
CVE-2014-3147
RESERVED
-CVE-2014-3146
- RESERVED
+CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
- lxml 3.3.5-1 (bug #746812)
NOTE: http://lxml.de/3.3/changes-3.3.5.html
NOTE: http://seclists.org/fulldisclosure/2014/Apr/210
@@ -1302,6 +1944,7 @@
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
NOT-FOR-US: F-Secure Anti-Virus
CVE-2012-6647 [forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference]
+ RESERVED
- linux 3.2.29-1
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef
@@ -3437,9 +4080,9 @@
CVE-2014-2086
RESERVED
CVE-2014-2085
- RESERVED
-CVE-2014-2084
- RESERVED
+ REJECTED
+CVE-2014-2084 (Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, ...)
+ TODO: check
CVE-2014-2083
RESERVED
CVE-2014-2082
@@ -4707,8 +5350,8 @@
RESERVED
CVE-2014-1650
RESERVED
-CVE-2014-1649
- RESERVED
+CVE-2014-1649 (The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 ...)
+ TODO: check
CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Symantec Messaging Gateway
CVE-2014-1647 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
@@ -4723,7 +5366,7 @@
NOT-FOR-US: Symantec PGP Universal Web Messenger
CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...)
NOT-FOR-US: CS-Cart
-CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 allows remote ...)
+CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other ...)
- gitlab <itp> (bug #651606)
CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through ...)
{DSA-2842-1}
@@ -4800,8 +5443,8 @@
NOT-FOR-US: Carbon Black
CVE-2014-1614
RESERVED
-CVE-2014-1613
- RESERVED
+CVE-2014-1613 (Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP ...)
+ TODO: check
CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web ...)
NOT-FOR-US: Mediatrix
CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before ...)
@@ -4820,8 +5463,8 @@
RESERVED
CVE-2014-1605
RESERVED
-CVE-2014-1603
- RESERVED
+CVE-2014-1603 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
+ TODO: check
CVE-2014-1602
RESERVED
CVE-2014-1601
@@ -5385,8 +6028,7 @@
RESERVED
CVE-2014-1419
RESERVED
-CVE-2014-1418 [Caches may be allowed to store and serve private data]
- RESERVED
+CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...)
{DSA-2934-1}
- python-django 1.6.5-1
NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
@@ -5580,8 +6222,8 @@
RESERVED
CVE-2014-1348
RESERVED
-CVE-2014-1347
- RESERVED
+CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for ...)
+ TODO: check
CVE-2014-1346
RESERVED
CVE-2014-1345
@@ -6039,8 +6681,8 @@
RESERVED
CVE-2014-0965
RESERVED
-CVE-2014-0964
- RESERVED
+CVE-2014-0964 (IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and ...)
+ TODO: check
CVE-2014-0963 (The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in ...)
NOT-FOR-US: IBM Global Security Kit
CVE-2014-0962
@@ -6101,8 +6743,8 @@
RESERVED
CVE-2014-0934
RESERVED
-CVE-2014-0933
- RESERVED
+CVE-2014-0933 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
+ TODO: check
CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...)
NOT-FOR-US: IBM
CVE-2014-0931
@@ -6131,10 +6773,10 @@
NOT-FOR-US: IBM SPSS Analytic Server
CVE-2014-0919
RESERVED
-CVE-2014-0918
- RESERVED
-CVE-2014-0917
- RESERVED
+CVE-2014-0918 (Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in ...)
+ TODO: check
+CVE-2014-0917 (Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System ...)
+ TODO: check
CVE-2014-0916
RESERVED
CVE-2014-0915
@@ -6473,8 +7115,8 @@
NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 ...)
NOT-FOR-US: Yokogawa CENTUM CS 3000
-CVE-2014-0782
- RESERVED
+CVE-2014-0782 (Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test ...)
+ TODO: check
CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0780 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
@@ -6539,8 +7181,7 @@
NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb ...)
NOT-FOR-US: GE Intelligent Platforms Proficy
-CVE-2014-0749
- RESERVED
+CVE-2014-0749 (Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale ...)
- torque <unfixed>
TODO: check, disrsi_.c seem to have smimilar code path for 2.4.x, but advisory say it affects only 2.5.x
CVE-2014-0748
@@ -6754,8 +7395,8 @@
NOT-FOR-US: EMC
CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote ...)
NOT-FOR-US: EMC
-CVE-2014-0643
- RESERVED
+CVE-2014-0643 (EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before ...)
+ TODO: check
CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-0641
@@ -8719,18 +9360,15 @@
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
CVE-2014-0212
RESERVED
-CVE-2014-0211 [integer overflows calculating memory needs for xfs replies]
- RESERVED
+CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) ...)
{DSA-2927-1}
- libxfont 1:1.4.7-2 (unimportant)
NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1
-CVE-2014-0210 [unvalidated length fields when parsing xfs protocol replies]
- RESERVED
+CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x ...)
{DSA-2927-1}
- libxfont 1:1.4.7-2 (unimportant)
NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1
-CVE-2014-0209 [integer overflow of allocations in font metadata file parsing]
- RESERVED
+CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) ...)
{DSA-2927-1}
- libxfont 1:1.4.7-2
CVE-2014-0208
@@ -8940,8 +9578,7 @@
{DSA-2902-1}
- curl 7.36.0-1 (bug #742728)
NOTE: http://curl.haxx.se/libcurl-bad-reuse.patch
-CVE-2014-0137
- RESERVED
+CVE-2014-0137 (SQL injection vulnerability in the saved_report_delete action in the ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0136
RESERVED
@@ -9144,8 +9781,7 @@
- rails <not-affected> (affects only rails 4.0.x)
CVE-2014-0079 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
NOT-FOR-US: Zarafa Collaboration Platform
-CVE-2014-0078
- RESERVED
+CVE-2014-0078 (The CatalogController in Red Hat CloudForms Management Engine (CFME) ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0077 (drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...)
- linux 3.13.10-1
@@ -11904,8 +12540,8 @@
RESERVED
CVE-2013-5940
RESERVED
-CVE-2013-5939
- RESERVED
+CVE-2013-5939 (Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook ...)
+ TODO: check
CVE-2013-5938 (Cross-site scripting (XSS) vulnerability in the Click2Sell Suite ...)
NOT-FOR-US: Click2Sell Suite Drupal contributed module
CVE-2013-5937 (Cross-site request forgery (CSRF) vulnerability in the Click2Sell ...)
@@ -12688,8 +13324,7 @@
NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2013-5649 (Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos ...)
NOT-FOR-US: Juniper
-CVE-2013-5655
- RESERVED
+CVE-2013-5655 (Directory traversal vulnerability in the FTP server in YingZhi Python ...)
NOT-FOR-US: YingZhi Python for iOS
CVE-2013-5654
RESERVED
@@ -14795,8 +15430,7 @@
NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4731 (ajax.cgi in the web interface on the Choice Wireless Green Packet ...)
NOT-FOR-US: Choice Wireless Green Packet modem
-CVE-2013-4730
- RESERVED
+CVE-2013-4730 (Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to ...)
NOT-FOR-US: PCMan FTP Server
CVE-2013-4729 (import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict ...)
- phpmyadmin 4:4.0.4.1-1
@@ -15549,8 +16183,7 @@
NOT-FOR-US: Drupal contrib module
CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x ...)
NOT-FOR-US: Drupal contrib module
-CVE-2013-4498
- RESERVED
+CVE-2013-4498 (The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 ...)
NOT-FOR-US: Drupal contrib module
CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and ...)
- nova 2013.2-1
@@ -15588,8 +16221,7 @@
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4490 (The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...)
- gitlab <itp> (bug #651606)
-CVE-2013-4489 [Remote code execution vulnerability in the code search feature]
- RESERVED
+CVE-2013-4489 (The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x ...)
- gitlab <itp> (bug #651606)
CVE-2013-4488
RESERVED
@@ -15656,8 +16288,7 @@
- poppler <unfixed> (unimportant)
- xpdf <unfixed> (unimportant)
NOTE: specific to non-*NIX systems
-CVE-2013-4471 [password reset vulnerability]
- RESERVED
+CVE-2013-4471 (The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 ...)
- horizon 2013.2-1
[wheezy] - horizon <not-affected> (v3 API introduced in Grizzly)
NOTE: https://bugs.launchpad.net/horizon/+bug/1237989
@@ -15669,8 +16300,7 @@
- nova 2013.2-3 (low; bug #728605)
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: CVE for incomplete fix of CVE-2013-2096
-CVE-2013-4468
- RESERVED
+CVE-2013-4468 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and ...)
NOT-FOR-US: VICIDIAL
CVE-2013-4467 (Multiple SQL injection vulnerabilities in the agent interface (agc/) ...)
NOT-FOR-US: VICIDIAL
@@ -15708,8 +16338,7 @@
NOT-FOR-US: Cocaine rubygem
CVE-2013-4456
RESERVED
-CVE-2013-4455
- RESERVED
+CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for ...)
NOT-FOR-US: Katello
CVE-2013-4454
RESERVED
@@ -18300,8 +18929,7 @@
RESERVED
CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source ...)
NOT-FOR-US: OpenX
-CVE-2013-3514
- RESERVED
+CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 ...)
NOT-FOR-US: OpenX
CVE-2013-3513 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma ...)
NOT-FOR-US: GroundWork Monitor Enterprise
@@ -20226,8 +20854,8 @@
NOT-FOR-US: Easy AdSense Lite plugin for WordPress
CVE-2013-2701 (Cross-site request forgery (CSRF) vulnerability in the Social Sharing ...)
NOT-FOR-US: social sharing toolkit plugin for wp
-CVE-2013-2700
- RESERVED
+CVE-2013-2700 (Cross-site request forgery (CSRF) vulnerability in the Add/Edit page ...)
+ TODO: check
CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: WordPress plugin underConstruction
CVE-2013-2698
@@ -21527,8 +22155,7 @@
RESERVED
- glpi 0.83.91-1 (bug #714720; unimportant)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2013-2226 [Multiple SQL injections]
- RESERVED
+CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow ...)
- glpi 0.83.91-1 (bug #714720; unimportant)
NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2225
@@ -22014,8 +22641,7 @@
CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...)
- subversion <unfixed> (unimportant)
NOTE: Both affected tools not installed into the binary packages
-CVE-2013-2087 [gallery: multiple xss]
- RESERVED
+CVE-2013-2087 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 ...)
- gallery <not-affected> (Vulnerable code not present)
CVE-2013-2086 (The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote ...)
- owncloud <not-affected> (Only owncloud 5.0.x)
@@ -22178,8 +22804,7 @@
CVE-2013-2035 (Race condition in ...)
- hawtjni <unfixed> (low; bug #708293)
[wheezy] - hawtjni <no-dsa> (Minor issue)
-CVE-2013-2034 [jenkins CSRF]
- RESERVED
+CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
- jenkins 1.509.2+dfsg-1 (bug #706725)
@@ -22953,8 +23578,7 @@
- mantis <removed> (low; bug #698481)
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <no-dsa> (Minor issue)
-CVE-2013-1810 [summary.php category/project names XSS vulnerability]
- RESERVED
+CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- mantis <not-affected> (only affects MantisBT 1.2.12)
CVE-2013-1809 [Gambas creates hijackable directory in /tmp]
RESERVED
@@ -23088,8 +23712,8 @@
CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device ...)
{DSA-2650-1}
- libvirt 0.9.12-8 (bug #701649)
-CVE-2013-1765
- RESERVED
+CVE-2013-1765 (Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in ...)
+ TODO: check
CVE-2013-1764 (The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local ...)
- packagekit <not-affected> (Zypp backend specific to SuSE)
CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in ...)
@@ -27910,8 +28534,7 @@
[wheezy] - dnsmasq <no-dsa> (Minor issue)
[squeeze] - dnsmasq <no-dsa> (Minor issue)
NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/18/2
-CVE-2013-0197 [XSS vulnerability with match_type filter]
- RESERVED
+CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the ...)
- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
CVE-2013-0196
@@ -28867,8 +29490,8 @@
NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1
CVE-2011-5250
RESERVED
-CVE-2011-5249
- RESERVED
+CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the ...)
+ TODO: check
CVE-2011-5248
RESERVED
CVE-2011-5247
More information about the Secure-testing-commits
mailing list