[Secure-testing-commits] r29835 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Nov 4 21:14:11 UTC 2014
Author: joeyh
Date: 2014-11-04 21:14:11 +0000 (Tue, 04 Nov 2014)
New Revision: 29835
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-04 17:55:47 UTC (rev 29834)
+++ data/CVE/list 2014-11-04 21:14:11 UTC (rev 29835)
@@ -1,3 +1,77 @@
+CVE-2014-8581
+ RESERVED
+CVE-2014-8580
+ RESERVED
+CVE-2014-8579
+ RESERVED
+CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in ...)
+ TODO: check
+CVE-2014-8577 (Multiple cross-site scripting (XSS) vulnerabilities in Croogo before ...)
+ TODO: check
+CVE-2014-8576
+ RESERVED
+CVE-2014-8575
+ RESERVED
+CVE-2014-8574
+ RESERVED
+CVE-2014-8573
+ RESERVED
+CVE-2014-8572
+ RESERVED
+CVE-2014-8571
+ RESERVED
+CVE-2014-8570
+ RESERVED
+CVE-2014-8569
+ RESERVED
+CVE-2014-8568
+ RESERVED
+CVE-2014-8565
+ RESERVED
+CVE-2014-8564
+ RESERVED
+CVE-2014-8563
+ RESERVED
+CVE-2014-8560
+ RESERVED
+CVE-2014-8558
+ RESERVED
+CVE-2014-8557
+ RESERVED
+CVE-2014-8556
+ RESERVED
+CVE-2014-8555
+ RESERVED
+CVE-2014-8553
+ RESERVED
+CVE-2014-8552
+ RESERVED
+CVE-2014-8551
+ RESERVED
+CVE-2014-8550
+ RESERVED
+CVE-2014-8549
+ RESERVED
+CVE-2014-8548
+ RESERVED
+CVE-2014-8547
+ RESERVED
+CVE-2014-8546
+ RESERVED
+CVE-2014-8545
+ RESERVED
+CVE-2014-8544
+ RESERVED
+CVE-2014-8543
+ RESERVED
+CVE-2014-8542
+ RESERVED
+CVE-2014-8541
+ RESERVED
+CVE-2014-8539
+ RESERVED
+CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote ...)
+ TODO: check
CVE-2014-XXXX [Privilege Escalation via KDE Clock KCM polkit helper]
- kde-workspace <unfixed>
NOTE: https://git.reviewboard.kde.org/r/120977/
@@ -3,13 +77,17 @@
TODO: check
CVE-2014-8583
+ RESERVED
- mod-wsgi 4.2.7-1
NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd
-CVE-2014-8582
+CVE-2014-8582 (FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point ...)
NOT-FOR-US: FortiNet FortiADC-E
CVE-2014-8567 [mod_auth_mellon logout requests would crash the Apache web server]
+ RESERVED
- libapache2-mod-auth-mellon 0.9.0
CVE-2014-8566 [mod_auth_mellon information disclosure]
+ RESERVED
- libapache2-mod-auth-mellon 0.9.1
CVE-2014-8554 [SQL injection vulnerability in MantisBT SOAP API]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
@@ -18,6 +96,7 @@
NOTE: http://github.com/mantisbt/mantisbt/commit/99ffb0af (1.2.x branch)
NOTE: http://github.com/mantisbt/mantisbt/commit/5faf97ab (master)
CVE-2014-8540
+ RESERVED
- gitlab <itp> (bug #651606)
CVE-2014-8538 (The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for ...)
NOT-FOR-US: Hijab Modern (aka com.Aisyaidea.HijabModern) application for Android
@@ -75,8 +154,8 @@
RESERVED
CVE-2014-8510
RESERVED
-CVE-2014-8509
- RESERVED
+CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...)
+ TODO: check
CVE-2014-8508
RESERVED
CVE-2014-8507
@@ -119,10 +198,10 @@
RESERVED
CVE-2014-8496
RESERVED
-CVE-2014-8495
- RESERVED
-CVE-2014-8494
- RESERVED
+CVE-2014-8495 (Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 ...)
+ TODO: check
+CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) ...)
+ TODO: check
CVE-2014-8493
RESERVED
CVE-2014-8492
@@ -136,6 +215,7 @@
[wheezy] - lsyncd <no-dsa> (Minor issue)
NOTE: https://github.com/axkibe/lsyncd/issues/220
CVE-2014-8559 [fs/dcache.c incorrect use of rename_lock]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
@@ -162,6 +242,7 @@
[squeeze] - graphicsmagick <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/ (graphicsmagick)
CVE-2014-8562 [buffer overflow in DCM parser]
+ RESERVED
- imagemagick 8:6.8.9.9-1 (bug #767240)
[wheezy] - imagemagick <no-dsa> (Minor issue)
[squeeze] - imagemagick <no-dsa> (Minor issue)
@@ -175,6 +256,7 @@
NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
NOTE: Upstream commit: http://trac.imagemagick.org/changeset/16765
CVE-2014-8561 [Remotely DOS: convert +profile regression enters infinite loop exhausting memory]
+ RESERVED
- imagemagick 8:6.8.9.9-1 (bug #764872)
[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
[squeeze] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
@@ -523,8 +605,8 @@
RESERVED
CVE-2014-8335
RESERVED
-CVE-2014-8334
- RESERVED
+CVE-2014-8334 (The WP-DBManager (aka Database Manager) plugin before 2.7.2 for ...)
+ TODO: check
CVE-2014-8332
RESERVED
CVE-2014-8331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
@@ -565,18 +647,15 @@
NOT-FOR-US: Drupal module MRBS
CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...)
NOT-FOR-US: Drupal module MRBS
-CVE-2014-8350 [secure mode bypass]
- RESERVED
+CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...)
- smarty3 3.1.21-1 (bug #765920)
- smarty <removed>
[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
-CVE-2014-8399 [DoS issue]
- RESERVED
+CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon ...)
- systemd-shim 8-4
NOTE: Fixed by: https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893
NOTE: with version 8-4 systemd-shim does not ship anymore a dbus policy, see https://bugs.debian.org/765101
-CVE-2014-8333 [virt/vmwareapi/vmops.py race condition]
- RESERVED
+CVE-2014-8333 (The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows ...)
- nova <unfixed>
[wheezy] - nova <not-affected> (Vulnerable code not present)
NOTE: versions affected up to to 2014.1.3
@@ -797,11 +876,9 @@
RESERVED
CVE-2014-8245
RESERVED
-CVE-2014-8244
- RESERVED
+CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...)
NOT-FOR-US: Linksys SMART WiFi
-CVE-2014-8243
- RESERVED
+CVE-2014-8243 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...)
NOT-FOR-US: Linksys SMART WiFi
CVE-2014-8239
RESERVED
@@ -1111,12 +1188,11 @@
RESERVED
CVE-2014-8083
RESERVED
-CVE-2014-8082
- RESERVED
-CVE-2014-8081
- RESERVED
-CVE-2014-8080 [Denial Of Service XML Expansion]
- RESERVED
+CVE-2014-8082 (lib/functions/database.class.php in TestLink before 1.9.13 allows ...)
+ TODO: check
+CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote ...)
+ TODO: check
+CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before ...)
- ruby1.8 <removed>
- ruby1.9.1 <removed>
- ruby2.0 <removed>
@@ -1341,12 +1417,12 @@
RESERVED
CVE-2014-7988
RESERVED
-CVE-2014-7987
- RESERVED
-CVE-2014-7986
- RESERVED
-CVE-2014-7985
- RESERVED
+CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 ...)
+ TODO: check
+CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to ...)
+ TODO: check
+CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows ...)
+ TODO: check
CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote ...)
NOT-FOR-US: Joomla
CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...)
@@ -2904,8 +2980,8 @@
RESERVED
CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...)
NOT-FOR-US: Joomla
-CVE-2014-7228
- RESERVED
+CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...)
+ TODO: check
CVE-2014-7227
REJECTED
CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ...)
@@ -2969,7 +3045,7 @@
RESERVED
CVE-2013-7404
RESERVED
-CVE-2012-6661
+CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta ...)
- zope2.12 2.12.26-1
- zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19)
NOTE: CVE SPLIT from CVE-2012-5508
@@ -3070,8 +3146,7 @@
CVE-2014-7178
RESERVED
NOT-FOR-US: Enalean Tuleap
-CVE-2014-7177
- RESERVED
+CVE-2014-7177 (XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier ...)
NOT-FOR-US: Enalean Tuleap
CVE-2014-7176
RESERVED
@@ -5458,12 +5533,12 @@
NOT-FOR-US: IBM Tivoli
CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) ...)
NOT-FOR-US: IBM Tivoli
-CVE-2014-6150
- RESERVED
+CVE-2014-6150 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Application ...)
+ TODO: check
CVE-2014-6149 (Directory traversal vulnerability in BIRT-viewer in IBM Tivoli ...)
NOT-FOR-US: IBM Tivoli TADDM
-CVE-2014-6148
- RESERVED
+CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 ...)
+ TODO: check
CVE-2014-6147
RESERVED
CVE-2014-6146
@@ -5556,8 +5631,8 @@
RESERVED
CVE-2014-6102
RESERVED
-CVE-2014-6101
- RESERVED
+CVE-2014-6101 (Cross-site scripting (XSS) vulnerability in the redirect-login feature ...)
+ TODO: check
CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...)
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x ...)
@@ -5704,10 +5779,9 @@
CVE-2014-6034
RESERVED
CVE-2014-6033
- RESERVED
+ REJECTED
NOT-FOR-US: F5 Networks Big-IP
-CVE-2014-6032
- RESERVED
+CVE-2014-6032 (Multiple XML External Entity (XXE) vulnerabilities in the ...)
NOT-FOR-US: F5 Networks Big-IP
CVE-2014-6031
RESERVED
@@ -6753,8 +6827,8 @@
RESERVED
CVE-2014-5508 (Multiple integer overflows in the HelpServ module (mod-helpserv.c) in ...)
NOT-FOR-US: srvx (irc services)
-CVE-2014-5507
- RESERVED
+CVE-2014-5507 (iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full ...)
+ TODO: check
CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote ...)
NOT-FOR-US: SAP Crystal Reports
CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows remote ...)
@@ -7398,15 +7472,13 @@
- accountsservice <unfixed> (low; bug #757912)
[wheezy] - accountsservice <no-dsa> (Minor issue)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000
-CVE-2014-5272 [out of array access]
- RESERVED
+CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x ...)
- ffmpeg 7:2.4.1-1
[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav <not-affected> (Vulnerable code not present)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
NOTE: <lu_zero> Does not apply to Libav at all.
-CVE-2014-5271 [buffer overflow]
- RESERVED
+CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in ...)
- ffmpeg <not-affected> (Vulnerable code not present)
- libav 6:11-1
[wheezy] - libav <not-affected> (Vulnerable code not present)
@@ -9758,8 +9830,7 @@
NOT-FOR-US: Epicor
CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor ...)
NOT-FOR-US: Epicor
-CVE-2014-4311
- RESERVED
+CVE-2014-4311 (Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers ...)
NOT-FOR-US: Epicor
CVE-2014-4310 (Unspecified vulnerability in the JPublisher component in Oracle ...)
NOT-FOR-US: Oracle Database Server
@@ -11172,8 +11243,7 @@
RESERVED
CVE-2014-3713
RESERVED
-CVE-2014-3712
- RESERVED
+CVE-2014-3712 (Katello allows remote attackers to cause a denial foser service ...)
NOT-FOR-US: Katello
CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...)
- kfreebsd-9 <removed> (bug #766275)
@@ -11188,8 +11258,7 @@
CVE-2014-3709
RESERVED
NOT-FOR-US: JBoss KeyCloak
-CVE-2014-3708 [Nova network DoS through API filtering]
- RESERVED
+CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 ...)
- nova <unfixed> (low)
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: affected versions up to 2014.1.3, and 2014.2
@@ -11274,15 +11343,13 @@
- wpa 2.3-1 (bug #765352; high)
CVE-2014-3685
RESERVED
-CVE-2014-3684 [non-root users able to kill any process on any node in a job]
- RESERVED
+CVE-2014-3684 (The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source ...)
{DSA-3058-1 DLA-78-1}
- torque 2.4.16+dfsg-1.5 (bug #763922)
NOTE: https://github.com/adaptivecomputing/torque/commit/967cdc80150690459a47a35a658abeee0ca6e5cb
NOTE: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9
NOTE: 2.4 is end-of-life upstream thus no patches available for that branch.
-CVE-2014-3683 [Incomplete fix for CVE-2014-3634]
- RESERVED
+CVE-2014-3683 (Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and ...)
{DSA-3047-1 DLA-72-1}
- rsyslog 8.4.2-1
NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
@@ -11318,12 +11385,15 @@
CVE-2014-3671
REJECTED
CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in ...)
+ {DSA-3064-1}
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68113
CVE-2014-3669 (Integer overflow in the object_custom function in ...)
+ {DSA-3064-1}
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68044
CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime ...)
+ {DSA-3064-1}
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68027
CVE-2014-3667 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 does not ...)
@@ -11367,8 +11437,7 @@
CVE-2014-3655
RESERVED
NOT-FOR-US: JBoss KeyCloak
-CVE-2014-3654
- RESERVED
+CVE-2014-3654 (Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java ...)
NOT-FOR-US: Red Hat Satellite
CVE-2014-3653 [XSS flaw on template preview screen]
RESERVED
@@ -11443,8 +11512,7 @@
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=83622
-CVE-2014-3634
- RESERVED
+CVE-2014-3634 (rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier ...)
{DSA-3040-1 DLA-72-1}
- rsyslog 8.4.1-1
- inetutils 2:1.9.2.39.3a460-1
@@ -11479,8 +11547,7 @@
CVE-2014-3624 [Ensure remap requests are properly tunneled using CONNECT requests to avoid an open relay]
RESERVED
- trafficserver 5.1.1-1
-CVE-2014-3623
- RESERVED
+CVE-2014-3623 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF ...)
NOT-FOR-US: Apache CXF
CVE-2014-3622 [Posthandler Potential Illegal efree() vulnerability]
RESERVED
@@ -11511,8 +11578,7 @@
NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
NOTE: Upstream patch: http://trac.nginx.org/nginx/changeset/1ee1db30c9b96e9e43e85ab0bfba42140af24966/nginx (stable-1.6 branch)
NOTE: See follow up on: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
-CVE-2014-3615 [qemu vga emulator information leakage when guest sets high resolution]
- RESERVED
+CVE-2014-3615 (The VGA emulator in QEMU allows local guest users to read host memory ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.1+dfsg-5
- qemu-kvm <removed>
@@ -11631,8 +11697,7 @@
RESERVED
CVE-2014-3585
RESERVED
-CVE-2014-3584
- RESERVED
+CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before ...)
NOT-FOR-US: Apache CXF
CVE-2014-3583
RESERVED
@@ -12063,16 +12128,13 @@
CVE-2014-3476 (OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...)
- keystone 2014.1.1-2 (bug #751454)
[wheezy] - keystone <not-affected> (Vulnerable code not present)
-CVE-2014-3475
- RESERVED
+CVE-2014-3475 (Cross-site scripting (XSS) vulnerability in the Users panel ...)
- horizon 2014.1.1-3 (bug #754255)
[wheezy] - horizon <no-dsa> (Minor issue)
-CVE-2014-3474
- RESERVED
+CVE-2014-3474 (Cross-site scripting (XSS) vulnerability in ...)
- horizon 2014.1.1-3 (bug #754255)
[wheezy] - horizon <no-dsa> (Minor issue)
-CVE-2014-3473
- RESERVED
+CVE-2014-3473 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack ...)
- horizon 2014.1.1-3 (bug #754255)
[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss ...)
@@ -12244,8 +12306,7 @@
CVE-2014-3447
RESERVED
NOT-FOR-US: BSS Continuity CMS
-CVE-2014-3446
- RESERVED
+CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in ...)
NOT-FOR-US: BSS Continuity CMS
CVE-2014-3445
RESERVED
@@ -12392,14 +12453,14 @@
NOT-FOR-US: Cisco IOS
CVE-2014-3376 (Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-3375
- RESERVED
-CVE-2014-3374
- RESERVED
-CVE-2014-3373
- RESERVED
-CVE-2014-3372
- RESERVED
+CVE-2014-3375 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service ...)
+ TODO: check
+CVE-2014-3374 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin ...)
+ TODO: check
+CVE-2014-3373 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed ...)
+ TODO: check
+CVE-2014-3372 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports ...)
+ TODO: check
CVE-2014-3371
RESERVED
CVE-2014-3370 (Cisco TelePresence Video Communication Server (VCS) and Expressway ...)
@@ -12410,8 +12471,8 @@
NOT-FOR-US: Cisco TelePresence
CVE-2014-3367 (Cross-site scripting (XSS) vulnerability in the vCloud Director ...)
NOT-FOR-US: Cisco
-CVE-2014-3366
- RESERVED
+CVE-2014-3366 (SQL injection vulnerability in the administrative web interface in ...)
+ TODO: check
CVE-2014-3365
RESERVED
CVE-2014-3364
@@ -15193,12 +15254,12 @@
- strongswan 5.1.2-4
CVE-2014-2337
RESERVED
-CVE-2014-2336
- RESERVED
-CVE-2014-2335
- RESERVED
-CVE-2014-2334
- RESERVED
+CVE-2014-2336 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
+ TODO: check
+CVE-2014-2335 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
+ TODO: check
+CVE-2014-2334 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
+ TODO: check
CVE-2014-2333 (Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...)
NOT-FOR-US: WordPress plugin Lazyest Gallery
CVE-2014-2332
@@ -16228,8 +16289,7 @@
CVE-2014-2027 [remote code execution via php unserialize]
RESERVED
- egroupware <removed>
-CVE-2014-2015 [denial of service in rlm_pap hash processing]
- RESERVED
+CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap ...)
- freeradius <unfixed> (low; bug #742820)
[wheezy] - freeradius <no-dsa> (Minor issue)
[squeeze] - freeradius <no-dsa> (Minor issue)
@@ -19929,22 +19989,18 @@
NOT-FOR-US: Flash plugin
CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0490 [incorrect apt-get download validation]
- RESERVED
+CVE-2014-0490 (The apt-get download command in APT before 1.0.9 does not properly ...)
{DSA-3025-1}
- apt 0.9.12
NOTE: fixed with commit http://anonscm.debian.org/cgit/apt/apt.git/commit/?id=d57f6084aaa3972073114973d149ea2291b36682
[squeeze] - apt <not-affected> (apt download command and vulnerable code not present)
-CVE-2014-0489 [incorrect verification of Acquire::Gzip indexes]
- RESERVED
+CVE-2014-0489 (APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, ...)
{DSA-3025-1 DLA-53-1}
- apt 1.0.9
-CVE-2014-0488 [incorrect invalidating of unauthenticated data]
- RESERVED
+CVE-2014-0488 (APT before 1.0.9 does not "invalidate repository data" when moving ...)
{DSA-3025-1 DLA-53-1}
- apt 1.0.9
-CVE-2014-0487 [incorrect verification of 304 reply]
- RESERVED
+CVE-2014-0487 (APT before 1.0.9 does not verify downloaded files if they have been ...)
{DSA-3025-1 DLA-53-1}
- apt 1.0.9
CVE-2014-0486 [remote crash with crafted DNS message]
@@ -21564,8 +21620,7 @@
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704 (v2.6.37)
NOTE: https://lkml.org/lkml/2010/9/16/99
NOTE: Introduced in f801073f87aa2 (around 2.6.31) according to SuSE Bugzilla
-CVE-2014-0204 [Keystone user and group id mismatch]
- RESERVED
+CVE-2014-0204 (OpenStack Identity (Keystone) before 2014.1.1 does not properly handle ...)
- keystone 2014.1-5 (bug #749026)
[wheezy] - keystone <not-affected>
CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before ...)
@@ -31721,8 +31776,8 @@
RESERVED
CVE-2013-3305
RESERVED
-CVE-2013-3304
- RESERVED
+CVE-2013-3304 (Directory traversal vulnerability in Dell EqualLogic PS4000 with ...)
+ TODO: check
CVE-2013-3303
RESERVED
CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 ...)
@@ -40531,13 +40586,11 @@
- nginx 1.4.4-2 (low; bug #701112)
[squeeze] - nginx <no-dsa> (Minor issue)
[wheezy] - nginx <no-dsa> (Minor issue)
-CVE-2013-0336 [DoS when connecting with a missing username/dn]
- RESERVED
+CVE-2013-0336 (The ipapwd_chpwop function in ...)
- 389-ds-base 1.3.2.9-1 (bug #704077)
CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
- nova 2012.1.1-14 (bug #701773)
-CVE-2013-0334 [may install gems from a different source than expected]
- RESERVED
+CVE-2013-0334 (Bundler before 1.7, when multiple top-level source lines are used, ...)
- bundler 1.7.2-1 (low; bug #762739)
[wheezy] - bundler <no-dsa> (Minor issue)
CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...)
@@ -43674,8 +43727,7 @@
- xen 4.1.3-5
CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...)
NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
-CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded]
- RESERVED
+CVE-2012-5508 (The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow ...)
- zope2.12 2.12.26-1 (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/24
CVE-2012-5507 (AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone ...)
@@ -43694,8 +43746,7 @@
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5501 (at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content items ]
- RESERVED
+CVE-2012-5500 (The batch id change script (renameObjectsByPaths.py) in Plone before ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5499 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
More information about the Secure-testing-commits
mailing list