[Secure-testing-commits] r30060 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Fri Nov 14 09:24:49 UTC 2014
Author: sectracker
Date: 2014-11-14 09:19:53 +0000 (Fri, 14 Nov 2014)
New Revision: 30060
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-14 07:23:28 UTC (rev 30059)
+++ data/CVE/list 2014-11-14 09:19:53 UTC (rev 30060)
@@ -1,8 +1,302 @@
+CVE-2014-8769
+ RESERVED
+CVE-2014-8768
+ RESERVED
+CVE-2014-8767
+ RESERVED
+CVE-2014-8742
+ RESERVED
+CVE-2014-8741
+ RESERVED
+CVE-2014-8740
+ RESERVED
+CVE-2014-8739
+ RESERVED
+CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote ...)
+ TODO: check
+CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before ...)
+ TODO: check
+CVE-2014-8734 (The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal ...)
+ TODO: check
+CVE-2014-8733
+ RESERVED
+CVE-2014-8730
+ RESERVED
+CVE-2014-8729
+ RESERVED
+CVE-2014-8728
+ RESERVED
+CVE-2014-8727
+ RESERVED
+CVE-2014-8726
+ RESERVED
+CVE-2014-8725
+ RESERVED
+CVE-2014-8724
+ RESERVED
+CVE-2014-8723
+ RESERVED
+CVE-2014-8722
+ RESERVED
+CVE-2014-8721
+ RESERVED
+CVE-2014-8720
+ RESERVED
+CVE-2014-8719
+ RESERVED
+CVE-2014-8718
+ RESERVED
+CVE-2014-8717
+ RESERVED
+CVE-2014-8715
+ RESERVED
+CVE-2014-8708
+ RESERVED
+CVE-2014-8707
+ RESERVED
+CVE-2014-8706
+ RESERVED
+CVE-2014-8705
+ RESERVED
+CVE-2014-8704
+ RESERVED
+CVE-2014-8703
+ RESERVED
+CVE-2014-8702
+ RESERVED
+CVE-2014-8701
+ RESERVED
+CVE-2014-8700
+ RESERVED
+CVE-2014-8699
+ RESERVED
+CVE-2014-8698
+ RESERVED
+CVE-2014-8697
+ RESERVED
+CVE-2014-8696
+ RESERVED
+CVE-2014-8695
+ RESERVED
+CVE-2014-8694
+ RESERVED
+CVE-2014-8693
+ RESERVED
+CVE-2014-8692
+ RESERVED
+CVE-2014-8691
+ RESERVED
+CVE-2014-8690
+ RESERVED
+CVE-2014-8689
+ RESERVED
+CVE-2014-8688
+ RESERVED
+CVE-2014-8687
+ RESERVED
+CVE-2014-8686
+ RESERVED
+CVE-2014-8685
+ RESERVED
+CVE-2014-8684
+ RESERVED
+CVE-2014-8683
+ RESERVED
+CVE-2014-8682
+ RESERVED
+CVE-2014-8681
+ RESERVED
+CVE-2014-8680
+ RESERVED
+CVE-2014-8679
+ RESERVED
+CVE-2014-8678
+ RESERVED
+CVE-2014-8677
+ RESERVED
+CVE-2014-8676
+ RESERVED
+CVE-2014-8675
+ RESERVED
+CVE-2014-8674
+ RESERVED
+CVE-2014-8673
+ RESERVED
+CVE-2014-8672 (Cross-site scripting (XSS) vulnerability in the RewardingYourself ...)
+ TODO: check
+CVE-2014-8671 (Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap ...)
+ TODO: check
+CVE-2014-8670 (Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote ...)
+ TODO: check
+CVE-2014-8669 (The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM ...)
+ TODO: check
+CVE-2014-8668 (SQL injection vulnerability in SAP Contract Accounting allows remote ...)
+ TODO: check
+CVE-2014-8667 (Cross-site scripting (XSS) vulnerability in SAP HANA Web-based ...)
+ TODO: check
+CVE-2014-8666 (The User & Server configuration, InfoView refresh, user rights ...)
+ TODO: check
+CVE-2014-8665 (The SAP Business Intelligence Development Workbench allows remote ...)
+ TODO: check
+CVE-2014-8664 (SQL injection vulnerability in Product Safety (EHS-SAF) component in ...)
+ TODO: check
+CVE-2014-8663 (SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP ...)
+ TODO: check
+CVE-2014-8662 (Unspecified vulnerability in SAP Payroll Process allows remote ...)
+ TODO: check
+CVE-2014-8661 (The SAP CRM Internet Sales module allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-8660 (SAP Document Management Services allows local users to execute ...)
+ TODO: check
+CVE-2014-8659 (Directory traversal vulnerability in SAP Environment, Health, and ...)
+ TODO: check
+CVE-2014-8658 (Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme ...)
+ TODO: check
+CVE-2014-8657 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
+ TODO: check
+CVE-2014-8656 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
+ TODO: check
+CVE-2014-8655 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
+ TODO: check
+CVE-2014-8654 (Multiple cross-site request forgery (CSRF) vulnerabilities in Compal ...)
+ TODO: check
+CVE-2014-8653 (Cross-site scripting (XSS) vulnerability in Compal Broadband Networks ...)
+ TODO: check
+CVE-2014-8652 (Elipse E3 3.x and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2014-8649
+ RESERVED
+CVE-2014-8648
+ RESERVED
+CVE-2014-8647
+ RESERVED
+CVE-2014-8646
+ RESERVED
+CVE-2014-8645
+ RESERVED
+CVE-2014-8644
+ RESERVED
+CVE-2014-8643
+ RESERVED
+CVE-2014-8642
+ RESERVED
+CVE-2014-8641
+ RESERVED
+CVE-2014-8640
+ RESERVED
+CVE-2014-8639
+ RESERVED
+CVE-2014-8638
+ RESERVED
+CVE-2014-8637
+ RESERVED
+CVE-2014-8636
+ RESERVED
+CVE-2014-8635
+ RESERVED
+CVE-2014-8634
+ RESERVED
+CVE-2014-8633
+ RESERVED
+CVE-2014-8632
+ RESERVED
+CVE-2014-8631
+ RESERVED
+CVE-2014-8630
+ RESERVED
+CVE-2014-8629
+ RESERVED
+CVE-2014-8624
+ RESERVED
+CVE-2014-8623
+ RESERVED
+CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
+ TODO: check
+CVE-2014-8621
+ RESERVED
+CVE-2014-8620
+ RESERVED
+CVE-2014-8619
+ RESERVED
+CVE-2014-8618
+ RESERVED
+CVE-2014-8617
+ RESERVED
+CVE-2014-8616
+ RESERVED
+CVE-2014-8615
+ RESERVED
+CVE-2014-8614
+ RESERVED
+CVE-2014-8613
+ RESERVED
+CVE-2014-8612
+ RESERVED
+CVE-2014-8611
+ RESERVED
+CVE-2014-8610
+ RESERVED
+CVE-2014-8609
+ RESERVED
+CVE-2014-8608
+ RESERVED
+CVE-2014-8607
+ RESERVED
+CVE-2014-8606
+ RESERVED
+CVE-2014-8605
+ RESERVED
+CVE-2014-8604
+ RESERVED
+CVE-2014-8603
+ RESERVED
+CVE-2014-8602
+ RESERVED
+CVE-2014-8601
+ RESERVED
+CVE-2014-8600
+ RESERVED
+CVE-2014-8599
+ RESERVED
+CVE-2014-8597
+ RESERVED
+CVE-2014-8596
+ RESERVED
+CVE-2014-8595
+ RESERVED
+CVE-2014-8594
+ RESERVED
+CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani ...)
+ TODO: check
+CVE-2014-8587 (SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before ...)
+ TODO: check
+CVE-2014-8586 (SQL injection vulnerability in the CP Multi View Event Calendar plugin ...)
+ TODO: check
+CVE-2014-8585 (Directory traversal vulnerability in the WordPress Download Manager ...)
+ TODO: check
+CVE-2014-8584 (Cross-site scripting (XSS) vulnerability in the Web Dorado Spider ...)
+ TODO: check
+CVE-2013-7415
+ RESERVED
+CVE-2013-7414
+ RESERVED
+CVE-2013-7413
+ RESERVED
+CVE-2013-7412
+ RESERVED
+CVE-2013-7411
+ RESERVED
+CVE-2013-7410
+ RESERVED
+CVE-2010-5311
+ RESERVED
CVE-2014-8738 [Out-of-bounds memory write while processing a crafted "ar" archive]
+ RESERVED
- binutils <unfixed>
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
CVE-2014-8737 [Directory traversal vulnerability allowing random files deleteion/creation]
+ RESERVED
- binutils <unfixed>
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
@@ -11,33 +305,41 @@
- konversation <unfixed> (bug #768656)
TODO: check
CVE-2014-8732 [stored cross-site scripting (XSS) issues]
+ RESERVED
NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8731 [remote code execution flaw]
+ RESERVED
NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8716 [crafted jpeg file could lead to DOS]
+ RESERVED
- imagemagick <unfixed> (bug #768494)
NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
CVE-2014-8714 [TN5250 infinite loop]
+ RESERVED
- wireshark <unfixed> (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-23.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8713 [NCP dissector crashes]
+ RESERVED
- wireshark <unfixed> (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8712 [NCP dissector crashes]
+ RESERVED
- wireshark <unfixed> (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8711 [AMQP dissector crash]
+ RESERVED
- wireshark <unfixed> (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-21.html
NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8710 [SigComp dissector crash]
+ RESERVED
- wireshark <unfixed> (bug #769410)
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html
NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
-CVE-2014-8709 [mac80211 plain text leak]
+CVE-2014-8709 (The ieee80211_fragment function in net/mac80211/tx.c in the Linux ...)
- linux 3.14.2-1
[wheezy] - linux 3.2.57-1
- linux-2.6 <removed>
@@ -46,43 +348,49 @@
CVE-2014-XXXX [PAM module does not check whether strdup allocations succeeded]
- oath-toolkit <unfixed> (bug #742140)
CVE-2014-8650 [does not handle mutual authentication]
+ RESERVED
- python-requests-kerberos 0.5-2 (bug #768408)
NOTE: https://github.com/requests/requests-kerberos/pull/36
NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
CVE-2014-8628 [remotely-triggerable memory leaks]
+ RESERVED
- polarssl 1.3.9-1
NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
CVE-2014-8627 [server negotiate a weaker signature algorithm than available]
+ RESERVED
- polarssl 1.3.9-1
[wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
[squeeze] - polarssl <not-affected> (Problem introduced in 1.3.8)
CVE-2014-8626 [xmlrpc date_from_ISO8601() buffer overflow]
+ RESERVED
- php5 5.2.9.dfsg.1-1
NOTE: https://bugs.php.net/bug.php?id=45226
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db
CVE-2014-8625 [format string vulnerability]
+ RESERVED
- dpkg <unfixed> (bug #768485)
[squeeze] - dpkg <not-affected> (Regression introduced in 1.16.2)
NOTE: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
NOTE: Regression introduced with https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=0b8652b226a7601dfd71471797d15168a7337242 (1.16.2)
CVE-2014-8598 [XML Import/Export plugin unrestricted access]
+ RESERVED
- mantis <unfixed>
NOTE: https://github.com/mantisbt/mantisbt/commit/80a15487
NOTE: http://www.mantisbt.org/bugs/view.php?id=17780
-CVE-2014-8592
+CVE-2014-8592 (Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2014-8591
+CVE-2014-8591 (Unspecified vulnerability in SAP Internet Communication Manager (ICM), ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2014-8590
+CVE-2014-8590 (XML external entity (XXE) vulnerability in the Web Service Navigator ...)
NOT-FOR-US: SAP NetWeaver Application Server
-CVE-2014-8589
+CVE-2014-8589 (Integer overflow in SAP Network Interface Router (SAProuter) 40.4 ...)
NOT-FOR-US: SAP Network Interface Router
-CVE-2014-8588
+CVE-2014-8588 (SQL injection vulnerability in metadata.xsjs in SAP HANA ...)
NOT-FOR-US: SAP HANA
CVE-2014-8581
RESERVED
-CVE-2014-8580
- RESERVED
+CVE-2014-8580 (Citrix NetScaler Application Delivery Controller and NetScaler Gateway ...)
+ TODO: check
CVE-2014-8579
RESERVED
CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in ...)
@@ -130,8 +438,8 @@
NOT-FOR-US: JExperts Tecnologia Channel Software
CVE-2014-8556
RESERVED
-CVE-2014-8555
- RESERVED
+CVE-2014-8555 (Directory traversal vulnerability in report/reportViewAction.jsp in ...)
+ TODO: check
CVE-2014-8553
RESERVED
CVE-2014-8552
@@ -140,29 +448,30 @@
RESERVED
CVE-2014-8550
RESERVED
-CVE-2014-8549
- RESERVED
-CVE-2014-8548
- RESERVED
-CVE-2014-8547
- RESERVED
-CVE-2014-8546
- RESERVED
-CVE-2014-8545
- RESERVED
-CVE-2014-8544
- RESERVED
-CVE-2014-8543
- RESERVED
-CVE-2014-8542
- RESERVED
-CVE-2014-8541
- RESERVED
+CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the ...)
+ TODO: check
+CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows ...)
+ TODO: check
+CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
+ TODO: check
+CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
+ TODO: check
+CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the ...)
+ TODO: check
+CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate ...)
+ TODO: check
+CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
+ TODO: check
+CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
+ TODO: check
+CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
+ TODO: check
CVE-2014-8539
RESERVED
CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote ...)
NOT-FOR-US: ALLPlayer
CVE-2014-8651 [Privilege Escalation via KDE Clock KCM polkit helper]
+ RESERVED
- kde-workspace 4:4.11.13-2
NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6
CVE-2014-8583
@@ -243,12 +552,12 @@
RESERVED
CVE-2014-8511
RESERVED
-CVE-2014-8510
- RESERVED
+CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance ...)
+ TODO: check
CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...)
NOT-FOR-US: BitTorrent bootstrap-dht (aka Bootstrap)
-CVE-2014-8508
- RESERVED
+CVE-2014-8508 (Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon ...)
+ TODO: check
CVE-2014-8507
RESERVED
CVE-2014-8506 (Multiple SQL injection vulnerabilities in Etiko CMS allow remote ...)
@@ -304,8 +613,7 @@
- lsyncd <unfixed> (low; bug #767227)
[wheezy] - lsyncd <no-dsa> (Minor issue)
NOTE: https://github.com/axkibe/lsyncd/issues/220
-CVE-2014-8559 [fs/dcache.c incorrect use of rename_lock]
- RESERVED
+CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
@@ -378,14 +686,14 @@
NOTE: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
CVE-2014-8475
RESERVED
-CVE-2014-8474
- RESERVED
-CVE-2014-8473
- RESERVED
-CVE-2014-8472
- RESERVED
-CVE-2014-8471
- RESERVED
+CVE-2014-8474 (CA Cloud Service Management (CSM) before Summer 2014 allows remote ...)
+ TODO: check
+CVE-2014-8473 (Cross-site request forgery (CSRF) vulnerability in CA Cloud Service ...)
+ TODO: check
+CVE-2014-8472 (CA Cloud Service Management (CSM) before Summer 2014 does not properly ...)
+ TODO: check
+CVE-2014-8471 (CA Cloud Service Management (CSM) before Summer 2014 allows remote ...)
+ TODO: check
CVE-2014-8470
RESERVED
CVE-2014-8469
@@ -403,21 +711,18 @@
[squeeze] - riece <no-dsa> (Minor issue)
CVE-2014-7401
RESERVED
-CVE-2014-8483 [out-of-bounds read on a heap-allocated array]
- RESERVED
+CVE-2014-8483 (The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 ...)
{DSA-3068-1 DSA-3063-1}
- quassel 0.10.0-2.1 (bug #766962)
NOTE: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
NOTE: http://bugs.quassel-irc.org/issues/1314
- konversation 1.5-2 (bug #768191)
NOTE: https://bugs.kde.org/show_bug.cgi?id=210792
-CVE-2014-8481 [Incomplete fix for CVE-2014-8480]
- RESERVED
+CVE-2014-8481 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...)
- linux <not-affected> (Present in 3.17 with incomplete fix)
- linux-2.6 <not-affected> (Present in 3.17 with incomplete fix)
NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32
-CVE-2014-8480 [NULL pointer dereference]
- RESERVED
+CVE-2014-8480 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...)
- linux <not-affected> (Introduced in 3.17)
- linux-2.6 <not-affected> (Introduced in 3.17)
NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
@@ -484,22 +789,17 @@
RESERVED
CVE-2014-8443
RESERVED
-CVE-2014-8442
- RESERVED
+CVE-2014-8442 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-8441
- RESERVED
+CVE-2014-8441 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-8440
- RESERVED
+CVE-2014-8440 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-8439
RESERVED
-CVE-2014-8438
- RESERVED
+CVE-2014-8438 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-8437
- RESERVED
+CVE-2014-8437 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-8436
RESERVED
@@ -633,8 +933,7 @@
RESERVED
CVE-2014-8370
RESERVED
-CVE-2014-8369 [Incorrect fix for CVE-2014-3601]
- RESERVED
+CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
- linux <unfixed>
- linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not applied)
NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
@@ -674,10 +973,10 @@
RESERVED
CVE-2014-8353
RESERVED
-CVE-2014-8352
- RESERVED
-CVE-2014-8351
- RESERVED
+CVE-2014-8352 (Cross-site scripting (XSS) vulnerability in json.php in French ...)
+ TODO: check
+CVE-2014-8351 (SQL injection vulnerability in info.php in French National Commission ...)
+ TODO: check
CVE-2014-8349
RESERVED
CVE-2014-8348
@@ -698,8 +997,7 @@
RESERVED
CVE-2014-8340
RESERVED
-CVE-2014-8339
- RESERVED
+CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...)
NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
CVE-2014-8338
RESERVED
@@ -770,8 +1068,7 @@
NOT-FOR-US: TYPO3 extension dce
CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions ...)
NOT-FOR-US: TYPO3 extension fal_sftp
-CVE-2014-8326 [PMASA-2014-12 XSS vulnerabilities in SQL debug output and server monitor page.]
- RESERVED
+CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.2.10.1-1 (low)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
[squeeze] - phpmyadmin <no-dsa> (Minor issue)
@@ -1523,12 +1820,12 @@
RESERVED
CVE-2014-7991
RESERVED
-CVE-2014-7990
- RESERVED
-CVE-2014-7989
- RESERVED
-CVE-2014-7988
- RESERVED
+CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 ...)
+ TODO: check
+CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows local ...)
+ TODO: check
+CVE-2014-7988 (The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and ...)
+ TODO: check
CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 ...)
NOT-FOR-US: EspoCRM
CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to ...)
@@ -1575,10 +1872,10 @@
RESERVED
CVE-2014-7961
RESERVED
-CVE-2014-7959
- RESERVED
-CVE-2014-7958
- RESERVED
+CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in the ...)
+ TODO: check
+CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-7957
RESERVED
CVE-2014-7956
@@ -1744,8 +2041,7 @@
NOT-FOR-US: HP-UX
CVE-2014-7876
RESERVED
-CVE-2014-7875
- RESERVED
+CVE-2014-7875 (Unspecified vulnerability on the HP LaserJet CM3530 Multifunction ...)
NOT-FOR-US: HP Color LaserJet Printers
CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
NOT-FOR-US: HP-UX running System Management Homepage
@@ -1895,15 +2191,13 @@
NOTE: https://fedorahosted.org/freeipa/ticket/4690
CVE-2014-7827
RESERVED
-CVE-2014-7826 [Ftrace subsystem supervisor mode code execution]
- RESERVED
+CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
- linux-2.6 <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1)
-CVE-2014-7825 [Perf subsystem oob read in supervisor mode (local DoS)]
- RESERVED
+CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
@@ -1925,11 +2219,9 @@
RESERVED
CVE-2014-7820
RESERVED
-CVE-2014-7819 [Arbitrary file existence disclosure]
- RESERVED
+CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...)
- ruby-sprockets <unfixed>
-CVE-2014-7818 [Arbitrary file existence disclosure in Action Pack]
- RESERVED
+CVE-2014-7818 (Directory traversal vulnerability in ...)
- rails <unfixed>
- rails-3.2 <unfixed>
- ruby-actionpack-3.2 <removed>
@@ -3178,8 +3470,7 @@
RESERVED
CVE-2014-7208
RESERVED
-CVE-2014-7207 [Regression introduced in 3.2.63]
- RESERVED
+CVE-2014-7207 (A certain Debian patch to the IPv6 implementation in the Linux kernel ...)
{DSA-3060-1}
- linux <not-affected> (Issue specific to 3.2.x)
NOTE: In 3.2.x introduced with https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?h=linux-3.2.y&id=64b5c251d5b2cee4a0f697bfb90d79263f6dd517
@@ -3300,8 +3591,7 @@
NOT-FOR-US: Enalean Tuleap
CVE-2014-7177 (XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier ...)
NOT-FOR-US: Enalean Tuleap
-CVE-2014-7176
- RESERVED
+CVE-2014-7176 (SQL injection vulnerability in Enalean Tuleap before 7.5 allows remote ...)
NOT-FOR-US: Enalean Tuleap
CVE-2014-7175
RESERVED
@@ -3618,7 +3908,7 @@
NOT-FOR-US: Street Walker (aka kt.road.StreetWalker) application for Android
CVE-2014-7043 (The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does ...)
NOT-FOR-US: Cadpage (aka net.anei.cadpage) application for Android
-CVE-2014-7042 (The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for ...)
+CVE-2014-7042 (** DISPUTED ** The My nTelos (aka com.telespree.ntelospostpay) ...)
NOT-FOR-US: My nTelos (aka com.telespree.ntelospostpay) application for Android
CVE-2014-7041 (The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for ...)
NOT-FOR-US: SimGene (aka com.japanbioinformatics.simgene) application for Android
@@ -4459,14 +4749,14 @@
RESERVED
CVE-2014-6624
RESERVED
-CVE-2014-6623
- RESERVED
+CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight module ...)
+ TODO: check
CVE-2014-6622
RESERVED
CVE-2014-6621
RESERVED
-CVE-2014-6620
- RESERVED
+CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass ...)
+ TODO: check
CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: PizzaInn_Project Restaurant Script
CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop allows ...)
@@ -5208,52 +5498,52 @@
RESERVED
CVE-2014-6354
RESERVED
-CVE-2014-6353
- RESERVED
+CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
+ TODO: check
CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
NOT-FOR-US: Microsoft
-CVE-2014-6351
- RESERVED
-CVE-2014-6350
- RESERVED
-CVE-2014-6349
- RESERVED
-CVE-2014-6348
- RESERVED
-CVE-2014-6347
- RESERVED
-CVE-2014-6346
- RESERVED
-CVE-2014-6345
- RESERVED
-CVE-2014-6344
- RESERVED
-CVE-2014-6343
- RESERVED
-CVE-2014-6342
- RESERVED
-CVE-2014-6341
- RESERVED
-CVE-2014-6340
- RESERVED
-CVE-2014-6339
- RESERVED
+CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
+ TODO: check
+CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
+ TODO: check
+CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6345 (Microsoft Internet Explorer 9 and 10 allows remote attackers to read ...)
+ TODO: check
+CVE-2014-6344 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6343 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6342 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-6341 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass ...)
+ TODO: check
CVE-2014-6338
RESERVED
-CVE-2014-6337
- RESERVED
+CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-6336
RESERVED
-CVE-2014-6335
- RESERVED
-CVE-2014-6334
- RESERVED
-CVE-2014-6333
- RESERVED
-CVE-2014-6332
- RESERVED
-CVE-2014-6331
- RESERVED
+CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
+ TODO: check
+CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
+ TODO: check
+CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
+ TODO: check
+CVE-2014-6332 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
+ TODO: check
+CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and ...)
+ TODO: check
CVE-2014-6330
RESERVED
CVE-2014-6329
@@ -5268,20 +5558,20 @@
RESERVED
CVE-2014-6324
RESERVED
-CVE-2014-6323
- RESERVED
-CVE-2014-6322
- RESERVED
-CVE-2014-6321
- RESERVED
+CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows ...)
+ TODO: check
+CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...)
+ TODO: check
CVE-2014-6320
RESERVED
CVE-2014-6319
RESERVED
-CVE-2014-6318
- RESERVED
-CVE-2014-6317
- RESERVED
+CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...)
+ TODO: check
+CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
+ TODO: check
CVE-2014-6316
RESERVED
CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado ...)
@@ -5310,8 +5600,7 @@
RESERVED
CVE-2014-6301
RESERVED
-CVE-2014-6300 [PMASA-2014-10]
- RESERVED
+CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history ...)
- phpmyadmin 4:4.2.8.1-1
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -5669,12 +5958,12 @@
RESERVED
CVE-2014-6162
RESERVED
-CVE-2014-6161
- RESERVED
+CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...)
+ TODO: check
CVE-2014-6160
RESERVED
-CVE-2014-6159
- RESERVED
+CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
+ TODO: check
CVE-2014-6158
RESERVED
CVE-2014-6157
@@ -5699,8 +5988,8 @@
NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6147
RESERVED
-CVE-2014-6146
- RESERVED
+CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...)
+ TODO: check
CVE-2014-6145
RESERVED
CVE-2014-6144
@@ -5731,8 +6020,8 @@
RESERVED
CVE-2014-6131
RESERVED
-CVE-2014-6130
- RESERVED
+CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...)
+ TODO: check
CVE-2014-6129
RESERVED
CVE-2014-6128
@@ -5797,8 +6086,8 @@
NOT-FOR-US: IBM Sterling
CVE-2014-6098
RESERVED
-CVE-2014-6097
- RESERVED
+CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and ...)
+ TODO: check
CVE-2014-6096
RESERVED
CVE-2014-6095
@@ -5945,8 +6234,8 @@
NOT-FOR-US: F5 Networks Big-IP
CVE-2014-6031
RESERVED
-CVE-2014-6030
- RESERVED
+CVE-2014-6030 (Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET ...)
+ TODO: check
CVE-2014-6026
RESERVED
CVE-2014-6025 (The Chartboost library before 2.0.2 for Android does not verify X.509 ...)
@@ -7145,8 +7434,7 @@
NOT-FOR-US: Ubisoft Uplay PC
CVE-2014-5452 (CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the ...)
NOT-FOR-US: HL7 C-CDA
-CVE-2014-5451
- RESERVED
+CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: MODX Revolution
CVE-2014-5446
RESERVED
@@ -7180,8 +7468,8 @@
RESERVED
CVE-2014-5431
RESERVED
-CVE-2014-5430
- RESERVED
+CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before ...)
+ TODO: check
CVE-2014-5429
RESERVED
CVE-2014-5428
@@ -7206,8 +7494,8 @@
RESERVED
CVE-2014-5418
RESERVED
-CVE-2014-5417
- RESERVED
+CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server ...)
+ TODO: check
CVE-2014-5416
RESERVED
CVE-2014-5415
@@ -7224,8 +7512,8 @@
NOT-FOR-US: MicroLogix controller
CVE-2014-5409
RESERVED
-CVE-2014-5408
- RESERVED
+CVE-2014-5408 (Cross-site scripting (XSS) vulnerability in the login script in the ...)
+ TODO: check
CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET ...)
NOT-FOR-US: Schneider Electric
CVE-2014-5406
@@ -7264,8 +7552,7 @@
RESERVED
CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the ...)
NOT-FOR-US: WordPress plugin Content Audit
-CVE-2014-5387
- RESERVED
+CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine ...)
NOT-FOR-US: EllisLab ExpressionEngine Core
CVE-2014-5386
RESERVED
@@ -7574,10 +7861,10 @@
RESERVED
CVE-2014-5259 (Cross-site scripting (XSS) vulnerability in cattranslate.php in the ...)
NOT-FOR-US: BlackCat CMS
-CVE-2014-5258
- RESERVED
-CVE-2014-5257
- RESERVED
+CVE-2014-5258 (Directory traversal vulnerability in showTempFile.php in webEdition ...)
+ TODO: check
+CVE-2014-5257 (Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms ...)
+ TODO: check
CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows ...)
NOT-FOR-US: MyBB
CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware ...)
@@ -8236,10 +8523,10 @@
RESERVED
CVE-2014-5039
RESERVED
-CVE-2014-5038
- RESERVED
-CVE-2014-5037
- RESERVED
+CVE-2014-5038 (Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or ...)
+ TODO: check
+CVE-2014-5037 (Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, ...)
+ TODO: check
CVE-2014-5036 (The Storage Controller (SC) component in Eucalyptus 3.4.2 through ...)
- eucalyptus <removed>
CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers ...)
@@ -8458,8 +8745,7 @@
- ruby2.0 <removed> (low)
- ruby2.1 <unfixed> (low)
NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
-CVE-2014-4974
- RESERVED
+CVE-2014-4974 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode ...)
NOT-FOR-US: ESET
CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the ...)
NOT-FOR-US: ESET Personal Firewall
@@ -8755,8 +9041,8 @@
NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4835
RESERVED
-CVE-2014-4834
- RESERVED
+CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
+ TODO: check
CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4832
@@ -8803,8 +9089,8 @@
NOT-FOR-US: IBM Security AppScan Source
CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...)
NOT-FOR-US: IBM
-CVE-2014-4810
- RESERVED
+CVE-2014-4810 (IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and ...)
+ TODO: check
CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x ...)
NOT-FOR-US: IBM Security Access Manager
CVE-2014-4808 (Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through ...)
@@ -8885,8 +9171,8 @@
RESERVED
CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2014-4769
- RESERVED
+CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
+ TODO: check
CVE-2014-4768
RESERVED
CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
@@ -9166,8 +9452,8 @@
RESERVED
CVE-2014-4665
RESERVED
-CVE-2014-4664
- RESERVED
+CVE-2014-4664 (Cross-site scripting (XSS) vulnerability in the Wordfence Security ...)
+ TODO: check
CVE-2014-4663 (TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is ...)
NOT-FOR-US: WordPress timthumb
CVE-2014-4662
@@ -9298,8 +9584,8 @@
RESERVED
CVE-2014-4628
RESERVED
-CVE-2014-4627
- RESERVED
+CVE-2014-4627 (SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before ...)
+ TODO: check
CVE-2014-4626
RESERVED
CVE-2014-4625
@@ -10405,8 +10691,8 @@
NOT-FOR-US: AlienVault OSSIM
CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
NOT-FOR-US: AlienVault OSSIM
-CVE-2014-4149
- RESERVED
+CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
+ TODO: check
CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
NOT-FOR-US: Microsoft
CVE-2014-4147
@@ -10417,8 +10703,8 @@
RESERVED
CVE-2014-4144
RESERVED
-CVE-2014-4143
- RESERVED
+CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-4142
RESERVED
CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
@@ -10467,12 +10753,12 @@
RESERVED
CVE-2014-4119
RESERVED
-CVE-2014-4118
- RESERVED
+CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, ...)
NOT-FOR-US: Microsoft
-CVE-2014-4116
- RESERVED
+CVE-2014-4116 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+ TODO: check
CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in ...)
NOT-FOR-US: Microsoft
CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
@@ -10547,12 +10833,12 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4079 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-4078
- RESERVED
-CVE-2014-4077
- RESERVED
-CVE-2014-4076
- RESERVED
+CVE-2014-4078 (The IP Security feature in Microsoft Internet Information Services ...)
+ TODO: check
+CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
+ TODO: check
+CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain ...)
+ TODO: check
CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in ...)
NOT-FOR-US: Microsoft
CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...)
@@ -11426,8 +11712,7 @@
- kfreebsd-9 <removed> (bug #766275)
[jessie] - kfreebsd-9 <not-affected> (Kfreebsd 8/9 not present in jessie, workaround for #769128)
- kfreebsd-10 10.1~svn273874-1 (bug #766278)
-CVE-2014-3710 [out-of-bounds read in elf note headers]
- RESERVED
+CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the ...)
{DSA-3072-1 DLA-86-1}
- file 1:5.20-2 (bug #768806)
NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
@@ -11485,8 +11770,7 @@
{DSA-3055-1}
- pidgin 2.10.10-1
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
-CVE-2014-3693 [Use-After-Free in socket manager of Impress Remote]
- RESERVED
+CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Remote ...)
- libreoffice 1:4.3.3~rc2~git20141011-1
[wheezy] - libreoffice <not-affected> (Introduced in 4.0.0)
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/
@@ -11496,8 +11780,7 @@
CVE-2014-3691
RESERVED
NOT-FOR-US: Foreman Smart Proxy
-CVE-2014-3690
- RESERVED
+CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
@@ -11516,8 +11799,7 @@
- linux 3.16.7-1
- linux-2.6 <removed>
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26b87c7881006311828bb0ab271a551a62dcceb4 (v3.18-rc1)
-CVE-2014-3687 [net: sctp: fix panic on duplicate ASCONF chunks]
- RESERVED
+CVE-2014-3687 (The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
@@ -11561,8 +11843,7 @@
CVE-2014-3674
RESERVED
NOT-FOR-US: OpenShift Enterprise
-CVE-2014-3673 [sctp: skb_over_panic when receiving malformed ASCONF chunks]
- RESERVED
+CVE-2014-3673 (The SCTP implementation in the Linux kernel through 3.17.2 allows ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
@@ -11599,8 +11880,7 @@
- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3661 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
- jenkins 1.565.3-1 (bug #763899)
-CVE-2014-3660 [libxml2 billion laugh variant]
- RESERVED
+CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity ...)
{DSA-3057-1 DLA-80-1}
- libxml2 2.9.2+dfsg1-1 (bug #765722)
NOTE: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
@@ -11644,21 +11924,18 @@
RESERVED
CVE-2014-3648
RESERVED
-CVE-2014-3647
- RESERVED
+CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=234f3ce485d54017f15cf5e0699cff4100121601
NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=d1442d85cc30ea75f7d399474ca738e0bc96f715
-CVE-2014-3646
- RESERVED
+CVE-2014-3646 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a642fc305053cc1c6e47e4f4df327895747ab485
-CVE-2014-3645
- RESERVED
+CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before ...)
{DSA-3060-1}
- linux 3.12.6-1
- linux-2.6 <removed>
@@ -11672,8 +11949,7 @@
CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder ...)
- cinder 2014.1.3-1
NOTE: Affects version up to 2014.1.2
-CVE-2014-3640 [slirp: NULL pointer deref in sosendto()]
- RESERVED
+CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.1+dfsg-5 (bug #762532)
- qemu-kvm <removed>
@@ -11790,14 +12066,12 @@
NOTE: http://curl.haxx.se/docs/adv_20140910A.html
CVE-2014-3612
RESERVED
-CVE-2014-3611
- RESERVED
+CVE-2014-3611 (Race condition in the __kvm_migrate_pit_timer function in ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=2febc839133280d5a5e8e1179c94ea674489dae2
-CVE-2014-3610
- RESERVED
+CVE-2014-3610 (The WRMSR processing functionality in the KVM subsystem in the Linux ...)
{DSA-3060-1}
- linux 3.16.7-1
- linux-2.6 <removed>
@@ -12465,8 +12739,7 @@
[squeeze] - mumble <no-dsa> (Minor issue)
[wheezy] - mumble <no-dsa> (Minor issue)
NOTE: http://mumble.info/security/Mumble-SA-2014-005.txt
-CVE-2014-3461 [usb: fix up post load checks]
- RESERVED
+CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute ...)
- qemu 2.1+dfsg-1 (bug #739589)
- qemu-kvm <removed>
[wheezy] - qemu <no-dsa> (Too intrusive to backport, minor risk)
@@ -12535,14 +12808,11 @@
NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
CVE-2014-3440
RESERVED
-CVE-2014-3439
- RESERVED
+CVE-2014-3439 (ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 ...)
NOT-FOR-US: Symantec Endpoint Protection
-CVE-2014-3438
- RESERVED
+CVE-2014-3438 (Multiple cross-site scripting (XSS) vulnerabilities in console ...)
NOT-FOR-US: Symantec Endpoint Protection
-CVE-2014-3437
- RESERVED
+CVE-2014-3437 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...)
NOT-FOR-US: Symantec
@@ -13803,7 +14073,7 @@
CVE-2014-2938 (Hanvon FaceID before 1.007.110 does not require authentication, which ...)
NOT-FOR-US: Hanvon FaceID
CVE-2014-2937
- RESERVED
+ REJECTED
CVE-2014-2936 (The directory manager in Caldera 9.20 allows remote attackers to ...)
NOT-FOR-US: Caldera
CVE-2014-2935 (costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows ...)
@@ -14405,8 +14675,7 @@
NOT-FOR-US: IZArc Archiver
CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with ...)
NOT-FOR-US: ASUS RT series routers
-CVE-2014-2718
- RESERVED
+CVE-2014-2718 (ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, ...)
NOT-FOR-US: ASUS routers
CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier ...)
NOT-FOR-US: Honeywell FALCON XLWeb controller
@@ -15381,10 +15650,10 @@
NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2375 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta ...)
NOT-FOR-US: Ecava IntegraXor SCADA Server
-CVE-2014-2374
- RESERVED
-CVE-2014-2373
- RESERVED
+CVE-2014-2374 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim ...)
+ TODO: check
+CVE-2014-2373 (The web server on the AXN-NET Ethernet module accessory 3.04 for the ...)
+ TODO: check
CVE-2014-2372
RESERVED
CVE-2014-2371
@@ -15836,14 +16105,11 @@
NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center ...)
NOT-FOR-US: Cisco Unified Contact Center Express
-CVE-2014-2179
- RESERVED
+CVE-2014-2179 (The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on ...)
NOT-FOR-US: Cisco RV
-CVE-2014-2178
- RESERVED
+CVE-2014-2178 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
NOT-FOR-US: Cisco RV
-CVE-2014-2177
- RESERVED
+CVE-2014-2177 (The network-diagnostics administration interface in the Cisco RV ...)
NOT-FOR-US: Cisco RV
CVE-2014-2176 (Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a ...)
NOT-FOR-US: Cisco IOS
@@ -17500,8 +17766,8 @@
NOT-FOR-US: Command School Student Management System
CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student ...)
NOT-FOR-US: Command School Student Management System
-CVE-2014-1635
- RESERVED
+CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with ...)
+ TODO: check
CVE-2014-1634
RESERVED
CVE-2014-1633
@@ -18855,8 +19121,7 @@
RESERVED
CVE-2014-0996
RESERVED
-CVE-2014-0995
- RESERVED
+CVE-2014-0995 (The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier ...)
NOT-FOR-US: SAP Netweaver
CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the ...)
NOT-FOR-US: Delphi
@@ -20003,34 +20268,25 @@
[squeeze] - bip <no-dsa> (Minor issue)
[wheezy] - bip <no-dsa> (Minor issue)
NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
-CVE-2014-0590
- RESERVED
+CVE-2014-0590 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0589
- RESERVED
+CVE-2014-0589 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0588
- RESERVED
+CVE-2014-0588 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0587
RESERVED
-CVE-2014-0586
- RESERVED
+CVE-2014-0586 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0585
- RESERVED
+CVE-2014-0585 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0584
- RESERVED
+CVE-2014-0584 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0583
- RESERVED
+CVE-2014-0583 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0582
- RESERVED
+CVE-2014-0582 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0581
- RESERVED
+CVE-2014-0581 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0580
RESERVED
@@ -20038,19 +20294,15 @@
RESERVED
CVE-2014-0578
RESERVED
-CVE-2014-0577
- RESERVED
+CVE-2014-0577 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0576
- RESERVED
+CVE-2014-0576 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0575
RESERVED
-CVE-2014-0574
- RESERVED
+CVE-2014-0574 (Double free vulnerability in Adobe Flash Player before 13.0.0.252 and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0573
- RESERVED
+CVE-2014-0573 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0572 (Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 ...)
NOT-FOR-US: Adobe ColdFusion
@@ -20941,8 +21193,8 @@
RESERVED
CVE-2013-7058
RESERVED
-CVE-2013-7057
- RESERVED
+CVE-2013-7057 (Cross-site request forgery (CSRF) vulnerability in Axway ...)
+ TODO: check
CVE-2013-7056
RESERVED
CVE-2013-7055
@@ -21765,16 +22017,14 @@
{DSA-2950-1 DLA-0008-1 DLA-0003-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
-CVE-2014-0223 [qcow1: Validate image size]
- RESERVED
+CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.0.0+dfsg-6 (bug #742730)
- qemu-kvm <removed>
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
-CVE-2014-0222 [qcow1: Validate L2 table size]
- RESERVED
+CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU ...)
{DSA-3045-1 DSA-3044-1}
- qemu 2.0.0+dfsg-6 (bug #742730)
- qemu-kvm <removed>
@@ -21921,8 +22171,7 @@
CVE-2014-0183
RESERVED
NOT-FOR-US: Katello
-CVE-2014-0182 [virtio: out-of-bounds buffer write on state load with invalid config_len]
- RESERVED
+CVE-2014-0182 (Heap-based buffer overflow in the virtio_load function in ...)
- qemu 2.1+dfsg-1 (bug #739589)
- qemu-kvm <removed>
[wheezy] - qemu <no-dsa> (Too intrusive to backport, minor risk)
@@ -24034,8 +24283,7 @@
- xen 4.4.0-1
[wheezy] - xen <not-affected> (4.2.x and later are vulnerable)
[squeeze] - xen <not-affected> (4.2.x and later are vulnerable)
-CVE-2013-6399
- RESERVED
+CVE-2013-6399 (Array index error in the virtio_load function in hw/virtio/virtio.c in ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -28559,48 +28807,42 @@
NOTE: see BTS bug #744213
CVE-2013-4543
REJECTED
-CVE-2013-4542
- RESERVED
+CVE-2013-4542 (The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4541
- RESERVED
+CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4540
- RESERVED
+CVE-2013-4540 (Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4539
- RESERVED
+CVE-2013-4539 (Multiple buffer overflows in the tsc210x_load function in ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4538
- RESERVED
+CVE-2013-4538 (Multiple buffer overflows in the ssd0323_load function in ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4537
- RESERVED
+CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -28623,16 +28865,14 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4534
- RESERVED
+CVE-2013-4534 (Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4533
- RESERVED
+CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -28647,24 +28887,21 @@
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4531
- RESERVED
+CVE-2013-4531 (Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4530
- RESERVED
+CVE-2013-4530 (Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed>
-CVE-2013-4529
- RESERVED
+CVE-2013-4529 (Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -28673,16 +28910,14 @@
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4528
REJECTED
-CVE-2013-4527
- RESERVED
+CVE-2013-4527 (Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4526
- RESERVED
+CVE-2013-4526 (Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
@@ -30005,32 +30240,28 @@
CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...)
{DSA-2842-1}
- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
-CVE-2013-4151
- RESERVED
+CVE-2013-4151 (The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4150
- RESERVED
+CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4149
- RESERVED
+CVE-2013-4149 (Buffer overflow in virtio_net_load function in net/virtio-net.c in ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
- qemu-kvm <removed> (low)
[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
-CVE-2013-4148
- RESERVED
+CVE-2013-4148 (Integer signedness error in the virtio_net_load function in ...)
- qemu 2.1+dfsg-1 (low; bug #739589)
[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
More information about the Secure-testing-commits
mailing list