[Secure-testing-commits] r30137 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Tue Nov 18 21:10:21 UTC 2014


Author: sectracker
Date: 2014-11-18 21:10:21 +0000 (Tue, 18 Nov 2014)
New Revision: 30137

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-18 18:59:35 UTC (rev 30136)
+++ data/CVE/list	2014-11-18 21:10:21 UTC (rev 30137)
@@ -1,3 +1,379 @@
+CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...)
+	TODO: check
+CVE-2014-8954 (Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 ...)
+	TODO: check
+CVE-2014-8953 (Multiple cross-site request forgery (CSRF) vulnerabilities in Php ...)
+	TODO: check
+CVE-2014-8952 (Multiple unspecified vulnerabilities in Check Point Security Gateway ...)
+	TODO: check
+CVE-2014-8951 (Unspecified vulnerability in Check Point Security Gateway R75, R76, ...)
+	TODO: check
+CVE-2014-8950 (Unspecified vulnerability in Check Point Security Gateway R77 and ...)
+	TODO: check
+CVE-2014-8949 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows ...)
+	TODO: check
+CVE-2014-8948 (Cross-site request forgery (CSRF) vulnerability in the iMember360 ...)
+	TODO: check
+CVE-2014-8947
+	RESERVED
+CVE-2014-8946
+	RESERVED
+CVE-2014-8945
+	RESERVED
+CVE-2014-8944
+	RESERVED
+CVE-2014-8943
+	RESERVED
+CVE-2014-8942
+	RESERVED
+CVE-2014-8941
+	RESERVED
+CVE-2014-8940
+	RESERVED
+CVE-2014-8939
+	RESERVED
+CVE-2014-8938
+	RESERVED
+CVE-2014-8937
+	RESERVED
+CVE-2014-8936
+	RESERVED
+CVE-2014-8935
+	RESERVED
+CVE-2014-8934
+	RESERVED
+CVE-2014-8933
+	RESERVED
+CVE-2014-8932
+	RESERVED
+CVE-2014-8931
+	RESERVED
+CVE-2014-8930
+	RESERVED
+CVE-2014-8929
+	RESERVED
+CVE-2014-8928
+	RESERVED
+CVE-2014-8927
+	RESERVED
+CVE-2014-8926
+	RESERVED
+CVE-2014-8925
+	RESERVED
+CVE-2014-8924
+	RESERVED
+CVE-2014-8923
+	RESERVED
+CVE-2014-8922
+	RESERVED
+CVE-2014-8921
+	RESERVED
+CVE-2014-8920
+	RESERVED
+CVE-2014-8919
+	RESERVED
+CVE-2014-8918
+	RESERVED
+CVE-2014-8917
+	RESERVED
+CVE-2014-8916
+	RESERVED
+CVE-2014-8915
+	RESERVED
+CVE-2014-8914
+	RESERVED
+CVE-2014-8913
+	RESERVED
+CVE-2014-8912
+	RESERVED
+CVE-2014-8911
+	RESERVED
+CVE-2014-8910
+	RESERVED
+CVE-2014-8909
+	RESERVED
+CVE-2014-8908
+	RESERVED
+CVE-2014-8907
+	RESERVED
+CVE-2014-8906
+	RESERVED
+CVE-2014-8905
+	RESERVED
+CVE-2014-8904
+	RESERVED
+CVE-2014-8903
+	RESERVED
+CVE-2014-8902
+	RESERVED
+CVE-2014-8901
+	RESERVED
+CVE-2014-8900
+	RESERVED
+CVE-2014-8899
+	RESERVED
+CVE-2014-8898
+	RESERVED
+CVE-2014-8897
+	RESERVED
+CVE-2014-8896
+	RESERVED
+CVE-2014-8895
+	RESERVED
+CVE-2014-8894
+	RESERVED
+CVE-2014-8893
+	RESERVED
+CVE-2014-8892
+	RESERVED
+CVE-2014-8891
+	RESERVED
+CVE-2014-8890
+	RESERVED
+CVE-2014-8889
+	RESERVED
+CVE-2014-8888
+	RESERVED
+CVE-2014-8887
+	RESERVED
+CVE-2014-8886
+	RESERVED
+CVE-2014-8885
+	RESERVED
+CVE-2014-8883
+	RESERVED
+CVE-2014-8882
+	RESERVED
+CVE-2014-8881
+	RESERVED
+CVE-2014-8880
+	RESERVED
+CVE-2014-8879
+	RESERVED
+CVE-2014-8878
+	RESERVED
+CVE-2014-8877
+	RESERVED
+CVE-2014-8876
+	RESERVED
+CVE-2014-8875
+	RESERVED
+CVE-2014-8874
+	RESERVED
+CVE-2014-8873
+	RESERVED
+CVE-2014-8872
+	RESERVED
+CVE-2014-8871
+	RESERVED
+CVE-2014-8870
+	RESERVED
+CVE-2014-8869
+	RESERVED
+CVE-2014-8868
+	RESERVED
+CVE-2014-8867
+	RESERVED
+CVE-2014-8866
+	RESERVED
+CVE-2014-8865
+	RESERVED
+CVE-2014-8864
+	RESERVED
+CVE-2014-8863
+	RESERVED
+CVE-2014-8862
+	RESERVED
+CVE-2014-8861
+	RESERVED
+CVE-2014-8860
+	RESERVED
+CVE-2014-8859
+	RESERVED
+CVE-2014-8858
+	RESERVED
+CVE-2014-8857
+	RESERVED
+CVE-2014-8856
+	RESERVED
+CVE-2014-8855
+	RESERVED
+CVE-2014-8854
+	RESERVED
+CVE-2014-8853
+	RESERVED
+CVE-2014-8852
+	RESERVED
+CVE-2014-8851
+	RESERVED
+CVE-2014-8850
+	RESERVED
+CVE-2014-8849
+	RESERVED
+CVE-2014-8848
+	RESERVED
+CVE-2014-8847
+	RESERVED
+CVE-2014-8846
+	RESERVED
+CVE-2014-8845
+	RESERVED
+CVE-2014-8844
+	RESERVED
+CVE-2014-8843
+	RESERVED
+CVE-2014-8842
+	RESERVED
+CVE-2014-8841
+	RESERVED
+CVE-2014-8840
+	RESERVED
+CVE-2014-8839
+	RESERVED
+CVE-2014-8838
+	RESERVED
+CVE-2014-8837
+	RESERVED
+CVE-2014-8836
+	RESERVED
+CVE-2014-8835
+	RESERVED
+CVE-2014-8834
+	RESERVED
+CVE-2014-8833
+	RESERVED
+CVE-2014-8832
+	RESERVED
+CVE-2014-8831
+	RESERVED
+CVE-2014-8830
+	RESERVED
+CVE-2014-8829
+	RESERVED
+CVE-2014-8828
+	RESERVED
+CVE-2014-8827
+	RESERVED
+CVE-2014-8826
+	RESERVED
+CVE-2014-8825
+	RESERVED
+CVE-2014-8824
+	RESERVED
+CVE-2014-8823
+	RESERVED
+CVE-2014-8822
+	RESERVED
+CVE-2014-8821
+	RESERVED
+CVE-2014-8820
+	RESERVED
+CVE-2014-8819
+	RESERVED
+CVE-2014-8818
+	RESERVED
+CVE-2014-8817
+	RESERVED
+CVE-2014-8816
+	RESERVED
+CVE-2014-8815
+	RESERVED
+CVE-2014-8814
+	RESERVED
+CVE-2014-8813
+	RESERVED
+CVE-2014-8812
+	RESERVED
+CVE-2014-8811
+	RESERVED
+CVE-2014-8810
+	RESERVED
+CVE-2014-8809
+	RESERVED
+CVE-2014-8808
+	RESERVED
+CVE-2014-8807
+	RESERVED
+CVE-2014-8806
+	RESERVED
+CVE-2014-8805
+	RESERVED
+CVE-2014-8804
+	RESERVED
+CVE-2014-8803
+	RESERVED
+CVE-2014-8802
+	RESERVED
+CVE-2014-8801
+	RESERVED
+CVE-2014-8800
+	RESERVED
+CVE-2014-8799
+	RESERVED
+CVE-2014-8798
+	RESERVED
+CVE-2014-8797
+	RESERVED
+CVE-2014-8796
+	RESERVED
+CVE-2014-8795
+	RESERVED
+CVE-2014-8794
+	RESERVED
+CVE-2014-8793
+	RESERVED
+CVE-2014-8792
+	RESERVED
+CVE-2014-8791
+	RESERVED
+CVE-2014-8790
+	RESERVED
+CVE-2014-8789
+	RESERVED
+CVE-2014-8788
+	RESERVED
+CVE-2014-8787
+	RESERVED
+CVE-2014-8786
+	RESERVED
+CVE-2014-8785
+	RESERVED
+CVE-2014-8784
+	RESERVED
+CVE-2014-8783
+	RESERVED
+CVE-2014-8782
+	RESERVED
+CVE-2014-8781
+	RESERVED
+CVE-2014-8780
+	RESERVED
+CVE-2014-8779
+	RESERVED
+CVE-2014-8778
+	RESERVED
+CVE-2014-8777
+	RESERVED
+CVE-2014-8776
+	RESERVED
+CVE-2014-8775
+	RESERVED
+CVE-2014-8774
+	RESERVED
+CVE-2014-8773
+	RESERVED
+CVE-2014-8772
+	RESERVED
+CVE-2014-8771
+	RESERVED
+CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in the ...)
+	TODO: check
+CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...)
+	TODO: check
+CVE-2012-6664
+	RESERVED
+CVE-2012-6663
+	RESERVED
 CVE-2014-XXXX [zoph multiple issues]
 	- zoph <removed>
 	NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C
@@ -24,6 +400,7 @@
 	- sosreport 3.2-2 (bug #769521)
 	NOTE: https://github.com/sosreport/sos/issues/425
 CVE-2014-8884 [ttusb-dec: overflow by descriptor]
+	RESERVED
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1)
@@ -64,8 +441,8 @@
 	RESERVED
 CVE-2014-8728
 	RESERVED
-CVE-2014-8727
-	RESERVED
+CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP before ...)
+	TODO: check
 CVE-2014-8726
 	RESERVED
 CVE-2014-8725
@@ -306,8 +683,8 @@
 	RESERVED
 CVE-2014-8597
 	RESERVED
-CVE-2014-8596
-	RESERVED
+CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow ...)
+	TODO: check
 CVE-2014-8595 [XSA-110]
 	RESERVED
 	- xen <unfixed>
@@ -339,6 +716,7 @@
 CVE-2013-7410
 	RESERVED
 CVE-2010-5312 [Title XSS Vulnerability]
+	RESERVED
 	- jquery <unfixed>
 	NOTE: http://bugs.jqueryui.com/ticket/6016
 	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
@@ -359,8 +737,7 @@
 CVE-2014-XXXX [Buffer overflow while trying to send a file as base64 with /query]
 	- konversation <unfixed> (bug #768656)
 	TODO: check
-CVE-2014-8732 [stored cross-site scripting (XSS) issues]
-	RESERVED
+CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 ...)
 	NOT-FOR-US: phpMemcachedAdmin
 CVE-2014-8731 [remote code execution flaw]
 	RESERVED
@@ -473,9 +850,8 @@
 CVE-2014-8568
 	RESERVED
 CVE-2014-8565
-	RESERVED
-CVE-2014-8564 [Denial of service in GnuTLS 3 when printing elliptic curves parameters]
-	RESERVED
+	REJECTED
+CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS ...)
 	- gnutls28 3.3.8-4 (bug #769154)
 	- gnutls26 <not-affected> (Vulnerable code not present; no support for ECC)
 	NOTE: https://gitorious.org/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b (3.3.x branch)
@@ -488,8 +864,7 @@
 CVE-2014-8558 [Escalation Access]
 	RESERVED
 	NOT-FOR-US: JExperts Tecnologia Channel Software
-CVE-2014-8557 [Cross Site Scripting]
-	RESERVED
+CVE-2014-8557 (Multiple cross-site scripting (XSS) vulnerabilities in JExperts ...)
 	NOT-FOR-US: JExperts Tecnologia Channel Software
 CVE-2014-8556
 	RESERVED
@@ -539,14 +914,11 @@
 	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd
 CVE-2014-8582 (FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point ...)
 	NOT-FOR-US: FortiNet FortiADC-E
-CVE-2014-8567 [mod_auth_mellon logout requests would crash the Apache web server]
-	RESERVED
+CVE-2014-8567 (The mod_auth_mellon module before 0.8.1 allows remote attackers to ...)
 	- libapache2-mod-auth-mellon 0.9.0
-CVE-2014-8566 [mod_auth_mellon information disclosure]
-	RESERVED
+CVE-2014-8566 (The mod_auth_mellon module before 0.8.1 allows remote attackers to ...)
 	- libapache2-mod-auth-mellon 0.9.1
-CVE-2014-8554 [SQL injection vulnerability in MantisBT SOAP API]
-	RESERVED
+CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments function ...)
 	- mantis <removed>
 	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
 	NOTE: http://www.mantisbt.org/bugs/view.php?id=17812
@@ -595,7 +967,7 @@
 	NOT-FOR-US: McAfee
 CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
 	NOT-FOR-US: McAfee
-CVE-2014-8518 (The (1) Removable Media or (2) CD and DVD encryption offsite access ...)
+CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite access ...)
 	NOT-FOR-US: McAfee
 CVE-2014-8516
 	RESERVED
@@ -647,11 +1019,9 @@
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
 CVE-2014-8500
 	RESERVED
-CVE-2014-8499
-	RESERVED
+CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password ...)
 	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
-CVE-2014-8498
-	RESERVED
+CVE-2014-8498 (SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine ...)
 	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
 CVE-2014-8497
 	RESERVED
@@ -679,8 +1049,7 @@
 	- linux <unfixed>
 	- linux-2.6 <removed>
 	NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
-CVE-2014-8517 [ftp(1) can be made execute arbitrary commands by malicious webserver]
-	RESERVED
+CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in ...)
 	- tnftp 20130505-2 (low; bug #767171)
 	[wheezy] - tnftp <no-dsa> (Minor issue)
 	[squeeze] - tnftp <no-dsa> (Minor issue)
@@ -735,8 +1104,7 @@
 	RESERVED
 CVE-2014-8477
 	RESERVED
-CVE-2014-8476 [getlogin kernel memory disclosure]
-	RESERVED
+CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not ...)
 	{DSA-3070-1}
 	- kfreebsd-10 <unfixed> (bug #768108)
 	- kfreebsd-9 <removed> (bug #768104)
@@ -1028,8 +1396,8 @@
 	NOTE: followup: https://forge.indepnet.net/issues/5113
 	NOTE: appears to be a generic autoloading abuse; possibly with
 	NOTE: some use of simplepie being the attack vector
-CVE-2014-8359
-	RESERVED
+CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for ...)
+	TODO: check
 CVE-2014-8358
 	RESERVED
 CVE-2014-8357
@@ -1869,10 +2237,10 @@
 	RESERVED
 CVE-2014-7999
 	RESERVED
-CVE-2014-7998
-	RESERVED
-CVE-2014-7997
-	RESERVED
+CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa authenticator" ...)
+	TODO: check
+CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
+	TODO: check
 CVE-2014-7996
 	RESERVED
 CVE-2014-7995
@@ -1881,10 +2249,10 @@
 	RESERVED
 CVE-2014-7993
 	RESERVED
-CVE-2014-7992
-	RESERVED
-CVE-2014-7991
-	RESERVED
+CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet ...)
+	TODO: check
+CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications ...)
+	TODO: check
 CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 ...)
 	TODO: check
 CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows local ...)
@@ -2099,8 +2467,7 @@
 	RESERVED
 CVE-2014-7879
 	RESERVED
-CVE-2014-7878
-	RESERVED
+CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
 	NOT-FOR-US: HP Helion Cloud Development Platform
 CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
 	NOT-FOR-US: HP-UX
@@ -2317,8 +2684,7 @@
 	- dbus 1.8.10-1
 	[wheezy] - dbus <no-dsa> (Minor issue, will be fixed trough a stable proposed update)
 	[squeeze] - dbus <no-dsa> (Minor issue)
-CVE-2014-7823 [dumpxml: information leak with migratable flag]
-	RESERVED
+CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote ...)
 	- libvirt 1.2.9-4 (bug #769149)
 	[wheezy] - libvirt <not-affected> (Introduced in v1.0.0)
 	[squeeze] - libvirt <not-affected> (Introduced in v1.0.0)
@@ -2345,8 +2711,7 @@
 	- undertow <itp> (bug #767001)
 	NOTE: When this enters the archive it should be marked straight as not-affected
 	NOTE: as the issue is only when undertow is running on Windows.
-CVE-2014-7815 [insufficient bits_per_pixel from the client sanitization]
-	RESERVED
+CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote ...)
 	{DSA-3067-1 DSA-3066-1}
 	- qemu 2.1+dfsg-7
 	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
@@ -3498,12 +3863,12 @@
 	RESERVED
 CVE-2014-7249
 	RESERVED
-CVE-2014-7248
-	RESERVED
+CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...)
+	TODO: check
 CVE-2014-7247
 	RESERVED
-CVE-2014-7246
-	RESERVED
+CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, ...)
+	TODO: check
 CVE-2014-7245
 	RESERVED
 CVE-2014-7244
@@ -3600,6 +3965,7 @@
 CVE-2013-7404
 	RESERVED
 CVE-2012-6662 [Tooltip: XSS vulnerability in default content]
+	RESERVED
 	- jquery <unfixed>
 	NOTE: http://bugs.jqueryui.com/ticket/8861
 	NOTE: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
@@ -5657,7 +6023,7 @@
 	TODO: check
 CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
 	TODO: check
-CVE-2014-6332 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
+CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows ...)
 	TODO: check
 CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and ...)
 	TODO: check
@@ -6177,18 +6543,18 @@
 	RESERVED
 CVE-2014-6111
 	RESERVED
-CVE-2014-6110
-	RESERVED
+CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not ...)
+	TODO: check
 CVE-2014-6109
 	RESERVED
 CVE-2014-6108
 	RESERVED
-CVE-2014-6107
-	RESERVED
+CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
+	TODO: check
 CVE-2014-6106
 	RESERVED
-CVE-2014-6105
-	RESERVED
+CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
+	TODO: check
 CVE-2014-6104
 	RESERVED
 CVE-2014-6103
@@ -6201,14 +6567,14 @@
 	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x ...)
 	NOT-FOR-US: IBM Sterling
-CVE-2014-6098
-	RESERVED
+CVE-2014-6098 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
+	TODO: check
 CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and ...)
 	TODO: check
-CVE-2014-6096
-	RESERVED
-CVE-2014-6095
-	RESERVED
+CVE-2014-6096 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...)
+	TODO: check
+CVE-2014-6095 (Directory traversal vulnerability in IBM Security Identity Manager 6.x ...)
+	TODO: check
 CVE-2014-6094
 	RESERVED
 CVE-2014-6093
@@ -7597,8 +7963,8 @@
 	RESERVED
 CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
 	NOT-FOR-US: IOServer
-CVE-2014-5424
-	RESERVED
+CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before ...)
+	TODO: check
 CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
 	NOT-FOR-US: CareFusion
 CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
@@ -7716,8 +8082,7 @@
 CVE-2014-5443
 	RESERVED
 	- seafile <itp> (bug #709295)
-CVE-2014-5388 [array out of bounds]
-	RESERVED
+CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug ...)
 	- qemu 2.1+dfsg-5
 	[squeeze] - qemu <not-affected> (Introduced in 1.7)
 	[wheezy] - qemu <not-affected> (Introduced in 1.7)
@@ -7966,8 +8331,7 @@
 	NOT-FOR-US: boot2docker
 CVE-2014-5278
 	RESERVED
-CVE-2014-5277 [HTTP downgrade attack against registry]
-	RESERVED
+CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when ...)
 	- docker.io 1.3.1~dfsg1-1
 	NOTE: https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
 CVE-2014-5276 (Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms ...)
@@ -8853,8 +9217,7 @@
 	- drupal6 <removed>
 	- drupal7 7.29-1 (bug #755038)
 	NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-4975 [ruby pack.c buffer overrun]
-	RESERVED
+CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and ...)
 	- ruby1.8 <removed> (low)
 	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
 	- ruby1.9.1 <removed> (low)
@@ -10080,32 +10443,32 @@
 	RESERVED
 CVE-2014-4464
 	RESERVED
-CVE-2014-4463
-	RESERVED
-CVE-2014-4462
-	RESERVED
-CVE-2014-4461
-	RESERVED
-CVE-2014-4460
-	RESERVED
-CVE-2014-4459
-	RESERVED
-CVE-2014-4458
-	RESERVED
-CVE-2014-4457
-	RESERVED
+CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...)
+	TODO: check
+CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...)
+	TODO: check
+CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does ...)
+	TODO: check
+CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not ...)
+	TODO: check
+CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X before ...)
+	TODO: check
+CVE-2014-4458 (The "System Profiler About This Mac" component in Apple OS X before ...)
+	TODO: check
+CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not ...)
+	TODO: check
 CVE-2014-4456
 	RESERVED
-CVE-2014-4455
-	RESERVED
+CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not ...)
+	TODO: check
 CVE-2014-4454
 	RESERVED
-CVE-2014-4453
-	RESERVED
-CVE-2014-4452
-	RESERVED
-CVE-2014-4451
-	RESERVED
+CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data ...)
+	TODO: check
+CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...)
+	TODO: check
+CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the failed-passcode ...)
+	TODO: check
 CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before ...)
 	NOT-FOR-US: Apple iOS
 CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 ...)
@@ -11364,8 +11727,7 @@
 	RESERVED
 CVE-2014-3918
 	RESERVED
-CVE-2014-3916
-	RESERVED
+CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 ...)
 	- ruby2.1 <unfixed> (unimportant)
 	- ruby2.0 <removed> (unimportant)
 	- ruby1.9.1 <removed> (unimportant)
@@ -11848,8 +12210,7 @@
 	- nova 2014.1.3-6 (low)
 	[wheezy] - nova <no-dsa> (Minor issue)
 	NOTE: affected versions up to 2014.1.3, and 2014.2
-CVE-2014-3707 [duphandle read out of bounds]
-	RESERVED
+CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, ...)
 	{DSA-3069-1 DLA-84-1}
 	- curl 7.38.0-3
 	NOTE: http://curl.haxx.se/docs/adv_20141105.html
@@ -11907,8 +12268,7 @@
 	- linux 3.16.7-1
 	- linux-2.6 <removed>
 	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a (v3.18-rc1)
-CVE-2014-3689 [vmware_vga: insufficient parameter validation in rectangle functions]
-	RESERVED
+CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local ...)
 	{DSA-3067-1 DSA-3066-1}
 	- qemu 2.1+dfsg-6 (bug #765496)
 	- qemu-kvm <removed>
@@ -11962,8 +12322,7 @@
 	NOT-FOR-US: shim (the UEFI one, not the systemd)
 CVE-2014-3675 (Shim allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: shim (the UEFI one, not the systemd)
-CVE-2014-3674
-	RESERVED
+CVE-2014-3674 (Red Hat OpenShift Enterprise before 2.2 does not properly restrict ...)
 	NOT-FOR-US: OpenShift Enterprise
 CVE-2014-3673 (The SCTP implementation in the Linux kernel through 3.17.2 allows ...)
 	{DSA-3060-1}
@@ -12121,8 +12480,7 @@
 	NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
 CVE-2014-3630
 	RESERVED
-CVE-2014-3629 [qpidd can be induced to make http requests]
-	RESERVED
+CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in ...)
 	- qpid-cpp <unfixed> (low)
 	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
 	NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
@@ -12230,8 +12588,7 @@
 	- libopensaml2-java 2.6.2-1 (bug #759470)
 	NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
 	NOTE: http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
-CVE-2014-3602
-	RESERVED
+CVE-2014-3602 (Red Hat OpenShift Enterprise before 2.2 allows local users to obtain ...)
 	NOT-FOR-US: OpenShift
 CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
 	- linux 3.16.2-1
@@ -12609,14 +12966,11 @@
 	[squeeze] - serf <no-dsa> (Minor issue)
 CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate ...)
 	NOT-FOR-US: Apache Syncope
-CVE-2014-3502
-	RESERVED
+CVE-2014-3502 (Apache Cordova Android before 3.5.1 allows remote attackers to open ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-3501
-	RESERVED
+CVE-2014-3501 (Apache Cordova Android before 3.5.1 allows remote attackers to bypass ...)
 	NOT-FOR-US: Apache Cordova
-CVE-2014-3500
-	RESERVED
+CVE-2014-3500 (Apache Cordova Android before 3.5.1 allows remote attackers to change ...)
 	NOT-FOR-US: Apache Cordova
 CVE-2014-3499 (Docker 1.0.0 uses world-readable and world-writable permissions on the ...)
 	- docker.io <not-affected> (RHEL specific, socket based activation not shipped)
@@ -12855,14 +13209,12 @@
 	- zenoss <itp> (bug #361253)
 CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote ...)
 	- zenoss <itp> (bug #361253)
-CVE-2014-3756 [Mumble-SA-2014-006]
-	RESERVED
+CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to ...)
 	- mumble 1.2.6-1 (bug #748189)
 	[squeeze] - mumble <no-dsa> (Minor issue)
 	[wheezy] - mumble <no-dsa> (Minor issue)
 	NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt
-CVE-2014-3755 [Mumble-SA-2014-005]
-	RESERVED
+CVE-2014-3755 (The QSvg module in Qt, as used in the Mumble client 1.2.x before ...)
 	- mumble 1.2.6-1 (bug #748189)
 	[squeeze] - mumble <no-dsa> (Minor issue)
 	[wheezy] - mumble <no-dsa> (Minor issue)
@@ -13315,8 +13667,7 @@
 CVE-2014-3249 (Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...)
 	- puppet <not-affected> (Only affects Puppet Enterprise)
 	NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
-CVE-2014-3248
-	RESERVED
+CVE-2014-3248 (Untrusted search path vulnerability in Puppet Enterprise 2.8 before ...)
 	- puppet 3.7.0-1 (low)
 	[wheezy] - puppet <no-dsa> (Minor issue)
 	[squeeze] - puppet <no-dsa> (Minor issue)
@@ -13658,8 +14009,7 @@
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
 	NOT-FOR-US: Android
-CVE-2014-3158
-	RESERVED
+CVE-2014-3158 (Integer overflow in the getword function in options.c in pppd in ...)
 	{DLA-74-1}
 	- ppp 2.4.6-3 (medium; bug #762789)
 	NOTE: https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb
@@ -13740,8 +14090,7 @@
 	NOT-FOR-US: SAP NetWeaver
 CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP ...)
 	NOT-FOR-US: SAP NetWeaver
-CVE-2014-3209 [ldnsutils: ldns-keygen creates private key world readable]
-	RESERVED
+CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set the ...)
 	- ldns 1.6.17-4 (low; bug #746758)
 	[squeeze] - ldns <no-dsa> (Minor issue)
 	[wheezy] - ldns 1.6.13-1+deb7u1
@@ -14954,23 +15303,19 @@
 	- zendframework 1.12.5-0.1 (bug #743175)
 	[wheezy] - zendframework <no-dsa> (Minor issue)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-02
-CVE-2014-2684 [zendframework ZF2014-02]
-	RESERVED
+CVE-2014-2684 (The GenericConsumer class in the Consumer component in ZendOpenId ...)
 	- zendframework 1.12.5-0.1 (bug #743175)
 	[wheezy] - zendframework <no-dsa> (Minor issue)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-02
-CVE-2014-2683 [zendframework ZF2014-01]
-	RESERVED
+CVE-2014-2683 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...)
 	- zendframework 1.12.5-0.1 (bug #743175)
 	[wheezy] - zendframework <no-dsa> (Minor issue)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
-CVE-2014-2682 [zendframework ZF2014-01]
-	RESERVED
+CVE-2014-2682 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...)
 	- zendframework 1.12.5-0.1 (bug #743175)
 	[wheezy] - zendframework <no-dsa> (Minor issue)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
-CVE-2014-2681 [zendframework ZF2014-01]
-	RESERVED
+CVE-2014-2681 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...)
 	- zendframework 1.12.5-0.1 (bug #743175)
 	[wheezy] - zendframework <no-dsa> (Minor issue)
 	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
@@ -15004,8 +15349,7 @@
 	[squeeze] - couchdb <no-dsa> (Minor issue)
 	[wheezy] - couchdb <no-dsa> (Minor issue)
 	NOTE: High resource usage in CPU and memory while query is active. No crash for deamon in 1.4.0-3+b1 and 1.2.0-5 versions.
-CVE-2014-2667 [race condition]
-	RESERVED
+CVE-2014-2667 (Race condition in the _get_masked_mode function in Lib/os.py in Python ...)
 	- python3.1 <removed>
 	[squeeze] - python3.1 <no-dsa> (Minor issue)
 	- python3.2 <removed> (low)
@@ -16068,8 +16412,8 @@
 	RESERVED
 CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 ...)
 	NOT-FOR-US: vTiger CRM
-CVE-2014-2268
-	RESERVED
+CVE-2014-2268 (views/Index.php in the Install module in vTiger 6.0 before Security ...)
+	TODO: check
 CVE-2014-2267
 	RESERVED
 CVE-2014-2266
@@ -22044,8 +22388,7 @@
 	RESERVED
 CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 ...)
 	NOT-FOR-US: Microsoft SharePoint
-CVE-2014-0250 [freerdp: multiple integer overflows in xf_graphics.c]
-	RESERVED
+CVE-2014-0250 (Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP ...)
 	- freerdp 1.1.0~git20140809.1.b07a5c1+dfsg-1 (unimportant; bug #749585)
 	NOTE: A malicious RDP server has many more ways to mess with an RDP client
 CVE-2014-0249 (The System Security Services Daemon (SSSD) 1.11.6 does not properly ...)
@@ -22123,8 +22466,7 @@
 CVE-2014-0234
 	RESERVED
 	NOT-FOR-US: OpenShift
-CVE-2014-0233
-	RESERVED
+CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow ...)
 	NOT-FOR-US: OpenShift
 CVE-2014-0232 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Apache OFBiz
@@ -22135,8 +22477,7 @@
 	RESERVED
 CVE-2014-0229
 	RESERVED
-CVE-2014-0228
-	RESERVED
+CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...)
 	NOT-FOR-US: Apache Hive
 CVE-2014-0227
 	RESERVED
@@ -22791,8 +23132,7 @@
 	- postgresql-8.4 <removed>
 	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
 	- postgresql-9.3 9.3.3-1
-CVE-2014-0059
-	RESERVED
+CVE-2014-0059 (JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise ...)
 	NOT-FOR-US: JBossSX
 CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise ...)
 	NOT-FOR-US: JBoss EAP
@@ -31424,8 +31764,8 @@
 	- phpmyadmin 4:4.0.1-3 (low)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2013-3737
-	RESERVED
+CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in ...)
+	TODO: check
 CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...)
 	NOT-FOR-US: Request Tracker extension MobileUI
 CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
@@ -31552,8 +31892,8 @@
 	RESERVED
 CVE-2013-3679
 	RESERVED
-CVE-2013-3678
-	RESERVED
+CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and ...)
+	TODO: check
 CVE-2013-3677
 	RESERVED
 CVE-2013-3676
@@ -41183,8 +41523,7 @@
 	- thttpd <removed> (low)
 	[squeeze] - thttpd <no-dsa> (Minor issue)
 	NOTE: http://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/
-CVE-2013-0347 [webfs world-readable logdir]
-	RESERVED
+CVE-2013-0347 (The Gentoo init script for webfs uses world-readable permissions for ...)
 	- webfs 1.21+ds1-9 (low; bug #701638)
 	[wheezy] - webfs <no-dsa> (Minor issue)
 	[squeeze] - webfs <no-dsa> (Minor issue)
@@ -52977,8 +53316,7 @@
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution]
-	RESERVED
+CVE-2012-2301 (The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
 	NOT-FOR-US: Drupal addon not packaged
@@ -54571,8 +54909,8 @@
 	NOT-FOR-US: phpPaleo
 CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote ...)
 	NOT-FOR-US: PHP Grade Book
-CVE-2012-1669
-	RESERVED
+CVE-2012-1669 (Directory traversal vulnerability in index.php in phpMoneyBooks before ...)
+	TODO: check
 CVE-2012-1668
 	RESERVED
 CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before ...)




More information about the Secure-testing-commits mailing list