[Secure-testing-commits] r29341 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Oct 9 21:14:17 UTC 2014
Author: joeyh
Date: 2014-10-09 21:14:16 +0000 (Thu, 09 Oct 2014)
New Revision: 29341
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-09 21:06:42 UTC (rev 29340)
+++ data/CVE/list 2014-10-09 21:14:16 UTC (rev 29341)
@@ -1,16 +1,441 @@
+CVE-2014-8074
+ RESERVED
+CVE-2014-8073
+ RESERVED
+CVE-2014-8072
+ RESERVED
+CVE-2014-8071
+ RESERVED
+CVE-2014-8070
+ RESERVED
+CVE-2014-8069
+ RESERVED
+CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...)
+ TODO: check
+CVE-2014-8067
+ RESERVED
+CVE-2014-8066
+ RESERVED
+CVE-2014-8065
+ RESERVED
+CVE-2014-8064
+ RESERVED
+CVE-2014-8063
+ RESERVED
+CVE-2014-8062
+ RESERVED
+CVE-2014-8061
+ RESERVED
+CVE-2014-8060
+ RESERVED
+CVE-2014-8059
+ RESERVED
+CVE-2014-8058
+ RESERVED
+CVE-2014-8057
+ RESERVED
+CVE-2014-8056
+ RESERVED
+CVE-2014-8055
+ RESERVED
+CVE-2014-8054
+ RESERVED
+CVE-2014-8053
+ RESERVED
+CVE-2014-8052
+ RESERVED
+CVE-2014-8051
+ RESERVED
+CVE-2014-8050
+ RESERVED
+CVE-2014-8049
+ RESERVED
+CVE-2014-8048
+ RESERVED
+CVE-2014-8047
+ RESERVED
+CVE-2014-8046
+ RESERVED
+CVE-2014-8045
+ RESERVED
+CVE-2014-8044
+ RESERVED
+CVE-2014-8043
+ RESERVED
+CVE-2014-8042
+ RESERVED
+CVE-2014-8041
+ RESERVED
+CVE-2014-8040
+ RESERVED
+CVE-2014-8039
+ RESERVED
+CVE-2014-8038
+ RESERVED
+CVE-2014-8037
+ RESERVED
+CVE-2014-8036
+ RESERVED
+CVE-2014-8035
+ RESERVED
+CVE-2014-8034
+ RESERVED
+CVE-2014-8033
+ RESERVED
+CVE-2014-8032
+ RESERVED
+CVE-2014-8031
+ RESERVED
+CVE-2014-8030
+ RESERVED
+CVE-2014-8029
+ RESERVED
+CVE-2014-8028
+ RESERVED
+CVE-2014-8027
+ RESERVED
+CVE-2014-8026
+ RESERVED
+CVE-2014-8025
+ RESERVED
+CVE-2014-8024
+ RESERVED
+CVE-2014-8023
+ RESERVED
+CVE-2014-8022
+ RESERVED
+CVE-2014-8021
+ RESERVED
+CVE-2014-8020
+ RESERVED
+CVE-2014-8019
+ RESERVED
+CVE-2014-8018
+ RESERVED
+CVE-2014-8017
+ RESERVED
+CVE-2014-8016
+ RESERVED
+CVE-2014-8015
+ RESERVED
+CVE-2014-8014
+ RESERVED
+CVE-2014-8013
+ RESERVED
+CVE-2014-8012
+ RESERVED
+CVE-2014-8011
+ RESERVED
+CVE-2014-8010
+ RESERVED
+CVE-2014-8009
+ RESERVED
+CVE-2014-8008
+ RESERVED
+CVE-2014-8007
+ RESERVED
+CVE-2014-8006
+ RESERVED
+CVE-2014-8005
+ RESERVED
+CVE-2014-8004
+ RESERVED
+CVE-2014-8003
+ RESERVED
+CVE-2014-8002
+ RESERVED
+CVE-2014-8001
+ RESERVED
+CVE-2014-8000
+ RESERVED
+CVE-2014-7999
+ RESERVED
+CVE-2014-7998
+ RESERVED
+CVE-2014-7997
+ RESERVED
+CVE-2014-7996
+ RESERVED
+CVE-2014-7995
+ RESERVED
+CVE-2014-7994
+ RESERVED
+CVE-2014-7993
+ RESERVED
+CVE-2014-7992
+ RESERVED
+CVE-2014-7991
+ RESERVED
+CVE-2014-7990
+ RESERVED
+CVE-2014-7989
+ RESERVED
+CVE-2014-7988
+ RESERVED
+CVE-2014-7987
+ RESERVED
+CVE-2014-7986
+ RESERVED
+CVE-2014-7985
+ RESERVED
+CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote ...)
+ TODO: check
+CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...)
+ TODO: check
+CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before ...)
+ TODO: check
+CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before ...)
+ TODO: check
+CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...)
+ TODO: check
+CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme ...)
+ TODO: check
+CVE-2014-7978 (Cross-site scripting (XSS) vulnerability in the BlueMasters theme ...)
+ TODO: check
+CVE-2014-7977
+ RESERVED
+CVE-2014-7976
+ RESERVED
+CVE-2014-7974
+ RESERVED
+CVE-2014-7973
+ RESERVED
+CVE-2014-7972
+ RESERVED
+CVE-2014-7971
+ RESERVED
+CVE-2014-7969
+ RESERVED
+CVE-2014-7966
+ RESERVED
+CVE-2014-7965
+ RESERVED
+CVE-2014-7964
+ RESERVED
+CVE-2014-7963
+ RESERVED
+CVE-2014-7962
+ RESERVED
+CVE-2014-7961
+ RESERVED
+CVE-2014-7959
+ RESERVED
+CVE-2014-7958
+ RESERVED
+CVE-2014-7957
+ RESERVED
+CVE-2014-7956
+ RESERVED
+CVE-2014-7955
+ RESERVED
+CVE-2014-7954
+ RESERVED
+CVE-2014-7953
+ RESERVED
+CVE-2014-7952
+ RESERVED
+CVE-2014-7951
+ RESERVED
+CVE-2014-7950
+ RESERVED
+CVE-2014-7949
+ RESERVED
+CVE-2014-7948
+ RESERVED
+CVE-2014-7947
+ RESERVED
+CVE-2014-7946
+ RESERVED
+CVE-2014-7945
+ RESERVED
+CVE-2014-7944
+ RESERVED
+CVE-2014-7943
+ RESERVED
+CVE-2014-7942
+ RESERVED
+CVE-2014-7941
+ RESERVED
+CVE-2014-7940
+ RESERVED
+CVE-2014-7939
+ RESERVED
+CVE-2014-7938
+ RESERVED
+CVE-2014-7937
+ RESERVED
+CVE-2014-7936
+ RESERVED
+CVE-2014-7935
+ RESERVED
+CVE-2014-7934
+ RESERVED
+CVE-2014-7933
+ RESERVED
+CVE-2014-7932
+ RESERVED
+CVE-2014-7931
+ RESERVED
+CVE-2014-7930
+ RESERVED
+CVE-2014-7929
+ RESERVED
+CVE-2014-7928
+ RESERVED
+CVE-2014-7927
+ RESERVED
+CVE-2014-7926
+ RESERVED
+CVE-2014-7925
+ RESERVED
+CVE-2014-7924
+ RESERVED
+CVE-2014-7923
+ RESERVED
+CVE-2014-7922
+ RESERVED
+CVE-2014-7921
+ RESERVED
+CVE-2014-7920
+ RESERVED
+CVE-2014-7919
+ RESERVED
+CVE-2014-7918
+ RESERVED
+CVE-2014-7917
+ RESERVED
+CVE-2014-7916
+ RESERVED
+CVE-2014-7915
+ RESERVED
+CVE-2014-7914
+ RESERVED
+CVE-2014-7913
+ RESERVED
+CVE-2014-7912
+ RESERVED
+CVE-2014-7911
+ RESERVED
+CVE-2014-7910
+ RESERVED
+CVE-2014-7909
+ RESERVED
+CVE-2014-7908
+ RESERVED
+CVE-2014-7907
+ RESERVED
+CVE-2014-7906
+ RESERVED
+CVE-2014-7905
+ RESERVED
+CVE-2014-7904
+ RESERVED
+CVE-2014-7903
+ RESERVED
+CVE-2014-7902
+ RESERVED
+CVE-2014-7901
+ RESERVED
+CVE-2014-7900
+ RESERVED
+CVE-2014-7899
+ RESERVED
+CVE-2014-7898
+ RESERVED
+CVE-2014-7897
+ RESERVED
+CVE-2014-7896
+ RESERVED
+CVE-2014-7895
+ RESERVED
+CVE-2014-7894
+ RESERVED
+CVE-2014-7893
+ RESERVED
+CVE-2014-7892
+ RESERVED
+CVE-2014-7891
+ RESERVED
+CVE-2014-7890
+ RESERVED
+CVE-2014-7889
+ RESERVED
+CVE-2014-7888
+ RESERVED
+CVE-2014-7887
+ RESERVED
+CVE-2014-7886
+ RESERVED
+CVE-2014-7885
+ RESERVED
+CVE-2014-7884
+ RESERVED
+CVE-2014-7883
+ RESERVED
+CVE-2014-7882
+ RESERVED
+CVE-2014-7881
+ RESERVED
+CVE-2014-7880
+ RESERVED
+CVE-2014-7879
+ RESERVED
+CVE-2014-7878
+ RESERVED
+CVE-2014-7877
+ RESERVED
+CVE-2014-7876
+ RESERVED
+CVE-2014-7875
+ RESERVED
+CVE-2014-7874
+ RESERVED
+CVE-2014-7873
+ RESERVED
+CVE-2014-7872
+ RESERVED
+CVE-2014-7871
+ RESERVED
+CVE-2014-7870 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...)
+ TODO: check
+CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration UI in ...)
+ TODO: check
+CVE-2014-7868
+ RESERVED
+CVE-2014-7867
+ RESERVED
+CVE-2014-7866
+ RESERVED
+CVE-2014-7865
+ RESERVED
+CVE-2014-7864
+ RESERVED
+CVE-2014-7863
+ RESERVED
+CVE-2014-7862
+ RESERVED
+CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly ...)
+ TODO: check
+CVE-2011-5282
+ RESERVED
+CVE-2008-7314
+ RESERVED
CVE-2014-7975 [umount denial of service]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/109312
TODO: check
CVE-2014-7970 [Linux VFS denial of service]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: candiate patch: http://news.gmane.org/find-root.php?message_id=87bnpmihks.fsf%40x220.int.ebiederm.org
TODO: check
CVE-2014-7968 [denial of service]
+ RESERVED
NOT-FOR-US: Red Hat vdms
-CVE-2014-7967 [v8: multiple unspecified issues fixed in Google Chrome 38.0.2125.101]
+CVE-2014-7967 (Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, ...)
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
@@ -18,6 +443,7 @@
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7960 [Swift metadata constraints are not correctly enforced]
+ RESERVED
- swift <unfixed>
[wheezy] - swift <no-dsa> (Minor issue)
NOTE: affected version: all up to 2.1.0
@@ -1141,14 +1567,14 @@
RESERVED
CVE-2014-7301
RESERVED
-CVE-2014-7299
- RESERVED
+CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS ...)
+ TODO: check
CVE-2014-7298
RESERVED
CVE-2014-7297
RESERVED
-CVE-2014-7296
- RESERVED
+CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...)
+ TODO: check
CVE-2014-7294
RESERVED
CVE-2014-7293
@@ -1194,8 +1620,7 @@
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d (v3.15-rc1)
NOTE: http://marc.info/?l=linux-xfs&m=139590613002926&w=2
NOTE: Reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e
-CVE-2014-7295 [OutputPage: Remove separation of css and js module allowance]
- RESERVED
+CVE-2014-7295 (The (1) Special:Preferences and (2) Special:UserLogin pages in ...)
{DSA-3046-1}
- mediawiki 1:1.19.20+dfsg-1
NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html
@@ -1206,14 +1631,11 @@
NOT-FOR-US: ZyXEL
CVE-2014-7276
RESERVED
-CVE-2014-7275 [allows POP MITM with an arbitrary certificate]
- RESERVED
+CVE-2014-7275 (The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does ...)
- getmail4 4.46.0-1
-CVE-2014-7274 [allows IMAP MITM with a valid/recognized certificate for an arbitrary hostname]
- RESERVED
+CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verify ...)
- getmail4 4.46.0-1
-CVE-2014-7273 [allows IMAP MITM with an arbitrary certificate]
- RESERVED
+CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does ...)
- getmail4 4.44.0-1
CVE-2014-7272 [multiple vulnerabilities in sddm]
RESERVED
@@ -1293,16 +1715,16 @@
RESERVED
CVE-2014-7236
RESERVED
-CVE-2014-7235
- RESERVED
+CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...)
+ TODO: check
CVE-2014-7234
RESERVED
CVE-2014-7233
RESERVED
CVE-2014-7232
RESERVED
-CVE-2014-7229
- RESERVED
+CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...)
+ TODO: check
CVE-2014-7228
RESERVED
CVE-2014-7227
@@ -1401,21 +1823,18 @@
NOTE: oom-killer allows authentication bypass for command execution.
NOTE: Therefore, the product must limit the aggregate memory consumption of
NOTE: all active requests, and the lack of this limit is a vulnerability.
-CVE-2014-7231
- RESERVED
+CVE-2014-7231 (The strutils.mask_password function in the OpenStack Oslo utility ...)
- python-oslo.utils <unfixed>
NOTE: https://launchpad.net/bugs/1345233
TODO: check
-CVE-2014-7230
- RESERVED
+CVE-2014-7230 (The processutils.execute function in OpenStack oslo-incubator, Cinder, ...)
- cinder <unfixed> (low)
- nova <unfixed> (low)
[wheezy] - nova <no-dsa> (Minor issue)
- trove <unfixed> (low)
[wheezy] - trove <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1343604
-CVE-2014-7205 [Arbitrary JavaScript Execution in Bassmaster]
- RESERVED
+CVE-2014-7205 (Eval injection vulnerability in the internals.batch function in ...)
NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
TODO: check
CVE-2014-7201
@@ -1478,27 +1897,23 @@
RESERVED
CVE-2014-7170
RESERVED
-CVE-2014-7204 [endless loog + disk usage bomp on minified js file]
- RESERVED
+CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a ...)
{DSA-3042-1 DLA-69-1}
- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
NOTE: http://sourceforge.net/p/ctags/code/791/
-CVE-2014-7203 [does not implement uniqueness check on connection nonces]
- RESERVED
+CVE-2014-7203 (libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces ...)
- zeromq <undetermined>
- zeromq3 <unfixed>
NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1191
TODO: check
-CVE-2014-7202 [does not validate the other party's security handshake properly]
- RESERVED
+CVE-2014-7202 (stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 ...)
- zeromq <undetermined>
- zeromq3 <unfixed>
NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190
TODO: check
CVE-2014-7190 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Openfiler
-CVE-2014-7189 [Go crypto/tls vulnerability]
- RESERVED
+CVE-2014-7189 (crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is ...)
- golang 2:1.3.2-1
[wheezy] - golang <not-affected> (Vulnerable code not present, only Go 1.1 onwards)
NOTE: https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
@@ -1509,8 +1924,7 @@
CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 ...)
{DSA-3035-1 DLA-63-1}
- bash 4.3-9.2
-CVE-2014-7185 [integer overflow in 'buffer' type allows reading memory]
- RESERVED
+CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows ...)
- python2.6 <removed> (low)
[squeeze] - python2.6 <no-dsa> (Minor issue)
[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -2609,10 +3023,10 @@
{DSA-3043-1 DLA-70-1}
- tryton-server 3.2.3-1
NOTE: https://bugs.tryton.org/issue4155
-CVE-2014-6632
- RESERVED
-CVE-2014-6631
- RESERVED
+CVE-2014-6632 (Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 ...)
+ TODO: check
+CVE-2014-6631 (Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x ...)
+ TODO: check
CVE-2014-6630
RESERVED
CVE-2014-6629
@@ -2663,8 +3077,7 @@
RESERVED
CVE-2014-6604
RESERVED
-CVE-2014-6603 [suricata: Out-of-bounds access in SSH parser]
- RESERVED
+CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in ...)
[squeeze] - suricata <not-affected> (Vulnerable code not yet present)
[wheezy] - suricata <not-affected> (Vulnerable code not yet present)
- suricata <unfixed> (bug #762828)
@@ -2691,8 +3104,7 @@
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html
NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff applies on 1:1.8.13.1~dfsg1-3+deb7u3
NOTE: Squeeze version doesn't have res/res_fax_spandsp.c with the problem.
-CVE-2014-6607
- RESERVED
+CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...)
NOT-FOR-US: M/Monit
CVE-2014-6601
RESERVED
@@ -3029,10 +3441,10 @@
RESERVED
CVE-2014-6435
RESERVED
-CVE-2014-6434
- RESERVED
-CVE-2014-6433
- RESERVED
+CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
+ TODO: check
CVE-2014-6420
RESERVED
CVE-2014-6419
@@ -3045,8 +3457,7 @@
RESERVED
CVE-2014-6411
RESERVED
-CVE-2014-6409
- RESERVED
+CVE-2014-6409 (Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and ...)
NOT-FOR-US: M/Monit
CVE-2014-6408
RESERVED
@@ -3076,8 +3487,7 @@
RESERVED
CVE-2014-6395
RESERVED
-CVE-2014-6394 [send Directory Traversal]
- RESERVED
+CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison ...)
- node-send <unfixed>
TODO: check
NOTE: https://nodesecurity.io/advisories/send-directory-traversal
@@ -3089,8 +3499,7 @@
RESERVED
CVE-2014-6390
RESERVED
-CVE-2014-6389
- RESERVED
+CVE-2014-6389 (backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers ...)
NOT-FOR-US: PhpCompta
CVE-2014-6388
RESERVED
@@ -3382,10 +3791,10 @@
NOT-FOR-US: Typo3 extension
CVE-2014-6289 (The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) ...)
NOT-FOR-US: Typo3 extension
-CVE-2014-6288 (The powermail extension before 1.6.10 and 2.x before 2.0.11 for TYPO3 ...)
+CVE-2014-6288 (The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers ...)
NOT-FOR-US: Typo3 extension
-CVE-2014-6287
- RESERVED
+CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File ...)
+ TODO: check
CVE-2014-6286
RESERVED
CVE-2014-6285
@@ -3933,8 +4342,7 @@
NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
-CVE-2014-6054 [Server crash when scaling factor is set to zero]
- RESERVED
+CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
- libvncserver <unfixed> (bug #762745)
NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
@@ -5039,12 +5447,12 @@
NOT-FOR-US: SAP Crystal Reports
CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses "static" credentials, ...)
NOT-FOR-US: SolarWinds
-CVE-2014-5503
- RESERVED
-CVE-2014-5502
- RESERVED
-CVE-2014-5501
- RESERVED
+CVE-2014-5503 (SQL injection vulnerability in the Guest Login Portal in the Sophos ...)
+ TODO: check
+CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows ...)
+ TODO: check
+CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos ...)
+ TODO: check
CVE-2014-5500
RESERVED
CVE-2014-5499
@@ -5303,8 +5711,8 @@
NOT-FOR-US: JobScheduler
CVE-2014-5390
RESERVED
-CVE-2014-5389
- RESERVED
+CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the ...)
+ TODO: check
CVE-2014-5387
RESERVED
CVE-2014-5386
@@ -5377,10 +5785,10 @@
RESERVED
CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 ...)
NOT-FOR-US: ManageEngine DeviceExpert
-CVE-2014-5376
- RESERVED
-CVE-2014-5375
- RESERVED
+CVE-2014-5376 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a ...)
+ TODO: check
+CVE-2014-5375 (The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 ...)
+ TODO: check
CVE-2014-5374
RESERVED
CVE-2014-5373
@@ -5539,8 +5947,7 @@
RESERVED
CVE-2014-5309
RESERVED
-CVE-2014-5308
- RESERVED
+CVE-2014-5308 (Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote ...)
NOT-FOR-US: TestLink
CVE-2014-5307 (Heap-based buffer overflow in the PavTPK.sys kernel mode driver of ...)
NOT-FOR-US: Panda Security
@@ -5556,8 +5963,8 @@
RESERVED
CVE-2014-5301
RESERVED
-CVE-2014-5300
- RESERVED
+CVE-2014-5300 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote ...)
+ TODO: check
CVE-2014-5299
RESERVED
CVE-2014-5298
@@ -6716,14 +7123,14 @@
RESERVED
CVE-2014-4872
RESERVED
-CVE-2014-4871
- RESERVED
-CVE-2014-4870
- RESERVED
-CVE-2014-4869
- RESERVED
-CVE-2014-4868
- RESERVED
+CVE-2014-4871 (Cross-site scripting (XSS) vulnerability in wlsecurity.html on ...)
+ TODO: check
+CVE-2014-4870 (/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade ...)
+ TODO: check
+CVE-2014-4869 (The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows ...)
+ TODO: check
+CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), ...)
+ TODO: check
CVE-2014-4867
RESERVED
CVE-2014-4866
@@ -6856,8 +7263,8 @@
RESERVED
CVE-2014-4803
RESERVED
-CVE-2014-4802
- RESERVED
+CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...)
+ TODO: check
CVE-2014-4801
RESERVED
CVE-2014-4800
@@ -7615,8 +8022,7 @@
RESERVED
- piwigo <removed> (low)
[squeeze] - piwigo <no-dsa> (Minor issue)
-CVE-2014-4510 [XSS in apt-cacher-ng apt redirector]
- RESERVED
+CVE-2014-4510 (Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng ...)
- apt-cacher-ng 0.7.26-2
[wheezy] - apt-cacher-ng <no-dsa> (Minor issue)
[squeeze] - apt-cacher-ng <no-dsa> (Minor issue)
@@ -8721,8 +9127,7 @@
- openafs 1.6.9-1
[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
-CVE-2014-4043 [posix_spawn_file_actions_addopen fails to copy the path argument]
- RESERVED
+CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...)
- eglibc 2.19-2 (low; bug #751774)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -9569,8 +9974,7 @@
REJECTED
CVE-2014-3658
RESERVED
-CVE-2014-3657 [domain_conf: domain deadlock DoS]
- RESERVED
+CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt ...)
- libvirt <unfixed>
[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -9608,11 +10012,9 @@
RESERVED
CVE-2014-3643
RESERVED
-CVE-2014-3642
- RESERVED
+CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in Red Hat ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
-CVE-2014-3641 [Cinder-volume host data leak to vm instance]
- RESERVED
+CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder ...)
- cinder 2014.1.3-1
NOTE: Affects version up to 2014.1.2
CVE-2014-3640 [slirp: NULL pointer deref in sosendto()]
@@ -9647,16 +10049,14 @@
RESERVED
{DSA-3040-1}
- rsyslog 8.4.1-1
-CVE-2014-3633 [qemu: out-of-bounds read access in qemuDomainGetBlockIoTune() due to invalid index]
- RESERVED
+CVE-2014-3633 (The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...)
{DSA-3038-1}
- libvirt 1.2.8-2 (bug #762203)
[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v0.9.8)
NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)
NOTE: Upstream advisory: http://security.libvirt.org/2014/0004.html
-CVE-2014-3632
- RESERVED
+CVE-2014-3632 (The default configuration in a sudoers file in the Red Hat ...)
- neutron <unfixed>
NOTE: Regression of fix for CVE-2013-6433, possibly Red Hat specific in RedHat Enterprise Open Stack Platform 5.0
CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in ...)
@@ -9736,8 +10136,7 @@
- squid <unfixed>
- squid3 3.3.8-1.2 (bug #759509)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
-CVE-2014-3608 [Nova VMware driver still leaks rescued images]
- RESERVED
+CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows ...)
- nova 2014.1.3-1
[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
NOTE: Incomplete fix for CVE-2014-2573
@@ -9862,8 +10261,7 @@
RESERVED
CVE-2014-3566
RESERVED
-CVE-2014-3565 [net-snmp: snmptrapd crash]
- RESERVED
+CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is ...)
- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
[wheezy] - net-snmp <no-dsa> (Minor issue)
[squeeze] - net-snmp <no-dsa> (Minor issue)
@@ -10014,8 +10412,7 @@
[wheezy] - subversion <unfixed> (unimportant)
[squeeze] - subversion <unfixed> (unimportant)
NOTE: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
-CVE-2014-3521
- RESERVED
+CVE-2014-3521 (The component in (1) /luci/homebase and (2) /luci/cluster menu in Red ...)
NOT-FOR-US: luci as included in conga
CVE-2014-3520 [Keystone V2 trusts privilege escalation through user supplied project id]
RESERVED
@@ -10473,16 +10870,16 @@
RESERVED
CVE-2014-3401
RESERVED
-CVE-2014-3400
- RESERVED
-CVE-2014-3399
- RESERVED
-CVE-2014-3398
- RESERVED
+CVE-2014-3400 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
+ TODO: check
+CVE-2014-3399 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2014-3398 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
CVE-2014-3397
RESERVED
-CVE-2014-3396
- RESERVED
+CVE-2014-3396 (Cisco IOS XR on ASR 9000 devices does not properly use compression for ...)
+ TODO: check
CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to ...)
NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3394
@@ -10976,65 +11373,53 @@
NOT-FOR-US: Unity
CVE-2014-3201
RESERVED
-CVE-2014-3200
- RESERVED
-CVE-2014-3199
- RESERVED
+CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before ...)
+ TODO: check
+CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...)
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
-CVE-2014-3198
- RESERVED
+CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3197
- RESERVED
+CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3196
- RESERVED
+CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...)
- chromium-browser <not-affected> (Only affects Windows)
-CVE-2014-3195
- RESERVED
+CVE-2014-3195 (Google V8, as used in Google Chrome before 38.0.2125.101, does not ...)
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
-CVE-2014-3194
- RESERVED
+CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3193
- RESERVED
+CVE-2014-3193 (The SessionService::GetLastSession function in ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3192
- RESERVED
+CVE-2014-3192 (Use-after-free vulnerability in the ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3191
- RESERVED
+CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3190
- RESERVED
+CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3189
- RESERVED
+CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3188
- RESERVED
+CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...)
- chromium-browser 37.0.2062-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
-CVE-2014-3187
- RESERVED
+CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...)
+ TODO: check
CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
@@ -12534,14 +12919,11 @@
RESERVED
CVE-2014-2646
RESERVED
-CVE-2014-2645
- RESERVED
+CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...)
NOT-FOR-US: HP Systems Insight Manager
-CVE-2014-2644
- RESERVED
+CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
NOT-FOR-US: HP Systems Insight Manager
-CVE-2014-2643
- RESERVED
+CVE-2014-2643 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2642 (HP System Management Homepage (SMH) before 7.4 allows remote attackers ...)
NOT-FOR-US: HP System Management Homepage
@@ -14139,8 +14521,7 @@
NOT-FOR-US: Broadcom Ltd PIPA C211
CVE-2014-2045
RESERVED
-CVE-2014-2044 [owncloud: autenticated remote code execution]
- RESERVED
+CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud ...)
- owncloud <not-affected> (Windows-specific)
CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
NOT-FOR-US: Procentia IntelliPen
@@ -14514,8 +14895,7 @@
- db4o <unfixed> (unimportant)
- jenkins 1.565.3-1 (bug #763899)
NOTE: in -doc package
-CVE-2013-7329 [information disclosure]
- RESERVED
+CVE-2013-7329 (The CGI::Application module 4.50 and earlier for Perl, when run modes ...)
- libcgi-application-perl 4.50-2 (bug #739505)
[wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
[squeeze] - libcgi-application-perl <no-dsa> (Minor issue)
@@ -14632,8 +15012,7 @@
NOT-FOR-US: Apache Cordova
CVE-2014-1881 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1868 [DoS due to XML entity expansion]
- RESERVED
+CVE-2014-1868 (Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when ...)
- restlet <itp> (bug #596472)
CVE-2014-1867
RESERVED
@@ -14724,8 +15103,7 @@
{DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1 (low; bug #737562)
- openjdk-6 6b31-1.13.3-1 (low)
-CVE-2014-1875 [insecure use of /tmp]
- RESERVED
+CVE-2014-1875 (The Capture::Tiny module before 0.24 for Perl allows local users to ...)
- libcapture-tiny-perl 0.24-1 (bug #737835)
[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
@@ -16636,8 +17014,7 @@
NOTE: Not running with elevated privileges in Debian packaging
CVE-2014-1225
RESERVED
-CVE-2014-1224
- RESERVED
+CVE-2014-1224 (Incomplete blacklist vulnerability in the user registration feature in ...)
NOT-FOR-US: rexx Recruitment
CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx ...)
NOT-FOR-US: Telligent Evolution
@@ -16697,8 +17074,8 @@
RESERVED
CVE-2014-0995
RESERVED
-CVE-2014-0994
- RESERVED
+CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the ...)
+ TODO: check
CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in ...)
NOT-FOR-US: Embarcadero
CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
@@ -16901,8 +17278,8 @@
NOT-FOR-US: IBM Netcool
CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: IBM Netcool
-CVE-2014-0940
- RESERVED
+CVE-2014-0940 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
+ TODO: check
CVE-2014-0939
RESERVED
CVE-2014-0938
@@ -18446,8 +18823,8 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0398 (Unspecified vulnerability in the Oracle Application Object Library ...)
NOT-FOR-US: Oracle E-Business Suite
-CVE-2014-0397
- RESERVED
+CVE-2014-0397 (Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 ...)
+ TODO: check
CVE-2014-0396 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0395 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -19786,8 +20163,7 @@
CVE-2014-0169
RESERVED
NOT-FOR-US: JBoss EAP
-CVE-2014-0168
- RESERVED
+CVE-2014-0168 (Cross-site request forgery (CSRF) vulnerability in Jolokia before ...)
NOT-FOR-US: Jolokia
CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack Compute ...)
- nova 2013.2.3-1 (bug #744051)
@@ -19895,8 +20271,7 @@
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0141
RESERVED
-CVE-2014-0140
- RESERVED
+CVE-2014-0140 (Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows ...)
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-0139 (cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, ...)
{DSA-2902-1}
@@ -20148,8 +20523,7 @@
- tomcat8 8.0.5-1
- tomcat7 7.0.53-1
- tomcat6 6.0.41-1
-CVE-2014-0074
- RESERVED
+CVE-2014-0074 (Apache Shiro 1.x before 1.2.3, when using an LDAP server with ...)
NOT-FOR-US: Apache Shiro
CVE-2014-0073
RESERVED
@@ -21468,8 +21842,7 @@
RESERVED
CVE-2013-6497
RESERVED
-CVE-2013-6496
- RESERVED
+CVE-2013-6496 (Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Red Hat Conga
CVE-2013-6495
RESERVED
@@ -31404,10 +31777,10 @@
RESERVED
CVE-2013-2646
RESERVED
-CVE-2013-2645
- RESERVED
+CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
+ TODO: check
CVE-2013-2644
- RESERVED
+ REJECTED
CVE-2013-2643 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web ...)
NOT-FOR-US: Sophos Web Appliance
CVE-2013-2642 (Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to ...)
@@ -35390,8 +35763,7 @@
NOTE: this is by 'design', but previous to version Module::Metadata 1.000015
NOTE: the statement was This module provides a standard way to gather metadata
NOTE: about a .pm file *without* executing unsafe code.
-CVE-2013-1436 [code injection]
- RESERVED
+CVE-2013-1436 (The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 ...)
- xmonad-contrib 0.11.2-1 (low)
[squeeze] - xmonad-contrib <no-dsa> (Minor issue)
[wheezy] - xmonad-contrib 0.10-4~deb7u1
More information about the Secure-testing-commits
mailing list