[Secure-testing-commits] r29424 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Oct 15 21:14:15 UTC 2014
Author: joeyh
Date: 2014-10-15 21:14:14 +0000 (Wed, 15 Oct 2014)
New Revision: 29424
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-15 21:05:58 UTC (rev 29423)
+++ data/CVE/list 2014-10-15 21:14:14 UTC (rev 29424)
@@ -1,3 +1,469 @@
+CVE-2014-8764
+ RESERVED
+CVE-2014-8763
+ RESERVED
+CVE-2014-8762
+ RESERVED
+CVE-2014-8761
+ RESERVED
+CVE-2014-8760
+ RESERVED
+CVE-2014-8759
+ RESERVED
+CVE-2014-8758
+ RESERVED
+CVE-2014-8757
+ RESERVED
+CVE-2014-8756
+ RESERVED
+CVE-2014-8755
+ RESERVED
+CVE-2014-8754
+ RESERVED
+CVE-2014-8753
+ RESERVED
+CVE-2014-8752
+ RESERVED
+CVE-2014-8751
+ RESERVED
+CVE-2014-8749
+ RESERVED
+CVE-2014-8748 (Cross-site scripting (XSS) vulnerability in the Google Doubleclick for ...)
+ TODO: check
+CVE-2014-8747 (Cross-site scripting (XSS) vulnerability in the Drupal Commons module ...)
+ TODO: check
+CVE-2014-8746 (Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 ...)
+ TODO: check
+CVE-2014-8745 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...)
+ TODO: check
+CVE-2014-8744 (Cross-site scripting (XSS) vulnerability in the Nivo Slider module ...)
+ TODO: check
+CVE-2014-8743 (Multiple cross-site scripting (XSS) vulnerabilities in the Maestro ...)
+ TODO: check
+CVE-2014-8292
+ RESERVED
+CVE-2014-8291
+ RESERVED
+CVE-2014-8290
+ RESERVED
+CVE-2014-8289
+ RESERVED
+CVE-2014-8288
+ RESERVED
+CVE-2014-8287
+ RESERVED
+CVE-2014-8286
+ RESERVED
+CVE-2014-8285
+ RESERVED
+CVE-2014-8284
+ RESERVED
+CVE-2014-8283
+ RESERVED
+CVE-2014-8282
+ RESERVED
+CVE-2014-8281
+ RESERVED
+CVE-2014-8280
+ RESERVED
+CVE-2014-8279
+ RESERVED
+CVE-2014-8278
+ RESERVED
+CVE-2014-8277
+ RESERVED
+CVE-2014-8276
+ RESERVED
+CVE-2014-8275
+ RESERVED
+CVE-2014-8274
+ RESERVED
+CVE-2014-8273
+ RESERVED
+CVE-2014-8272
+ RESERVED
+CVE-2014-8271
+ RESERVED
+CVE-2014-8270
+ RESERVED
+CVE-2014-8269
+ RESERVED
+CVE-2014-8268
+ RESERVED
+CVE-2014-8267
+ RESERVED
+CVE-2014-8266
+ RESERVED
+CVE-2014-8265
+ RESERVED
+CVE-2014-8264
+ RESERVED
+CVE-2014-8263
+ RESERVED
+CVE-2014-8262
+ RESERVED
+CVE-2014-8261
+ RESERVED
+CVE-2014-8260
+ RESERVED
+CVE-2014-8259
+ RESERVED
+CVE-2014-8258
+ RESERVED
+CVE-2014-8257
+ RESERVED
+CVE-2014-8256
+ RESERVED
+CVE-2014-8255
+ RESERVED
+CVE-2014-8254
+ RESERVED
+CVE-2014-8253
+ RESERVED
+CVE-2014-8252
+ RESERVED
+CVE-2014-8251
+ RESERVED
+CVE-2014-8250
+ RESERVED
+CVE-2014-8249
+ RESERVED
+CVE-2014-8248
+ RESERVED
+CVE-2014-8247
+ RESERVED
+CVE-2014-8246
+ RESERVED
+CVE-2014-8245
+ RESERVED
+CVE-2014-8244
+ RESERVED
+CVE-2014-8243
+ RESERVED
+CVE-2014-8239
+ RESERVED
+CVE-2014-8238
+ RESERVED
+CVE-2014-8237
+ RESERVED
+CVE-2014-8236
+ RESERVED
+CVE-2014-8235
+ RESERVED
+CVE-2014-8234
+ RESERVED
+CVE-2014-8233
+ RESERVED
+CVE-2014-8232
+ RESERVED
+CVE-2014-8231
+ RESERVED
+CVE-2014-8230
+ RESERVED
+CVE-2014-8229
+ RESERVED
+CVE-2014-8228
+ RESERVED
+CVE-2014-8227
+ RESERVED
+CVE-2014-8226
+ RESERVED
+CVE-2014-8225
+ RESERVED
+CVE-2014-8224
+ RESERVED
+CVE-2014-8223
+ RESERVED
+CVE-2014-8222
+ RESERVED
+CVE-2014-8221
+ RESERVED
+CVE-2014-8220
+ RESERVED
+CVE-2014-8219
+ RESERVED
+CVE-2014-8218
+ RESERVED
+CVE-2014-8217
+ RESERVED
+CVE-2014-8216
+ RESERVED
+CVE-2014-8215
+ RESERVED
+CVE-2014-8214
+ RESERVED
+CVE-2014-8213
+ RESERVED
+CVE-2014-8212
+ RESERVED
+CVE-2014-8211
+ RESERVED
+CVE-2014-8210
+ RESERVED
+CVE-2014-8209
+ RESERVED
+CVE-2014-8208
+ RESERVED
+CVE-2014-8207
+ RESERVED
+CVE-2014-8206
+ RESERVED
+CVE-2014-8205
+ RESERVED
+CVE-2014-8204
+ RESERVED
+CVE-2014-8203
+ RESERVED
+CVE-2014-8202
+ RESERVED
+CVE-2014-8201
+ RESERVED
+CVE-2014-8200
+ RESERVED
+CVE-2014-8199
+ RESERVED
+CVE-2014-8198
+ RESERVED
+CVE-2014-8197
+ RESERVED
+CVE-2014-8196
+ RESERVED
+CVE-2014-8195
+ RESERVED
+CVE-2014-8194
+ RESERVED
+CVE-2014-8193
+ RESERVED
+CVE-2014-8192
+ RESERVED
+CVE-2014-8191
+ RESERVED
+CVE-2014-8190
+ RESERVED
+CVE-2014-8189
+ RESERVED
+CVE-2014-8188
+ RESERVED
+CVE-2014-8187
+ RESERVED
+CVE-2014-8186
+ RESERVED
+CVE-2014-8185
+ RESERVED
+CVE-2014-8184
+ RESERVED
+CVE-2014-8183
+ RESERVED
+CVE-2014-8182
+ RESERVED
+CVE-2014-8181
+ RESERVED
+CVE-2014-8180
+ RESERVED
+CVE-2014-8179
+ RESERVED
+CVE-2014-8178
+ RESERVED
+CVE-2014-8177
+ RESERVED
+CVE-2014-8176
+ RESERVED
+CVE-2014-8175
+ RESERVED
+CVE-2014-8174
+ RESERVED
+CVE-2014-8173
+ RESERVED
+CVE-2014-8172
+ RESERVED
+CVE-2014-8171
+ RESERVED
+CVE-2014-8170
+ RESERVED
+CVE-2014-8169
+ RESERVED
+CVE-2014-8168
+ RESERVED
+CVE-2014-8167
+ RESERVED
+CVE-2014-8166
+ RESERVED
+CVE-2014-8165
+ RESERVED
+CVE-2014-8164
+ RESERVED
+CVE-2014-8163
+ RESERVED
+CVE-2014-8162
+ RESERVED
+CVE-2014-8161
+ RESERVED
+CVE-2014-8160
+ RESERVED
+CVE-2014-8159
+ RESERVED
+CVE-2014-8158
+ RESERVED
+CVE-2014-8157
+ RESERVED
+CVE-2014-8156
+ RESERVED
+CVE-2014-8155
+ RESERVED
+CVE-2014-8154
+ RESERVED
+CVE-2014-8153
+ RESERVED
+CVE-2014-8152
+ RESERVED
+CVE-2014-8151
+ RESERVED
+CVE-2014-8150
+ RESERVED
+CVE-2014-8149
+ RESERVED
+CVE-2014-8148
+ RESERVED
+CVE-2014-8147
+ RESERVED
+CVE-2014-8146
+ RESERVED
+CVE-2014-8145
+ RESERVED
+CVE-2014-8144
+ RESERVED
+CVE-2014-8143
+ RESERVED
+CVE-2014-8142
+ RESERVED
+CVE-2014-8141
+ RESERVED
+CVE-2014-8140
+ RESERVED
+CVE-2014-8139
+ RESERVED
+CVE-2014-8138
+ RESERVED
+CVE-2014-8137
+ RESERVED
+CVE-2014-8136
+ RESERVED
+CVE-2014-8135
+ RESERVED
+CVE-2014-8134
+ RESERVED
+CVE-2014-8133
+ RESERVED
+CVE-2014-8132
+ RESERVED
+CVE-2014-8131
+ RESERVED
+CVE-2014-8130
+ RESERVED
+CVE-2014-8129
+ RESERVED
+CVE-2014-8128
+ RESERVED
+CVE-2014-8127
+ RESERVED
+CVE-2014-8126
+ RESERVED
+CVE-2014-8125
+ RESERVED
+CVE-2014-8124
+ RESERVED
+CVE-2014-8123
+ RESERVED
+CVE-2014-8122
+ RESERVED
+CVE-2014-8121
+ RESERVED
+CVE-2014-8120
+ RESERVED
+CVE-2014-8119
+ RESERVED
+CVE-2014-8118
+ RESERVED
+CVE-2014-8117
+ RESERVED
+CVE-2014-8116
+ RESERVED
+CVE-2014-8115
+ RESERVED
+CVE-2014-8114
+ RESERVED
+CVE-2014-8113
+ RESERVED
+CVE-2014-8112
+ RESERVED
+CVE-2014-8111
+ RESERVED
+CVE-2014-8110
+ RESERVED
+CVE-2014-8109
+ RESERVED
+CVE-2014-8108
+ RESERVED
+CVE-2014-8107
+ RESERVED
+CVE-2014-8106
+ RESERVED
+CVE-2014-8105
+ RESERVED
+CVE-2014-8104
+ RESERVED
+CVE-2014-8103
+ RESERVED
+CVE-2014-8102
+ RESERVED
+CVE-2014-8101
+ RESERVED
+CVE-2014-8100
+ RESERVED
+CVE-2014-8099
+ RESERVED
+CVE-2014-8098
+ RESERVED
+CVE-2014-8097
+ RESERVED
+CVE-2014-8096
+ RESERVED
+CVE-2014-8095
+ RESERVED
+CVE-2014-8094
+ RESERVED
+CVE-2014-8093
+ RESERVED
+CVE-2014-8092
+ RESERVED
+CVE-2014-8091
+ RESERVED
+CVE-2014-8090
+ RESERVED
+CVE-2014-8087
+ RESERVED
+CVE-2014-8085
+ RESERVED
+CVE-2014-8084
+ RESERVED
+CVE-2014-8083
+ RESERVED
+CVE-2014-8082
+ RESERVED
+CVE-2014-8081
+ RESERVED
+CVE-2014-8080
+ RESERVED
+CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
+ TODO: check
+CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
+ TODO: check
+CVE-2014-8077 (Cross-site scripting (XSS) vulnerability in the NewsFlash theme ...)
+ TODO: check
+CVE-2014-8076 (Cross-site scripting (XSS) vulnerability in the Professional theme 7.x ...)
+ TODO: check
+CVE-2014-8075 (Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x ...)
+ TODO: check
CVE-2014-XXXX [ejabberd: compression allows cirucumvention of encryption despite starttls_required]
- ejabberd <unfixed>
NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html
@@ -2,7 +468,8 @@
NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b
-CVE-2014-8766
+CVE-2014-8766 (Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow ...)
NOT-FOR-US: Allomani Weblinks
-CVE-2014-8765
+CVE-2014-8765 (Multiple cross-site scripting (XSS) vulnerabilities in the Project ...)
NOT-FOR-US: Drupal module Project Issue File Review
CVE-2014-8750
+ RESERVED
- nova <unfixed>
@@ -13,23 +480,28 @@
CVE-2014-XXXX [rsync collision attack]
- rsync <unfixed> (low)
CVE-2014-8242
+ RESERVED
- librsync <unfixed> (low)
[wheezy] - librsync <no-dsa> (Minor issue, too instruive to backport)
[squeeze] - librsync <no-dsa> (Minor issue, too instruive to backport)
CVE-2014-8241
+ RESERVED
- tigervnc <itp> (bug #650394)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312
CVE-2014-8240
+ RESERVED
- tigervnc <itp> (bug #650394)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
-CVE-2014-8086 [ext4 race]
+CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089
+ RESERVED
- zendframework 1.12.9+dfsg-1
NOTE: http://framework.zend.com/security/advisory/ZF2014-06
CVE-2014-8088
+ RESERVED
- zendframework 1.12.9+dfsg-1
NOTE: http://framework.zend.com/security/advisory/ZF2014-05
CVE-2014-8074
@@ -40,11 +512,9 @@
RESERVED
CVE-2014-8071
RESERVED
-CVE-2014-8070
- RESERVED
+CVE-2014-8070 (Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows ...)
NOT-FOR-US: YOOtheme Pagekit CMS
-CVE-2014-8069
- RESERVED
+CVE-2014-8069 (Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme ...)
NOT-FOR-US: YOOtheme Pagekit CMS
CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...)
NOT-FOR-US: Adobe Digital Editions
@@ -457,15 +927,13 @@
RESERVED
CVE-2008-7314
RESERVED
-CVE-2014-7975 [umount denial of service]
- RESERVED
+CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <removed>
NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/109312
-CVE-2014-7970 [Linux VFS denial of service]
- RESERVED
+CVE-2014-7970 (The pivot_root implementation in fs/namespace.c in the Linux kernel ...)
[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
- linux <unfixed>
@@ -1610,8 +2078,8 @@
NOT-FOR-US: Aruba ArubaOS
CVE-2014-7298
RESERVED
-CVE-2014-7297
- RESERVED
+CVE-2014-7297 (Unspecified vulnerability in the folder framework in the Enfold theme ...)
+ TODO: check
CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...)
NOT-FOR-US: Spago
CVE-2014-7294
@@ -1643,16 +2111,14 @@
NOT-FOR-US: Nessus Web UI
CVE-2014-7279
RESERVED
-CVE-2014-7284 [linux kernel net_get_random_once bug]
- RESERVED
+CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the ...)
- linux 3.16.2-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13)
- linux-2.6 <not-affected> (Vulnerable code introduced in 3.13)
NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7 (v3.15-rc7)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a48e42920ff38bc90bbf75143fff4555723d4540
NOTE: http://secondlookforensics.com/ngro-linux-kernel-bug/
-CVE-2014-7283 [xfs directory hash ordering bug]
- RESERVED
+CVE-2014-7283 (The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs ...)
- linux 3.16.2-1
[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.10 upstream)
- linux-2.6 <not-affected> (Vulnerable code introduced in 3.10 upstream)
@@ -1769,8 +2235,8 @@
RESERVED
CVE-2014-7227
REJECTED
-CVE-2014-7226
- RESERVED
+CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ...)
+ TODO: check
CVE-2014-7225
RESERVED
CVE-2014-7224
@@ -1879,11 +2345,9 @@
CVE-2014-7205 (Eval injection vulnerability in the internals.batch function in ...)
NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
TODO: check
-CVE-2014-7201
- RESERVED
+CVE-2014-7201 (Multiple SQL injection vulnerabilities in the search function in ...)
NOT-FOR-US: JobControl extension for TYPO3
-CVE-2014-7200
- RESERVED
+CVE-2014-7200 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: JobControl extension for TYPO3
CVE-2014-7198
RESERVED
@@ -2046,8 +2510,7 @@
RESERVED
CVE-2014-7140
RESERVED
-CVE-2014-7139
- RESERVED
+CVE-2014-7139 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
NOT-FOR-US: WordPress plugin Contact Form DB
CVE-2014-7138
RESERVED
@@ -2232,10 +2695,10 @@
RESERVED
CVE-2014-7048
RESERVED
-CVE-2014-7047
- RESERVED
-CVE-2014-7046
- RESERVED
+CVE-2014-7047 (The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application ...)
+ TODO: check
+CVE-2014-7046 (The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 ...)
+ TODO: check
CVE-2014-7045
RESERVED
CVE-2014-7044
@@ -2422,44 +2885,44 @@
RESERVED
CVE-2014-6953
RESERVED
-CVE-2014-6952
- RESERVED
-CVE-2014-6951
- RESERVED
-CVE-2014-6950
- RESERVED
-CVE-2014-6949
- RESERVED
-CVE-2014-6948
- RESERVED
-CVE-2014-6947
- RESERVED
-CVE-2014-6946
- RESERVED
-CVE-2014-6945
- RESERVED
-CVE-2014-6944
- RESERVED
-CVE-2014-6943
- RESERVED
-CVE-2014-6942
- RESERVED
-CVE-2014-6941
- RESERVED
-CVE-2014-6940
- RESERVED
-CVE-2014-6939
- RESERVED
-CVE-2014-6938
- RESERVED
-CVE-2014-6937
- RESERVED
-CVE-2014-6936
- RESERVED
-CVE-2014-6935
- RESERVED
-CVE-2014-6934
- RESERVED
+CVE-2014-6952 (The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android ...)
+ TODO: check
+CVE-2014-6951 (The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for ...)
+ TODO: check
+CVE-2014-6950 (The Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) ...)
+ TODO: check
+CVE-2014-6949 (The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) ...)
+ TODO: check
+CVE-2014-6948 (The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) ...)
+ TODO: check
+CVE-2014-6947 (The Archie Comics (aka com.iversecomics.archie.android) application ...)
+ TODO: check
+CVE-2014-6946 (The Re:kyu (aka com.appzone619) application 1.0 for Android does not ...)
+ TODO: check
+CVE-2014-6945 (The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for ...)
+ TODO: check
+CVE-2014-6944 (The mitfahrgelegenheit.at (aka com.carpooling.android.at) application ...)
+ TODO: check
+CVE-2014-6943 (The Konigsleiten (aka com.knigsleiten) application 1.0 for Android ...)
+ TODO: check
+CVE-2014-6942 (The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) ...)
+ TODO: check
+CVE-2014-6941 (The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for ...)
+ TODO: check
+CVE-2014-6940 (The Absolute Lending Solutions (aka ...)
+ TODO: check
+CVE-2014-6939 (The Sketch W Friends FREE -Tablets (aka ...)
+ TODO: check
+CVE-2014-6938 (The Apostilas musicais (aka com.apostilas) application 1.0 for Android ...)
+ TODO: check
+CVE-2014-6937 (The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) ...)
+ TODO: check
+CVE-2014-6936 (The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for ...)
+ TODO: check
+CVE-2014-6935 (The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) ...)
+ TODO: check
+CVE-2014-6934 (The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) ...)
+ TODO: check
CVE-2014-6933 (The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application ...)
NOT-FOR-US: Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application for Android
CVE-2014-6932 (The All Navalny (aka com.all.navalny) application 1.10 for Android ...)
@@ -2497,7 +2960,7 @@
CVE-2014-6916 (The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does ...)
NOT-FOR-US: mama.cn (aka cn.ziipin.mama.ui) application for Android
CVE-2014-6915
- RESERVED
+ REJECTED
CVE-2014-6914 (The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 ...)
NOT-FOR-US: Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application for Android
CVE-2014-6913 (The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 ...)
@@ -2518,8 +2981,8 @@
NOT-FOR-US: Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application for Android
CVE-2014-6905 (The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) ...)
NOT-FOR-US: H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application for Android
-CVE-2014-6904
- RESERVED
+CVE-2014-6904 (The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 ...)
+ TODO: check
CVE-2014-6903 (The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application ...)
NOT-FOR-US: Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application for Android
CVE-2014-6902 (The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android ...)
@@ -2544,16 +3007,16 @@
NOT-FOR-US: Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application for Android
CVE-2014-6892 (The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 ...)
NOT-FOR-US: kalahari.com Shopping (aka com.kalahari.shop) application for Android
-CVE-2014-6891
- RESERVED
+CVE-2014-6891 (The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) ...)
+ TODO: check
CVE-2014-6890 (The CouponCabin - Coupons & Deals (aka com.couponcabin) application ...)
NOT-FOR-US: CouponCabin - Coupons & Deals (aka com.couponcabin) application for Android
CVE-2014-6889 (The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for ...)
NOT-FOR-US: GunBroker.com (aka com.gunbroker.android) application for Android
CVE-2014-6888 (The PennyTalk Mobile (aka net.idt.pennytalk.android) application ...)
NOT-FOR-US: PennyTalk Mobile (aka net.idt.pennytalk.android) application for Android
-CVE-2014-6887
- RESERVED
+CVE-2014-6887 (The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for ...)
+ TODO: check
CVE-2014-6886 (The WePhone - phone calls vs skype (aka com.wephoneapp) application ...)
NOT-FOR-US: WePhone - phone calls vs skype (aka com.wephoneapp) application for Android
CVE-2014-6885 (The Academy Sports + Outdoors Visa (aka ...)
@@ -3532,8 +3995,7 @@
RESERVED
CVE-2014-6440
RESERVED
-CVE-2014-6439 [default configuration for CORS allows an attacker to craft links]
- RESERVED
+CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in ...)
- elasticsearch <unfixed> (bug #763958; low)
CVE-2014-6438
RESERVED
@@ -3604,7 +4066,7 @@
CVE-2014-6389 (backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers ...)
NOT-FOR-US: PhpCompta
CVE-2014-6388
- RESERVED
+ REJECTED
CVE-2013-7403
RESERVED
NOT-FOR-US: WordPress plugin wp-video-commando
@@ -3717,17 +4179,13 @@
RESERVED
CVE-2014-6381
RESERVED
-CVE-2014-6380
- RESERVED
+CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-6379
- RESERVED
+CVE-2014-6379 (Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-6378
- RESERVED
+CVE-2014-6378 (Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-6377
- RESERVED
+CVE-2014-6377 (Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before ...)
NOT-FOR-US: Juniper Junos
CVE-2014-6376
RESERVED
@@ -3851,13 +4309,11 @@
RESERVED
CVE-2014-6316
RESERVED
-CVE-2014-6315
- RESERVED
+CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado ...)
NOT-FOR-US: WordPress plugin Photo Gallery
CVE-2014-6314
RESERVED
-CVE-2014-6313
- RESERVED
+CVE-2014-6313 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
NOT-FOR-US: WordPress plugin WooCommerce
CVE-2014-6312
RESERVED
@@ -4070,8 +4526,7 @@
RESERVED
CVE-2014-6244
RESERVED
-CVE-2014-6243
- RESERVED
+CVE-2014-6243 (Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer ...)
NOT-FOR-US: WordPress plugin EWWW Image Optimizer
CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security & ...)
NOT-FOR-US: WordPress plugin All In One WP Security
@@ -5953,8 +6408,7 @@
RESERVED
CVE-2014-5352
RESERVED
-CVE-2014-5351
- RESERVED
+CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
- krb5 1.12.1+dfsg-10 (bug #762479)
[wheezy] - krb5 <no-dsa> (Minor issue)
[squeeze] - krb5 <no-dsa> (Minor issue)
@@ -6006,11 +6460,9 @@
RESERVED
CVE-2014-5329
RESERVED
-CVE-2014-5328
- RESERVED
+CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 router ...)
NOT-FOR-US: Huawei router
-CVE-2014-5327
- RESERVED
+CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332 router ...)
NOT-FOR-US: Huawei router
CVE-2014-5326
RESERVED
@@ -6086,11 +6538,9 @@
NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5299
RESERVED
-CVE-2014-5298
- RESERVED
+CVE-2014-5298 (FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on ...)
NOT-FOR-US: X2Engine
-CVE-2014-5297
- RESERVED
+CVE-2014-5297 (The actionSendErrorReport method in ...)
NOT-FOR-US: X2Engine
CVE-2014-5296
RESERVED
@@ -6232,8 +6682,7 @@
- percona-xtradb-cluster-5.5 <undetermined>
NOTE: Fix MySQL: https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638
NOTE: Fix MariaDB: https://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/4261?sort=date#storage/myisam/ha_myisam.cc
-CVE-2014-5270 [side-channel attack on Elgamal encryption subkeys]
- RESERVED
+CVE-2014-5270 (Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...)
{DSA-3024-1 DLA-54-1}
- gnupg 1.4.16-1
NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496
@@ -7236,12 +7685,12 @@
RESERVED
CVE-2014-4875
RESERVED
-CVE-2014-4874
- RESERVED
-CVE-2014-4873
- RESERVED
-CVE-2014-4872
- RESERVED
+CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read ...)
+ TODO: check
+CVE-2014-4873 (SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC ...)
+ TODO: check
+CVE-2014-4872 (BMC Track-It! 11.3.0.355 does not require authentication on TCP port ...)
+ TODO: check
CVE-2014-4871 (Cross-site scripting (XSS) vulnerability in wlsecurity.html on ...)
NOT-FOR-US: NetCommWireless NB604N routers
CVE-2014-4870 (/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade ...)
@@ -7250,8 +7699,8 @@
NOT-FOR-US: Brocade Vyatta
CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), ...)
NOT-FOR-US: Brocade Vyatta
-CVE-2014-4867
- RESERVED
+CVE-2014-4867 (Cryoserver Security Appliance 7.3.x uses weak permissions for ...)
+ TODO: check
CVE-2014-4866
RESERVED
CVE-2014-4865 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -7464,8 +7913,8 @@
NOT-FOR-US: IBM
CVE-2014-4762 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
NOT-FOR-US: IBM
-CVE-2014-4761
- RESERVED
+CVE-2014-4761 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through ...)
NOT-FOR-US: IBM WebSphere
CVE-2014-4759 (An unspecified Ajax service in the Content Management toolkit in IBM ...)
@@ -7512,8 +7961,8 @@
RESERVED
CVE-2014-4738 (Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard ...)
NOT-FOR-US: FortiGuard FortiWeb
-CVE-2014-4737
- RESERVED
+CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before ...)
+ TODO: check
CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote ...)
NOT-FOR-US: E2
CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier ...)
@@ -7734,8 +8183,7 @@
NOT-FOR-US: WordPress timthumb
CVE-2014-4662
RESERVED
-CVE-2014-4661
- RESERVED
+CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before ...)
NOT-FOR-US: HP Records Manager
CVE-2014-4651
RESERVED
@@ -8551,10 +8999,9 @@
RESERVED
CVE-2014-4314
RESERVED
-CVE-2014-4313
- RESERVED
-CVE-2014-4312
- RESERVED
+CVE-2014-4313 (SQL injection vulnerability in Epicor Procurement before 7.4 SP2 ...)
+ TODO: check
+CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor ...)
NOT-FOR-US: Epicor
CVE-2014-4311
RESERVED
@@ -8963,8 +9410,8 @@
NOT-FOR-US: AlienVault OSSIM
CVE-2014-4149
RESERVED
-CVE-2014-4148
- RESERVED
+CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2014-4147
RESERVED
CVE-2014-4146
@@ -8977,64 +9424,64 @@
RESERVED
CVE-2014-4142
RESERVED
-CVE-2014-4141
- RESERVED
-CVE-2014-4140
- RESERVED
+CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4140 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-4139
RESERVED
-CVE-2014-4138
- RESERVED
-CVE-2014-4137
- RESERVED
+CVE-2014-4138 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-4137 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-4136
RESERVED
CVE-2014-4135
RESERVED
-CVE-2014-4134
- RESERVED
-CVE-2014-4133
- RESERVED
-CVE-2014-4132
- RESERVED
+CVE-2014-4134 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-4132 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-4131
RESERVED
-CVE-2014-4130
- RESERVED
-CVE-2014-4129
- RESERVED
-CVE-2014-4128
- RESERVED
-CVE-2014-4127
- RESERVED
-CVE-2014-4126
- RESERVED
+CVE-2014-4130 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-4129 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-4128 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4127 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4126 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-4125
RESERVED
-CVE-2014-4124
- RESERVED
-CVE-2014-4123
- RESERVED
-CVE-2014-4122
- RESERVED
-CVE-2014-4121
- RESERVED
+CVE-2014-4124 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4123 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR ...)
+ TODO: check
+CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
+ TODO: check
CVE-2014-4120
RESERVED
CVE-2014-4119
RESERVED
CVE-2014-4118
RESERVED
-CVE-2014-4117
- RESERVED
+CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, ...)
+ TODO: check
CVE-2014-4116
RESERVED
-CVE-2014-4115
- RESERVED
-CVE-2014-4114
- RESERVED
-CVE-2014-4113
- RESERVED
+CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in ...)
+ TODO: check
+CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
+ TODO: check
+CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
+ TODO: check
CVE-2014-4112
RESERVED
CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
@@ -9109,12 +9556,12 @@
RESERVED
CVE-2014-4076
RESERVED
-CVE-2014-4075
- RESERVED
+CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in ...)
+ TODO: check
CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...)
NOT-FOR-US: Microsoft
-CVE-2014-4073
- RESERVED
+CVE-2014-4073 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
+ TODO: check
CVE-2014-4072 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, ...)
NOT-FOR-US: Microsoft
CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers to ...)
@@ -9758,8 +10205,7 @@
RESERVED
CVE-2014-3826
RESERVED
-CVE-2014-3825
- RESERVED
+CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
@@ -9773,8 +10219,7 @@
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-3818
- RESERVED
+CVE-2014-3818 (Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3817 (Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 ...)
NOT-FOR-US: Juniper Junos
@@ -9983,6 +10428,7 @@
RESERVED
CVE-2014-3704
RESERVED
+ {DSA-3051-1}
- drupal7 7.32-1
- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2014-3703
@@ -10051,8 +10497,7 @@
RESERVED
NOT-FOR-US: Jenkins monitoring plugin
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
-CVE-2014-3678 [cross-site scripting flaws in the monitoring plug-in]
- RESERVED
+CVE-2014-3678 (Cross-site scripting (XSS) vulnerability in the Monitoring plugin ...)
NOT-FOR-US: Jenkins monitoring plugin
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
CVE-2014-3677
@@ -10071,7 +10516,7 @@
CVE-2014-3672
RESERVED
CVE-2014-3671
- RESERVED
+ REJECTED
CVE-2014-3670
RESERVED
CVE-2014-3669
@@ -10357,8 +10802,7 @@
RESERVED
CVE-2014-3582
RESERVED
-CVE-2014-3581 [DoS in mod_cache]
- RESERVED
+CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in ...)
- apache2 2.4.10-3
CVE-2014-3580
RESERVED
@@ -10394,8 +10838,7 @@
CVE-2014-3567 [Session Ticket Memory Leak]
RESERVED
- openssl 1.0.1j-1
-CVE-2014-3566 [POODLE attack against SSLv3]
- RESERVED
+CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
- openssl 1.0.1j-1
- nss <unfixed>
- gnutls26 <unfixed>
@@ -11006,14 +11449,14 @@
RESERVED
CVE-2014-3406
RESERVED
-CVE-2014-3405
- RESERVED
-CVE-2014-3404
- RESERVED
-CVE-2014-3403
- RESERVED
-CVE-2014-3402
- RESERVED
+CVE-2014-3405 (Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy ...)
+ TODO: check
+CVE-2014-3404 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS ...)
+ TODO: check
+CVE-2014-3403 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS ...)
+ TODO: check
+CVE-2014-3402 (The authentication-manager process in the web framework in Cisco ...)
+ TODO: check
CVE-2014-3401
RESERVED
CVE-2014-3400 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
@@ -11028,44 +11471,31 @@
NOT-FOR-US: Cisco IOS
CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to ...)
NOT-FOR-US: Cisco WebEx Meetings Server
-CVE-2014-3394
- RESERVED
+CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3393
- RESERVED
+CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3392
- RESERVED
+CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3391
- RESERVED
+CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3390
- RESERVED
+CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3389
- RESERVED
+CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3388
- RESERVED
+CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3387
- RESERVED
+CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3386
- RESERVED
+CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3385
- RESERVED
+CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3384
- RESERVED
+CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3383
- RESERVED
+CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 ...)
NOT-FOR-US: Cisco ASA
-CVE-2014-3382
- RESERVED
+CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before ...)
NOT-FOR-US: Cisco ASA
CVE-2014-3381
RESERVED
@@ -11517,8 +11947,8 @@
NOT-FOR-US: Unity
CVE-2014-3202 (Unity before 7.2.1 does not properly handle entry activation, which ...)
NOT-FOR-US: Unity
-CVE-2014-3201
- RESERVED
+CVE-2014-3201 (core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used ...)
+ TODO: check
CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
@@ -11729,8 +12159,8 @@
NOT-FOR-US: Invision Power IP.Board
CVE-2014-3148
RESERVED
-CVE-2014-3147
- RESERVED
+CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature ...)
+ TODO: check
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
{DSA-2941-1 DLA-0009-1}
- lxml 3.3.5-1 (bug #746812)
@@ -11865,8 +12295,8 @@
NOT-FOR-US: IBM
CVE-2014-3092 (IBM Jazz Team Server, as used in Rational Collaborative Lifecycle ...)
NOT-FOR-US: IBM
-CVE-2014-3091
- RESERVED
+CVE-2014-3091 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
+ TODO: check
CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...)
NOT-FOR-US: IBM Rational ClearCase
CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) ...)
@@ -13061,16 +13491,14 @@
RESERVED
CVE-2014-2650
RESERVED
-CVE-2014-2649
- RESERVED
+CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows ...)
NOT-FOR-US: HP Operations Manager
-CVE-2014-2648
- RESERVED
+CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on ...)
NOT-FOR-US: HP Operations Manager
CVE-2014-2647
RESERVED
-CVE-2014-2646
- RESERVED
+CVE-2014-2646 (Unspecified vulnerability in HP Network Automation 9.10 and 9.20 ...)
+ TODO: check
CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...)
NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
@@ -13085,17 +13513,13 @@
NOT-FOR-US: HP System Management Homepage
CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module Manager ...)
NOT-FOR-US: HP MPIO Device
-CVE-2014-2638
- RESERVED
+CVE-2014-2638 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
NOT-FOR-US: HP Sprinter
-CVE-2014-2637
- RESERVED
+CVE-2014-2637 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
NOT-FOR-US: HP Sprinter
-CVE-2014-2636
- RESERVED
+CVE-2014-2636 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
NOT-FOR-US: HP Sprinter
-CVE-2014-2635
- RESERVED
+CVE-2014-2635 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
NOT-FOR-US: HP Sprinter
CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) ...)
NOT-FOR-US: HP Service Manager
@@ -16033,50 +16457,47 @@
RESERVED
CVE-2014-1587
RESERVED
-CVE-2014-1586
- RESERVED
+CVE-2014-1586 (content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1585
- RESERVED
+CVE-2014-1585 (The WebRTC video-sharing feature in dom/media/MediaManager.cpp in ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1584
- RESERVED
+CVE-2014-1584 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...)
- iceweasel <not-affected> (Only affects Firefox 32 and later)
- icedove <not-affected> (Only affects Firefox 32 and later)
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1583
- RESERVED
+CVE-2014-1583 (The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
[squeeze] - iceweasel <end-of-life>
-CVE-2014-1582
- RESERVED
+CVE-2014-1582 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...)
- iceweasel <not-affected> (Only affects Firefox 32 and later)
- icedove <not-affected> (Only affects Firefox 32 and later)
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1581
- RESERVED
+CVE-2014-1581 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1580
- RESERVED
+CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory for ...)
- iceweasel <not-affected> (Only affects Firefox 32 and later)
- icedove <not-affected> (Only affects Firefox 32 and later)
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
CVE-2014-1579
RESERVED
-CVE-2014-1578 [Out-of-bounds write with WebM video]
- RESERVED
+CVE-2014-1578 (The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
@@ -16086,44 +16507,40 @@
[squeeze] - libvpx <not-affected> (vp9 codec not yet present)
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
NOTE: https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba
-CVE-2014-1577
- RESERVED
+CVE-2014-1577 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1576
- RESERVED
+CVE-2014-1576 (Heap-based buffer overflow in the nsTransformedTextRun function in ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1575
- RESERVED
+CVE-2014-1575 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 32 and later)
- icedove <not-affected> (Only affects Firefox 32 and later)
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1574
- RESERVED
+CVE-2014-1574 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-3050-1}
- iceweasel 31.2.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1573 [Cross-Site Scripting]
- RESERVED
+CVE-2014-1573 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before ...)
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
[squeeze] - bugzilla <end-of-life>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
-CVE-2014-1572 [incorrect filtering on realname parameter]
- RESERVED
+CVE-2014-1572 (The confirm_create_account function in the account-creation feature in ...)
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
[squeeze] - bugzilla <end-of-life>
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
-CVE-2014-1571 [Information Leak]
- RESERVED
+CVE-2014-1571 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before ...)
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
[squeeze] - bugzilla <end-of-life>
@@ -18474,14 +18891,14 @@
RESERVED
CVE-2014-0573
RESERVED
-CVE-2014-0572
- RESERVED
-CVE-2014-0571
- RESERVED
-CVE-2014-0570
- RESERVED
-CVE-2014-0569
- RESERVED
+CVE-2014-0572 (Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 ...)
+ TODO: check
+CVE-2014-0571 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 ...)
+ TODO: check
+CVE-2014-0570 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion ...)
+ TODO: check
+CVE-2014-0569 (Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and ...)
+ TODO: check
CVE-2014-0568 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
NOT-FOR-US: Adobe Reader
CVE-2014-0567 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
@@ -18490,8 +18907,8 @@
NOT-FOR-US: Adobe Reader
CVE-2014-0565 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
NOT-FOR-US: Adobe Reader
-CVE-2014-0564
- RESERVED
+CVE-2014-0564 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before ...)
+ TODO: check
CVE-2014-0563 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
NOT-FOR-US: Adobe Reader
CVE-2014-0562 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
@@ -18502,8 +18919,8 @@
NOT-FOR-US: Adobe Reader
CVE-2014-0559 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0558
- RESERVED
+CVE-2014-0558 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before ...)
+ TODO: check
CVE-2014-0557 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0556 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...)
@@ -27232,8 +27649,7 @@
- gitlab <itp> (bug #651606)
CVE-2013-4489 (The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x ...)
- gitlab <itp> (bug #651606)
-CVE-2013-4488
- RESERVED
+CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL ...)
- libgadu <unfixed> (unimportant)
NOTE: Intentional design decision
CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in ...)
More information about the Secure-testing-commits
mailing list