[Secure-testing-commits] r29746 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Oct 30 21:14:12 UTC 2014
Author: joeyh
Date: 2014-10-30 21:14:12 +0000 (Thu, 30 Oct 2014)
New Revision: 29746
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-30 21:01:31 UTC (rev 29745)
+++ data/CVE/list 2014-10-30 21:14:12 UTC (rev 29746)
@@ -1,3 +1,99 @@
+CVE-2014-8538 (The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for ...)
+ TODO: check
+CVE-2014-8537 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
+ TODO: check
+CVE-2014-8536 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
+ TODO: check
+CVE-2014-8535 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
+ TODO: check
+CVE-2014-8534 (Unspecified vulnerability in the login form in McAfee Network Data ...)
+ TODO: check
+CVE-2014-8533 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote ...)
+ TODO: check
+CVE-2014-8532 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
+ TODO: check
+CVE-2014-8531 (The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) ...)
+ TODO: check
+CVE-2014-8530 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
+ TODO: check
+CVE-2014-8529 (McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH ...)
+ TODO: check
+CVE-2014-8528 (McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session ...)
+ TODO: check
+CVE-2014-8527 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local ...)
+ TODO: check
+CVE-2014-8526 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local ...)
+ TODO: check
+CVE-2014-8525 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include ...)
+ TODO: check
+CVE-2014-8524 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable ...)
+ TODO: check
+CVE-2014-8523 (Cross-site request forgery (CSRF) vulnerability in McAfee Network Data ...)
+ TODO: check
+CVE-2014-8522 (The MySQL database in McAfee Network Data Loss Prevention (NDLP) ...)
+ TODO: check
+CVE-2014-8521 (Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss ...)
+ TODO: check
+CVE-2014-8520 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote ...)
+ TODO: check
+CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
+ TODO: check
+CVE-2014-8518 (The (1) Removable Media or (2) CD and DVD encryption offsite access ...)
+ TODO: check
+CVE-2014-8516
+ RESERVED
+CVE-2014-8515
+ RESERVED
+CVE-2014-8514
+ RESERVED
+CVE-2014-8513
+ RESERVED
+CVE-2014-8512
+ RESERVED
+CVE-2014-8511
+ RESERVED
+CVE-2014-8510
+ RESERVED
+CVE-2014-8509
+ RESERVED
+CVE-2014-8508
+ RESERVED
+CVE-2014-8507
+ RESERVED
+CVE-2014-8506 (Multiple SQL injection vulnerabilities in Etiko CMS allow remote ...)
+ TODO: check
+CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
+ TODO: check
+CVE-2014-8504
+ RESERVED
+CVE-2014-8503
+ RESERVED
+CVE-2014-8502
+ RESERVED
+CVE-2014-8501
+ RESERVED
+CVE-2014-8500
+ RESERVED
+CVE-2014-8499
+ RESERVED
+CVE-2014-8498
+ RESERVED
+CVE-2014-8497
+ RESERVED
+CVE-2014-8496
+ RESERVED
+CVE-2014-8495
+ RESERVED
+CVE-2014-8494
+ RESERVED
+CVE-2014-8493
+ RESERVED
+CVE-2014-8492
+ RESERVED
+CVE-2014-8491
+ RESERVED
+CVE-2014-8490
+ RESERVED
CVE-2014-XXXX [code execution]
- lsyncd <unfixed> (bug #767227)
NOTE: https://github.com/axkibe/lsyncd/issues/220
@@ -7,6 +103,7 @@
NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
TODO: check affected releases
CVE-2014-8517 [ftp(1) can be made execute arbitrary commands by malicious webserver]
+ RESERVED
- tnftp <unfixed> (low; bug #767171)
[wheezy] - tnftp <no-dsa> (Minor issue)
[squeeze] - tnftp <no-dsa> (Minor issue)
@@ -420,8 +517,7 @@
CVE-2014-8328
RESERVED
NOT-FOR-US: TYPO3 extension dce
-CVE-2014-8327
- RESERVED
+CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions ...)
NOT-FOR-US: TYPO3 extension fal_sftp
CVE-2014-8326 [PMASA-2014-12 XSS vulnerabilities in SQL debug output and server monitor page.]
RESERVED
@@ -1383,8 +1479,7 @@
RESERVED
CVE-2014-7878
RESERVED
-CVE-2014-7877
- RESERVED
+CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
NOT-FOR-US: HP-UX
CVE-2014-7876
RESERVED
@@ -5278,8 +5373,8 @@
TODO: check
CVE-2014-6150
RESERVED
-CVE-2014-6149
- RESERVED
+CVE-2014-6149 (Directory traversal vulnerability in BIRT-viewer in IBM Tivoli ...)
+ TODO: check
CVE-2014-6148
RESERVED
CVE-2014-6147
@@ -5324,10 +5419,10 @@
RESERVED
CVE-2014-6127
RESERVED
-CVE-2014-6126
- RESERVED
-CVE-2014-6125
- RESERVED
+CVE-2014-6126 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
+ TODO: check
+CVE-2014-6125 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
+ TODO: check
CVE-2014-6124
RESERVED
CVE-2014-6123
@@ -6522,7 +6617,8 @@
NOT-FOR-US: Honolulu (aka adidas.jp.android.running.honolulu) application for Android
CVE-2014-5531 (The Abode (aka abode.webview) application 1.7 for Android does not ...)
NOT-FOR-US: Abode (aka abode.webview) application for Android
-CVE-2014-5530 (The Zopim library for Android does not verify X.509 certificates from ...)
+CVE-2014-5530
+ REJECTED
NOT-FOR-US: Zopim library for Android
CVE-2014-5529 (The Gameloft library for Android does not verify X.509 certificates ...)
NOT-FOR-US: Gameloft library for Android
@@ -8241,8 +8337,7 @@
RESERVED
CVE-2014-4878
RESERVED
-CVE-2014-4877 [wget: FTP symlink arbitrary filesystem access]
- RESERVED
+CVE-2014-4877 (Absolute path traversal vulnerability in GNU Wget before 1.16, when ...)
- wget 1.16-1 (bug #766981)
NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
CVE-2014-4876
@@ -8325,8 +8420,8 @@
RESERVED
CVE-2014-4840 (IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 ...)
NOT-FOR-US: IBM TRIRIGA Application Platform
-CVE-2014-4839
- RESERVED
+CVE-2014-4839 (Cross-site request forgery (CSRF) vulnerability in birtviewer.query in ...)
+ TODO: check
CVE-2014-4838 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM ...)
@@ -8361,8 +8456,8 @@
NOT-FOR-US: IBM Security Access Manager
CVE-2014-4822 (IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and ...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2014-4821
- RESERVED
+CVE-2014-4821 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
CVE-2014-4820 (Cross-site scripting (XSS) vulnerability in IBM Integration Bus ...)
NOT-FOR-US: IBM
CVE-2014-4819 (The web user interface in IBM WebSphere Message Broker 8.0 before ...)
@@ -8375,8 +8470,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4815
RESERVED
-CVE-2014-4814
- RESERVED
+CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
CVE-2014-4813
RESERVED
CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...)
@@ -8387,8 +8482,8 @@
RESERVED
CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x ...)
NOT-FOR-US: IBM Security Access Manager
-CVE-2014-4808
- RESERVED
+CVE-2014-4808 (Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through ...)
+ TODO: check
CVE-2014-4807
RESERVED
CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x before ...)
@@ -8969,8 +9064,8 @@
NOT-FOR-US: WordPress plugin wphotfiles
CVE-2014-4587 (Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap ...)
NOT-FOR-US: WordPress plugin WP GuestMap
-CVE-2014-4586
- RESERVED
+CVE-2014-4586 (Multiple cross-site scripting (XSS) vulnerabilities in the wp-football ...)
+ TODO: check
CVE-2014-4585 (Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin ...)
NOT-FOR-US: WordPress plugin WP-FaceThumb
CVE-2014-4584 (Cross-site scripting (XSS) vulnerability in admin/editFacility.php in ...)
@@ -10224,8 +10319,8 @@
RESERVED
CVE-2014-4024
RESERVED
-CVE-2014-4023
- RESERVED
+CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...)
+ TODO: check
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, ...)
- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
CVE-2014-4019
@@ -10423,10 +10518,10 @@
RESERVED
CVE-2014-3957
RESERVED
-CVE-2014-3955
- RESERVED
-CVE-2014-3954
- RESERVED
+CVE-2014-3955 (routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to ...)
+ TODO: check
+CVE-2014-3954 (Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 ...)
+ TODO: check
CVE-2014-3953 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 ...)
- kfreebsd-8 <removed>
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
@@ -10989,8 +11084,7 @@
CVE-2014-3712
RESERVED
NOT-FOR-US: Katello
-CVE-2014-3711 [memory leak in sandboxed namei lookup]
- RESERVED
+CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...)
- kfreebsd-9 <removed> (bug #766275)
- kfreebsd-10 <unfixed> (bug #766278)
NOTE: for kfreebsd-10 in experimental already fixed in 10.1~svn273581-1, check once enters unstable
@@ -11031,26 +11125,21 @@
RESERVED
CVE-2014-3699
RESERVED
-CVE-2014-3698
- RESERVED
+CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol ...)
{DSA-3055-1}
- pidgin 2.10.10-1
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
-CVE-2014-3697
- RESERVED
+CVE-2014-3697 (Absolute path traversal vulnerability in the untar_block function in ...)
- pidgin <not-affected> (Windows specific)
-CVE-2014-3696
- RESERVED
+CVE-2014-3696 (nmevent.c in the Novell GroupWise protocol plugin in libpurple in ...)
{DSA-3055-1}
- pidgin 2.10.10-1
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
-CVE-2014-3695
- RESERVED
+CVE-2014-3695 (markup.c in the MXit protocol plugin in libpurple in Pidgin before ...)
{DSA-3055-1}
- pidgin 2.10.10-1
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
-CVE-2014-3694
- RESERVED
+CVE-2014-3694 (The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL ...)
{DSA-3055-1}
- pidgin 2.10.10-1
[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
@@ -11132,16 +11221,13 @@
RESERVED
CVE-2014-3671
REJECTED
-CVE-2014-3670
- RESERVED
+CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in ...)
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68113
-CVE-2014-3669
- RESERVED
+CVE-2014-3669 (Integer overflow in the object_custom function in ...)
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68044
-CVE-2014-3668
- RESERVED
+CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime ...)
- php5 5.6.2+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=68027
CVE-2014-3667 (CloudBees Jenkins before 1.583 and LTS before 1.565.3 does not ...)
@@ -12361,8 +12447,8 @@
NOT-FOR-US: Cisco NX-OS
CVE-2014-3294 (Cisco WebEx Meeting Server does not properly restrict the content of ...)
NOT-FOR-US: Cisco WebEx Meeting Server
-CVE-2014-3293
- RESERVED
+CVE-2014-3293 (Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to ...)
+ TODO: check
CVE-2014-3292 (The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3291 (Cisco Wireless LAN Controller (WLC) devices allow remote attackers to ...)
@@ -13063,8 +13149,8 @@
NOT-FOR-US: IBM ISAM
CVE-2014-3052 (The reverse-proxy feature in IBM Security Access Manager (ISAM) for ...)
NOT-FOR-US: IBM ISAM
-CVE-2014-3051
- RESERVED
+CVE-2014-3051 (The Internet Service Monitor (ISM) agent in IBM Tivoli Composite ...)
+ TODO: check
CVE-2014-3050 (IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before ...)
NOT-FOR-US: IBM Rational Team Concert
CVE-2014-3049
@@ -43274,8 +43360,7 @@
- tiff3 3.9.6-10
NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
-CVE-2012-5580 [libproxy: format string issue]
- RESERVED
+CVE-2012-5580 (Format string vulnerability in the print_proxies function in ...)
- libproxy 0.3.1-4 (low)
[squeeze] - libproxy <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=791086
@@ -54955,8 +55040,7 @@
[squeeze] - gallery2 <no-dsa> (Minor issue)
CVE-2012-1112 (Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier ...)
NOT-FOR-US: OpenRealty CMS not in Debian
-CVE-2012-1111
- RESERVED
+CVE-2012-1111 (lightdm before 1.0.9 does not properly close file descriptors before ...)
- lightdm 1.0.9-1 (bug #658678)
CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and ...)
NOT-FOR-US: etano not in Debian
@@ -57129,8 +57213,8 @@
RESERVED
CVE-2003-1600
RESERVED
-CVE-2003-1599
- RESERVED
+CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in ...)
+ TODO: check
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ...)
- wordpress 1.0.1-1
CVE-2002-2444 [snoopy: Security hole in exec cURL]
@@ -57877,8 +57961,7 @@
CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5077 [quake3 reflective UDP denial of service]
- RESERVED
+CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, ...)
{DSA-2442-1}
- openarena 0.8.5-6 (medium; bug #665656)
- ioquake3 <not-affected> (fixed before upload)
@@ -64993,8 +65076,7 @@
CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x ...)
{DSA-2285-1}
- mapserver 6.0.1-1
-CVE-2011-2702 [eglibc signedness vulnerability in ssse3 optimizations]
- RESERVED
+CVE-2011-2702 (Integer signedness error in Glibc before 2.13 and eglibc before 2.13, ...)
- eglibc 2.13-10
[squeeze] - eglibc <not-affected> (ssse3 optimizations not included in squeeze version)
- glibc <not-affected> (ssse3 optimizations not included)
More information about the Secure-testing-commits
mailing list