[Secure-testing-commits] r28617 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri Sep 5 21:14:11 UTC 2014
Author: joeyh
Date: 2014-09-05 21:14:11 +0000 (Fri, 05 Sep 2014)
New Revision: 28617
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-05 19:38:05 UTC (rev 28616)
+++ data/CVE/list 2014-09-05 21:14:11 UTC (rev 28617)
@@ -1,3 +1,31 @@
+CVE-2014-6251
+ RESERVED
+CVE-2014-6250
+ RESERVED
+CVE-2014-6249
+ RESERVED
+CVE-2014-6248
+ RESERVED
+CVE-2014-6247
+ RESERVED
+CVE-2014-6246
+ RESERVED
+CVE-2014-6245
+ RESERVED
+CVE-2014-6244
+ RESERVED
+CVE-2014-6243
+ RESERVED
+CVE-2014-6242
+ RESERVED
+CVE-2014-6230
+ RESERVED
+CVE-2014-6229
+ RESERVED
+CVE-2014-6228
+ RESERVED
+CVE-2010-5305
+ RESERVED
CVE-2014-3618 [Heap-overflow in procmail's formail utility when processing specially-crafted email headers]
RESERVED
{DSA-3019-1 DLA-46-1}
@@ -4,26 +32,37 @@
- procmail 3.22-22 (bug #760443)
NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
CVE-2014-6241
+ RESERVED
TODO: check
CVE-2014-6240
+ RESERVED
TODO: check
CVE-2014-6239
+ RESERVED
TODO: check
CVE-2014-6238
+ RESERVED
TODO: check
CVE-2014-6237
+ RESERVED
TODO: check
CVE-2014-6236
+ RESERVED
TODO: check
CVE-2014-6235
+ RESERVED
TODO: check
CVE-2014-6234
+ RESERVED
TODO: check
CVE-2014-6233
+ RESERVED
TODO: check
CVE-2014-6232
+ RESERVED
TODO: check
CVE-2014-6231
+ RESERVED
TODO: check
CVE-2014-6227
RESERVED
@@ -1447,12 +1486,12 @@
RESERVED
CVE-2014-5507
RESERVED
-CVE-2014-5506
- RESERVED
-CVE-2014-5505
- RESERVED
-CVE-2014-5504
- RESERVED
+CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote ...)
+ TODO: check
+CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows remote ...)
+ TODO: check
+CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses "static" credentials, ...)
+ TODO: check
CVE-2014-5503
RESERVED
CVE-2014-5502
@@ -1525,8 +1564,8 @@
RESERVED
CVE-2014-5466
RESERVED
-CVE-2014-5465
- RESERVED
+CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the ...)
+ TODO: check
CVE-2014-5463
RESERVED
CVE-2014-5462
@@ -1771,8 +1810,8 @@
RESERVED
CVE-2014-5378
RESERVED
-CVE-2014-5377
- RESERVED
+CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 ...)
+ TODO: check
CVE-2014-5376
RESERVED
CVE-2014-5375
@@ -1905,9 +1944,8 @@
RESERVED
CVE-2014-5313
RESERVED
-CVE-2014-5461 [possible overflow in vararg functions]
- RESERVED
- {DSA-3016-1 DSA-3015-1}
+CVE-2014-5461 (Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through ...)
+ {DSA-3016-1 DSA-3015-1 DLA-47-1}
- lua50 <undetermined>
- lua5.1 5.1.5-7
- lua5.2 5.2.3-1
@@ -1979,8 +2017,8 @@
RESERVED
CVE-2014-5286
RESERVED
-CVE-2014-5285
- RESERVED
+CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO ...)
+ TODO: check
CVE-2014-5284
RESERVED
CVE-2014-5283
@@ -2127,8 +2165,7 @@
[squeeze] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
- qemu-kvm <not-affected> (Vulnerable code not present)
NOTE: patch http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56
-CVE-2014-5269 [bypass of file access restriction / information disclosure]
- RESERVED
+CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash ...)
- libplack-perl 1.0031-1
NOTE: https://github.com/plack/Plack/issues/405
CVE-2014-5255 [Insecure use of temporary file related to the /tmp/get_infos_dvd.sh]
@@ -2150,8 +2187,7 @@
- libxml-dt-perl 0.66-1 (bug #756566)
[wheezy] - libxml-dt-perl <no-dsa> (Minor issue)
[squeeze] - libxml-dt-perl <not-affected> (Vulnerable code introduced later)
-CVE-2014-6060 [dhcpcd DoS attack]
- RESERVED
+CVE-2014-6060 (The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 ...)
- dhcpcd5 <unfixed> (low)
[wheezy] - dhcpcd5 <no-dsa> (Minor issue)
- dhcpcd <not-affected> (Affects dhcpcd 4.0.0 to 6.4.2)
@@ -3216,8 +3252,8 @@
RESERVED
CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x before ...)
TODO: check
-CVE-2014-4805
- RESERVED
+CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files ...)
+ TODO: check
CVE-2014-4804
RESERVED
CVE-2014-4803
@@ -3308,10 +3344,10 @@
RESERVED
CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-4759
- RESERVED
-CVE-2014-4758
- RESERVED
+CVE-2014-4759 (An unspecified Ajax service in the Content Management toolkit in IBM ...)
+ TODO: check
+CVE-2014-4758 (IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere ...)
+ TODO: check
CVE-2014-4757 (The Outlook Extension in IBM Content Collector 4.0.0.x before ...)
NOT-FOR-US: IBM Content Collector
CVE-2014-4756
@@ -6090,8 +6126,7 @@
RESERVED
CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and ...)
NOT-FOR-US: OpenOffice on Windows
-CVE-2014-3574
- RESERVED
+CVE-2014-3574 (Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote ...)
- libapache-poi-java 3.10.1-1
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
CVE-2014-3573
@@ -6238,8 +6273,7 @@
- foreman <itp> (bug #663101)
CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...)
NOT-FOR-US: PicketLink
-CVE-2014-3529
- RESERVED
+CVE-2014-3529 (The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers ...)
- libapache-poi-java 3.10.1-1
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56164
CVE-2014-3527
@@ -6797,8 +6831,8 @@
RESERVED
CVE-2014-3354
RESERVED
-CVE-2014-3353
- RESERVED
+CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing ...)
+ TODO: check
CVE-2014-3352 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) ...)
TODO: check
CVE-2014-3351 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does ...)
@@ -7452,10 +7486,10 @@
RESERVED
CVE-2014-3096
RESERVED
-CVE-2014-3095
- RESERVED
-CVE-2014-3094
- RESERVED
+CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 ...)
+ TODO: check
+CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through ...)
+ TODO: check
CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext ...)
TODO: check
CVE-2014-3092
@@ -7492,8 +7526,8 @@
RESERVED
CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote ...)
NOT-FOR-US: IBM
-CVE-2014-3075
- RESERVED
+CVE-2014-3075 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
+ TODO: check
CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local ...)
NOT-FOR-US: IBM AIX
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for ...)
@@ -7740,8 +7774,7 @@
NOT-FOR-US: Silver Peak VX
CVE-2014-2973
RESERVED
-CVE-2014-2972
- RESERVED
+CVE-2014-2972 (expand.c in Exim before 4.83 expands mathematical comparisons twice, ...)
- exim4 4.82.1-2 (low)
[squeeze] - exim4 <no-dsa> (Minor issue)
[wheezy] - exim4 <no-dsa> (Minor issue)
@@ -7773,8 +7806,7 @@
NOT-FOR-US: Quantum Scalar
CVE-2014-2958
RESERVED
-CVE-2014-2957
- RESERVED
+CVE-2014-2957 (The dmarc_process function in dmarc.c in Exim before 4.82.1, when ...)
- exim4 4.82.1-1 (unimportant)
[squeeze] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
[wheezy] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
@@ -8570,8 +8602,7 @@
RESERVED
- shaarli 0.0.41~beta~dfsg2-4 (bug #743252)
NOTE: https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
-CVE-2014-2685 [zendframework ZF2014-02]
- RESERVED
+CVE-2014-2685 (The GenericConsumer class in the Consumer component in ZendOpenId ...)
- zendframework 1.12.5-0.1 (bug #743175)
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
@@ -13157,8 +13188,8 @@
NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in Executer ...)
NOT-FOR-US: IBM Algo Credit Limits
-CVE-2014-0863
- RESERVED
+CVE-2014-0863 (The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, ...)
+ TODO: check
CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational ...)
NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
@@ -13784,8 +13815,8 @@
NOT-FOR-US: CastRipper
CVE-2014-0611
RESERVED
-CVE-2014-0610
- RESERVED
+CVE-2014-0610 (The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and ...)
+ TODO: check
CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 ...)
NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0608
@@ -13823,6 +13854,7 @@
CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
NOT-FOR-US: Crowbar
CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
+ {DLA-48-1}
- bind9 1:9.9.5.dfsg-2 (bug #735190)
NOTE: https://kb.isc.org/article/AA-01078
NOTE: https://kb.isc.org/article/AA-01085
@@ -35655,8 +35687,7 @@
RESERVED
CVE-2012-6154
RESERVED
-CVE-2012-6153 [Hostname verification susceptible to MITM attack]
- RESERVED
+CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient ...)
- commons-httpclient 3.1-10.2 (bug #758086)
NOTE: See https://bugs.debian.org/692442#56 and ff.
NOTE: https://svn.apache.org/viewvc?view=revision&revision=1411705
@@ -39533,8 +39564,8 @@
RESERVED
CVE-2012-4769
RESERVED
-CVE-2012-4768
- RESERVED
+CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor ...)
+ TODO: check
CVE-2012-4767
RESERVED
CVE-2012-4766
@@ -41310,8 +41341,8 @@
NOT-FOR-US: Total Shop UK eCommerce
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...)
NOT-FOR-US: Joomla addon
-CVE-2012-4234
- RESERVED
+CVE-2012-4234 (Cross-site scripting (XSS) vulnerability in the group moderation ...)
+ TODO: check
CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and ...)
{DSA-2570-1}
- libreoffice 1:3.5.4+dfsg-3 (low)
@@ -41332,8 +41363,8 @@
RESERVED
CVE-2012-4227
RESERVED
-CVE-2012-4226
- RESERVED
+CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick Post ...)
+ TODO: check
CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows ...)
- nvidia-graphics-drivers 304.37-1 (bug #684781)
- nvidia-graphics-drivers-legacy-173xx 173.14.35-3
More information about the Secure-testing-commits
mailing list