[Secure-testing-commits] r29032 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Sep 25 09:14:21 UTC 2014
Author: joeyh
Date: 2014-09-25 09:14:21 +0000 (Thu, 25 Sep 2014)
New Revision: 29032
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-09-25 09:05:39 UTC (rev 29031)
+++ data/CVE/list 2014-09-25 09:14:21 UTC (rev 29032)
@@ -1,3 +1,29 @@
+CVE-2014-7168
+ RESERVED
+CVE-2014-7167
+ RESERVED
+CVE-2014-7166
+ RESERVED
+CVE-2014-7165
+ RESERVED
+CVE-2014-7164
+ RESERVED
+CVE-2014-7163
+ RESERVED
+CVE-2014-7162
+ RESERVED
+CVE-2014-7161
+ RESERVED
+CVE-2014-7160
+ RESERVED
+CVE-2014-7159
+ RESERVED
+CVE-2014-7158
+ RESERVED
+CVE-2014-7157
+ RESERVED
+CVE-2014-7153 (SQL injection vulnerability in the editgallery function in ...)
+ TODO: check
CVE-2014-XXXX [cyassl: RSA Padding check vulnerability]
- cyassl <unfixed>
NOTE: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html
@@ -8,13 +34,16 @@
CVE-2014-XXXX [mediawiki: releases 1.19.19, 1.22.11 and 1.23.4]
- mediawiki <unfixed> (bug #762754)
[squeeze] - mediawiki <end-of-life>
-CVE-2014-7169 [Incomplete fix for CVE-2014-6271]
+CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after ...)
- bash <unfixed> (bug #762760)
CVE-2014-7156 [XSA-106]
+ RESERVED
- xen <unfixed>
CVE-2014-7155 [XSA-105]
+ RESERVED
- xen <unfixed>
CVE-2014-7154 [XSA-104]
+ RESERVED
- xen <unfixed>
CVE-2014-7152
RESERVED
@@ -874,152 +903,152 @@
RESERVED
CVE-2014-6719
RESERVED
-CVE-2014-6718
- RESERVED
-CVE-2014-6717
- RESERVED
-CVE-2014-6716
- RESERVED
-CVE-2014-6715
- RESERVED
-CVE-2014-6714
- RESERVED
-CVE-2014-6713
- RESERVED
-CVE-2014-6712
- RESERVED
-CVE-2014-6711
- RESERVED
-CVE-2014-6710
- RESERVED
-CVE-2014-6709
- RESERVED
-CVE-2014-6708
- RESERVED
-CVE-2014-6707
- RESERVED
-CVE-2014-6706
- RESERVED
-CVE-2014-6705
- RESERVED
-CVE-2014-6704
- RESERVED
-CVE-2014-6703
- RESERVED
-CVE-2014-6702
- RESERVED
-CVE-2014-6701
- RESERVED
-CVE-2014-6700
- RESERVED
-CVE-2014-6699
- RESERVED
-CVE-2014-6698
- RESERVED
-CVE-2014-6697
- RESERVED
-CVE-2014-6696
- RESERVED
-CVE-2014-6695
- RESERVED
-CVE-2014-6694
- RESERVED
-CVE-2014-6693
- RESERVED
-CVE-2014-6692
- RESERVED
-CVE-2014-6691
- RESERVED
-CVE-2014-6690
- RESERVED
-CVE-2014-6689
- RESERVED
-CVE-2014-6688
- RESERVED
-CVE-2014-6687
- RESERVED
-CVE-2014-6686
- RESERVED
-CVE-2014-6685
- RESERVED
-CVE-2014-6684
- RESERVED
-CVE-2014-6683
- RESERVED
-CVE-2014-6682
- RESERVED
-CVE-2014-6681
- RESERVED
-CVE-2014-6680
- RESERVED
-CVE-2014-6679
- RESERVED
-CVE-2014-6678
- RESERVED
-CVE-2014-6677
- RESERVED
-CVE-2014-6676
- RESERVED
-CVE-2014-6675
- RESERVED
-CVE-2014-6674
- RESERVED
-CVE-2014-6673
- RESERVED
-CVE-2014-6672
- RESERVED
-CVE-2014-6671
- RESERVED
-CVE-2014-6670
- RESERVED
-CVE-2014-6669
- RESERVED
-CVE-2014-6668
- RESERVED
-CVE-2014-6667
- RESERVED
-CVE-2014-6666
- RESERVED
-CVE-2014-6665
- RESERVED
-CVE-2014-6664
- RESERVED
-CVE-2014-6663
- RESERVED
-CVE-2014-6662
- RESERVED
-CVE-2014-6661
- RESERVED
-CVE-2014-6660
- RESERVED
-CVE-2014-6659
- RESERVED
-CVE-2014-6658
- RESERVED
-CVE-2014-6657
- RESERVED
-CVE-2014-6656
- RESERVED
-CVE-2014-6655
- RESERVED
-CVE-2014-6654
- RESERVED
-CVE-2014-6653
- RESERVED
-CVE-2014-6652
- RESERVED
-CVE-2014-6651
- RESERVED
-CVE-2014-6650
- RESERVED
-CVE-2014-6649
- RESERVED
-CVE-2014-6648
- RESERVED
-CVE-2014-6647
- RESERVED
-CVE-2014-6646
- RESERVED
+CVE-2014-6718 (The My Mobile Day (aka com.mymobileday) application 1.3 for Android ...)
+ TODO: check
+CVE-2014-6717 (The iTriage Health (aka com.healthagen.iTriage) application 5.29 for ...)
+ TODO: check
+CVE-2014-6716 (The fastin (aka moda.azyae.fastin.net) application 1.0 for Android ...)
+ TODO: check
+CVE-2014-6715 (The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03 ...)
+ TODO: check
+CVE-2014-6714 (The WebMD (aka com.webmd.android) application 3.5 for Android does not ...)
+ TODO: check
+CVE-2014-6713 (The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application ...)
+ TODO: check
+CVE-2014-6712 (The Airlines International (aka org.iata.IAMagazine) application 1.0 ...)
+ TODO: check
+CVE-2014-6711 (The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application ...)
+ TODO: check
+CVE-2014-6710 (The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) ...)
+ TODO: check
+CVE-2014-6709 (The TechRadar News (aka com.techradar.news) application 1.0 for ...)
+ TODO: check
+CVE-2014-6708 (The Sporting Club Uphoria (aka com.sportinginnovations.skc) ...)
+ TODO: check
+CVE-2014-6707 (The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application ...)
+ TODO: check
+CVE-2014-6706 (The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android ...)
+ TODO: check
+CVE-2014-6705 (The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for ...)
+ TODO: check
+CVE-2014-6704 (The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for ...)
+ TODO: check
+CVE-2014-6703 (The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for ...)
+ TODO: check
+CVE-2014-6702 (The StarSat International (aka ...)
+ TODO: check
+CVE-2014-6701 (The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for ...)
+ TODO: check
+CVE-2014-6700 (The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) ...)
+ TODO: check
+CVE-2014-6699 (The Weather Channel (aka com.weather.Weather) application 5.2.0 for ...)
+ TODO: check
+CVE-2014-6698 (The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 ...)
+ TODO: check
+CVE-2014-6697 (The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 ...)
+ TODO: check
+CVE-2014-6696 (The Candy Girl Party Makeover (aka ...)
+ TODO: check
+CVE-2014-6695 (The Wedding Photo Frames-Love Pics (aka ...)
+ TODO: check
+CVE-2014-6694 (The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application ...)
+ TODO: check
+CVE-2014-6693 (The Juiker (aka org.itri) application 3.2.0829.1 for Android does not ...)
+ TODO: check
+CVE-2014-6692 (The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 ...)
+ TODO: check
+CVE-2014-6691 (The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for ...)
+ TODO: check
+CVE-2014-6690 (The InstaMessage - Instagram Chat (aka ...)
+ TODO: check
+CVE-2014-6689 (The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does ...)
+ TODO: check
+CVE-2014-6688 (The Voices.com (aka com.voices.voices) application 1.5 for Android ...)
+ TODO: check
+CVE-2014-6687 (The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 ...)
+ TODO: check
+CVE-2014-6686 (The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 ...)
+ TODO: check
+CVE-2014-6685 (The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 ...)
+ TODO: check
+CVE-2014-6684 (The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android ...)
+ TODO: check
+CVE-2014-6683 (The Open Electrical Webser (aka com.wOpenElectricalWeb) application ...)
+ TODO: check
+CVE-2014-6682 (The w88235ff7bdc2fb574f1789750ea99ed6 (aka ...)
+ TODO: check
+CVE-2014-6681 (The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) ...)
+ TODO: check
+CVE-2014-6680 (The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for ...)
+ TODO: check
+CVE-2014-6679 (The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) ...)
+ TODO: check
+CVE-2014-6678 (The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for ...)
+ TODO: check
+CVE-2014-6677 (The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application ...)
+ TODO: check
+CVE-2014-6676 (The Exercitii pentru abdomen (aka ...)
+ TODO: check
+CVE-2014-6675 (The Ruta Exacta (aka com.rutaexacta.m) application 1.0 for Android ...)
+ TODO: check
+CVE-2014-6674 (The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for ...)
+ TODO: check
+CVE-2014-6673 (The ChallengerTX (aka com.zhtiantian.ChallengerTX) application ...)
+ TODO: check
+CVE-2014-6672 (The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 ...)
+ TODO: check
+CVE-2014-6671 (The World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) ...)
+ TODO: check
+CVE-2014-6670 (The SingaporeMotherhood Forum (aka ...)
+ TODO: check
+CVE-2014-6669 (The Inside Crochet (aka com.magazinecloner.insidecrochet) application ...)
+ TODO: check
+CVE-2014-6668 (The African Radios Live (aka com.nana.africanradioslive) application ...)
+ TODO: check
+CVE-2014-6667 (The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 ...)
+ TODO: check
+CVE-2014-6666 (The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for ...)
+ TODO: check
+CVE-2014-6665 (The Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application ...)
+ TODO: check
+CVE-2014-6664 (The Latin Angels Music HD (aka com.applizards.lafreetj) application ...)
+ TODO: check
+CVE-2014-6663 (The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) ...)
+ TODO: check
+CVE-2014-6662 (The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application ...)
+ TODO: check
+CVE-2014-6661 (The netease movie (aka com.netease.movie) application 4.7.2 for ...)
+ TODO: check
+CVE-2014-6660 (The Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application ...)
+ TODO: check
+CVE-2014-6659 (The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 ...)
+ TODO: check
+CVE-2014-6658 (The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for ...)
+ TODO: check
+CVE-2014-6657 (The Leadership Newspapers (aka com.LeadershipNewspapers) application ...)
+ TODO: check
+CVE-2014-6656 (The drareym (aka com.drareym) application 0.1 for Android does not ...)
+ TODO: check
+CVE-2014-6655 (The Tortoise Forum (aka org.tortoiseforum.android.forumrunner) ...)
+ TODO: check
+CVE-2014-6654 (The wTrootrooTvIzle (aka com.wTrootrooTvIzle) application 0.1 for ...)
+ TODO: check
+CVE-2014-6653 (The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for ...)
+ TODO: check
+CVE-2014-6652 (The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for ...)
+ TODO: check
+CVE-2014-6651 (The Planet of the Vapes Forum (aka ...)
+ TODO: check
+CVE-2014-6650 (The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) ...)
+ TODO: check
+CVE-2014-6649 (The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) ...)
+ TODO: check
+CVE-2014-6648 (The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 ...)
+ TODO: check
+CVE-2014-6647 (The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for ...)
+ TODO: check
+CVE-2014-6646 (The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 ...)
+ TODO: check
CVE-2014-6645 (The Batch library for Android does not verify X.509 certificates from ...)
TODO: check
CVE-2014-6644
@@ -1868,8 +1897,7 @@
- apt 1.0.3
CVE-2014-6272
RESERVED
-CVE-2014-6271
- RESERVED
+CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function ...)
{DSA-3032-1 DLA-59-1}
- bash 4.3-9.1
CVE-2014-6267
@@ -2284,8 +2312,8 @@
RESERVED
CVE-2014-6092
RESERVED
-CVE-2014-6091
- RESERVED
+CVE-2014-6091 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
+ TODO: check
CVE-2014-6090
RESERVED
CVE-2014-6089
@@ -3716,8 +3744,7 @@
RESERVED
CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations ...)
NOT-FOR-US: JobScheduler
-CVE-2014-5392
- RESERVED
+CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before ...)
NOT-FOR-US: JobScheduler
CVE-2014-5391 (Cross-site scripting (XSS) vulnerability in the JobScheduler ...)
NOT-FOR-US: JobScheduler
@@ -3908,8 +3935,8 @@
RESERVED
CVE-2014-5324
RESERVED
-CVE-2014-5323
- RESERVED
+CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) ...)
+ TODO: check
CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
TODO: check
CVE-2014-5321 (FileMaker Pro before 13 and Pro Advanced before 13 does not verify ...)
@@ -4918,8 +4945,8 @@
NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
CVE-2014-4974
RESERVED
-CVE-2014-4973
- RESERVED
+CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the ...)
+ TODO: check
CVE-2014-4972
RESERVED
CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ...)
@@ -5242,8 +5269,8 @@
RESERVED
CVE-2014-4817
RESERVED
-CVE-2014-4816
- RESERVED
+CVE-2014-4816 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
+ TODO: check
CVE-2014-4815
RESERVED
CVE-2014-4814
@@ -5334,8 +5361,8 @@
RESERVED
CVE-2014-4771
RESERVED
-CVE-2014-4770
- RESERVED
+CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
+ TODO: check
CVE-2014-4769
RESERVED
CVE-2014-4768
@@ -5370,8 +5397,8 @@
RESERVED
CVE-2014-4753
RESERVED
-CVE-2014-4752
- RESERVED
+CVE-2014-4752 (IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, ...)
+ TODO: check
CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
NOT-FOR-US: IBM Security Access Manager
CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP ...)
@@ -7949,7 +7976,7 @@
CVE-2014-3660
RESERVED
CVE-2014-3659
- RESERVED
+ REJECTED
CVE-2014-3658
RESERVED
CVE-2014-3657
@@ -7994,18 +8021,15 @@
RESERVED
- qemu <unfixed> (bug #762532)
- qemu-kvm <removed>
-CVE-2014-3639
- RESERVED
+CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919
-CVE-2014-3638
- RESERVED
+CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in D-Bus ...)
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053
-CVE-2014-3637
- RESERVED
+CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does ...)
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80559
@@ -8014,8 +8038,7 @@
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=82820
-CVE-2014-3635
- RESERVED
+CVE-2014-3635 (Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x ...)
{DSA-3026-1}
- dbus 1.8.8-1
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=83622
@@ -8150,8 +8173,7 @@
CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ...)
- axis <unfixed> (low; bug #762444)
NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
-CVE-2014-3595
- RESERVED
+CVE-2014-3595 (Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, ...)
NOT-FOR-US: Red Hat Satellite
CVE-2014-3594 (Cross-site scripting (XSS) vulnerability in the Host Aggregates ...)
- horizon 2014.1.2-3 (bug #758930)
@@ -8873,8 +8895,8 @@
RESERVED
CVE-2014-3381
RESERVED
-CVE-2014-3380
- RESERVED
+CVE-2014-3380 (Cisco Unified Communications Domain Manager Platform Software 4.4(.3) ...)
+ TODO: check
CVE-2014-3379 (Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 ...)
TODO: check
CVE-2014-3378 (tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to ...)
@@ -9604,18 +9626,18 @@
RESERVED
CVE-2014-3107
RESERVED
-CVE-2014-3106
- RESERVED
-CVE-2014-3105
- RESERVED
-CVE-2014-3104
- RESERVED
-CVE-2014-3103
- RESERVED
+CVE-2014-3106 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, ...)
+ TODO: check
+CVE-2014-3105 (The OSLC integration feature in the Web component in IBM Rational ...)
+ TODO: check
+CVE-2014-3104 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, ...)
+ TODO: check
+CVE-2014-3103 (The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, ...)
+ TODO: check
CVE-2014-3102 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 ...)
NOT-FOR-US: IBM WebSphere
-CVE-2014-3101
- RESERVED
+CVE-2014-3101 (The login form in the Web component in IBM Rational ClearQuest 7.1 ...)
+ TODO: check
CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...)
NOT-FOR-US: Android service KeyStore
CVE-2014-3099
@@ -9636,8 +9658,8 @@
NOT-FOR-US: IBM
CVE-2014-3091
RESERVED
-CVE-2014-3090
- RESERVED
+CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...)
+ TODO: check
CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) ...)
NOT-FOR-US: IBM Rational Directory Server
CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client ...)
@@ -13819,6 +13841,7 @@
RESERVED
CVE-2014-1568 [certificate forgery possible]
RESERVED
+ {DSA-3033-1}
- nss 2:3.17.1-1
- iceweasel <not-affected> (uses system nss)
- icedove <not-affected> (uses system nss)
@@ -16346,8 +16369,7 @@
CVE-2014-0485 (S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which ...)
{DSA-3013-1}
- s3ql 2.10.1+dfsg-4 (high)
-CVE-2014-0484
- RESERVED
+CVE-2014-0484 (The Debian acpi-support package before 0.140-5+deb7u3 allows local ...)
{DSA-3020-1 DLA-49-1}
- acpi-support 0.142-4
CVE-2014-0483 (The administrative interface (contrib.admin) in Django before 1.4.14, ...)
@@ -39346,8 +39368,8 @@
RESERVED
CVE-2012-5701
RESERVED
-CVE-2012-5700
- RESERVED
+CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...)
+ TODO: check
CVE-2012-5699
RESERVED
CVE-2012-5698
More information about the Secure-testing-commits
mailing list