[Secure-testing-commits] r31982 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Thu Feb 5 09:13:04 UTC 2015
Author: sectracker
Date: 2015-02-05 09:13:01 +0000 (Thu, 05 Feb 2015)
New Revision: 31982
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-05 08:41:39 UTC (rev 31981)
+++ data/CVE/list 2015-02-05 09:13:01 UTC (rev 31982)
@@ -1,3 +1,83 @@
+CVE-2015-1471
+ RESERVED
+CVE-2015-1470
+ RESERVED
+CVE-2015-1469 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
+ TODO: check
+CVE-2015-1468
+ RESERVED
+CVE-2015-1467
+ RESERVED
+CVE-2015-1466
+ RESERVED
+CVE-2015-1464
+ RESERVED
+CVE-2015-1463 (ClamAV before 0.98.6 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2015-1462 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
+ TODO: check
+CVE-2015-1461 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
+ TODO: check
+CVE-2015-1460 (Huawei Quidway switches with firmware before V200R005C00SPC300 allows ...)
+ TODO: check
+CVE-2015-1459 (Cross-site scripting (XSS) vulnerability in Fortinet ...)
+ TODO: check
+CVE-2015-1458 (Fortinet FortiAuthenticator 3.0.0 allows local users to bypass ...)
+ TODO: check
+CVE-2015-1457 (Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary ...)
+ TODO: check
+CVE-2015-1456 (Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and ...)
+ TODO: check
+CVE-2015-1455 (Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the ...)
+ TODO: check
+CVE-2015-1454 (Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and ...)
+ TODO: check
+CVE-2015-1453 (The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a ...)
+ TODO: check
+CVE-2015-1452 (The Control and Provisioning of Wireless Access Points (CAPWAP) daemon ...)
+ TODO: check
+CVE-2015-1451 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...)
+ TODO: check
+CVE-2015-1450 (SQL injection vulnerability in Restaurant Biller allows remote ...)
+ TODO: check
+CVE-2015-1449 (Buffer overflow in the integrated web server on Siemens Ruggedcom ...)
+ TODO: check
+CVE-2015-1448 (The integrated management service on Siemens Ruggedcom WIN51xx devices ...)
+ TODO: check
+CVE-2015-1447
+ RESERVED
+CVE-2015-1446
+ RESERVED
+CVE-2015-1445
+ RESERVED
+CVE-2015-1444
+ RESERVED
+CVE-2015-1443
+ RESERVED
+CVE-2015-1442
+ RESERVED
+CVE-2015-1440
+ RESERVED
+CVE-2015-1439
+ RESERVED
+CVE-2015-1438
+ RESERVED
+CVE-2015-1437
+ RESERVED
+CVE-2015-1436
+ RESERVED
+CVE-2015-1435
+ RESERVED
+CVE-2015-1434
+ RESERVED
+CVE-2015-1429
+ RESERVED
+CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow ...)
+ TODO: check
+CVE-2015-1427
+ RESERVED
+CVE-2015-1426
+ RESERVED
CVE-2015-XXXX [MDL-48980 Security: Always clean the result from min_get_slash_argument]
- moodle 2.7.5+dfsg-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
@@ -30,17 +110,20 @@
- imagemagick 8:6.8.9.9-4 (bug #773834)
NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2014/12/24/1
CVE-2015-1465 [net: DoS due to routing packets to too many different dsts/too fast]
+ RESERVED
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.16)
- linux-2.6 <not-affected> (Introduced in 3.16)
NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7)
NOTE: http://www.openwall.com/lists/oss-security/2015/02/02/2
CVE-2015-1473 [ risk-management error]
+ RESERVED
- glibc <unfixed>
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
TODO: check, possibly introduced by fix for https://sourceware.org/bugzilla/show_bug.cgi?id=13138
CVE-2015-1472 [incorrect second argument to realloc leads to a buffer overflow]
+ RESERVED
- glibc <unfixed>
- eglibc <removed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
@@ -48,24 +131,27 @@
CVE-2015-XXXX [Infinite loop in patch]
- patch 2.7.4-1 (bug #776271)
NOTE: Different from CVE-2014-9637
-CVE-2015-1441 [SQL Injection vulnerability]
+CVE-2015-1441 (SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before ...)
- piwigo <removed>
NOTE: http://piwigo.org/releases/2.7.3
-CVE-2015-1433 [roundcube: XSS]
+CVE-2015-1433 (program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...)
- roundcube 0.9.5+dfsg1-4.2 (low; bug #776700)
[wheezy] - roundcube <no-dsa> (Minor issue)
[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2015-1432 [phpbb3: CSRF]
+ RESERVED
- phpbb3 3.0.12-4 (low; bug #776699)
[wheezy] - phpbb3 <no-dsa> (Minor issue)
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
CVE-2015-1431 [phpbb3: css injection]
+ RESERVED
- phpbb3 3.0.12-4 (low; bug #776699)
[wheezy] - phpbb3 <no-dsa> (Minor issue)
[squeeze] - phpbb3 <no-dsa> (Minor issue)
NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
CVE-2015-1430 [buffer overrun in acknowledge.c(gi)]
+ RESERVED
- xymon 4.3.17-5 (low; bug #776007)
[squeeze] - xymon <not-affected> (Vulnerable code not present)
[wheezy] - xymon <not-affected> (Vulnerable code not present)
@@ -124,8 +210,8 @@
RESERVED
CVE-2015-1406
RESERVED
-CVE-2015-1400
- RESERVED
+CVE-2015-1400 (SQL injection vulnerability in search.php in NPDS Revolution 13 allows ...)
+ TODO: check
CVE-2015-1399
RESERVED
CVE-2015-1398
@@ -135,8 +221,7 @@
CVE-2015-1394
RESERVED
NOT-FOR-US: WordPress plugin photo-gallery
-CVE-2015-1393
- RESERVED
+CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 ...)
NOT-FOR-US: WordPress plugin photo-gallery
CVE-2015-1392
RESERVED
@@ -150,13 +235,11 @@
RESERVED
CVE-2015-1387
RESERVED
-CVE-2015-1385
- RESERVED
+CVE-2015-1385 (Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress ...)
NOT-FOR-US: WordPress plugin powerpress
-CVE-2015-1384
- RESERVED
-CVE-2015-1383
- RESERVED
+CVE-2015-1384 (Cross-site scripting (XSS) vulnerability in the Banner Effect Header ...)
+ TODO: check
+CVE-2015-1383 (Cross-site scripting (XSS) vulnerability in the geo search widget in ...)
NOT-FOR-US: WordPress plugin geo-mashup
CVE-2015-1376 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...)
NOT-FOR-US: WordPress plugin Pixabay Images
@@ -192,8 +275,8 @@
TODO: check
CVE-2015-1358
RESERVED
-CVE-2015-1357
- RESERVED
+CVE-2015-1357 (Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, ...)
+ TODO: check
CVE-2015-1356
RESERVED
CVE-2015-1355
@@ -243,17 +326,13 @@
- linux <unfixed>
- linux-2.6 <not-affected> (Introduced in 2.6.39)
NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
-CVE-2015-1405
- RESERVED
+CVE-2015-1405 (SQL injection vulnerability in the Content Rating Extbase extension ...)
NOT-FOR-US: typo3 extension
-CVE-2015-1404
- RESERVED
+CVE-2015-1404 (Cross-site scripting (XSS) vulnerability in the Content Rating Extbase ...)
NOT-FOR-US: typo3 extension
-CVE-2015-1403
- RESERVED
+CVE-2015-1403 (SQL injection vulnerability in the Content Rating extension 1.0.3 and ...)
NOT-FOR-US: typo3 extension
-CVE-2015-1402
- RESERVED
+CVE-2015-1402 (Cross-site scripting (XSS) vulnerability in the Content Rating ...)
NOT-FOR-US: typo3 extension
CVE-2015-1401
RESERVED
@@ -273,8 +352,8 @@
RESERVED
CVE-2015-1349
RESERVED
-CVE-2015-1348
- RESERVED
+CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...)
+ TODO: check
CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...)
NOT-FOR-US: osTicket
CVE-2015-1344
@@ -357,8 +436,8 @@
RESERVED
CVE-2014-9641
RESERVED
-CVE-2014-9633
- RESERVED
+CVE-2014-9633 (The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote ...)
+ TODO: check
CVE-2014-9632
RESERVED
CVE-2015-1386 [directory traversal]
@@ -366,18 +445,15 @@
- unshield <unfixed> (low; bug #776193)
[wheezy] - unshield <no-dsa> (Minor issue)
[squeeze] - unshield <no-dsa> (Minor issue)
-CVE-2015-1382 [invalid read]
- RESERVED
+CVE-2015-1382 (parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a ...)
{DSA-3145-1 DLA-142-1}
- privoxy 3.0.21-7 (bug #776490)
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
-CVE-2015-1381 [multiple segmentation faults and memory leaks in the pcrs code]
- RESERVED
+CVE-2015-1381 (Multiple unspecified vulnerabilities in pcrs.c in Privoxy before ...)
{DSA-3145-1 DLA-142-1}
- privoxy 3.0.21-7 (bug #776490)
NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
-CVE-2015-1380 [DoS]
- RESERVED
+CVE-2015-1380 (jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a ...)
- privoxy 3.0.21-7 (bug #776490)
[wheezy] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
[squeeze] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
@@ -1021,8 +1097,8 @@
NOT-FOR-US: PHPKIT
CVE-2015-1050 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application ...)
NOT-FOR-US: F5 BIG-IP Application Security Manager
-CVE-2015-1049
- RESERVED
+CVE-2015-1049 (The web server on Siemens SCALANCE X-200IRT switches with firmware ...)
+ TODO: check
CVE-2015-1205 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 40.0.2214.91-1
[wheezy] - chromium-browser <end-of-life>
@@ -1453,16 +1529,16 @@
RESERVED
CVE-2015-0931
RESERVED
-CVE-2015-0930
- RESERVED
-CVE-2015-0929
- RESERVED
+CVE-2015-0930 (The web interface on SerVision HVG Video Gateway devices with firmware ...)
+ TODO: check
+CVE-2015-0929 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
+ TODO: check
CVE-2015-0928
RESERVED
CVE-2015-0927
RESERVED
-CVE-2015-0926
- RESERVED
+CVE-2015-0926 (Labtech before 100.237 on Linux uses world-writable permissions for ...)
+ TODO: check
CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote ...)
NOT-FOR-US: iPass Open Mobile
CVE-2015-0924 (Ceragon FiberAir IP-10 bridges have a default password for the root ...)
@@ -1840,16 +1916,16 @@
RESERVED
CVE-2015-0871
RESERVED
-CVE-2015-0870
- RESERVED
-CVE-2015-0869
- RESERVED
-CVE-2015-0868
- RESERVED
+CVE-2015-0870 (Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory ...)
+ TODO: check
+CVE-2015-0869 (I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a ...)
+ TODO: check
+CVE-2015-0868 (Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI ...)
+ TODO: check
CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI ...)
NOT-FOR-US: SYNCK GRAPHICA Download Log CGI
-CVE-2015-0866
- RESERVED
+CVE-2015-0866 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ...)
+ TODO: check
CVE-2015-0865
RESERVED
CVE-2015-0864
@@ -2383,16 +2459,16 @@
RESERVED
CVE-2015-0600
RESERVED
-CVE-2015-0599
- RESERVED
+CVE-2015-0599 (The web interface in Cisco Integrated Management Controller in Cisco ...)
+ TODO: check
CVE-2015-0598
RESERVED
-CVE-2015-0597
- RESERVED
-CVE-2015-0596
- RESERVED
-CVE-2015-0595
- RESERVED
+CVE-2015-0597 (The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) ...)
+ TODO: check
+CVE-2015-0596 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
+ TODO: check
+CVE-2015-0595 (The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier ...)
+ TODO: check
CVE-2015-0594
RESERVED
CVE-2015-0593
@@ -2476,8 +2552,8 @@
NOT-FOR-US: VDG Security SENSE
CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote ...)
NOT-FOR-US: VDG Security SENSE
-CVE-2014-9574
- RESERVED
+CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB before ...)
+ TODO: check
CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT before ...)
- mantis <removed>
[wheezy] - mantis <no-dsa> (Minor issue)
@@ -2500,8 +2576,8 @@
NOT-FOR-US: WordPress plugin MyWebsiteAdvisor Simple Security
CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
NOT-FOR-US: SAP NetWeaver Business Client
-CVE-2014-9568
- RESERVED
+CVE-2014-9568 (puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie ...)
+ TODO: check
CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in ...)
NOT-FOR-US: ProjectSend
CVE-2014-9566
@@ -2518,8 +2594,8 @@
NOT-FOR-US: SoftBB
CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB ...)
NOT-FOR-US: SoftBB
-CVE-2014-9559
- RESERVED
+CVE-2014-9559 (Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, ...)
+ TODO: check
CVE-2014-9558
RESERVED
CVE-2014-9557
@@ -3105,8 +3181,7 @@
- emacs23 <not-affected> (Only affects Emacs 24)
NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939
NOTE: Plain bug, security implications rather far-fetched
-CVE-2014-9556 [DoS; infinite loop]
- RESERVED
+CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4 ...)
- libmspack 0.4-2 (bug #773041)
- cabextract 1.4-5 (bug #772891)
[wheezy] - cabextract <no-dsa> (Minor issue)
@@ -3224,8 +3299,8 @@
TODO: check
CVE-2015-0513 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
TODO: check
-CVE-2015-0512
- RESERVED
+CVE-2015-0512 (Open redirect vulnerability in EMC Unisphere Central before 4.0 allows ...)
+ TODO: check
CVE-2015-0511
RESERVED
CVE-2015-0510
@@ -3866,8 +3941,7 @@
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494
CVE-2014-9329
RESERVED
-CVE-2014-9328
- RESERVED
+CVE-2014-9328 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
- clamav 0.98.6+dfsg-1
[wheezy] - clamav <no-dsa> (Updated through stable-updates)
CVE-2014-9327
@@ -4157,8 +4231,8 @@
RESERVED
CVE-2014-9201
RESERVED
-CVE-2014-9200
- RESERVED
+CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM ...)
+ TODO: check
CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...)
TODO: check
CVE-2014-9198 (The FTP server on the Schneider Electric ETG3000 FactoryCast HMI ...)
@@ -4313,8 +4387,7 @@
RESERVED
CVE-2015-0314
RESERVED
-CVE-2015-0313
- RESERVED
+CVE-2015-0313 (Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and ...)
NOT-FOR-US: Adobe Flash
CVE-2015-0312 (Double free vulnerability in Adobe Flash Player before 13.0.0.264 and ...)
NOT-FOR-US: Adobe Flash
@@ -5157,8 +5230,7 @@
- qpid-cpp <unfixed> (bug #772794)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/QPID-6310
-CVE-2015-0223 [anonymous access to qpidd cannot be prevented]
- RESERVED
+CVE-2015-0223 (Unspecified vulnerability in Apache Qpid 0.30 and earlier allows ...)
- qpid-cpp <unfixed> (bug #772794)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
NOTE: https://issues.apache.org/jira/browse/QPID-6325
@@ -5820,8 +5892,8 @@
TODO: check
CVE-2014-8919
RESERVED
-CVE-2014-8918
- RESERVED
+CVE-2014-8918 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not ...)
+ TODO: check
CVE-2014-8917 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
TODO: check
CVE-2014-8916
@@ -6100,8 +6172,8 @@
RESERVED
CVE-2014-8780
RESERVED
-CVE-2014-8779
- RESERVED
+CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...)
+ TODO: check
CVE-2014-8778
RESERVED
CVE-2014-8777
@@ -6390,8 +6462,7 @@
- iceweasel <not-affected> (Only affects Firefox 33)
CVE-2014-8631 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
- iceweasel <not-affected> (Only affects Firefox 33)
-CVE-2014-8630
- RESERVED
+CVE-2014-8630 (Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x ...)
- bugzilla4 <itp> (bug #669643)
- bugzilla <removed>
[squeeze] - bugzilla <end-of-life>
@@ -6420,8 +6491,7 @@
RESERVED
CVE-2014-8614
RESERVED
-CVE-2014-8613 [SCTP stream reset vulnerability]
- RESERVED
+CVE-2014-8613 (The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before ...)
- kfreebsd-10 10.1~svn274115-2 (bug #776416)
- kfreebsd-9 <removed>
[wheezy] - kfreebsd-9 9.0-10+deb70.8
@@ -6429,8 +6499,7 @@
- kfreebsd-8 <removed>
[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
NOTE: https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc
-CVE-2014-8612 [SCTP kernel mem disclosure/corruption]
- RESERVED
+CVE-2014-8612 (Multiple array index errors in the Stream Control Transmission ...)
[experimental] - kfreebsd-11 <unfixed>
- kfreebsd-10 10.1~svn274115-2 (bug #776415)
- kfreebsd-9 <removed>
@@ -7565,12 +7634,12 @@
NOT-FOR-US: BMC Track-It!
CVE-2014-8269 (Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) ...)
NOT-FOR-US: Honeywell OPOS Suite
-CVE-2014-8268
- RESERVED
-CVE-2014-8267
- RESERVED
-CVE-2014-8266
- RESERVED
+CVE-2014-8268 (QPR Portal before 2012.2.1 allows remote attackers to modify or delete ...)
+ TODO: check
+CVE-2014-8267 (Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and ...)
+ TODO: check
+CVE-2014-8266 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2014-8265
RESERVED
CVE-2014-8264
@@ -8243,8 +8312,8 @@
RESERVED
CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity ...)
NOT-FOR-US: Cisco Identity Services Engine
-CVE-2014-8021
- RESERVED
+CVE-2014-8021 (Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure ...)
+ TODO: check
CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows ...)
NOT-FOR-US: Cisco
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
@@ -8259,8 +8328,8 @@
NOT-FOR-US: Cisco
CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Cisco
-CVE-2014-8013
- RESERVED
+CVE-2014-8013 (The TACACS+ command-authorization implementation in Cisco NX-OS allows ...)
+ TODO: check
CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login ...)
NOT-FOR-US: Cisco
CVE-2014-8011
@@ -8618,8 +8687,8 @@
RESERVED
CVE-2014-7883
RESERVED
-CVE-2014-7882
- RESERVED
+CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows ...)
+ TODO: check
CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight ...)
NOT-FOR-US: HP Insight Control
CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP ...)
@@ -9926,11 +9995,10 @@
NOT-FOR-US: Atlas Systems Aeon
CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec ...)
NOT-FOR-US: Symantec Data Center Security
-CVE-2014-7288
- RESERVED
+CVE-2014-7288 (Symantec PGP Universal Server and Encryption Management Server before ...)
NOT-FOR-US: Symantec Encryption Management Server
-CVE-2014-7287
- RESERVED
+CVE-2014-7287 (The key-management component in Symantec PGP Universal Server and ...)
+ TODO: check
CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ...)
NOT-FOR-US: Symantec Deployment Solution
CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance ...)
@@ -9986,16 +10054,16 @@
RESERVED
- sddm <itp> (bug #703519)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
-CVE-2014-7270
- RESERVED
-CVE-2014-7269
- RESERVED
+CVE-2014-7270 (Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U ...)
+ TODO: check
+CVE-2014-7269 (ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and ...)
+ TODO: check
CVE-2014-7268 (Cross-site scripting (XSS) vulnerability in the data-export feature in ...)
NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7267 (Cross-site scripting (XSS) vulnerability in the output-page generator ...)
NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
-CVE-2014-7266
- RESERVED
+CVE-2014-7266 (Algorithmic complexity vulnerability in Cybozu Remote Service Manager ...)
+ TODO: check
CVE-2014-7265 (Cross-site scripting (XSS) vulnerability in LinPHA allows remote ...)
NOT-FOR-US: LinPHA
CVE-2014-7264 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -12647,8 +12715,8 @@
NOT-FOR-US: IBM
CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
NOT-FOR-US: IBM
-CVE-2014-6170
- RESERVED
+CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...)
+ TODO: check
CVE-2014-6169
RESERVED
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
@@ -12705,8 +12773,8 @@
NOT-FOR-US: IBM
CVE-2014-6142
RESERVED
-CVE-2014-6141
- RESERVED
+CVE-2014-6141 (IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, ...)
+ TODO: check
CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before ...)
NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
CVE-2014-6139
@@ -12715,8 +12783,8 @@
NOT-FOR-US: IBM
CVE-2014-6137
RESERVED
-CVE-2014-6136
- RESERVED
+CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports ...)
+ TODO: check
CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
NOT-FOR-US: IBM
CVE-2014-6134
@@ -14367,8 +14435,8 @@
RESERVED
CVE-2014-5361
RESERVED
-CVE-2014-5360
- RESERVED
+CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
+ TODO: check
CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service ...)
NOT-FOR-US: SafeNet Authentication Service
CVE-2014-5358
@@ -16305,8 +16373,7 @@
NOT-FOR-US: EMC Replication Manager and EMC AppSync
CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC ...)
NOT-FOR-US: EMC RSA Archer GRC Platform
-CVE-2014-4632
- RESERVED
+CVE-2014-4632 (VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 ...)
NOT-FOR-US: EMC Avamar
CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when ...)
NOT-FOR-US: RSA Adaptive Authentication
@@ -25929,8 +25996,8 @@
NOT-FOR-US: Lorex
CVE-2014-0999
RESERVED
-CVE-2014-0998
- RESERVED
+CVE-2014-0998 (Integer signedness error in the vt console driver (formerly Newcons) ...)
+ TODO: check
CVE-2014-0997
RESERVED
CVE-2014-0996
More information about the Secure-testing-commits
mailing list