[Secure-testing-commits] r31309 - data/CVE
security tracker role
sectracker at moszumanska.debian.org
Tue Jan 13 21:10:36 UTC 2015
Author: sectracker
Date: 2015-01-13 21:10:36 +0000 (Tue, 13 Jan 2015)
New Revision: 31309
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-13 20:57:03 UTC (rev 31308)
+++ data/CVE/list 2015-01-13 21:10:36 UTC (rev 31309)
@@ -1,3 +1,457 @@
+CVE-2015-1048
+ RESERVED
+CVE-2015-1047
+ RESERVED
+CVE-2015-1046
+ RESERVED
+CVE-2015-1045
+ RESERVED
+CVE-2015-1044
+ RESERVED
+CVE-2015-1043
+ RESERVED
+CVE-2015-1041
+ RESERVED
+CVE-2015-1040
+ RESERVED
+CVE-2015-1039
+ RESERVED
+CVE-2015-1037
+ RESERVED
+CVE-2015-1036
+ RESERVED
+CVE-2015-1035
+ RESERVED
+CVE-2015-1034
+ RESERVED
+CVE-2015-1033
+ RESERVED
+CVE-2015-1032
+ RESERVED
+CVE-2015-1029
+ RESERVED
+CVE-2015-1028
+ RESERVED
+CVE-2015-1027
+ RESERVED
+CVE-2015-1026
+ RESERVED
+CVE-2015-1025
+ RESERVED
+CVE-2015-1024
+ RESERVED
+CVE-2015-1023
+ RESERVED
+CVE-2015-1022
+ RESERVED
+CVE-2015-1021
+ RESERVED
+CVE-2015-1020
+ RESERVED
+CVE-2015-1019
+ RESERVED
+CVE-2015-1018
+ RESERVED
+CVE-2015-1017
+ RESERVED
+CVE-2015-1016
+ RESERVED
+CVE-2015-1015
+ RESERVED
+CVE-2015-1014
+ RESERVED
+CVE-2015-1013
+ RESERVED
+CVE-2015-1012
+ RESERVED
+CVE-2015-1011
+ RESERVED
+CVE-2015-1010
+ RESERVED
+CVE-2015-1009
+ RESERVED
+CVE-2015-1008
+ RESERVED
+CVE-2015-1007
+ RESERVED
+CVE-2015-1006
+ RESERVED
+CVE-2015-1005
+ RESERVED
+CVE-2015-1004
+ RESERVED
+CVE-2015-1003
+ RESERVED
+CVE-2015-1002
+ RESERVED
+CVE-2015-1001
+ RESERVED
+CVE-2015-1000
+ RESERVED
+CVE-2015-0999
+ RESERVED
+CVE-2015-0998
+ RESERVED
+CVE-2015-0997
+ RESERVED
+CVE-2015-0996
+ RESERVED
+CVE-2015-0995
+ RESERVED
+CVE-2015-0994
+ RESERVED
+CVE-2015-0993
+ RESERVED
+CVE-2015-0992
+ RESERVED
+CVE-2015-0991
+ RESERVED
+CVE-2015-0990
+ RESERVED
+CVE-2015-0989
+ RESERVED
+CVE-2015-0988
+ RESERVED
+CVE-2015-0987
+ RESERVED
+CVE-2015-0986
+ RESERVED
+CVE-2015-0985
+ RESERVED
+CVE-2015-0984
+ RESERVED
+CVE-2015-0983
+ RESERVED
+CVE-2015-0982
+ RESERVED
+CVE-2015-0981
+ RESERVED
+CVE-2015-0980
+ RESERVED
+CVE-2015-0979
+ RESERVED
+CVE-2015-0978
+ RESERVED
+CVE-2015-0977
+ RESERVED
+CVE-2015-0976
+ RESERVED
+CVE-2015-0975
+ RESERVED
+CVE-2015-0974
+ RESERVED
+CVE-2015-0972
+ RESERVED
+CVE-2015-0971
+ RESERVED
+CVE-2015-0970
+ RESERVED
+CVE-2015-0969
+ RESERVED
+CVE-2015-0968
+ RESERVED
+CVE-2015-0967
+ RESERVED
+CVE-2015-0966
+ RESERVED
+CVE-2015-0965
+ RESERVED
+CVE-2015-0964
+ RESERVED
+CVE-2015-0963
+ RESERVED
+CVE-2015-0962
+ RESERVED
+CVE-2015-0961
+ RESERVED
+CVE-2015-0960
+ RESERVED
+CVE-2015-0959
+ RESERVED
+CVE-2015-0958
+ RESERVED
+CVE-2015-0957
+ RESERVED
+CVE-2015-0956
+ RESERVED
+CVE-2015-0955
+ RESERVED
+CVE-2015-0954
+ RESERVED
+CVE-2015-0953
+ RESERVED
+CVE-2015-0952
+ RESERVED
+CVE-2015-0951
+ RESERVED
+CVE-2015-0950
+ RESERVED
+CVE-2015-0949
+ RESERVED
+CVE-2015-0948
+ RESERVED
+CVE-2015-0947
+ RESERVED
+CVE-2015-0946
+ RESERVED
+CVE-2015-0945
+ RESERVED
+CVE-2015-0944
+ RESERVED
+CVE-2015-0943
+ RESERVED
+CVE-2015-0942
+ RESERVED
+CVE-2015-0941
+ RESERVED
+CVE-2015-0940
+ RESERVED
+CVE-2015-0939
+ RESERVED
+CVE-2015-0938
+ RESERVED
+CVE-2015-0937
+ RESERVED
+CVE-2015-0936
+ RESERVED
+CVE-2015-0935
+ RESERVED
+CVE-2015-0934
+ RESERVED
+CVE-2015-0933
+ RESERVED
+CVE-2015-0932
+ RESERVED
+CVE-2015-0931
+ RESERVED
+CVE-2015-0930
+ RESERVED
+CVE-2015-0929
+ RESERVED
+CVE-2015-0928
+ RESERVED
+CVE-2015-0927
+ RESERVED
+CVE-2015-0926
+ RESERVED
+CVE-2015-0925
+ RESERVED
+CVE-2015-0924
+ RESERVED
+CVE-2015-0923
+ RESERVED
+CVE-2014-999999
+ REJECTED
+ TODO: check
+CVE-2014-99999
+ REJECTED
+ TODO: check
+CVE-2014-9999
+ REJECTED
+ TODO: check
+CVE-2014-9592
+ RESERVED
+CVE-2014-9591
+ RESERVED
+CVE-2014-9590
+ RESERVED
+CVE-2014-9589
+ RESERVED
+CVE-2014-9588
+ RESERVED
+CVE-2014-9586
+ RESERVED
+CVE-2014-72038
+ REJECTED
+ TODO: check
+CVE-2014-62771
+ REJECTED
+ TODO: check
+CVE-2014-59156
+ REJECTED
+ TODO: check
+CVE-2014-54321
+ REJECTED
+ TODO: check
+CVE-2014-456132
+ REJECTED
+ TODO: check
+CVE-2014-32537
+ REJECTED
+ TODO: check
+CVE-2014-123456
+ REJECTED
+ TODO: check
+CVE-2014-10042
+ RESERVED
+CVE-2014-10041
+ RESERVED
+CVE-2014-10040
+ RESERVED
+CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and ...)
+ TODO: check
+CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier allows ...)
+ TODO: check
+CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before ...)
+ TODO: check
+CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the admin area ...)
+ TODO: check
+CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in couponPHP ...)
+ TODO: check
+CVE-2014-10033 (SQL injection vulnerability in the update_zone function in ...)
+ TODO: check
+CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 ...)
+ TODO: check
+CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail ...)
+ TODO: check
+CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB before ...)
+ TODO: check
+CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and ...)
+ TODO: check
+CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router ...)
+ TODO: check
+CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+ TODO: check
+CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows ...)
+ TODO: check
+CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+ TODO: check
+CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter, as used ...)
+ TODO: check
+CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 ...)
+ TODO: check
+CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in the WP ...)
+ TODO: check
+CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document 1.31 ...)
+ TODO: check
+CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart e-Commerce ...)
+ TODO: check
+CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
+ TODO: check
+CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers Event ...)
+ TODO: check
+CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2014-10013 (SQL injection vulnerability in the Another WordPress Classifieds ...)
+ TODO: check
+CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another WordPress ...)
+ TODO: check
+CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX ...)
+ TODO: check
+CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment Scheduler ...)
+ TODO: check
+CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 ...)
+ TODO: check
+CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in Stark ...)
+ TODO: check
+CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
+ TODO: check
+CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in Maian ...)
+ TODO: check
+CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2014-100040
+ RESERVED
+CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in Maian ...)
+ TODO: check
+CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local ...)
+ TODO: check
+CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
+ TODO: check
+CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
+ TODO: check
+CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows ...)
+ TODO: check
+CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin interface ...)
+ TODO: check
+CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend interface in ...)
+ TODO: check
+CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk before ...)
+ TODO: check
+CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the Airties ...)
+ TODO: check
+CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital Library ...)
+ TODO: check
+CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in module/search/function.php ...)
+ TODO: check
+CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
+ TODO: check
+CVE-2014-100029 (Multiple directory traversal vulnerabilities in class/session.php in ...)
+ TODO: check
+CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted ...)
+ TODO: check
+CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin ...)
+ TODO: check
+CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the April's ...)
+ TODO: check
+CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 ...)
+ TODO: check
+CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question.php in ...)
+ TODO: check
+CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...)
+ TODO: check
+CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds ...)
+ TODO: check
+CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows ...)
+ TODO: check
+CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm before ...)
+ TODO: check
+CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin ...)
+ TODO: check
+CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in ...)
+ TODO: check
+CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in SolidWorks ...)
+ TODO: check
+CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks ...)
+ TODO: check
+CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in clientResponse ...)
+ TODO: check
+CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote ...)
+ TODO: check
+CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote ...)
+ TODO: check
+CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows ...)
+ TODO: check
+CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) ...)
+ TODO: check
+CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in includes/delete_img.php in ...)
+ TODO: check
+CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin ...)
+ TODO: check
+CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
+ TODO: check
+CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 ...)
+ TODO: check
+CVE-2014-100003 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2014-100002 (Directory traversal vulnerability in ManageEngine SupportCenter Plus ...)
+ TODO: check
+CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO Plugin ...)
+ TODO: check
+CVE-2014-100000
+ REJECTED
+ TODO: check
+CVE-2014-10000
+ REJECTED
+ TODO: check
+CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...)
+ TODO: check
CVE-2015-XXXX [IP address spoofing in mod_remoteip]
- apache2 2.4.9-1
[wheezy] - apache2 <not-affected> (no mod_remoteip in 2.2)
@@ -34,6 +488,7 @@
NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
NOTE: CVE request: http://www.openwall.com/lists/oss-security/2015/01/12/4
CVE-2015-0973
+ RESERVED
- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
NOTE: http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
CVE-2015-0922 (McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 ...)
@@ -726,8 +1181,8 @@
RESERVED
CVE-2015-0583
RESERVED
-CVE-2015-0582
- RESERVED
+CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
+ TODO: check
CVE-2015-0581
RESERVED
CVE-2015-0580
@@ -907,13 +1362,16 @@
- weboob <unfixed> (low; bug #774838)
[wheezy] - weboob <no-dsa> (Minor issue)
CVE-2015-1042 [Incomplete fix for CVE-2014-6316 in 1.2.18]
+ RESERVED
- mantis <removed>
[wheezy] - mantis <no-dsa> (Minor issue)
[squeeze] - mantis <not-affected> (Incomplete fix not applied)
CVE-2015-1031 [use-after-free]
+ RESERVED
- privoxy <unfixed> (bug #775167)
NOTE: http://www.privoxy.org/announce.txt
CVE-2015-1030 [memory leak when rejecting client connections]
+ RESERVED
- privoxy <unfixed> (bug #775167)
NOTE: http://www.privoxy.org/announce.txt
CVE-2015-XXXX [cpio directory traversal]
@@ -930,30 +1388,25 @@
CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any prompt]
- lftp <unfixed> (bug #774769)
CVE-2014-9587 [possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins]
+ RESERVED
- roundcube <unfixed>
NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
-CVE-2015-0564 [TLS/SSL decryption crash]
- RESERVED
+CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
-CVE-2015-0563 [SMTP dissector crash]
- RESERVED
+CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
-CVE-2015-0562 [DEC DNA Routing Protocol dissector crash]
- RESERVED
+CVE-2015-0562 (Multiple use-after-free vulnerabilities in ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
-CVE-2015-0561 [LPP dissector crash]
- RESERVED
+CVE-2015-0561 (asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-02.html
-CVE-2015-0560 [WCCP dissector crash]
- RESERVED
+CVE-2015-0560 (The dissect_wccp2r1_address_table_info function in ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
-CVE-2015-0559 [WCCP dissector crash]
- RESERVED
+CVE-2015-0559 (Multiple use-after-free vulnerabilities in ...)
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0558
@@ -1194,7 +1647,7 @@
NOT-FOR-US: BEdita
CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: BEdita
-CVE-2014-9507 (MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and ...)
+CVE-2014-9507 (MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when ...)
- mediawiki <not-affected> (There is no content handler in REL1_19)
NOTE: Upstream bug https://phabricator.wikimedia.org/T72901
CVE-2014-9506 (MantisBT before 1.2.18 does not properly check permissions when ...)
@@ -1214,6 +1667,7 @@
- linux-2.6 <removed>
NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
CVE-2015-1038 [directory traversal]
+ RESERVED
- p7zip <unfixed> (bug #774660)
CVE-2015-XXXX [HTTP TRACE DoS]
- trafficserver <unfixed>
@@ -1302,8 +1756,7 @@
[jessie] - xbindkeys-config <no-dsa> (Minor issue)
[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
-CVE-2014-9495 [Heap Overflow]
- RESERVED
+CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng ...)
- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
CVE-2014-9465
@@ -2359,10 +2812,10 @@
NOT-FOR-US: Innominate mGuard
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
NOT-FOR-US: Trihedral Engineering VTScada
-CVE-2014-9191
- RESERVED
-CVE-2014-9190
- RESERVED
+CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson HART ...)
+ TODO: check
+CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch ...)
+ TODO: check
CVE-2014-9189
RESERVED
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
@@ -4583,13 +5036,13 @@
RESERVED
CVE-2014-8738 [Out-of-bounds memory write while processing a crafted "ar" archive]
RESERVED
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141124-1
- binutils-mingw-w64 <unfixed>
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141124-1
- binutils-mingw-w64 <unfixed>
NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
@@ -4901,7 +5354,7 @@
CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
NOT-FOR-US: Etiko CMS
CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
@@ -4910,20 +5363,20 @@
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
- gdb <unfixed> (unimportant)
@@ -5076,14 +5529,14 @@
NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.90.20141104-1
- binutils-mingw-w64 <unfixed>
NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
- {DSA-3123-1}
+ {DSA-3123-2 DSA-3123-1}
- binutils 2.24.51.20140903-1
- binutils-mingw-w64 <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
@@ -6212,10 +6665,10 @@
RESERVED
CVE-2014-8037
RESERVED
-CVE-2014-8036
- RESERVED
-CVE-2014-8035
- RESERVED
+CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not ...)
+ TODO: check
+CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different ...)
+ TODO: check
CVE-2014-8034
RESERVED
CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows ...)
@@ -6244,8 +6697,8 @@
RESERVED
CVE-2014-8021
RESERVED
-CVE-2014-8020
- RESERVED
+CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows ...)
+ TODO: check
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
NOT-FOR-US: Cisco
CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice ...)
@@ -7967,7 +8420,7 @@
CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on ...)
NOT-FOR-US: TWiki
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
-CVE-2014-7236 (Remote Perl code execution with query string to debug TWiki plugins)
+CVE-2014-7236
RESERVED
NOT-FOR-US: TWiki
NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
@@ -10346,8 +10799,7 @@
[wheezy] - squid3 <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268
NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
-CVE-2014-6268 [XSA-107]
- RESERVED
+CVE-2014-6268 (The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest ...)
- xen 4.4.1-3
[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
@@ -10436,8 +10888,8 @@
RESERVED
CVE-2014-6213
RESERVED
-CVE-2014-6212
- RESERVED
+CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...)
+ TODO: check
CVE-2014-6211
RESERVED
CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...)
@@ -10462,8 +10914,8 @@
RESERVED
CVE-2014-6200
RESERVED
-CVE-2014-6199
- RESERVED
+CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x ...)
+ TODO: check
CVE-2014-6198
RESERVED
CVE-2014-6197
@@ -10544,8 +10996,8 @@
NOT-FOR-US: IBM
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
NOT-FOR-US: IBM
-CVE-2014-6158
- RESERVED
+CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload ...)
+ TODO: check
CVE-2014-6157
RESERVED
CVE-2014-6156
@@ -18347,8 +18799,8 @@
RESERVED
CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
NOT-FOR-US: IBM Tivoli
-CVE-2014-3096
- RESERVED
+CVE-2014-3096 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
+ TODO: check
CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 ...)
NOT-FOR-US: IBM DB2
CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through ...)
@@ -18981,10 +19433,10 @@
RESERVED
NOT-FOR-US: TR-069 Auto Configuration Servers
NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
-CVE-2014-2839
- RESERVED
-CVE-2014-2838
- RESERVED
+CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22 for ...)
+ TODO: check
+CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the GD ...)
+ TODO: check
CVE-2014-2837
RESERVED
CVE-2014-2836
@@ -38666,10 +39118,10 @@
RESERVED
CVE-2013-2605
RESERVED
-CVE-2013-2604
- RESERVED
-CVE-2013-2603
- RESERVED
+CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game ...)
+ TODO: check
+CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in ...)
+ TODO: check
CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX ...)
NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 ...)
More information about the Secure-testing-commits
mailing list