Author: joeyh
Date: 2014-07-07 21:14:12 +0000 (Mon, 07 Jul 2014)
New Revision: 27637
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-07 20:49:16 UTC (rev 27636)
+++ data/CVE/list 2014-07-07 21:14:12 UTC (rev 27637)
@@ -1,3 +1,39 @@
+CVE-2014-4720 (Email::Address module before 1.904 for Perl uses an inefficient
...)
+ TODO: check
+CVE-2014-4719 (Cross-site scripting (XSS) vulnerability in the login panel ...)
+ TODO: check
+CVE-2014-4718 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Lunar ...)
+ TODO: check
+CVE-2014-4717 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2014-4716 (Cross-site request forgery (CSRF) vulnerability in Thomson
TWG87OUIR ...)
+ TODO: check
+CVE-2014-4714
+ RESERVED
+CVE-2014-4713
+ RESERVED
+CVE-2014-4712
+ RESERVED
+CVE-2014-4711
+ RESERVED
+CVE-2014-4710
+ RESERVED
+CVE-2014-4709
+ RESERVED
+CVE-2014-4708
+ RESERVED
+CVE-2014-4707
+ RESERVED
+CVE-2014-4706
+ RESERVED
+CVE-2014-4705
+ RESERVED
+CVE-2014-4704
+ RESERVED
+CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble
SketchUp ...)
+ TODO: check
+CVE-2012-6650
+ RESERVED
CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable]
- quassel 0.10.0-2 (low)
[wheezy] - quassel <no-dsa> (Minor issue)
@@ -17,7 +53,7 @@
[wheezy] - pnp4nagios <no-dsa> (Minor issue)
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
NOTE:
http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
-CVE-2014-4715 [LZ4_decompress_generic() integer overflow (32-bit arches)]
+CVE-2014-4715 (Yann Collet LZ4 before r119, when used on certain 32-bit
platforms ...)
- lz4 <unfixed>
NOTE: https://code.google.com/p/lz4/issues/detail?id=134
NOTE: https://code.google.com/p/lz4/source/detail?r=119
@@ -33,26 +69,26 @@
RESERVED
CVE-2014-4697
RESERVED
-CVE-2014-4696
- RESERVED
-CVE-2014-4695
- RESERVED
-CVE-2014-4694
- RESERVED
-CVE-2014-4693
- RESERVED
-CVE-2014-4692
- RESERVED
-CVE-2014-4691
- RESERVED
-CVE-2014-4690
- RESERVED
-CVE-2014-4689
- RESERVED
-CVE-2014-4688
- RESERVED
-CVE-2014-4687
- RESERVED
+CVE-2014-4696 (Multiple open redirect vulnerabilities in the Suricata package
before ...)
+ TODO: check
+CVE-2014-4695 (Multiple open redirect vulnerabilities in the Snort package
before ...)
+ TODO: check
+CVE-2014-4694 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4693 (Multiple cross-site scripting (XSS) vulnerabilities in the
Snort ...)
+ TODO: check
+CVE-2014-4692 (pfSense before 2.1.4, when HTTP is used, does not include the
HTTPOnly ...)
+ TODO: check
+CVE-2014-4691 (Session fixation vulnerability in pfSense before 2.1.4 allows
remote ...)
+ TODO: check
+CVE-2014-4690 (Multiple directory traversal vulnerabilities in pfSense before
2.1.4 ...)
+ TODO: check
+CVE-2014-4689 (Absolute path traversal vulnerability in pkg_edit.php in
pfSense ...)
+ TODO: check
+CVE-2014-4688 (pfSense before 2.1.4 allows remote authenticated users to
execute ...)
+ TODO: check
+CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense
before ...)
+ TODO: check
CVE-2014-4686
RESERVED
CVE-2014-4685
@@ -79,8 +115,8 @@
RESERVED
CVE-2014-4673
RESERVED
-CVE-2014-4672
- RESERVED
+CVE-2014-4672 (The CDetailView widget in Yii PHP Framework before 1.1.15
allows ...)
+ TODO: check
CVE-2014-4671
RESERVED
CVE-2014-4670
@@ -114,41 +150,34 @@
NOT-FOR-US: Core FTP client
CVE-2012-6649
RESERVED
-CVE-2014-4721 [Type Confusion Information Leak]
+CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before
5.4.30 ...)
- php5 5.6.0~rc1+dfsg-2
NOTE: https://bugs.php.net/bug.php?id=67498
NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
-CVE-2014-4668
- RESERVED
+CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c
in ...)
- cherokee <removed> (low)
[squeeze] - cherokee <no-dsa> (Minor issue)
-CVE-2014-4667 [sctp: sk_ack_backlog wrap-around problem]
- RESERVED
+CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in
the ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee
(v3.16-rc1)
-CVE-2014-4656
- RESERVED
+CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA
control ...)
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
-CVE-2014-4655
- RESERVED
+CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the
ALSA ...)
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
-CVE-2014-4654
- RESERVED
+CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the
ALSA ...)
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
-CVE-2014-4653
- RESERVED
+CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the
Linux ...)
- linux 3.14.9-1
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed>
-CVE-2014-4652
- RESERVED
+CVE-2014-4652 (Race condition in the tlv handler functionality in the ...)
- linux 3.14.9-1 (low)
[wheezy] - linux 3.2.60-1
- linux-2.6 <removed> (low)
@@ -246,8 +275,7 @@
RESERVED
CVE-2014-4612
RESERVED
-CVE-2014-4611
- RESERVED
+CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used
in Yann ...)
- linux <unfixed> (unimportant)
[wheezy] - linux <not-affected> (LZ4 support introduced in 3.11)
- linux-2.6 <not-affected> (LZ4 support introduced in 3.11)
@@ -261,8 +289,7 @@
RESERVED
- libav 6:10.2-1
NOTE:
http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
-CVE-2014-4608
- RESERVED
+CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the
lzo1x_decompress_safe ...)
- linux 3.14.9-1
- linux-2.6 <removed> (unimportant)
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
@@ -271,194 +298,194 @@
RESERVED
- lzo <removed>
- lzo2 <unfixed> (bug #752861)
-CVE-2014-4606
- RESERVED
-CVE-2014-4605
- RESERVED
-CVE-2014-4604
- RESERVED
-CVE-2014-4603
- RESERVED
-CVE-2014-4602
- RESERVED
-CVE-2014-4601
- RESERVED
-CVE-2014-4600
- RESERVED
-CVE-2014-4599
- RESERVED
-CVE-2014-4598
- RESERVED
-CVE-2014-4597
- RESERVED
-CVE-2014-4596
- RESERVED
-CVE-2014-4595
- RESERVED
-CVE-2014-4594
- RESERVED
-CVE-2014-4593
- RESERVED
+CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in
redirect_to_zeenshare.php ...)
+ TODO: check
+CVE-2014-4605 (Cross-site scripting (XSS) vulnerability in cal/test.php in the
...)
+ TODO: check
+CVE-2014-4604 (Cross-site scripting (XSS) vulnerability in
settings/pwsettings.php in ...)
+ TODO: check
+CVE-2014-4603 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4602 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4601 (Cross-site scripting (XSS) vulnerability in wu-ratepost.php in
the ...)
+ TODO: check
+CVE-2014-4600 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4599 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4598 (Cross-site scripting (XSS) vulnerability in
wp-tmkm-amazon-search.php ...)
+ TODO: check
+CVE-2014-4597 (Cross-site scripting (XSS) vulnerability in test.php in the WP
Social ...)
+ TODO: check
+CVE-2014-4596 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4595 (Multiple cross-site scripting (XSS) vulnerabilities in the WP
RESTful ...)
+ TODO: check
+CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the
WordPress ...)
+ TODO: check
+CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in
wp-plugins-net/index.php ...)
+ TODO: check
CVE-2014-4592
RESERVED
-CVE-2014-4591
- RESERVED
-CVE-2014-4590
- RESERVED
-CVE-2014-4589
- RESERVED
-CVE-2014-4588
- RESERVED
-CVE-2014-4587
- RESERVED
+CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php
in the ...)
+ TODO: check
+CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP
...)
+ TODO: check
+CVE-2014-4589 (Cross-site scripting (XSS) vulnerability in uploader.php in the
WP ...)
+ TODO: check
+CVE-2014-4588 (Cross-site scripting (XSS) vulnerability in tpls/editmedia.php
in the ...)
+ TODO: check
+CVE-2014-4587 (Multiple cross-site scripting (XSS) vulnerabilities in the WP
GuestMap ...)
+ TODO: check
CVE-2014-4586
RESERVED
-CVE-2014-4585
- RESERVED
-CVE-2014-4584
- RESERVED
-CVE-2014-4583
- RESERVED
-CVE-2014-4582
- RESERVED
-CVE-2014-4581
- RESERVED
-CVE-2014-4580
- RESERVED
-CVE-2014-4579
- RESERVED
-CVE-2014-4578
- RESERVED
+CVE-2014-4585 (Cross-site scripting (XSS) vulnerability in the WP-FaceThumb
plugin ...)
+ TODO: check
+CVE-2014-4584 (Cross-site scripting (XSS) vulnerability in
admin/editFacility.php in ...)
+ TODO: check
+CVE-2014-4583 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4582 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4581 (Cross-site scripting (XSS) vulnerability in facture.php in the
WPCB ...)
+ TODO: check
+CVE-2014-4580 (Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in
the WP ...)
+ TODO: check
+CVE-2014-4579 (Cross-site scripting (XSS) vulnerability in js/test.php in the
...)
+ TODO: check
+CVE-2014-4578 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-4577
RESERVED
-CVE-2014-4576
- RESERVED
-CVE-2014-4575
- RESERVED
-CVE-2014-4574
- RESERVED
-CVE-2014-4573
- RESERVED
-CVE-2014-4572
- RESERVED
-CVE-2014-4571
- RESERVED
-CVE-2014-4570
- RESERVED
-CVE-2014-4569
- RESERVED
-CVE-2014-4568
- RESERVED
+CVE-2014-4576 (Cross-site scripting (XSS) vulnerability in
services/diagnostics.php ...)
+ TODO: check
+CVE-2014-4575 (Cross-site scripting (XSS) vulnerability in js/window.php in
the ...)
+ TODO: check
+CVE-2014-4574 (Cross-site scripting (XSS) vulnerability in resize.php in the
...)
+ TODO: check
+CVE-2014-4573 (Multiple cross-site scripting (XSS) vulnerabilities in
frame-maker.php ...)
+ TODO: check
+CVE-2014-4572 (Cross-site scripting (XSS) vulnerability in bvc.php in the
Votecount ...)
+ TODO: check
+CVE-2014-4571 (Multiple cross-site scripting (XSS) vulnerabilities in
vncal.js.php in ...)
+ TODO: check
+CVE-2014-4570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in
the ...)
+ TODO: check
+CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-4567
RESERVED
-CVE-2014-4566
- RESERVED
-CVE-2014-4565
- RESERVED
-CVE-2014-4564
- RESERVED
-CVE-2014-4563
- RESERVED
+CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in
res/fake_twitter/frame.php ...)
+ TODO: check
+CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in
vcc.js.php in ...)
+ TODO: check
+CVE-2014-4564 (Cross-site scripting (XSS) vulnerability in check.php in the
Validated ...)
+ TODO: check
+CVE-2014-4563 (Cross-site scripting (XSS) vulnerability in go.php in the URL
Cloak & ...)
+ TODO: check
CVE-2014-4562
RESERVED
CVE-2014-4561
RESERVED
-CVE-2014-4560
- RESERVED
+CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in
includes/getTipo.php in ...)
+ TODO: check
CVE-2014-4559
RESERVED
CVE-2014-4558
RESERVED
-CVE-2014-4557
- RESERVED
-CVE-2014-4556
- RESERVED
-CVE-2014-4555
- RESERVED
-CVE-2014-4554
- RESERVED
+CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in
the ...)
+ TODO: check
+CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in
the ...)
+ TODO: check
+CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php
in the ...)
+ TODO: check
+CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in
templates/download.php in ...)
+ TODO: check
CVE-2014-4553
RESERVED
-CVE-2014-4552
- RESERVED
-CVE-2014-4551
- RESERVED
+CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in
diagnostics/test.php in ...)
+ TODO: check
CVE-2014-4550
RESERVED
-CVE-2014-4549
- RESERVED
+CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2014-4548
RESERVED
-CVE-2014-4547
- RESERVED
-CVE-2014-4546
- RESERVED
-CVE-2014-4545
- RESERVED
+CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in
the Rezgo ...)
+ TODO: check
+CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in
pq_dialog.php ...)
+ TODO: check
CVE-2014-4544
RESERVED
-CVE-2014-4543
- RESERVED
-CVE-2014-4542
- RESERVED
-CVE-2014-4541
- RESERVED
-CVE-2014-4540
- RESERVED
+CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the
Ooorl ...)
+ TODO: check
+CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-4539
RESERVED
-CVE-2014-4538
- RESERVED
-CVE-2014-4537
- RESERVED
+CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the
Malware ...)
+ TODO: check
+CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in
the ...)
+ TODO: check
CVE-2014-4536
RESERVED
CVE-2014-4535
RESERVED
-CVE-2014-4534
- RESERVED
-CVE-2014-4533
- RESERVED
-CVE-2014-4532
- RESERVED
-CVE-2014-4531
- RESERVED
+CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php
in the ...)
+ TODO: check
+CVE-2014-4532 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in
the Game ...)
+ TODO: check
CVE-2014-4530
RESERVED
-CVE-2014-4529
- RESERVED
-CVE-2014-4528
- RESERVED
-CVE-2014-4527
- RESERVED
-CVE-2014-4526
- RESERVED
+CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in
the ...)
+ TODO: check
+CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in
callback.php in ...)
+ TODO: check
CVE-2014-4525
RESERVED
-CVE-2014-4524
- RESERVED
+CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-4523
RESERVED
-CVE-2014-4522
- RESERVED
-CVE-2014-4521
- RESERVED
-CVE-2014-4520
- RESERVED
+CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php
in the ...)
+ TODO: check
+CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php
in the ...)
+ TODO: check
+CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the
DMCA ...)
+ TODO: check
CVE-2014-4519
RESERVED
-CVE-2014-4518
- RESERVED
+CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in
the ...)
+ TODO: check
CVE-2014-4517
RESERVED
-CVE-2014-4516
- RESERVED
-CVE-2014-4515
- RESERVED
+CVE-2014-4516 (Cross-site scripting (XSS) vulnerability in
bicm-carousel-preview.php ...)
+ TODO: check
+CVE-2014-4515 (Cross-site scripting (XSS) vulnerability in
mce_anyfont/dialog.php in ...)
+ TODO: check
CVE-2014-4514
RESERVED
-CVE-2014-4513
- RESERVED
+CVE-2014-4513 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2014-4512
RESERVED
CVE-2014-4511
@@ -494,8 +521,7 @@
- neutron <unfixed>
- ceilometer <unfixed>
- python-pycadf 0.5.1-1
-CVE-2014-4614
- RESERVED
+CVE-2014-4614 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Piwigo ...)
- piwigo <removed> (low)
[squeeze] - piwigo <no-dsa> (Minor issue)
CVE-2014-4613
@@ -1128,8 +1154,8 @@
RESERVED
CVE-2014-4196
RESERVED
-CVE-2014-4195
- RESERVED
+CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in
zero_view_article.php in ...)
+ TODO: check
CVE-2014-4194
RESERVED
CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable]
@@ -1476,8 +1502,7 @@
CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900
allows ...)
NOT-FOR-US: www.jzip.com
NOTE: This is the jzip Z-code interpreter in Debian.
-CVE-2014-4168 [authentication bypass]
- RESERVED
+CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows
remote ...)
{DSA-2964-1}
- iodine 0.6.0~rc1-19 (bug #751834)
[squeeze] - iodine 0.6.0~rc1-2+deb6u1
@@ -1555,8 +1580,7 @@
NOT-FOR-US: SAP
CVE-2014-4003 (The System Landscape Directory (SLD) in SAP NetWeaver allows
remote ...)
NOT-FOR-US: SAP
-CVE-2014-4002 [Cross-Site Scripting]
- RESERVED
+CVE-2014-4002 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti
0.8.8b ...)
{DSA-2970-1}
- cacti 0.8.8b+dfsg-6 (bug #752573)
[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573)
@@ -1752,8 +1776,8 @@
- linux-2.6 <not-affected> (Only exploitable in 3.12 and later)
CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise
Linux ...)
- sosreport <not-affected> (RedHat-specific issue)
-CVE-2014-3920
- RESERVED
+CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard
before ...)
+ TODO: check
CVE-2014-3919
RESERVED
CVE-2014-3918
@@ -1815,10 +1839,10 @@
RESERVED
CVE-2014-3891
RESERVED
-CVE-2014-3890
- RESERVED
-CVE-2014-3889
- RESERVED
+CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote
...)
+ TODO: check
+CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote
...)
+ TODO: check
CVE-2014-3888
RESERVED
CVE-2014-3887
@@ -1889,8 +1913,8 @@
NOTE: https://kb.isc.org/article/AA-01166
CVE-2014-3858
RESERVED
-CVE-2014-3857
- RESERVED
+CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control
Statistics in ...)
+ TODO: check
CVE-2014-3856
RESERVED
- fish <unfixed> (low; bug #746259)
@@ -2176,8 +2200,7 @@
RESERVED
CVE-2014-3740
RESERVED
-CVE-2014-3737
- RESERVED
+CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Storesprite
CVE-2014-3736
RESERVED
@@ -2565,8 +2588,7 @@
NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
CVE-2014-3539
RESERVED
-CVE-2014-3538 [Incomplete fix for CVE-2013-7345]
- RESERVED
+CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data
read ...)
- file 1:5.19-1
NOTE: fix relies on the new feature that introduced regex/<length>
syntax, might be too intrusive for backporting.
CVE-2014-3537
@@ -2663,8 +2685,7 @@
- docker.io <not-affected> (RHEL specific, socket based activation not
shipped)
CVE-2014-3498
RESERVED
-CVE-2014-3497 [XSS in Swift requests through WWW-Authenticate header]
- RESERVED
+CVE-2014-3497 (Cross-site scripting (XSS) vulnerability in OpenStack Swift
1.11.0 ...)
- swift 1.13.1-1 (bug #752087)
[wheezy] - swift <not-affected> (Only affects 1.11.0 to 1.13.1)
CVE-2014-3496 (cartridge_repository.rb in OpenShift Origin and Enterprise
1.2.8 ...)
@@ -2674,8 +2695,7 @@
- duplicity <unfixed> (low; bug #751902)
[wheezy] - duplicity <no-dsa> (Minor issue)
[squeeze] - duplicity <no-dsa> (Minor issue)
-CVE-2014-3494 [KMail/KIO POP3 SSL MITM Flaw]
- RESERVED
+CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs
...)
- kde4libs <unfixed> (bug #752052)
[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
[squeeze] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
@@ -2686,10 +2706,9 @@
- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: AD-related packages removed from src:samba4 in
4.0.0~beta2+dfsg1-3.2+deb7u2
NOTE: https://www.samba.org/samba/security/CVE-2014-3493
-CVE-2014-3492
- RESERVED
-CVE-2014-3491
- RESERVED
+CVE-2014-3492 (Multiple cross-site scripting (XSS) vulnerabilities in the host
YAML ...)
+ TODO: check
+CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before
1.4.5 and ...)
- foreman <itp> (bug #663101)
NOTE: Details not yet known as behind
http://projects.theforeman.org/issues/5881
CVE-2014-3490
@@ -2716,8 +2735,7 @@
CVE-2014-3484 [stack-based buffer overflow]
RESERVED
- musl <unfixed> (bug #750815)
-CVE-2014-3483 [SQL Injection Vulnerability in 'range' quoting]
- RESERVED
+CVE-2014-3483 (SQL injection vulnerability in ...)
- ruby-activerecord-2.3 <removed>
- ruby-activerecord-3.2 <removed>
- rails <unfixed>
@@ -2725,8 +2743,7 @@
- rails-3.2 <unfixed>
- rails-4.0 <unfixed>
TODO: check, additionally rails is now again a sourcepackage e.g.
providing ruby-activerecord-3.2
-CVE-2014-3482 [SQL Injection Vulnerability in 'bitstring' quoting]
- RESERVED
+CVE-2014-3482 (SQL injection vulnerability in ...)
- ruby-activerecord-2.3 <removed>
- ruby-activerecord-3.2 <removed>
- rails <unfixed>
@@ -2755,8 +2772,7 @@
NOTE:
https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
- php5 5.6.0~rc1+dfsg-1
NOTE: http://bugs.php.net/bug.php?id=67410
-CVE-2014-3477
- RESERVED
+CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before
1.6.20, and ...)
{DSA-2971-1}
- dbus 1.8.4-1 (low)
[squeeze] - dbus <no-dsa> (Minor issue)
@@ -3210,11 +3226,10 @@
RESERVED
CVE-2014-3309
RESERVED
-CVE-2014-3308
- RESERVED
+CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a
static ...)
NOT-FOR-US: Cisco IOS XR
-CVE-2014-3307
- RESERVED
+CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware
on ...)
+ TODO: check
CVE-2014-3306
RESERVED
CVE-2014-3305
@@ -3227,15 +3242,14 @@
RESERVED
CVE-2014-3301
RESERVED
-CVE-2014-3300
- RESERVED
+CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial
of ...)
NOT-FOR-US: Cisco IOS
-CVE-2014-3298
- RESERVED
-CVE-2014-3297
- RESERVED
+CVE-2014-3298 (Form Data Viewer in Cisco Intelligent Automation for Cloud in
Cisco ...)
+ TODO: check
+CVE-2014-3297 (Cisco Intelligent Automation for Cloud in Cisco Cloud Portal
does not ...)
+ TODO: check
CVE-2014-3296 (The XML programmatic interface (XML PI) in Cisco WebEx Meeting
Server ...)
NOT-FOR-US: Cisco WebEx
CVE-2014-3295 (The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier
allows ...)
@@ -3632,8 +3646,8 @@
RESERVED
CVE-2014-3150
RESERVED
-CVE-2014-3149
- RESERVED
+CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power
IP.Board ...)
+ TODO: check
CVE-2014-3148
RESERVED
CVE-2014-3147
@@ -3727,8 +3741,8 @@
CVE-2014-3114
RESERVED
NOT-FOR-US: WordPress plugin ezpz-one-click-backup
-CVE-2014-3113
- RESERVED
+CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before
17.0.10.8 ...)
+ TODO: check
CVE-2014-3112
RESERVED
CVE-2014-3110
@@ -3751,8 +3765,8 @@
RESERVED
CVE-2014-3101
RESERVED
-CVE-2014-3100
- RESERVED
+CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...)
+ TODO: check
CVE-2014-3099
RESERVED
CVE-2014-3098
@@ -3775,8 +3789,8 @@
RESERVED
CVE-2014-3089
RESERVED
-CVE-2014-3088
- RESERVED
+CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the
client ...)
+ TODO: check
CVE-2014-3087
RESERVED
CVE-2014-3086
@@ -3803,8 +3817,8 @@
RESERVED
CVE-2014-3075
RESERVED
-CVE-2014-3074
- RESERVED
+CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows
local ...)
+ TODO: check
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM)
for ...)
NOT-FOR-US: Novell Identity Manager
CVE-2014-3072
@@ -3819,8 +3833,8 @@
RESERVED
CVE-2014-3067
RESERVED
-CVE-2014-3066
- RESERVED
+CVE-2014-3066 (IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote
...)
+ TODO: check
CVE-2014-3065
RESERVED
CVE-2014-3064
@@ -4054,16 +4068,16 @@
RESERVED
CVE-2014-2970
RESERVED
-CVE-2014-2969
- RESERVED
+CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5
have a ...)
+ TODO: check
CVE-2014-2968
RESERVED
-CVE-2014-2967
- RESERVED
+CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote
attackers ...)
+ TODO: check
CVE-2014-2966
RESERVED
-CVE-2014-2965
- RESERVED
+CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php
in ...)
+ TODO: check
CVE-2014-2964
RESERVED
CVE-2014-2963
@@ -5014,17 +5028,13 @@
RESERVED
CVE-2014-2618
RESERVED
-CVE-2014-2617
- RESERVED
+CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10
allows ...)
NOT-FOR-US: HP Universal CMDB
-CVE-2014-2616
- RESERVED
+CVE-2014-2616 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10
allows ...)
NOT-FOR-US: HP Universal CMDB
-CVE-2014-2615
- RESERVED
+CVE-2014-2615 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10
allows ...)
NOT-FOR-US: HP Universal CMDB
-CVE-2014-2614
- RESERVED
+CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13
and ...)
NOT-FOR-US: HP SiteScope
CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13
p3 and ...)
NOT-FOR-US: HP Release Control
@@ -6078,11 +6088,9 @@
NOT-FOR-US: Cisco
CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting
Center, ...)
NOT-FOR-US: Cisco WebEx
-CVE-2014-2198
- RESERVED
+CVE-2014-2198 (Cisco Unified Communications Domain Manager (CDM) in Unified
CDM ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
-CVE-2014-2197
- RESERVED
+CVE-2014-2197 (The Administration GUI in the web framework in Cisco Unified
...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2196 (Cisco Wide Area Application Services (WAAS) 5.1.1 before
5.1.1e, when ...)
NOT-FOR-US: Cisco Wide Area Application Services
@@ -9237,8 +9245,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
NOT-FOR-US: IBM SPSS
-CVE-2014-0894
- RESERVED
+CVE-2014-0894 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0
before ...)
+ TODO: check
CVE-2014-0893 (Cross-site scripting (XSS) vulnerability in customreport.jsp in
IBM ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before
9.0.1 ...)
@@ -9275,38 +9283,38 @@
RESERVED
CVE-2014-0876
RESERVED
-CVE-2014-0875
- RESERVED
+CVE-2014-0875 (Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0
...)
+ TODO: check
CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content
Navigator 2.x ...)
NOT-FOR-US: IBM Content Navigator
CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the (1) ...)
NOT-FOR-US: IBM InfoSphere
CVE-2014-0872
RESERVED
-CVE-2014-0871
- RESERVED
-CVE-2014-0870
- RESERVED
-CVE-2014-0869
- RESERVED
-CVE-2014-0868
- RESERVED
-CVE-2014-0867
- RESERVED
-CVE-2014-0866
- RESERVED
-CVE-2014-0865
- RESERVED
-CVE-2014-0864
- RESERVED
+CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0
before ...)
+ TODO: check
+CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in
IBM ...)
+ TODO: check
+CVE-2014-0869 (The decrypt function in RICOS in IBM Algo Credit Limits (aka
ACLM) ...)
+ TODO: check
+CVE-2014-0868 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0
before ...)
+ TODO: check
+CVE-2014-0867 (rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits
(aka ...)
+ TODO: check
+CVE-2014-0866 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0
before ...)
+ TODO: check
+CVE-2014-0865 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0
before ...)
+ TODO: check
+CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Executer ...)
+ TODO: check
CVE-2014-0863
RESERVED
CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational
...)
NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM
Cognos ...)
NOT-FOR-US: IBM Cognos Business Intelligence
-CVE-2014-0860
- RESERVED
+CVE-2014-0860 (The firmware before 3.66E in IBM BladeCenter Advanced
Management ...)
+ TODO: check
CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS)
7.x ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows
remote ...)
@@ -9942,8 +9950,8 @@
RESERVED
CVE-2014-0603
RESERVED
-CVE-2014-0602
- RESERVED
+CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in
the ...)
+ TODO: check
CVE-2014-0601
RESERVED
CVE-2014-0600
@@ -10313,8 +10321,7 @@
{DSA-2958-1}
- apt 1.0.4 (bug #749795)
[squeeze] - apt 0.8.10.3+squeeze2
-CVE-2014-0477 [DoS in Email::Address::parse]
- RESERVED
+CVE-2014-0477 (The parse function in Email::Address module before 1.905 for
Perl uses ...)
{DSA-2969-1}
- libemail-address-perl 1.905-1
[squeeze] - libemail-address-perl 1.889-2+deb6u1
@@ -11542,8 +11549,8 @@
CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2)
XPathEntityProcessor in ...)
{DSA-2963-1}
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
-CVE-2014-0325
- RESERVED
+CVE-2014-0325 (Use-after-free vulnerability in Microsoft Internet Explorer 9
allows ...)
+ TODO: check
CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
@@ -11703,8 +11710,7 @@
CVE-2014-0248
RESERVED
NOT-FOR-US: JBoss Seam
-CVE-2014-0247
- RESERVED
+CVE-2014-0247 (LibreOffice 4.2.4 executes unspecified VBA macros
automatically, which ...)
- libreoffice 1:4.2.5-1
[wheezy] - libreoffice <not-affected> (vulnerable code not present)
CVE-2014-0246 (SOSreport stores the md5 hash of the GRUB bootloader password
in an ...)
@@ -11762,7 +11768,8 @@
[wheezy] - php5 <not-affected> (Vulnerable code not present)
[squeeze] - php5 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.php.net/bug.php?id=67329
-CVE-2014-0235 (Microsoft Internet Explorer 9 allows remote attackers to
execute ...)
+CVE-2014-0235
+ REJECTED
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0234
RESERVED
@@ -16511,8 +16518,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to
bypass ...)
NOT-FOR-US: IBM Flex System Manager
-CVE-2013-5423
- RESERVED
+CVE-2013-5423 (IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0
allows ...)
+ TODO: check
CVE-2013-5422 (The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12,
...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2013-5421 (Cross-site scripting (XSS) vulnerability in the IMS server
before Ifix ...)
@@ -20394,8 +20401,8 @@
NOT-FOR-US: IBM
CVE-2013-3994
RESERVED
-CVE-2013-3993
- RESERVED
+CVE-2013-3993 (IBM InfoSphere BigInsights before 2.1.0.3 allows remote
authenticated ...)
+ TODO: check
CVE-2013-3992 (Cross-site request forgery (CSRF) vulnerability in IBM
InfoSphere ...)
NOT-FOR-US: IBM
CVE-2013-3991
@@ -21135,12 +21142,12 @@
NOT-FOR-US: LG Hidden Menu
CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014,
AutoCAD LT ...)
NOT-FOR-US: AutoCAD
-CVE-2013-3664
- RESERVED
+CVE-2013-3664 (Trimble SketchUp (formerly Google SketchUp) before 2013
(13.0.3689) ...)
+ TODO: check
CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble
SketchUp ...)
NOT-FOR-US: Trimble SketchUp
-CVE-2013-3662
- RESERVED
+CVE-2013-3662 (Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance
2 ...)
+ TODO: check
CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft
Windows XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the
kernel-mode ...)
@@ -22593,8 +22600,8 @@
NOT-FOR-US: IBM JDK
CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26
SP-02, ...)
NOT-FOR-US: TFTP client in IBM AIX
-CVE-2013-3004
- RESERVED
+CVE-2013-3004 (Directory traversal vulnerability in BIRT-Report Viewer in IBM
Tivoli ...)
+ TODO: check
CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise
Suite ...)
NOT-FOR-US: IBM
CVE-2013-3002
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
