Author: joeyh
Date: 2014-06-06 21:14:10 +0000 (Fri, 06 Jun 2014)
New Revision: 27176
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-06 14:57:49 UTC (rev 27175)
+++ data/CVE/list 2014-06-06 21:14:10 UTC (rev 27176)
@@ -1,4 +1,41 @@
+CVE-2014-3983
+ RESERVED
+CVE-2014-3982
+ RESERVED
+CVE-2014-3981
+ RESERVED
+CVE-2014-3979
+ RESERVED
+CVE-2014-3978
+ RESERVED
+CVE-2014-3977
+ RESERVED
+CVE-2014-3976 (Buffer overflow in A10 Networks Advanced Core Operating System
(ACOS) ...)
+ TODO: check
+CVE-2014-3975 (Absolute path traversal vulnerability in filemanager.php in
AuraCMS ...)
+ TODO: check
+CVE-2014-3974 (Cross-site scripting (XSS) vulnerability in filemanager.php in
AuraCMS ...)
+ TODO: check
+CVE-2014-3973 (Multiple SQL injection vulnerabilities in FrontAccounting (FA)
before ...)
+ TODO: check
+CVE-2014-3972
+ RESERVED
+CVE-2014-3971
+ RESERVED
+CVE-2014-3965
+ RESERVED
+CVE-2014-3964
+ RESERVED
+CVE-2014-3963 (ownCloud Server before 6.0.1 does not properly check
permissions, ...)
+ TODO: check
+CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow
remote ...)
+ TODO: check
+CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the
Participants ...)
+ TODO: check
+CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS
before ...)
+ TODO: check
CVE-2014-3980 [Local privilege escalation]
+ RESERVED
- libfep <itp> (bug #658575)
CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the ...)
TODO: check
@@ -18,10 +55,10 @@
RESERVED
CVE-2014-3950
RESERVED
-CVE-2014-3949
- RESERVED
-CVE-2014-3948
- RESERVED
+CVE-2014-3949 (Cross-site scripting (XSS) vulnerability in the layout wizard
in the ...)
+ TODO: check
+CVE-2014-3948 (Cross-site scripting (XSS) vulnerability in the HTML export
wizard in ...)
+ TODO: check
CVE-2014-3947
RESERVED
CVE-2014-3939
@@ -64,22 +101,24 @@
TODO: check
CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow
remote ...)
TODO: check
-CVE-2014-3969 [XSA-98]
+CVE-2014-3969 (Xen 4.4.x, when running on an ARM system, does not properly
check ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4
onwards)
CVE-2014-3970 [pulseaudio: crash due to empty UDP packet]
+ RESERVED
- pulseaudio <unfixed> (low)
[squeeze] - pulseaudio <no-dsa> (Minor issue)
[wheezy] - pulseaudio <no-dsa> (Minor issue)
NOTE:
http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
-CVE-2014-3968
+CVE-2014-3968 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x
allows ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are
vulnerable)
[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are
vulnerable)
-CVE-2014-3967
+CVE-2014-3967 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x
does not ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are
vulnerable)
[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are
vulnerable)
CVE-2014-3966 [mediawiki Javascript inject by anonymous users on private wikis
with $wgRawHtml enabled]
+ RESERVED
- mediawiki <unfixed> (low; bug #750527)
[wheezy] - mediawiki <no-dsa> (Minor issue)
[squeeze] - mediawiki <end-of-life>
@@ -88,8 +127,7 @@
- sendmail 8.14.4-6 (low; bug #750562)
[wheezy] - sendmail <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
-CVE-2014-3940 [missing check during hugepage migration]
- RESERVED
+CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the
...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2014/3/18/784
@@ -113,10 +151,10 @@
RESERVED
CVE-2014-3914
RESERVED
-CVE-2014-3913
- RESERVED
-CVE-2014-3912
- RESERVED
+CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom
AccessNow ...)
+ TODO: check
+CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList
method in ...)
+ TODO: check
CVE-2014-3911
RESERVED
CVE-2014-3910
@@ -184,8 +222,7 @@
{DSA-2952-1}
CVE-2014-3879
RESERVED
-CVE-2014-3878
- RESERVED
+CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web
client ...)
NOT-FOR-US: IPSwitch IMail
CVE-2014-3877
RESERVED
@@ -292,8 +329,7 @@
{DSA-2942-1}
- typo3-src 4.5.34+dfsg1-1 (bug #749215)
[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
-CVE-2014-3917 [linux: DoS with syscall auditing]
- RESERVED
+CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://article.gmane.org/gmane.linux.kernel/1713179
@@ -309,20 +345,20 @@
NOT-FOR-US: Flying Cart
CVE-2014-3839
RESERVED
-CVE-2014-3838
- RESERVED
-CVE-2014-3837
- RESERVED
-CVE-2014-3836
- RESERVED
-CVE-2014-3835
- RESERVED
-CVE-2014-3834
- RESERVED
-CVE-2014-3833
- RESERVED
-CVE-2014-3832
- RESERVED
+CVE-2014-3838 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not
properly ...)
+ TODO: check
+CVE-2014-3837 (The document application in ownCloud Server before 6.0.3 uses
...)
+ TODO: check
+CVE-2014-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in
ownCloud ...)
+ TODO: check
+CVE-2014-3835 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not
check ...)
+ TODO: check
+CVE-2014-3834 (ownCloud Server before 6.0.3 does not properly check
permissions, ...)
+ TODO: check
+CVE-2014-3833 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
Gallery ...)
+ TODO: check
+CVE-2014-3832 (Cross-site scripting (XSS) vulnerability in the Documents
component in ...)
+ TODO: check
CVE-2014-3831
REJECTED
CVE-2014-3830
@@ -424,8 +460,8 @@
CVE-2014-3801 (OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and
2014.1, ...)
- heat 2014.1-4 (bug #748824)
NOTE: https://launchpad.net/bugs/1311223
-CVE-2014-3786
- RESERVED
+CVE-2014-3786 (Multiple cross-site scripting (XSS) vulnerabilities in the
contact ...)
+ TODO: check
CVE-2014-3785
RESERVED
CVE-2014-3784
@@ -1025,21 +1061,17 @@
RESERVED
CVE-2014-3471
RESERVED
-CVE-2014-3470 [Anonymous ECDH denial of service]
- RESERVED
+CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in
OpenSSL ...)
{DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
-CVE-2014-3469
- RESERVED
+CVE-2014-3469 (The (1) asn1_read_value_type and (2) asn1_read_value functions
in GNU ...)
- libtasn1-3 <removed>
- libtasn1-6 3.6-1
-CVE-2014-3468
- RESERVED
+CVE-2014-3468 (The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does
not ...)
- libtasn1-3 <removed>
- libtasn1-6 3.6-1
-CVE-2014-3467
- RESERVED
+CVE-2014-3467 (Multiple unspecified vulnerabilities in the DER decoder in GNU
...)
- libtasn1-3 <removed>
- libtasn1-6 3.6-1
CVE-2014-3466 (Buffer overflow in the read_server_hello function in ...)
@@ -3280,8 +3312,7 @@
NOT-FOR-US: WordPress plugin xcloner
CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in
Splunk ...)
NOT-FOR-US: Splunk Web
-CVE-2014-2577
- RESERVED
+CVE-2014-2577 (Multiple cross-site scripting (XSS) vulnerabilities in the
Transform ...)
NOT-FOR-US: Transform Foundation server
CVE-2014-2575
RESERVED
@@ -3415,8 +3446,7 @@
RESERVED
CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0
before P10, ...)
NOT-FOR-US: EMC Documentum D2
-CVE-2014-2503
- RESERVED
+CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset
Manager ...)
NOT-FOR-US: EMC Documentum Digital Asset Manager
CVE-2014-2502 (Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC
RSA ...)
TODO: check
@@ -3910,10 +3940,10 @@
RESERVED
CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage
...)
NOT-FOR-US: Amtelco miSecureMessages
-CVE-2014-2346
- RESERVED
-CVE-2014-2345
- RESERVED
+CVE-2014-2346 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11
through ...)
+ TODO: check
+CVE-2014-2345 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11
through ...)
+ TODO: check
CVE-2014-2344
RESERVED
CVE-2014-2343 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows
...)
@@ -4656,26 +4686,22 @@
CVE-2014-2057 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
before ...)
- owncloud 6.0.2+dfsg-1
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-007/
-CVE-2014-2056
- RESERVED
+CVE-2014-2056 (PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x
before ...)
- owncloud 6.0.2+dfsg-1
- phpdocx 3.0+dfsg-2
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
-CVE-2014-2055 [XML External Entity Injection vulnerability]
- RESERVED
+CVE-2014-2055 (SabreDAV before 1.7.11, as used in ownCloud Server before
5.0.15 and ...)
- owncloud 6.0.2+dfsg-1
- php-sabredav 1.7.11+dfsg-1
NOTE: https://github.com/fruux/sabre-dav/releases/tag/1.7.11
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
-CVE-2014-2054
- RESERVED
+CVE-2014-2054 (PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15
and ...)
- owncloud 6.0.2+dfsg-1
- dolibarr <undetermined>
- moodle <undetermined>
NOTE: dolibarr, moodle also contain a copy of PHPExcel, owncloud does
not mention details
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
-CVE-2014-2053
- RESERVED
+CVE-2014-2053 (getID3() before 1.9.8, as used in ownCloud Server before 5.0.15
and ...)
- owncloud 6.0.2+dfsg-1
- php-getid3 1.9.7-2
[wheezy] - php-getid3 1.9.3-1+deb7u1
@@ -4688,8 +4714,8 @@
- zendframework <undetermined>
NOTE: owncloud advisory does not mention details for ZendFramework
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
-CVE-2014-2051
- RESERVED
+CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows
remote ...)
+ TODO: check
CVE-2014-2050
RESERVED
CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before
5.0.15 and ...)
@@ -4782,10 +4808,10 @@
RESERVED
CVE-2014-1999
RESERVED
-CVE-2014-1998
- RESERVED
-CVE-2014-1997
- RESERVED
+CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of
...)
+ TODO: check
+CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and
earlier ...)
+ TODO: check
CVE-2014-1996
RESERVED
CVE-2014-1995
@@ -9881,8 +9907,7 @@
RESERVED
CVE-2014-0225
RESERVED
-CVE-2014-0224 [SSL/TLS MITM vulnerability]
- RESERVED
+CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before
1.0.1h ...)
{DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
@@ -9900,8 +9925,7 @@
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
NOTE:
https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
-CVE-2014-0221 [DTLS recursion flaw]
- RESERVED
+CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL
before ...)
{DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
@@ -9982,8 +10006,7 @@
- linux 3.14.4-1 (bug #747166)
- linux-2.6 <removed>
NOTE: PoC: http://pastebin.com/yTSFUBgZ
-CVE-2014-0195 [DTLS invalid fragment vulnerability]
- RESERVED
+CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL
before ...)
{DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
@@ -15786,8 +15809,8 @@
RESERVED
CVE-2013-4861
RESERVED
-CVE-2013-4860
- RESERVED
+CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier
does ...)
+ TODO: check
CVE-2013-4859
RESERVED
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3
allows ...)
@@ -19027,8 +19050,8 @@
RESERVED
CVE-2013-3740
RESERVED
-CVE-2013-3739
- RESERVED
+CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network
Weathermap ...)
+ TODO: check
CVE-2013-3738
RESERVED
CVE-2013-3843
@@ -21683,8 +21706,8 @@
RESERVED
CVE-2013-2619 (Directory traversal vulnerability in Aspen before 0.22 allows
remote ...)
NOT-FOR-US: Aspen
-CVE-2013-2618
- RESERVED
+CVE-2013-2618 (Cross-site scripting (XSS) vulnerability in editor.php in
Network ...)
+ TODO: check
CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to
...)
NOT-FOR-US: Ruby Curl gem
CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows
remote ...)
@@ -23119,8 +23142,7 @@
RESERVED
- rrdtool 1.4.8-1 (unimportant; bug #708866)
NOTE: Non-issue, calling application need to perform sanitising
-CVE-2013-2130 [null pointer dereference in webadmin]
- RESERVED
+CVE-2013-2130 (ZNC 1.0 allows remote authenticated users to cause a denial of
service ...)
- znc 1.0-5 (bug #720632)
[squeeze] - znc <not-affected> (Vulnerable code not present)
[wheezy] - znc <not-affected> (Vulnerable code not present)
@@ -23770,8 +23792,7 @@
- jquery-jplayer 2.1.0-2
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/
NOTE:
https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d
-CVE-2013-1941 [Postgre: Insecure database password generator]
- RESERVED
+CVE-2013-1941 (The installation routine in ownCloud Server before 4.0.14,
4.5.x ...)
- owncloud 5.0.4~rc1+dfsg-1
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-015/
CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not
properly ...)
@@ -27516,8 +27537,8 @@
NOT-FOR-US: Mingle Forum Wordpress plugin
CVE-2013-0734 (Multiple cross-site scripting (XSS) vulnerabilities in the
Mingle ...)
NOT-FOR-US: Mingle Forum Wordpress plugin
-CVE-2013-0733
- RESERVED
+CVE-2013-0733 (Untrusted search path vulnerability in Corel PaintShop Pro X5
and X6 ...)
+ TODO: check
CVE-2013-0732 (Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader
before ...)
NOT-FOR-US: Nuance PDF Reader
CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for
WordPress ...)
@@ -28834,13 +28855,13 @@
{DSA-2634-1}
- python-django 1.4.4-1 (bug #701186)
NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/
-CVE-2013-0304
- RESERVED
+CVE-2013-0304 (ownCloud Server before 4.5.7 does not properly check ownership
of ...)
+ TODO: check
CVE-2013-0303 (Unspecified vulnerability in core/ajax/translations.php in
ownCloud ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-006/
-CVE-2013-0302
- RESERVED
+CVE-2013-0302 (Unspecified vulnerability in ownCloud Server before 4.0.12
allows ...)
+ TODO: check
CVE-2013-0301 (Cross-site request forgery (CSRF) vulnerability in ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
@@ -29151,8 +29172,7 @@
NOT-FOR-US: module for Drupal
CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful
Web ...)
NOT-FOR-US: module for Drupal
-CVE-2013-0204 [Code execution in external storage]
- RESERVED
+CVE-2013-0204 (settings/personal.php in ownCloud 4.5.x before 4.5.6 allows
remote ...)
- owncloud <not-affected> (Vulnerably code not present, only affects
4.5 branch)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/
CVE-2013-0203 [XSS vulnerabilities]
@@ -29840,18 +29860,15 @@
{DSA-2574-1}
- typo3-src 4.5.19+dfsg1-4 (bug #692775)
NOTE: https://review.typo3.org/16304
-CVE-2012-6143 [Storable::thaw called on untrusted inputs]
- RESERVED
+CVE-2012-6143 (Spoon::Cookie in the Spoon module 0.24 for Perl does not
properly use ...)
- libspoon-perl <unfixed> (bug #715371; low)
[squeeze] - libspoon-perl <no-dsa> (Minor issue)
[wheezy] - libspoon-perl <no-dsa> (Minor issue)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85217
-CVE-2012-6142 [Storable::thaw called on untrusted inputs]
- RESERVED
+CVE-2012-6142 (Session::Cookie in the HTML::EP module 0.2011 for Perl does not
...)
NOT-FOR-US: HTML-EP CPAN module
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85216
-CVE-2012-6141 [Storable::thaw called on untrusted inputs]
- RESERVED
+CVE-2012-6141 (The App::Context module 0.01 through 0.968 for Perl does not
properly ...)
NOT-FOR-US: App-Context CPAN module
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85215
CVE-2012-6140 (pam_google_authenticator.c in the PAM module in Google
Authenticator ...)
@@ -32321,8 +32338,8 @@
NOT-FOR-US: JForum
CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in
jforum.page in ...)
NOT-FOR-US: jForum
-CVE-2012-5336
- RESERVED
+CVE-2012-5336 (lib/base.php in ownCloud before 4.0.8 does not properly
validate the ...)
+ TODO: check
CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows
remote ...)
NOT-FOR-US: Tiny Server
CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing
Press ...)
@@ -32987,10 +33004,10 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-5058 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
NOT-FOR-US: Oracle E-Business Suite
-CVE-2012-5057
- RESERVED
-CVE-2012-5056
- RESERVED
+CVE-2012-5057 (CRLF injection vulnerability in ownCloud Server before 4.0.8
allows ...)
+ TODO: check
+CVE-2012-5056 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
Server ...)
+ TODO: check
CVE-2012-5055 (DaoAuthenticationProvider in VMware SpringSource Spring
Security ...)
NOT-FOR-US: VMware
CVE-2012-5054 (Integer overflow in the copyRawDataTo method in the Matrix3D
class in ...)
@@ -33979,8 +33996,8 @@
- request-tracker4 4.0.7-2
CVE-2012-4729 (Wing FTP Server before 4.1.1 allows remote authenticated users
to ...)
NOT-FOR-US: Wing FTP Server
-CVE-2012-4728
- RESERVED
+CVE-2012-4728 (The (1) QProGetNotebookWindowHandle and (2) Ordinal132
functions in ...)
+ TODO: check
CVE-2012-4727
RESERVED
CVE-2012-4726
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
