Author: joeyh Date: 2014-06-20 21:14:10 +0000 (Fri, 20 Jun 2014) New Revision: 27371
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-06-20 21:10:49 UTC (rev 27370) +++ data/CVE/list 2014-06-20 21:14:10 UTC (rev 27371) @@ -1,3 +1,620 @@ +CVE-2014-4504 + RESERVED +CVE-2014-4503 + RESERVED +CVE-2014-4502 + RESERVED +CVE-2014-4501 + RESERVED +CVE-2014-4500 + RESERVED +CVE-2014-4499 + RESERVED +CVE-2014-4498 + RESERVED +CVE-2014-4497 + RESERVED +CVE-2014-4496 + RESERVED +CVE-2014-4495 + RESERVED +CVE-2014-4494 + RESERVED +CVE-2014-4493 + RESERVED +CVE-2014-4492 + RESERVED +CVE-2014-4491 + RESERVED +CVE-2014-4490 + RESERVED +CVE-2014-4489 + RESERVED +CVE-2014-4488 + RESERVED +CVE-2014-4487 + RESERVED +CVE-2014-4486 + RESERVED +CVE-2014-4485 + RESERVED +CVE-2014-4484 + RESERVED +CVE-2014-4483 + RESERVED +CVE-2014-4482 + RESERVED +CVE-2014-4481 + RESERVED +CVE-2014-4480 + RESERVED +CVE-2014-4479 + RESERVED +CVE-2014-4478 + RESERVED +CVE-2014-4477 + RESERVED +CVE-2014-4476 + RESERVED +CVE-2014-4475 + RESERVED +CVE-2014-4474 + RESERVED +CVE-2014-4473 + RESERVED +CVE-2014-4472 + RESERVED +CVE-2014-4471 + RESERVED +CVE-2014-4470 + RESERVED +CVE-2014-4469 + RESERVED +CVE-2014-4468 + RESERVED +CVE-2014-4467 + RESERVED +CVE-2014-4466 + RESERVED +CVE-2014-4465 + RESERVED +CVE-2014-4464 + RESERVED +CVE-2014-4463 + RESERVED +CVE-2014-4462 + RESERVED +CVE-2014-4461 + RESERVED +CVE-2014-4460 + RESERVED +CVE-2014-4459 + RESERVED +CVE-2014-4458 + RESERVED +CVE-2014-4457 + RESERVED +CVE-2014-4456 + RESERVED +CVE-2014-4455 + RESERVED +CVE-2014-4454 + RESERVED +CVE-2014-4453 + RESERVED +CVE-2014-4452 + RESERVED +CVE-2014-4451 + RESERVED +CVE-2014-4450 + RESERVED +CVE-2014-4449 + RESERVED +CVE-2014-4448 + RESERVED +CVE-2014-4447 + RESERVED +CVE-2014-4446 + RESERVED +CVE-2014-4445 + RESERVED +CVE-2014-4444 + RESERVED +CVE-2014-4443 + RESERVED +CVE-2014-4442 + RESERVED +CVE-2014-4441 + RESERVED +CVE-2014-4440 + RESERVED +CVE-2014-4439 + RESERVED +CVE-2014-4438 + RESERVED +CVE-2014-4437 + RESERVED +CVE-2014-4436 + RESERVED +CVE-2014-4435 + RESERVED +CVE-2014-4434 + RESERVED +CVE-2014-4433 + RESERVED +CVE-2014-4432 + RESERVED +CVE-2014-4431 + RESERVED +CVE-2014-4430 + RESERVED +CVE-2014-4429 + RESERVED +CVE-2014-4428 + RESERVED +CVE-2014-4427 + RESERVED +CVE-2014-4426 + RESERVED +CVE-2014-4425 + RESERVED +CVE-2014-4424 + RESERVED +CVE-2014-4423 + RESERVED +CVE-2014-4422 + RESERVED +CVE-2014-4421 + RESERVED +CVE-2014-4420 + RESERVED +CVE-2014-4419 + RESERVED +CVE-2014-4418 + RESERVED +CVE-2014-4417 + RESERVED +CVE-2014-4416 + RESERVED +CVE-2014-4415 + RESERVED +CVE-2014-4414 + RESERVED +CVE-2014-4413 + RESERVED +CVE-2014-4412 + RESERVED +CVE-2014-4411 + RESERVED +CVE-2014-4410 + RESERVED +CVE-2014-4409 + RESERVED +CVE-2014-4408 + RESERVED +CVE-2014-4407 + RESERVED +CVE-2014-4406 + RESERVED +CVE-2014-4405 + RESERVED +CVE-2014-4404 + RESERVED +CVE-2014-4403 + RESERVED +CVE-2014-4402 + RESERVED +CVE-2014-4401 + RESERVED +CVE-2014-4400 + RESERVED +CVE-2014-4399 + RESERVED +CVE-2014-4398 + RESERVED +CVE-2014-4397 + RESERVED +CVE-2014-4396 + RESERVED +CVE-2014-4395 + RESERVED +CVE-2014-4394 + RESERVED +CVE-2014-4393 + RESERVED +CVE-2014-4392 + RESERVED +CVE-2014-4391 + RESERVED +CVE-2014-4390 + RESERVED +CVE-2014-4389 + RESERVED +CVE-2014-4388 + RESERVED +CVE-2014-4387 + RESERVED +CVE-2014-4386 + RESERVED +CVE-2014-4385 + RESERVED +CVE-2014-4384 + RESERVED +CVE-2014-4383 + RESERVED +CVE-2014-4382 + RESERVED +CVE-2014-4381 + RESERVED +CVE-2014-4380 + RESERVED +CVE-2014-4379 + RESERVED +CVE-2014-4378 + RESERVED +CVE-2014-4377 + RESERVED +CVE-2014-4376 + RESERVED +CVE-2014-4375 + RESERVED +CVE-2014-4374 + RESERVED +CVE-2014-4373 + RESERVED +CVE-2014-4372 + RESERVED +CVE-2014-4371 + RESERVED +CVE-2014-4370 + RESERVED +CVE-2014-4369 + RESERVED +CVE-2014-4368 + RESERVED +CVE-2014-4367 + RESERVED +CVE-2014-4366 + RESERVED +CVE-2014-4365 + RESERVED +CVE-2014-4364 + RESERVED +CVE-2014-4363 + RESERVED +CVE-2014-4362 + RESERVED +CVE-2014-4361 + RESERVED +CVE-2014-4360 + RESERVED +CVE-2014-4359 + RESERVED +CVE-2014-4358 + RESERVED +CVE-2014-4357 + RESERVED +CVE-2014-4356 + RESERVED +CVE-2014-4355 + RESERVED +CVE-2014-4354 + RESERVED +CVE-2014-4353 + RESERVED +CVE-2014-4352 + RESERVED +CVE-2014-4351 + RESERVED +CVE-2014-4350 + RESERVED +CVE-2014-4349 + RESERVED +CVE-2014-4348 + RESERVED +CVE-2014-4347 + RESERVED +CVE-2014-4346 + RESERVED +CVE-2014-4345 + RESERVED +CVE-2014-4344 + RESERVED +CVE-2014-4343 + RESERVED +CVE-2014-4342 + RESERVED +CVE-2014-4341 + RESERVED +CVE-2014-4340 + RESERVED +CVE-2014-4339 + RESERVED +CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) + TODO: check +CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before ...) + TODO: check +CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in ...) + TODO: check +CVE-2014-4332 + RESERVED +CVE-2014-4331 + RESERVED +CVE-2014-4330 + RESERVED +CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...) + TODO: check +CVE-2014-4328 + RESERVED +CVE-2014-4327 + RESERVED +CVE-2014-4326 + RESERVED +CVE-2014-4325 + RESERVED +CVE-2014-4324 + RESERVED +CVE-2014-4323 + RESERVED +CVE-2014-4322 + RESERVED +CVE-2014-4321 + RESERVED +CVE-2014-4320 + RESERVED +CVE-2014-4319 + RESERVED +CVE-2014-4318 + RESERVED +CVE-2014-4317 + RESERVED +CVE-2014-4316 + RESERVED +CVE-2014-4315 + RESERVED +CVE-2014-4314 + RESERVED +CVE-2014-4313 + RESERVED +CVE-2014-4312 + RESERVED +CVE-2014-4311 + RESERVED +CVE-2014-4310 + RESERVED +CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...) + TODO: check +CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording ...) + TODO: check +CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan before ...) + TODO: check +CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan before ...) + TODO: check +CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka ...) + TODO: check +CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy ...) + TODO: check +CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme ...) + TODO: check +CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D ...) + TODO: check +CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check +CVE-2014-4300 + RESERVED +CVE-2014-4299 + RESERVED +CVE-2014-4298 + RESERVED +CVE-2014-4297 + RESERVED +CVE-2014-4296 + RESERVED +CVE-2014-4295 + RESERVED +CVE-2014-4294 + RESERVED +CVE-2014-4293 + RESERVED +CVE-2014-4292 + RESERVED +CVE-2014-4291 + RESERVED +CVE-2014-4290 + RESERVED +CVE-2014-4289 + RESERVED +CVE-2014-4288 + RESERVED +CVE-2014-4287 + RESERVED +CVE-2014-4286 + REJECTED + TODO: check +CVE-2014-4285 + RESERVED +CVE-2014-4284 + RESERVED +CVE-2014-4283 + RESERVED +CVE-2014-4282 + RESERVED +CVE-2014-4281 + RESERVED +CVE-2014-4280 + RESERVED +CVE-2014-4279 + RESERVED +CVE-2014-4278 + RESERVED +CVE-2014-4277 + RESERVED +CVE-2014-4276 + RESERVED +CVE-2014-4275 + RESERVED +CVE-2014-4274 + RESERVED +CVE-2014-4273 + RESERVED +CVE-2014-4272 + RESERVED +CVE-2014-4271 + RESERVED +CVE-2014-4270 + RESERVED +CVE-2014-4269 + RESERVED +CVE-2014-4268 + RESERVED +CVE-2014-4267 + RESERVED +CVE-2014-4266 + RESERVED +CVE-2014-4265 + RESERVED +CVE-2014-4264 + RESERVED +CVE-2014-4263 + RESERVED +CVE-2014-4262 + RESERVED +CVE-2014-4261 + RESERVED +CVE-2014-4260 + RESERVED +CVE-2014-4259 + RESERVED +CVE-2014-4258 + RESERVED +CVE-2014-4257 + RESERVED +CVE-2014-4256 + RESERVED +CVE-2014-4255 + RESERVED +CVE-2014-4254 + RESERVED +CVE-2014-4253 + RESERVED +CVE-2014-4252 + RESERVED +CVE-2014-4251 + RESERVED +CVE-2014-4250 + RESERVED +CVE-2014-4249 + RESERVED +CVE-2014-4248 + RESERVED +CVE-2014-4247 + RESERVED +CVE-2014-4246 + RESERVED +CVE-2014-4245 + RESERVED +CVE-2014-4244 + RESERVED +CVE-2014-4243 + RESERVED +CVE-2014-4242 + RESERVED +CVE-2014-4241 + RESERVED +CVE-2014-4240 + RESERVED +CVE-2014-4239 + RESERVED +CVE-2014-4238 + RESERVED +CVE-2014-4237 + RESERVED +CVE-2014-4236 + RESERVED +CVE-2014-4235 + RESERVED +CVE-2014-4234 + RESERVED +CVE-2014-4233 + RESERVED +CVE-2014-4232 + RESERVED +CVE-2014-4231 + RESERVED +CVE-2014-4230 + RESERVED +CVE-2014-4229 + RESERVED +CVE-2014-4228 + RESERVED +CVE-2014-4227 + RESERVED +CVE-2014-4226 + RESERVED +CVE-2014-4225 + RESERVED +CVE-2014-4224 + RESERVED +CVE-2014-4223 + RESERVED +CVE-2014-4222 + RESERVED +CVE-2014-4221 + RESERVED +CVE-2014-4220 + RESERVED +CVE-2014-4219 + RESERVED +CVE-2014-4218 + RESERVED +CVE-2014-4217 + RESERVED +CVE-2014-4216 + RESERVED +CVE-2014-4215 + RESERVED +CVE-2014-4214 + RESERVED +CVE-2014-4213 + RESERVED +CVE-2014-4212 + RESERVED +CVE-2014-4211 + RESERVED +CVE-2014-4210 + RESERVED +CVE-2014-4209 + RESERVED +CVE-2014-4208 + RESERVED +CVE-2014-4207 + RESERVED +CVE-2014-4206 + RESERVED +CVE-2014-4205 + RESERVED +CVE-2014-4204 + RESERVED +CVE-2014-4203 + RESERVED +CVE-2014-4202 + RESERVED +CVE-2014-4201 + RESERVED +CVE-2014-4200 + RESERVED +CVE-2014-4199 + RESERVED +CVE-2014-4198 + RESERVED +CVE-2014-4197 + RESERVED +CVE-2014-4196 + RESERVED +CVE-2014-4195 + RESERVED +CVE-2014-4194 + RESERVED CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable] - softhsm <unfixed> (bug #752092) CVE-2014-XXXX [docker VMM breakout] @@ -40,8 +657,8 @@ RESERVED CVE-2014-4175 RESERVED -CVE-2014-4174 - RESERVED +CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x ...) + TODO: check CVE-2014-4173 RESERVED CVE-2014-4172 @@ -59,7 +676,7 @@ TODO: check CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote ...) - ntop <unfixed> (bug #751946) -CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlogoSec FireFlow 6.3-b230 ...) +CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 ...) NOT-FOR-US: AlogoSec FireFlow CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) TODO: check @@ -75,16 +692,16 @@ TODO: check CVE-2014-4156 RESERVED -CVE-2014-4155 - RESERVED +CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...) + TODO: check CVE-2014-4154 RESERVED -CVE-2014-4153 - RESERVED -CVE-2014-4152 - RESERVED -CVE-2014-4151 - RESERVED +CVE-2014-4153 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...) + TODO: check +CVE-2014-4152 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...) + TODO: check +CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...) + TODO: check CVE-2014-4149 RESERVED CVE-2014-4148 @@ -346,8 +963,7 @@ CVE-2014-XXXX [Class loader vulnerability in DefaultResolver] - commons-beanutils 1.9.2-1 NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463 -CVE-2014-4049 [PHP heap-based buffer overflow in DNS TXT record parsing] - RESERVED +CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ...) {DSA-2961-1} - php5 5.6.0~beta4+dfsg-3 (bug #751364) NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468 @@ -365,7 +981,7 @@ CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in ...) - asterisk <not-affected> (Only affects Asterisk 12.x) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-005.html -CVE-2014-4044 (OpenAFS 1.6.8 does no properly clear the fields in the host structure, ...) +CVE-2014-4044 (OpenAFS 1.6.8 does not properly clear the fields in the host structure, ...) - openafs 1.6.9-1 [wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8) [squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8) @@ -376,11 +992,9 @@ [squeeze] - eglibc <no-dsa> (Minor issue) CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...) - ppc64-diag <itp> (bug #740179) -CVE-2014-4021 [XSA-100] - RESERVED +CVE-2014-4021 (Xen 3.2.x through 4.4.x does not properly clean memory pages recovered ...) - xen <unfixed> (bug #751894) -CVE-2014-4020 [Frame metadissector crash (wnpa-sec-2014-07)] - RESERVED +CVE-2014-4020 (The dissect_frame function in epan/dissectors/packet-frame.c in the ...) - wireshark 1.10.8-1 [wheezy] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7) [squeeze] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7) @@ -695,13 +1309,11 @@ RESERVED CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...) NOT-FOR-US: IPSwitch IMail -CVE-2014-3877 - RESERVED +CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...) - fex 20140530-1 [wheezy] - fex <no-dsa> (non-free not supported) NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt -CVE-2014-3876 - RESERVED +CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast ...) - fex 20140530-1 [wheezy] - fex <no-dsa> (non-free not supported) NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt @@ -890,8 +1502,8 @@ NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2014-3811 RESERVED -CVE-2014-3810 - RESERVED +CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx ...) + TODO: check CVE-2014-3809 RESERVED CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) @@ -965,8 +1577,8 @@ NOT-FOR-US: Citrix CVE-2014-3779 RESERVED -CVE-2014-3778 - RESERVED +CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check CVE-2014-3777 RESERVED CVE-2014-3770 @@ -2695,10 +3307,10 @@ NOT-FOR-US: IBM Sametime CVE-2014-3014 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...) NOT-FOR-US: IBM Sametime -CVE-2014-3013 - RESERVED -CVE-2014-3012 - RESERVED +CVE-2014-3013 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam ...) + TODO: check +CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program ...) + TODO: check CVE-2014-3011 RESERVED CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...) @@ -2781,13 +3393,16 @@ NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3 CVE-2014-4338 [handle BrowseAllow directive securely] + RESERVED - cups-filters 1.0.53-1 [wheezy] - cups-filters <not-affected> (vulnerable code not present) NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195 CVE-2014-4337 [OOB accesses in the process_browse_data function when reading the packet variable] + RESERVED - cups-filters 1.0.53-1 [wheezy] - cups-filters <not-affected> (vulnerable code not present) CVE-2014-4336 [incomplete fix for CVE-2014-2707] + RESERVED - cups-filters 1.0.53-1 [wheezy] - cups-filters <not-affected> (vulnerable code not present) NOTE: incomplete fix was applied @@ -2837,8 +3452,8 @@ RESERVED CVE-2014-2963 RESERVED -CVE-2014-2962 - RESERVED +CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...) + TODO: check CVE-2014-2961 RESERVED CVE-2014-2960 @@ -2868,8 +3483,8 @@ RESERVED CVE-2014-2950 RESERVED -CVE-2014-2949 - RESERVED +CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager ...) + TODO: check CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM ...) NOT-FOR-US: Bizagi BPM CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM ...) @@ -3256,14 +3871,14 @@ RESERVED CVE-2014-2783 RESERVED -CVE-2014-2782 - RESERVED +CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...) + TODO: check CVE-2014-2781 RESERVED CVE-2014-2780 RESERVED -CVE-2014-2779 - RESERVED +CVE-2014-2779 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 ...) + TODO: check CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2777 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...) @@ -3785,14 +4400,11 @@ RESERVED CVE-2014-2612 RESERVED -CVE-2014-2611 - RESERVED +CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP ...) NOT-FOR-US: HP Software Executive Scorecard -CVE-2014-2610 - RESERVED +CVE-2014-2610 (Directory traversal vulnerability in the Content Acceleration Pack ...) NOT-FOR-US: HP Software Executive Scorecard -CVE-2014-2609 - RESERVED +CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and ...) NOT-FOR-US: HP Software Executive Scorecard CVE-2014-2608 RESERVED @@ -4917,8 +5529,8 @@ RESERVED CVE-2014-2152 RESERVED -CVE-2014-2151 - RESERVED +CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software ...) + TODO: check CVE-2014-2150 RESERVED CVE-2014-2149 @@ -5340,10 +5952,10 @@ TODO: check CVE-2014-2002 (Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and ...) TODO: check -CVE-2014-2001 - RESERVED -CVE-2014-2000 - RESERVED +CVE-2014-2001 (The East Japan Railway Company JR East Japan application before 1.2.0 ...) + TODO: check +CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...) + TODO: check CVE-2014-1999 RESERVED CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of ...) @@ -6448,12 +7060,12 @@ RESERVED CVE-2014-1653 RESERVED -CVE-2014-1652 - RESERVED -CVE-2014-1651 - RESERVED -CVE-2014-1650 - RESERVED +CVE-2014-1652 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) + TODO: check +CVE-2014-1651 (SQL injection vulnerability in clientreport.php in the management ...) + TODO: check +CVE-2014-1650 (SQL injection vulnerability in user.php in the management console in ...) + TODO: check CVE-2014-1649 (The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 ...) NOT-FOR-US: Symantec Workspace Streaming CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...) @@ -7946,8 +8558,8 @@ RESERVED CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...) NOT-FOR-US: IBM WebSphere MQ -CVE-2014-0910 - RESERVED +CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...) + TODO: check CVE-2014-0909 RESERVED CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager ...) @@ -8689,10 +9301,10 @@ RESERVED CVE-2014-0600 RESERVED -CVE-2014-0599 - RESERVED -CVE-2014-0598 - RESERVED +CVE-2014-0599 (Cross-site scripting (XSS) vulnerability in iPrint in Novell Open ...) + TODO: check +CVE-2014-0598 (Directory traversal vulnerability in iPrint in Novell Open Enterprise ...) + TODO: check CVE-2014-0597 RESERVED CVE-2014-0596 @@ -13196,8 +13808,7 @@ NOT-FOR-US: Livezilla CVE-2013-6222 RESERVED -CVE-2013-6221 - RESERVED +CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP ...) NOT-FOR-US: HP Service Virtualization CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP @@ -16049,8 +16660,8 @@ - strongswan <not-affected> (Only affects 5.0.4 from experimental) NOTE: The PEM aspect is under control of the administrator, so not a security issue NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4 -CVE-2013-5017 - RESERVED +CVE-2013-5017 (SNMPConfig.php in the management console in Symantec Web Gateway (SWG) ...) + TODO: check CVE-2013-5016 (Symantec Critical System Protection (SCSP) before 5.2.9, when ...) NOT-FOR-US: Symantec CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec ...) @@ -27042,8 +27653,8 @@ NOT-FOR-US: Ubuntu MAAS CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable ...) NOT-FOR-US: Ubuntu MAAS -CVE-2013-1068 - RESERVED +CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before ...) + TODO: check CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...) - apport 2.12.6-1 (bug #727661) NOTE: apport only in experimental, so we cannot track this in security-tracker @@ -40254,8 +40865,8 @@ RESERVED CVE-2012-2593 RESERVED -CVE-2012-2592 - RESERVED +CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 ...) + TODO: check CVE-2012-2591 RESERVED CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...) @@ -40295,14 +40906,14 @@ NOT-FOR-US: Symantec Web Gateway CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...) NOT-FOR-US: Symantec Web Gateway -CVE-2012-2572 - RESERVED +CVE-2012-2572 (Cross-site scripting (XSS) vulnerability in the ThreeWP Email ...) + TODO: check CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail ...) NOT-FOR-US: WinWebMail CVE-2012-2570 (Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart ...) NOT-FOR-US: X-Cart Gold -CVE-2012-2569 - RESERVED +CVE-2012-2569 (Cross-site scripting (XSS) vulnerability in Synametrics Technologies ...) + TODO: check CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web server on ...) NOT-FOR-US: Seagate BlackArmor CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses ...) @@ -41717,8 +42328,8 @@ [squeeze] - redmine <no-dsa> (Minor issue) CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass ...) NOT-FOR-US: F5 Firepass -CVE-2012-2052 - RESERVED +CVE-2012-2052 (Stack-based buffer overflow in the U3D.8BI library plugin in Adobe ...) + TODO: check CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...) @@ -41765,9 +42376,9 @@ NOT-FOR-US: Adobe Shockwave Player CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player -CVE-2012-2028 (Buffer overflow in Adobe Photoshop before CS6 allows remote attackers ...) +CVE-2012-2028 (Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 ...) NOT-FOR-US: Adobe Photoshop -CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop before CS6 allows ...) +CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 ...) NOT-FOR-US: Adobe Photoshop CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator @@ -42775,8 +43386,7 @@ CVE-2012-1622 RESERVED NOT-FOR-US: Apache OFBiz -CVE-2012-1621 - RESERVED +CVE-2012-1621 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For ...) NOT-FOR-US: Apache OFBiz CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the ...) - suckless-tools <unfixed> (unimportant; bug #667796) @@ -48685,8 +49295,8 @@ NOT-FOR-US: Adobe Acrobat Reader CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development ...) NOT-FOR-US: Adobe Cold Fusion -CVE-2011-4367 - RESERVED +CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer ...) + TODO: check CVE-2011-4366 RESERVED NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090 @@ -54281,8 +54891,8 @@ NOTE: This is http://www.kmplayer.com and not our kmplayer package. CVE-2011-2593 RESERVED -CVE-2011-2592 - RESERVED +CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom ...) + TODO: check CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow ...) NOT-FOR-US: Provideo ActiveX CVE-2011-2590 (The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits