Author: joeyh
Date: 2014-07-23 21:14:13 +0000 (Wed, 23 Jul 2014)
New Revision: 27926
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-23 20:45:34 UTC (rev 27925)
+++ data/CVE/list 2014-07-23 21:14:13 UTC (rev 27926)
@@ -1,3 +1,55 @@
+CVE-2014-5043
+ RESERVED
+CVE-2014-5042
+ RESERVED
+CVE-2014-5041
+ RESERVED
+CVE-2014-5040
+ RESERVED
+CVE-2014-5039
+ RESERVED
+CVE-2014-5038
+ RESERVED
+CVE-2014-5037
+ RESERVED
+CVE-2014-5036
+ RESERVED
+CVE-2014-5035
+ RESERVED
+CVE-2014-5034
+ RESERVED
+CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote
attackers ...)
+ TODO: check
+CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function
in ...)
+ TODO: check
+CVE-2014-5017 (SQL injection vulnerability in CPDB in ...)
+ TODO: check
+CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in
LimeSurvey ...)
+ TODO: check
+CVE-2014-5014
+ RESERVED
+CVE-2014-5013
+ RESERVED
+CVE-2014-5012
+ RESERVED
+CVE-2014-5011
+ RESERVED
+CVE-2014-5010
+ RESERVED
+CVE-2014-5007
+ RESERVED
+CVE-2014-5006
+ RESERVED
+CVE-2014-5005
+ RESERVED
+CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands
via ...)
+ TODO: check
+CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when
using ...)
+ TODO: check
+CVE-2013-7390
+ RESERVED
+CVE-2011-5281
+ RESERVED
CVE-2014-XXXX [vfs: refcount issues during unmount on symlink]
- linux <unfixed>
- linux-2.6 <removed>
@@ -3,67 +55,92 @@
NOTE: https://lkml.org/lkml/2014/7/21/98
CVE-2014-5033 [kauth authentication bypass]
+ RESERVED
- kde4libs <unfixed> (bug #755814)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
NOTE:
http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
CVE-2014-5032 [glpi: unprivileged users can access cost information]
+ RESERVED
- glpi <unfixed> (unimportant)
NOTE: CVE request
http://www.openwall.com/lists/oss-security/2014/07/22/6
NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-5031 [file/directory does not have world read permissions for
dirctory index files]
+ RESERVED
- cups 1.7.4-2
NOTE: https://cups.org/str.php?L4455
CVE-2014-5030 [dissalow symlinks for directory index files]
+ RESERVED
- cups 1.7.4-2
NOTE: https://cups.org/str.php?L4455
CVE-2014-5029 [Incomplete fix CVE-2014-3537]
+ RESERVED
- cups 1.7.4-2
NOTE: https://cups.org/str.php?L4455
CVE-2014-5028
+ RESERVED
- reviewboard <itp> (bug #653113)
CVE-2014-5027
+ RESERVED
- reviewboard <itp> (bug #653113)
CVE-2014-5026 [XSS vulnerability]
+ RESERVED
- cacti <unfixed>
NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5025 [XSS vulnerability]
+ RESERVED
- cacti <unfixed>
NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5024
+ RESERVED
NOT-FOR-US: DELL SonicWALL GMS
CVE-2014-5015 [basic http authentication bypass]
+ RESERVED
- bozohttpd <unfixed> (bug #755197)
[wheezy] - bozohttpd <no-dsa> (Minor issue)
[squeeze] - bozohttpd <no-dsa> (Minor issue)
CVE-2014-5009 [Incorrect fix for CVE-2014-5008]
+ RESERVED
- libphp-snoopy <not-affected> (Incorrect fix not applied)
NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
+ RESERVED
- libphp-snoopy <unfixed>
NOTE:
http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
NOTE: This issue exists because of an incorrect fix for CVE-2008-4796
(i.e., use of escapeshellcmd where escapeshellarg was required).
CVE-2014-5004 [Ruby Gem brbackup-0.1.1: exposes the database password to the
command line]
+ RESERVED
NOT-FOR-US: Ruby Gem brbackup
CVE-2014-5003 [Ruby Gem ciborg-3.0.0: race condition when creating
/tmp/perlbrew-installer]
+ RESERVED
NOT-FOR-US: Ruby Gem ciborg
CVE-2014-5002 [Ruby Gem lynx-0.2.0: expose the password to the process table]
+ RESERVED
NOT-FOR-US: Ruby Gem lynx
CVE-2014-5001 [Ruby Gem kcapifony-2.1.6: expose the password to the process
table]
+ RESERVED
NOT-FOR-US: Ruby Gem kcapifony
CVE-2014-5000 [Ruby Gem lawn-login-0.0.7: exposes the mysql password to the
process table]
+ RESERVED
NOT-FOR-US: Ruby Gem lawn-login
CVE-2014-4999 [Ruby Gem kajam-1.0.3.rc2: exposes the mysql password to the
process table]
+ RESERVED
NOT-FOR-US: Ruby Gem kajam
CVE-2014-4998 [Ruby Gem lean-ruport-0.3.8: exposes the mysql password to the
process table]
+ RESERVED
NOT-FOR-US: Ruby Gem lean-ruport
CVE-2014-4997 [Ruby Gem point-cli-0.0.1: exposes the username and password
combination to the process table]
+ RESERVED
NOT-FOR-US: Ruby Gem point-cli
CVE-2014-4996 [Ruby Gem VladTheEnterprising-0.2: clobber files via symlink
attack]
+ RESERVED
NOT-FOR-US: Ruby Gem VladTheEnterprising
CVE-2014-4995 [Ruby Gem VladTheEnterprising-0.2: Information Leakage]
+ RESERVED
NOT-FOR-US: Ruby Gem VladTheEnterprising
CVE-2014-4994 [Ruby Gem gyazo-1.0.0: Insecure Temporary File]
+ RESERVED
NOT-FOR-US: Ruby Gem gyazo
CVE-2014-4993 [Ruby Gems backup-agoddard and backup_checksum: expose the
password to the process table]
+ RESERVED
NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum
CVE-2014-4992 [Ruby Gem cap-strap-0.1.5: expose the password to the process
table]
@@ -79,13 +156,11 @@
RESERVED
CVE-2014-4988
RESERVED
-CVE-2014-4987 [PMASA-2014-7 Access for an unprivileged user to MySQL user
list.]
- RESERVED
+CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and
4.2.x ...)
- phpmyadmin 4:4.2.6-1 (low)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2014-4986 [PMASA-2014-6 Multiple XSS in AJAX confirmation messages.]
- RESERVED
+CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in
js/functions.js ...)
- phpmyadmin 4:4.2.6-1 (low)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
[squeeze] - phpmyadmin <no-dsa> (Minor issue)
@@ -107,19 +182,23 @@
TODO: check
CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated
users to ...)
TODO: check
-CVE-2014-5022 [Cross-site scripting - Ajax system]
+CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in
Drupal ...)
+ {DSA-2983-1}
- drupal6 <not-affected> (Only affects Drupal 7 core)
- drupal7 7.29-1 (bug #755038)
NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-5021 [Cross-site scripting - Form API option groups]
+CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in
Drupal 6.x ...)
+ {DSA-2983-1}
- drupal6 <removed>
- drupal7 7.29-1 (bug #755038)
NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-5020 [Access bypass]
+CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly
check ...)
+ {DSA-2983-1}
- drupal6 <not-affected> (Only affects Drupal 7 core)
- drupal7 7.29-1 (bug #755038)
NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-5019 [Denial of service with malicious HTTP Host header]
+CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before
7.29 ...)
+ {DSA-2983-1}
- drupal6 <removed>
- drupal7 7.29-1 (bug #755038)
NOTE: https://www.drupal.org/SA-CORE-2014-003
@@ -163,8 +242,8 @@
TODO: check
CVE-2014-4961
RESERVED
-CVE-2014-4960
- RESERVED
+CVE-2014-4960 (Multiple SQL injection vulnerabilities in models\gallery.php in
...)
+ TODO: check
CVE-2014-4959
RESERVED
CVE-2014-4958
@@ -173,13 +252,12 @@
RESERVED
CVE-2014-4956
RESERVED
-CVE-2014-4955 [PMASA-2014-5 Self-XSS due to unescaped HTML output in database
triggers page.]
- RESERVED
+CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the
PMA_TRI_getRowForList ...)
- phpmyadmin 4:4.2.6-1 (low)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2014-4954
- RESERVED
+CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
CVE-2014-4953
RESERVED
CVE-2014-4952
@@ -190,18 +268,17 @@
RESERVED
CVE-2014-4949
RESERVED
-CVE-2014-4948
- RESERVED
-CVE-2014-4947
- RESERVED
+CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack
1 and ...)
+ TODO: check
+CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix
...)
+ TODO: check
CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Internet ...)
TODO: check
CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Internet ...)
TODO: check
CVE-2014-4944 (Multiple SQL injection vulnerabilities in
inc/bsk-pdf-dashboard.php in ...)
NOT-FOR-US: WordPress plugin
-CVE-2014-4943 [privilege escalation in ppp over l2tp sockets]
- RESERVED
+CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel
...)
- linux 3.14.13-1
- linux-2.6 <removed>
NOTE: upstream commit:
https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
@@ -607,8 +684,7 @@
RESERVED
CVE-2014-4735
RESERVED
-CVE-2014-4734
- RESERVED
+CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php
in e107 ...)
NOT-FOR-US: e107
CVE-2014-4733
RESERVED
@@ -663,8 +739,7 @@
- zendframework <undetermined>
NOTE: http://framework.zend.com/security/advisory/ZF2014-03
TODO: check
-CVE-2014-4911 [polarssl: Denial of Service against GCM enabled servers and
clients]
- RESERVED
+CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL
before ...)
{DSA-2981-1}
- polarssl 1.3.7-2.1 (bug #754655)
NOTE:
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
@@ -792,7 +867,7 @@
RESERVED
CVE-2014-4673
RESERVED
-CVE-2014-4672 (The CDetailView widget in Yii PHP Framework before 1.1.15
allows ...)
+CVE-2014-4672 (The CDetailView widget in Yii PHP Framework 1.1.14 allows
remote ...)
- yii-framework-php <itp> (bug #683810)
CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145
on ...)
NOT-FOR-US: Adobe Flash
@@ -1170,8 +1245,8 @@
NOT-FOR-US: WordPress plugin ActiveHelper LiveHelp Live Chat
CVE-2014-4512
RESERVED
-CVE-2014-4511
- RESERVED
+CVE-2014-4511 (Gitlist before 0.5.0 allows remote attackers to execute
arbitrary ...)
+ TODO: check
CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in
Fan-Out ...)
NOT-FOR-US: Novell Identity Manager
CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman
before ...)
@@ -1552,12 +1627,10 @@
RESERVED
- krb5 <unfixed> (bug #755520)
NOTE:
https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
-CVE-2014-4342 [Handle invalid RFC 1964 tokens]
- RESERVED
+CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2
allows ...)
- krb5 1.12.1+dfsg-4 (bug #753625)
NOTE:
https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
-CVE-2014-4341 [Handle invalid RFC 1964 tokens]
- RESERVED
+CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers
to ...)
- krb5 1.12.1+dfsg-4 (bug #753624)
NOTE:
https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4340
@@ -1572,8 +1645,8 @@
NOT-FOR-US: Dolphin (php thing)
CVE-2014-4332
RESERVED
-CVE-2014-4331
- RESERVED
+CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in
...)
+ TODO: check
CVE-2014-4330
RESERVED
CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in
lua/host_details.lua in ...)
@@ -1582,8 +1655,8 @@
RESERVED
CVE-2014-4327
RESERVED
-CVE-2014-4326
- RESERVED
+CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows
remote ...)
+ TODO: check
CVE-2014-4325
RESERVED
CVE-2014-4324
@@ -1699,13 +1772,13 @@
CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin
component in ...)
TODO: check
CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
TODO: check
CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows
remote ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
NOTE: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/de40a32a44f5
- openjdk-7 7u65-2.5.1-1
@@ -1714,15 +1787,16 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2014-4264 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows
remote ...)
+ {DSA-2987-1}
- openjdk-6 <not-affected> (Vulnerable code not present)
- openjdk-7 7u65-2.5.1-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d
CVE-2014-4263 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4262 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4261 (Unspecified vulnerability in the Oracle VM VirtualBox component
in ...)
@@ -1753,7 +1827,7 @@
CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
TODO: check
CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
@@ -1772,7 +1846,7 @@
CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle
...)
TODO: check
CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4243 (Unspecified vulnerability in the MySQL Server component in
Oracle ...)
@@ -1832,12 +1906,14 @@
CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and
11.1 ...)
TODO: check
CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote
...)
+ {DSA-2987-1}
- openjdk-6 <not-affected> (Vulnerable code not present)
- openjdk-7 7u65-2.5.1-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a
CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component
in ...)
TODO: check
CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows
remote ...)
+ {DSA-2987-1}
- openjdk-6 <not-affected> (Vulnerable code not present)
- openjdk-7 7u65-2.5.1-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a
@@ -1845,17 +1921,17 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK,
only present in Oracle Java)
CVE-2014-4219 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5
allows ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4218 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
TODO: check
CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows
local ...)
@@ -1874,7 +1950,7 @@
CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
TODO: check
CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60,
and ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
- openjdk-7 7u65-2.5.1-1
CVE-2014-4208 (Unspecified vulnerability in the Java SE component in Oracle
Java SE ...)
@@ -2591,12 +2667,12 @@
RESERVED
CVE-2014-3895
RESERVED
-CVE-2014-3894
- RESERVED
+CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo
Multifunctional ...)
+ TODO: check
CVE-2014-3893
RESERVED
-CVE-2014-3892
- RESERVED
+CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian
before 2014 ...)
+ TODO: check
CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68
allows ...)
TODO: check
CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote
...)
@@ -2607,12 +2683,12 @@
TODO: check
CVE-2014-3887
RESERVED
-CVE-2014-3886
- RESERVED
-CVE-2014-3885
- RESERVED
-CVE-2014-3884
- RESERVED
+CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before
1.690, when ...)
+ TODO: check
+CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690
allows ...)
+ TODO: check
+CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before
1.600 ...)
+ TODO: check
CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute
arbitrary ...)
NOT-FOR-US: Usermin
CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login
rebuilder ...)
@@ -3402,14 +3478,12 @@
RESERVED
- linux <unfixed>
- linux-2.6 <not-affected> (Vulnerable code was introduced later)
-CVE-2014-3533 [DoS]
- RESERVED
+CVE-2014-3533 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local
users to ...)
{DSA-2971-1}
- dbus 1.8.6-1
[squeeze] - dbus <not-affected> (Vulnerable code not present)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80469
-CVE-2014-3532 [DoS]
- RESERVED
+CVE-2014-3532 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running
on Linux ...)
{DSA-2971-1}
- dbus 1.8.6-1
[squeeze] - dbus <not-affected> (Fix for other kernel version)
@@ -3417,8 +3491,7 @@
CVE-2014-3531
RESERVED
- foreman <itp> (bug #663101)
-CVE-2014-3530
- RESERVED
+CVE-2014-3530 (The
org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...)
NOT-FOR-US: PicketLink
CVE-2014-3529
RESERVED
@@ -3433,8 +3506,7 @@
- trafficserver 5.0.1-1
CVE-2014-3524
RESERVED
-CVE-2014-3523 [WinNT MPM denial of service]
- RESERVED
+CVE-2014-3523 (Memory leak in the winnt_accept function in
server/mpm/winnt/child.c ...)
- apache2 <not-affected> (Affects only Windows systems)
CVE-2014-3522
RESERVED
@@ -3448,8 +3520,7 @@
RESERVED
- linux-2.6 <not-affected> (Vulnerable code not yet present)
- linux <not-affected> (Kernels after squeeze no longer contain the
openvz flavour)
-CVE-2014-3518
- RESERVED
+CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss
...)
NOT-FOR-US: JBoss Application Server
CVE-2014-3517 [Use of non-constant time comparison operation]
RESERVED
@@ -4017,18 +4088,18 @@
RESERVED
CVE-2014-3326
RESERVED
-CVE-2014-3325
- RESERVED
+CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco
Unified ...)
+ TODO: check
CVE-2014-3324
RESERVED
-CVE-2014-3323
- RESERVED
+CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact
Center ...)
+ TODO: check
CVE-2014-3322
RESERVED
-CVE-2014-3321
- RESERVED
-CVE-2014-3320
- RESERVED
+CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when
bridge-group ...)
+ TODO: check
+CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web
interface in ...)
+ TODO: check
CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring
Tool ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in
the ...)
@@ -4055,8 +4126,8 @@
NOT-FOR-US: Cisco IOS XR
CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware
on ...)
NOT-FOR-US: Cisco Small Cell
-CVE-2014-3306
- RESERVED
+CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925,
DPQ3925, ...)
+ TODO: check
CVE-2014-3305
RESERVED
CVE-2014-3304
@@ -4429,20 +4500,18 @@
RESERVED
CVE-2014-3163
RESERVED
-CVE-2014-3162 [address sanitizer fixes]
- RESERVED
+CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <no-dsa> (minor issue)
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3161
- RESERVED
-CVE-2014-3160 [same origin bypass]
- RESERVED
+CVE-2014-3161 (The WebMediaPlayerAndroid::load function in ...)
+ TODO: check
+CVE-2014-3160 (The ResourceFetcher::canRequest function in ...)
- chromium-browser <unfixed>
[wheezy] - chromium-browser <no-dsa> (minor issue)
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3159
- RESERVED
+CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
+ TODO: check
CVE-2014-3158
RESERVED
CVE-2014-3157 (Heap-based buffer overflow in the
FFmpegVideoDecoder::GetVideoBuffer ...)
@@ -4670,8 +4739,8 @@
NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2014-3065
RESERVED
-CVE-2014-3064
- RESERVED
+CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management -
...)
+ TODO: check
CVE-2014-3063
RESERVED
CVE-2014-3062
@@ -4708,12 +4777,12 @@
RESERVED
CVE-2014-3046
RESERVED
-CVE-2014-3045
- RESERVED
+CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x
before ...)
+ TODO: check
CVE-2014-3044
RESERVED
-CVE-2014-3043
- RESERVED
+CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3
allows ...)
+ TODO: check
CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS
does ...)
NOT-FOR-US: IBM CICS Transaction Serve
CVE-2014-3041
@@ -5856,8 +5925,7 @@
NOT-FOR-US: HP Network Virtualization
CVE-2014-2624
RESERVED
-CVE-2014-2623
- RESERVED
+CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x
allows ...)
NOT-FOR-US: HP Data Protector
CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center
(iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
@@ -6043,8 +6111,7 @@
RESERVED
CVE-2014-2520
RESERVED
-CVE-2014-2519
- RESERVED
+CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA)
4.1 ...)
NOT-FOR-US: EMC RecoverPoint Appliance
CVE-2014-2518
RESERVED
@@ -6224,7 +6291,7 @@
CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component
in ...)
TODO: check
CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle
Java SE ...)
- {DSA-2980-1}
+ {DSA-2987-1 DSA-2980-1}
- openjdk-6 6b32-1.13.4-1
NOTE: http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af
- openjdk-7 7u65-2.5.1-1
@@ -6249,6 +6316,7 @@
- mariadb-5.5 <not-affected> (Only affects 5.6)
- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-2483 (Unspecified vulnerability in the Java SE component in Oracle
Java SE ...)
+ {DSA-2987-1}
- openjdk-6 <not-affected> (vulnerable code not present)
- openjdk-7 7u65-2.5.1-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
@@ -6508,8 +6576,7 @@
NOT-FOR-US: BlackBerry Z 10
CVE-2014-2388
RESERVED
-CVE-2014-2385
- RESERVED
+CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web
UI in ...)
NOT-FOR-US: Sophos Antivirus
CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware
Player ...)
NOT-FOR-US: VMware on Windows
@@ -6544,16 +6611,16 @@
RESERVED
CVE-2014-2369
RESERVED
-CVE-2014-2368
- RESERVED
-CVE-2014-2367
- RESERVED
-CVE-2014-2366
- RESERVED
-CVE-2014-2365
- RESERVED
-CVE-2014-2364
- RESERVED
+CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in
Advantech ...)
+ TODO: check
+CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...)
+ TODO: check
+CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote
...)
+ TODO: check
+CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2
allows ...)
+ TODO: check
+CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess
before ...)
+ TODO: check
CVE-2014-2363
RESERVED
CVE-2014-2362
@@ -7465,22 +7532,22 @@
NOT-FOR-US: Android application for East Japan Railway Company
CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows
attackers ...)
NOT-FOR-US: NTT application for Android
-CVE-2014-1999
- RESERVED
+CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP
1.1 ...)
+ TODO: check
CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of
...)
NOT-FOR-US: SOY CMS
CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and
earlier ...)
NOT-FOR-US: ATEN IP KVM Switch
-CVE-2014-1996
- RESERVED
-CVE-2014-1995
- RESERVED
-CVE-2014-1994
- RESERVED
-CVE-2014-1993
- RESERVED
-CVE-2014-1992
- RESERVED
+CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users
to ...)
+ TODO: check
+CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search ...)
+ TODO: check
+CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet
in ...)
+ TODO: check
+CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7
SP4 ...)
+ TODO: check
+CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages
functionality ...)
+ TODO: check
CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0
through ...)
NOT-FOR-US: NTT DATA INTRAMART
CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess
(aka the ...)
@@ -7489,8 +7556,8 @@
NOT-FOR-US: Cybozu Garoon
CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7
SP2 ...)
NOT-FOR-US: Cybozu Garoon
-CVE-2014-1987
- RESERVED
+CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows
remote ...)
+ TODO: check
CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1
and ...)
NOT-FOR-US: KOKUYO CamiApp application
CVE-2014-1984 (Session fixation vulnerability in the management screen in
Cybozu ...)
@@ -7515,8 +7582,8 @@
NOT-FOR-US: Unzipper Android app
CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer
...)
NOT-FOR-US: LYSESOFT
-CVE-2014-1973
- RESERVED
+CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer
...)
+ TODO: check
CVE-2014-1972
RESERVED
CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0
allows ...)
@@ -8776,14 +8843,12 @@
RESERVED
CVE-2014-1562
RESERVED
-CVE-2014-1561 [Toolbar dialog customization event spoofing]
- RESERVED
+CVE-2014-1561 (Mozilla Firefox before 31.0 does not properly restrict use of
...)
- iceweasel 31.0-1
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
[squeeze] - iceweasel <end-of-life>
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
-CVE-2014-1560 [Certificate parsing broken by non-standard character]
- RESERVED
+CVE-2014-1560 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow
remote ...)
- iceweasel 31.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8791,8 +8856,7 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
-CVE-2014-1559 [Certificate parsing broken by non-standard character]
- RESERVED
+CVE-2014-1559 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow
remote ...)
- iceweasel 31.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8800,8 +8864,7 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
-CVE-2014-1558 [Certificate parsing broken by non-standard character]
- RESERVED
+CVE-2014-1558 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow
remote ...)
- iceweasel 31.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8809,22 +8872,22 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
-CVE-2014-1557 [Crash in Skia library when scaling high quality images]
- RESERVED
+CVE-2014-1557 (The ConvolveHorizontally function in Skia, as used in Mozilla
Firefox ...)
+ {DSA-2986-1}
- iceweasel 31.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-64.html
-CVE-2014-1556 [Exploitable WebGL crash with Cesium JavaScript]
- RESERVED
+CVE-2014-1556 (Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and
...)
+ {DSA-2986-1}
- iceweasel 31.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
-CVE-2014-1555 [Use-after-free with FireOnStateChange event]
- RESERVED
+CVE-2014-1555 (Use-after-free vulnerability in the nsDocLoader::OnProgress
function ...)
+ {DSA-2986-1}
- iceweasel 31.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -8834,8 +8897,7 @@
RESERVED
CVE-2014-1553
RESERVED
-CVE-2014-1552 [IFRAME sandbox same-origin access through redirect]
- RESERVED
+CVE-2014-1552 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not
...)
- iceweasel 31.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
@@ -8843,13 +8905,11 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
-CVE-2014-1551 [Use-after-free in DirectWrite font handling]
- RESERVED
+CVE-2014-1551 (Use-after-free vulnerability in the FontTableRec destructor in
Mozilla ...)
- iceweasel <not-affected> (Affects only Windows platform)
- icedove <not-affected> (Affects only Windows platform)
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
-CVE-2014-1550 [Use-after-free in Web Audio due to incorrect control message
ordering]
- RESERVED
+CVE-2014-1550 (Use-after-free vulnerability in the MediaInputPort class in
Mozilla ...)
- iceweasel 31.0-1
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
[squeeze] - iceweasel <end-of-life>
@@ -8857,8 +8917,7 @@
[squeeze] - icedove <end-of-life>
[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
-CVE-2014-1549 [Buffer overflow during Web Audio buffering for playback]
- RESERVED
+CVE-2014-1549 (The
mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer ...)
- iceweasel 31.0-1
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
[squeeze] - iceweasel <end-of-life>
@@ -8866,13 +8925,12 @@
[squeeze] - icedove <end-of-life>
[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
-CVE-2014-1548
- RESERVED
+CVE-2014-1548 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel 31.0-1
[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
[squeeze] - iceweasel <end-of-life>
-CVE-2014-1547 [Miscellaneous memory safety hazards]
- RESERVED
+CVE-2014-1547 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+ {DSA-2986-1}
- iceweasel 31.0-1
[squeeze] - iceweasel <end-of-life>
- icedove <unfixed>
@@ -8888,8 +8946,8 @@
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
NOTE: Only the Wheezy builds use the bundled nspr
-CVE-2014-1544 [Race-condition in certificate verification can lead to Remote
code execution]
- RESERVED
+CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate
function ...)
+ {DSA-2986-1}
- nss 2:3.16.3-1
- iceweasel <unfixed>
[squeeze] - iceweasel <end-of-life>
@@ -10030,14 +10088,14 @@
- movabletype-opensource 5.2.9+dfsg-1 (bug #734304)
CVE-2014-0971
RESERVED
-CVE-2014-0970
- RESERVED
+CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management -
...)
+ TODO: check
CVE-2014-0969
RESERVED
-CVE-2014-0968
- RESERVED
-CVE-2014-0967
- RESERVED
+CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component
in IBM ...)
+ TODO: check
+CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component
in IBM ...)
+ TODO: check
CVE-2014-0966
RESERVED
CVE-2014-0965
@@ -10056,8 +10114,8 @@
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0
through ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0957
- RESERVED
+CVE-2014-0957 (Cross-site scripting (XSS) vulnerability in IBM Business
Process ...)
+ TODO: check
CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in
IBM ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Portal 8.0 ...)
@@ -12719,8 +12777,7 @@
NOT-FOR-US: OpenShift
CVE-2014-0232
RESERVED
-CVE-2014-0231 [mod_cgid denial of service]
- RESERVED
+CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10
does not ...)
- apache2 2.4.10-1
CVE-2014-0230
RESERVED
@@ -12731,8 +12788,7 @@
NOT-FOR-US: Apache Hive
CVE-2014-0227
RESERVED
-CVE-2014-0226 [mod_status buffer overflow]
- RESERVED
+CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP
Server ...)
- apache2 2.4.10-1
CVE-2014-0225 [Information disclosure via SSRF]
RESERVED
@@ -13123,11 +13179,9 @@
- tomcat8 8.0.8-1
- tomcat7 7.0.54-1
- tomcat6 6.0.41-1
-CVE-2014-0118 [mod_deflate denial of service]
- RESERVED
+CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the
mod_deflate ...)
- apache2 2.4.10-1
-CVE-2014-0117 [mod_proxy denial of service]
- RESERVED
+CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before
2.4.10, ...)
- apache2 2.4.10-1
[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
[wheezy] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
@@ -20231,8 +20285,7 @@
{DSA-2837-1}
- openssl 1.0.1f-1
[squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e)
-CVE-2013-4352
- RESERVED
+CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c
in the ...)
- apache2 2.4.7-1 (low)
NOTE: According to
http://httpd.apache.org/security/vulnerabilities_24.html this should only
affect
NOTE: 2.4.6, but that seems wrong, since 2.4.6 was a single-change
regression update
@@ -20510,8 +20563,7 @@
NOT-FOR-US: Drupal contributed module Zen
CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-4273
- RESERVED
+CVE-2013-4273 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does
not ...)
NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6,
7.x-2.x ...)
NOT-FOR-US: Drupal addon
@@ -26388,7 +26440,7 @@
- jquery-jplayer 2.1.0-2
NOTE: used for jPlayer 2.2.23 XSS
NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
-CVE-2013-2022 (Cross-site scripting (XSS) vulnerability in
actionscript/Jplayer.as in ...)
+CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- jquery-jplayer 2.1.0-2
NOTE:
https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
NOTE: used for jPlayer 2.2.20 XSS
@@ -26664,7 +26716,7 @@
CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check
...)
- linux <not-affected> (RHEL-specific backport regression)
- linux-2.6 <not-affected> (RHEL-specific backport regression)
-CVE-2013-1942 (Cross-site scripting (XSS) vulnerability in
actionscript/Jplayer.as in ...)
+CVE-2013-1942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- owncloud <not-affected> (Depends on libjs-jquery-jplayer)
- jquery-jplayer 2.1.0-2
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/
@@ -28391,7 +28443,7 @@
NOT-FOR-US: glFusion
CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in
CubeCart ...)
NOT-FOR-US: CubeCart
-CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in
the ...)
+CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in assets/player.swf
in the ...)
{DSA-2772-1}
- typo3-src 4.5.29+dfsg1-1
[squeeze] - typo3-src <no-dsa> (Too intrusive to backport)
@@ -28596,7 +28648,7 @@
NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in
ChurchCMS 0.0.1 ...)
NOT-FOR-US: ChurchCMS
-CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in he
Zingiri Web ...)
+CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in the
Zingiri Web ...)
NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian
CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: PHP Volunteer Management not in Debian
@@ -37337,6 +37389,7 @@
CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager
in ...)
NOT-FOR-US: Websense
CVE-2008-7313 [Incomplete fix for CVE-2008-4796]
+ RESERVED
- libphp-snoopy <unfixed>
NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
NOTE:
http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
@@ -42328,8 +42381,7 @@
NOT-FOR-US: Cumin
CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin
before ...)
NOT-FOR-US: Cumin
-CVE-2012-2682
- RESERVED
+CVE-2012-2682 (Cumin (aka MRG Management Console), as used in Red Hat
Enterprise MRG ...)
NOT-FOR-US: Cumin
CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging,
...)
NOT-FOR-US: Cumin
@@ -48435,6 +48487,7 @@
CVE-2003-1598
RESERVED
CVE-2002-2444 [snoopy: Security hole in exec cURL]
+ RESERVED
- libphp-snoopy <not-affected> (affected version never was in the repo)
NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
NOTE: http://sourceforge.net/p/snoopy/bugs/13/
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
