Author: joeyh
Date: 2014-10-01 21:14:11 +0000 (Wed, 01 Oct 2014)
New Revision: 29194
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-01 20:17:28 UTC (rev 29193)
+++ data/CVE/list 2014-10-01 21:14:11 UTC (rev 29194)
@@ -1,3 +1,163 @@
+CVE-2014-7270
+ RESERVED
+CVE-2014-7269
+ RESERVED
+CVE-2014-7268
+ RESERVED
+CVE-2014-7267
+ RESERVED
+CVE-2014-7266
+ RESERVED
+CVE-2014-7265
+ RESERVED
+CVE-2014-7264
+ RESERVED
+CVE-2014-7263
+ RESERVED
+CVE-2014-7262
+ RESERVED
+CVE-2014-7261
+ RESERVED
+CVE-2014-7260
+ RESERVED
+CVE-2014-7259
+ RESERVED
+CVE-2014-7258
+ RESERVED
+CVE-2014-7257
+ RESERVED
+CVE-2014-7256
+ RESERVED
+CVE-2014-7255
+ RESERVED
+CVE-2014-7254
+ RESERVED
+CVE-2014-7253
+ RESERVED
+CVE-2014-7252
+ RESERVED
+CVE-2014-7251
+ RESERVED
+CVE-2014-7250
+ RESERVED
+CVE-2014-7249
+ RESERVED
+CVE-2014-7248
+ RESERVED
+CVE-2014-7247
+ RESERVED
+CVE-2014-7246
+ RESERVED
+CVE-2014-7245
+ RESERVED
+CVE-2014-7244
+ RESERVED
+CVE-2014-7243
+ RESERVED
+CVE-2014-7242
+ RESERVED
+CVE-2014-7241
+ RESERVED
+CVE-2014-7240
+ RESERVED
+CVE-2014-7239
+ RESERVED
+CVE-2014-7238
+ RESERVED
+CVE-2014-7237
+ RESERVED
+CVE-2014-7236
+ RESERVED
+CVE-2014-7235
+ RESERVED
+CVE-2014-7234
+ RESERVED
+CVE-2014-7233
+ RESERVED
+CVE-2014-7232
+ RESERVED
+CVE-2014-7229
+ RESERVED
+CVE-2014-7228
+ RESERVED
+CVE-2014-7227
+ RESERVED
+CVE-2014-7226
+ RESERVED
+CVE-2014-7225
+ RESERVED
+CVE-2014-7224
+ RESERVED
+CVE-2014-7223
+ RESERVED
+CVE-2014-7222
+ RESERVED
+CVE-2014-7221
+ RESERVED
+CVE-2014-7220
+ RESERVED
+CVE-2014-7219
+ RESERVED
+CVE-2014-7218
+ RESERVED
+CVE-2014-7217
+ RESERVED
+CVE-2014-7216
+ RESERVED
+CVE-2014-7215
+ RESERVED
+CVE-2014-7214
+ RESERVED
+CVE-2014-7213
+ RESERVED
+CVE-2014-7212
+ RESERVED
+CVE-2014-7211
+ RESERVED
+CVE-2014-7210
+ RESERVED
+CVE-2014-7209
+ RESERVED
+CVE-2014-7208
+ RESERVED
+CVE-2014-7207
+ RESERVED
+CVE-2014-7206
+ RESERVED
+CVE-2013-7405
+ RESERVED
+CVE-2013-7404
+ RESERVED
+CVE-2012-6660
+ RESERVED
+CVE-2011-5374
+ RESERVED
+CVE-2010-5310
+ RESERVED
+CVE-2010-5309
+ RESERVED
+CVE-2010-5308
+ RESERVED
+CVE-2010-5307
+ RESERVED
+CVE-2010-5306
+ RESERVED
+CVE-2009-5143
+ RESERVED
+CVE-2007-6757
+ RESERVED
+CVE-2006-7253
+ RESERVED
+CVE-2004-2777
+ RESERVED
+CVE-2003-1603
+ RESERVED
+CVE-2002-2445
+ RESERVED
+CVE-2001-1594
+ RESERVED
+CVE-2000-1253
+ RESERVED
CVE-2014-XXXX [various sddm issues]
- sddm <itp> (bug #703519)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
@@ -8,16 +168,19 @@
CVE-2010-XXXX [execute code from imported modules / documentation missmatch ]
- pylint <unfixed> (bug #591676)
CVE-2014-7231
+ RESERVED
- python-oslo.utils <unfixed>
NOTE: https://launchpad.net/bugs/1345233
TODO: check
CVE-2014-7230
+ RESERVED
- cinder <unfixed>
- nova <unfixed>
- trove <unfixed>
NOTE: https://launchpad.net/bugs/1343604
TODO: check
CVE-2014-7205 [Arbitrary JavaScript Execution in Bassmaster]
+ RESERVED
NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
TODO: check
CVE-2014-7201
@@ -49,6 +212,7 @@
NOTE: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
CVE-2014-7188
RESERVED
+ {DSA-3041-1}
- xen <unfixed>
CVE-2014-7184
RESERVED
@@ -81,6 +245,7 @@
CVE-2014-7170
RESERVED
CVE-2014-7204 [endless loog + disk usage bomp on minified js file]
+ RESERVED
- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
NOTE: http://sourceforge.net/p/ctags/code/791/
CVE-2014-7203 [does not implement uniqueness check on connection nonces]
@@ -95,8 +260,7 @@
- zeromq3 <unfixed>
NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190
TODO: check
-CVE-2014-7190
- RESERVED
+CVE-2014-7190 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: Openfiler
CVE-2014-7189 [Go crypto/tls vulnerability]
RESERVED
@@ -104,12 +268,10 @@
[wheezy] - golang <not-affected> (Vulnerable code not present, only Go
1.1 onwards)
NOTE:
https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
NOTE:
https://code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3
-CVE-2014-7187
- RESERVED
+CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in
GNU ...)
{DSA-3035-1 DLA-63-1}
- bash 4.3-9.2
-CVE-2014-7186
- RESERVED
+CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through
4.3 ...)
{DSA-3035-1 DLA-63-1}
- bash 4.3-9.2
CVE-2014-7185 [integer overflow in 'buffer' type allows reading memory]
@@ -156,8 +318,7 @@
NOTE:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7663
NOTE: http://www.intelsecurity.com/advanced-threat-research/#
NOTE: similar to CVE-2014-1568 in nss
-CVE-2014-7199 [mediawiki: releases 1.19.19, 1.22.11 and 1.23.4]
- RESERVED
+CVE-2014-7199 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.19.19, ...)
{DSA-3036-1}
- mediawiki 1:1.19.19+dfsg-1 (bug #762754)
[squeeze] - mediawiki <end-of-life>
@@ -166,14 +327,17 @@
- bash 4.3-9.2 (bug #762760)
CVE-2014-7156 [XSA-106]
RESERVED
+ {DSA-3041-1}
- xen <unfixed>
[squeeze] - xen <end-of-life>
CVE-2014-7155 [XSA-105]
RESERVED
+ {DSA-3041-1}
- xen <unfixed>
[squeeze] - xen <end-of-life>
CVE-2014-7154 [XSA-104]
RESERVED
+ {DSA-3041-1}
- xen <unfixed>
[squeeze] - xen <end-of-life>
CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp
Forms ...)
@@ -760,222 +924,222 @@
RESERVED
CVE-2014-6856
RESERVED
-CVE-2014-6855
- RESERVED
-CVE-2014-6854
- RESERVED
-CVE-2014-6853
- RESERVED
-CVE-2014-6852
- RESERVED
-CVE-2014-6851
- RESERVED
-CVE-2014-6850
- RESERVED
+CVE-2014-6855 (The Long (aka com.imop.longjiang.android) application 1.0.4 for
...)
+ TODO: check
+CVE-2014-6854 (The EyeXam (aka com.globaleyeventures.eyexam) application 1.4
for ...)
+ TODO: check
+CVE-2014-6853 (The Foxit MobilePDF - PDF Reader (aka
com.foxit.mobile.pdf.lite) ...)
+ TODO: check
+CVE-2014-6852 (The LedLine.gr Official (aka com.automon.ledline.gr)
application ...)
+ TODO: check
+CVE-2014-6851 (The New Beginnings CFC (aka com.goodbarber.nbcfc) application
1.1 for ...)
+ TODO: check
+CVE-2014-6850 (The SED Account (aka com.starkville.smartapps) application
1.153.0034 ...)
+ TODO: check
CVE-2014-6849
RESERVED
-CVE-2014-6848
- RESERVED
-CVE-2014-6847
- RESERVED
-CVE-2014-6846
- RESERVED
-CVE-2014-6845
- RESERVED
-CVE-2014-6844
- RESERVED
-CVE-2014-6843
- RESERVED
-CVE-2014-6842
- RESERVED
-CVE-2014-6841
- RESERVED
-CVE-2014-6840
- RESERVED
-CVE-2014-6839
- RESERVED
-CVE-2014-6838
- RESERVED
-CVE-2014-6837
- RESERVED
-CVE-2014-6836
- RESERVED
-CVE-2014-6835
- RESERVED
-CVE-2014-6834
- RESERVED
-CVE-2014-6833
- RESERVED
-CVE-2014-6832
- RESERVED
-CVE-2014-6831
- RESERVED
-CVE-2014-6830
- RESERVED
-CVE-2014-6829
- RESERVED
-CVE-2014-6828
- RESERVED
-CVE-2014-6827
- RESERVED
-CVE-2014-6826
- RESERVED
-CVE-2014-6825
- RESERVED
-CVE-2014-6824
- RESERVED
-CVE-2014-6823
- RESERVED
-CVE-2014-6822
- RESERVED
-CVE-2014-6821
- RESERVED
-CVE-2014-6820
- RESERVED
-CVE-2014-6819
- RESERVED
-CVE-2014-6818
- RESERVED
-CVE-2014-6817
- RESERVED
-CVE-2014-6816
- RESERVED
-CVE-2014-6815
- RESERVED
-CVE-2014-6814
- RESERVED
-CVE-2014-6813
- RESERVED
-CVE-2014-6812
- RESERVED
+CVE-2014-6848 (The DS file (aka com.synology.DSfile) application 4.1.1 for
Android ...)
+ TODO: check
+CVE-2014-6847 (The Horoscopes and Dreams (aka com.horoscopesanddreams)
application ...)
+ TODO: check
+CVE-2014-6846 (The Four Seasons Beverly Hills (aka ...)
+ TODO: check
+CVE-2014-6845 (The MediaFire (aka com.mediafire.android) application 1.1.1 for
...)
+ TODO: check
+CVE-2014-6844 (The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0
for ...)
+ TODO: check
+CVE-2014-6843 (The Sweatshop (aka com.orderingapps.sweatshop) application 2.96
for ...)
+ TODO: check
+CVE-2014-6842 (The Daily Advertiser Print (aka
com.lafayettedailyadv.android.prod) ...)
+ TODO: check
+CVE-2014-6841 (The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21
for ...)
+ TODO: check
+CVE-2014-6840 (The My Wedding Planner (aka app.wedding) application 1.5 for
Android ...)
+ TODO: check
+CVE-2014-6839 (The Alma Corinthiana (aka com.alma.corinthiana) application 1.0
for ...)
+ TODO: check
+CVE-2014-6838 (The Groupama toujours la (aka com.groupama.toujoursla)
application ...)
+ TODO: check
+CVE-2014-6837 (The Hillside (aka com.hillside.hermanus) application 1.1 for
Android ...)
+ TODO: check
+CVE-2014-6836 (The DS photo+ (aka com.synology.dsphoto) application 3.3 for
Android ...)
+ TODO: check
+CVE-2014-6835 (The Herbal Guide (aka com.pocket.herbal.guide) application 1.0
for ...)
+ TODO: check
+CVE-2014-6834 (The Instaroid - Instagram Viewer (aka net.muik.instaroid)
application ...)
+ TODO: check
+CVE-2014-6833 (The AuctionTrac Dealer (aka com.adesa.dealer.phone) application
2.0.3 ...)
+ TODO: check
+CVE-2014-6832 (The Bersa Forum (aka com.gcspublishing.bersaforum) application
3.9.16 ...)
+ TODO: check
+CVE-2014-6831 (The Hippo Studio (aka com.appgreen.hippostudio) application 1.0
for ...)
+ TODO: check
+CVE-2014-6830 (The Covet Fashion - Shopping Game (aka
com.crowdstar.covetfashion) ...)
+ TODO: check
+CVE-2014-6829 (The Hook (aka com.hook.android) application 0.9.3 for Android
does not ...)
+ TODO: check
+CVE-2014-6828 (The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for
Android ...)
+ TODO: check
+CVE-2014-6827 (The DK ONLINE Beta (aka com.sgmobile.dkonline) application
1.0.2 for ...)
+ TODO: check
+CVE-2014-6826 (The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2
for ...)
+ TODO: check
+CVE-2014-6825 (The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti)
...)
+ TODO: check
+CVE-2014-6824 (The kamkomesan (aka com.anek.kamkomesan) application 1.0 for
Android ...)
+ TODO: check
+CVE-2014-6823 (The kuailecaidengmi (aka com.licai.kuailecaidengmi) application
...)
+ TODO: check
+CVE-2014-6822 (The Nerdico (aka com.nerdico.danielepais) application 1.9
Stable for ...)
+ TODO: check
+CVE-2014-6821 (The voetbal (aka nl.jborsje.android.voetbal.az) application
4.7.2 for ...)
+ TODO: check
+CVE-2014-6820 (The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0
for ...)
+ TODO: check
+CVE-2014-6819 (The Lapp Group Catalogue (aka com.prinovis.LappKabel)
application 1.4 ...)
+ TODO: check
+CVE-2014-6818 (The OHBM 20th Annual Meeting (aka ...)
+ TODO: check
+CVE-2014-6817 (The Cove (aka org.covechurch.app) application 1.0.2 for Android
does ...)
+ TODO: check
+CVE-2014-6816 (The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for
...)
+ TODO: check
+CVE-2014-6815 (The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for
Android ...)
+ TODO: check
+CVE-2014-6814 (The Sentinels Randomizer (aka
com.mikehipps.sentinelsrandomizer) ...)
+ TODO: check
+CVE-2014-6813 (The klassens (aka com.mcreda.klassens.apps) application 1.0 for
...)
+ TODO: check
+CVE-2014-6812 (The Aloha Guide (aka com.aloha.guide.english) application 1.5
for ...)
+ TODO: check
CVE-2014-6811
RESERVED
-CVE-2014-6810
- RESERVED
+CVE-2014-6810 (The RIMS 2014 Annual Conference (aka ...)
+ TODO: check
CVE-2014-6809
- RESERVED
-CVE-2014-6808
- RESERVED
-CVE-2014-6807
- RESERVED
-CVE-2014-6806
- RESERVED
-CVE-2014-6805
- RESERVED
-CVE-2014-6804
- RESERVED
-CVE-2014-6803
- RESERVED
-CVE-2014-6802
- RESERVED
-CVE-2014-6801
- RESERVED
-CVE-2014-6800
- RESERVED
-CVE-2014-6799
- RESERVED
-CVE-2014-6798
- RESERVED
-CVE-2014-6797
- RESERVED
-CVE-2014-6796
- RESERVED
-CVE-2014-6795
- RESERVED
-CVE-2014-6794
- RESERVED
-CVE-2014-6793
- RESERVED
-CVE-2014-6792
- RESERVED
-CVE-2014-6791
- RESERVED
-CVE-2014-6790
- RESERVED
-CVE-2014-6789
- RESERVED
-CVE-2014-6788
- RESERVED
-CVE-2014-6787
- RESERVED
-CVE-2014-6786
- RESERVED
-CVE-2014-6785
- RESERVED
-CVE-2014-6784
- RESERVED
-CVE-2014-6783
- RESERVED
-CVE-2014-6782
- RESERVED
-CVE-2014-6781
- RESERVED
-CVE-2014-6780
- RESERVED
-CVE-2014-6779
- RESERVED
-CVE-2014-6778
- RESERVED
-CVE-2014-6777
- RESERVED
-CVE-2014-6776
- RESERVED
-CVE-2014-6775
- RESERVED
-CVE-2014-6774
- RESERVED
-CVE-2014-6773
- RESERVED
-CVE-2014-6772
- RESERVED
-CVE-2014-6771
- RESERVED
-CVE-2014-6770
- RESERVED
-CVE-2014-6769
- RESERVED
-CVE-2014-6768
- RESERVED
-CVE-2014-6767
- RESERVED
-CVE-2014-6766
- RESERVED
-CVE-2014-6765
- RESERVED
-CVE-2014-6764
- RESERVED
-CVE-2014-6763
- RESERVED
-CVE-2014-6762
- RESERVED
-CVE-2014-6761
- RESERVED
-CVE-2014-6760
- RESERVED
-CVE-2014-6759
- RESERVED
-CVE-2014-6758
- RESERVED
-CVE-2014-6757
- RESERVED
-CVE-2014-6756
- RESERVED
-CVE-2014-6755
- RESERVED
-CVE-2014-6754
- RESERVED
-CVE-2014-6753
- RESERVED
-CVE-2014-6752
- RESERVED
-CVE-2014-6751
- RESERVED
-CVE-2014-6750
- RESERVED
-CVE-2014-6749
- RESERVED
-CVE-2014-6748
- RESERVED
+ REJECTED
+CVE-2014-6808 (The Active 24 (aka com.zentity.app.active24) application 1.0.1
for ...)
+ TODO: check
+CVE-2014-6807 (The OLA School (aka ...)
+ TODO: check
+CVE-2014-6806 (The Thanodi - Setswana Translator (aka com.thanodi.thanodi) ...)
+ TODO: check
+CVE-2014-6805 (The weibo (aka magic.weibo) application 1.2 for Android does
not ...)
+ TODO: check
+CVE-2014-6804 (The Deschutes Public MobileLibrary (aka
com.bredir.boopsie.deschutes) ...)
+ TODO: check
+CVE-2014-6803 (The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android)
application ...)
+ TODO: check
+CVE-2014-6802 (The First Assembly NLR (aka ...)
+ TODO: check
+CVE-2014-6801 (The frank matano (aka com.frank.matano) application 1.0 for
Android ...)
+ TODO: check
+CVE-2014-6800 (The Bloom Township 206 (aka net.parentlink.bloom) application
4.0.500 ...)
+ TODO: check
+CVE-2014-6799 (The Investigation Tool (aka gov.ca.post.lp.itool) application
1.0.0 ...)
+ TODO: check
+CVE-2014-6798 (The McMaster Marauders (aka com.weever.marauders) application
1.0.1 ...)
+ TODO: check
+CVE-2014-6797 (The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds)
application ...)
+ TODO: check
+CVE-2014-6796 (The LocalSense (aka com.LocalSense) application 1.2.1 for
Android does ...)
+ TODO: check
+CVE-2014-6795 (The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx)
...)
+ TODO: check
+CVE-2014-6794 (The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110
for ...)
+ TODO: check
+CVE-2014-6793 (The Arch Friend (aka com.xyproto.archfriend) application 0.4.2
for ...)
+ TODO: check
+CVE-2014-6792 (The Suriname Radio (aka com.wordbox.surinameRadio) application
1.5 for ...)
+ TODO: check
+CVE-2014-6791 (The Angel Reigns (aka ...)
+ TODO: check
+CVE-2014-6790 (The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2
for ...)
+ TODO: check
+CVE-2014-6789 (The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim)
application ...)
+ TODO: check
+CVE-2014-6788 (The Oman News (aka com.oman.news.rmtzlnbuooordciw) application
1.0 for ...)
+ TODO: check
+CVE-2014-6787 (The Counter Intuition (aka com.counter.intuition) application
1.2 for ...)
+ TODO: check
+CVE-2014-6786 (The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub)
...)
+ TODO: check
+CVE-2014-6785 (The Renny McLean Ministries (aka
com.subsplash.thechurchapp.s_GJQX72) ...)
+ TODO: check
+CVE-2014-6784 (The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums)
...)
+ TODO: check
+CVE-2014-6783 (The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) ...)
+ TODO: check
+CVE-2014-6782 (The Abraham Tours (aka com.mytoursapp.android.app432)
application ...)
+ TODO: check
+CVE-2014-6781 (The Aloha Stadium - Hawaii (aka com.stadium.aloha) application
1.2 for ...)
+ TODO: check
+CVE-2014-6780 (The MeiTalk (aka com.playjia.meitalk) application @7F060012 for
...)
+ TODO: check
+CVE-2014-6779 (The Cart App (aka com.virtecha.mobilewallet) application 1.5
for ...)
+ TODO: check
+CVE-2014-6778 (The Goat Forum (aka com.gcspublishing.goatspot) application
3.9.15 for ...)
+ TODO: check
+CVE-2014-6777 (The blueeleph (aka eg.film.blueeleph) application 1.0 for
Android does ...)
+ TODO: check
+CVE-2014-6776 (The United Advantage NW Federal Cr (aka
com.myappengine.uanwfcu) ...)
+ TODO: check
+CVE-2014-6775 (The Light for Pets (aka com.helenwoodward.light4pets)
application 1.0 ...)
+ TODO: check
+CVE-2014-6774 (The USEK (aka com.university.usek) application 1.0.8 for
Android does ...)
+ TODO: check
+CVE-2014-6773 (The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application
1.3 ...)
+ TODO: check
+CVE-2014-6772 (The United Educational CU (aka com.metova.cuae.uecu)
application ...)
+ TODO: check
+CVE-2014-6771 (The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1
for ...)
+ TODO: check
+CVE-2014-6770 (The Aerospace Jobs (aka com.app_aerospacejobs.layout)
application ...)
+ TODO: check
+CVE-2014-6769 (The Meteo Belgique (aka com.mobilesoft.belgiumweather)
application 3.2 ...)
+ TODO: check
+CVE-2014-6768 (The Anywhere Anytime Yoga Workout (aka com.bayart.yoga)
application ...)
+ TODO: check
+CVE-2014-6767 (The Juggle! FREE (aka com.jakyl.juggleforfree) application
3.0.0 for ...)
+ TODO: check
+CVE-2014-6766 (The Afro-Beat (aka com.zero.themelock.tambourine) application
0.2 for ...)
+ TODO: check
+CVE-2014-6765 (The No Fuss Home Loans (aka ...)
+ TODO: check
+CVE-2014-6764 (The Assyrian (aka com.b2.assyrian.activity) application 2.2 for
...)
+ TODO: check
+CVE-2014-6763 (The Codename Birdgame (aka ...)
+ TODO: check
+CVE-2014-6762 (The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for
Android ...)
+ TODO: check
+CVE-2014-6761 (The Aprende a Meditar (aka
com.rareartifact.aprendeameditar544CB0A2) ...)
+ TODO: check
+CVE-2014-6760 (The Harem Thief Dating (aka com.haremthief.haremthief)
application ...)
+ TODO: check
+CVE-2014-6759 (The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal)
...)
+ TODO: check
+CVE-2014-6758 (The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp)
...)
+ TODO: check
+CVE-2014-6757 (The Koran - AlqoranVideos (aka com.alqoran.videos.example)
application ...)
+ TODO: check
+CVE-2014-6756 (The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for
...)
+ TODO: check
+CVE-2014-6755 (The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet)
...)
+ TODO: check
+CVE-2014-6754 (The Vector Outage Manager (aka nz.co.vector.outagemanager)
application ...)
+ TODO: check
+CVE-2014-6753 (The sunnat e rasool (aka com.imsoft.sunnat_e_rasool)
application 2.0 ...)
+ TODO: check
+CVE-2014-6752 (The Mindless Behavior Fan Base (aka
com.mindless.behavior.fan.base) ...)
+ TODO: check
+CVE-2014-6751 (The Grasshopper Beta (aka com.grasshopper.dialer) application
2.1 for ...)
+ TODO: check
+CVE-2014-6750 (The $0.99 Kindle Books (aka com.kindle.books.for99) application
6.0 ...)
+ TODO: check
+CVE-2014-6749 (The American Nurses Association (aka
com.dub.poweredbydub.assoc.ana) ...)
+ TODO: check
+CVE-2014-6748 (The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0
for ...)
+ TODO: check
CVE-2014-6747 (The SeeOn (aka com.seeon) application 4.0.7 for Android does
not ...)
NOT-FOR-US: SeeOn (aka com.seeon) application for Android
CVE-2014-6746 (The Infiniti Roadside Assistance (aka
com.ccas.rsa.common.infiniti) ...)
@@ -1234,10 +1398,10 @@
RESERVED
CVE-2014-6620
RESERVED
-CVE-2014-6619
- RESERVED
-CVE-2014-6618
- RESERVED
+CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop
allows ...)
+ TODO: check
CVE-2014-6617
RESERVED
CVE-2014-6616
@@ -1693,6 +1857,7 @@
CVE-2014-6388
RESERVED
CVE-2013-7403
+ RESERVED
NOT-FOR-US: WordPress plugin wp-video-commando
CVE-2013-7402
RESERVED
@@ -1700,8 +1865,7 @@
RESERVED
CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in
SpiceWorks ...)
NOT-FOR-US: SpiceWorks
-CVE-2014-7145 [null ptr deref in SMB2_tcon]
- RESERVED
+CVE-2014-7145 (The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel
before ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.7)
- linux-2.6 <not-affected> (Introduced in 3.7)
@@ -1748,24 +1912,21 @@
- wireshark <unfixed>
NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
TODO: check, 1.12 series possibly not affected (only 1.10.0 to 1.10.9)
-CVE-2014-6418 [libceph: missing validation of the auth reply]
- RESERVED
+CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before
3.16.3, ...)
- linux 3.16.3-1
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8
(v3.17-rc5)
NOTE: http://tracker.ceph.com/issues/8979
-CVE-2014-6417 [libceph: issue of incorrect handling of kmalloc failures]
- RESERVED
+CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before
3.16.3, ...)
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux 3.16.3-1
- linux-2.6 <removed>
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8
(v3.17-rc5)
NOTE: http://tracker.ceph.com/issues/8979
-CVE-2014-6416 [libceph: buffer overflow]
- RESERVED
+CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the
Linux ...)
- linux 3.16.3-1
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
@@ -1776,14 +1937,12 @@
RESERVED
- neutron <unfixed>
NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to
2014.1.2
-CVE-2014-6410 [udf: Avoid infinite loop when processing indirect ICBs]
- RESERVED
+CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux
kernel ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65
(v3.17-rc5)
-CVE-2012-6657 [net: guard tcp_set_keepalive against crash]
- RESERVED
+CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux
kernel ...)
- linux 3.6.4-1
[wheezy] - linux 3.2.32-1
- linux-2.6 <removed>
@@ -2019,8 +2178,7 @@
NOT-FOR-US: OsClass
CVE-2014-6279
RESERVED
-CVE-2014-6278 [code execution via specially crafted environment variables]
- RESERVED
+CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse
function ...)
- bash 4.3-9.2 (high)
[wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
[squeeze] - bash 4.1-3+deb6u2 (high)
@@ -2030,8 +2188,7 @@
NOTE: exploitation of this issue by making bash only use environment
NOTE: variables with specific names (BASH_FUNC_*()) to define functions
NOTE: from its environment.
-CVE-2014-6277 [untrusted pointer use issue leading to code execution]
- RESERVED
+CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse
function ...)
- bash 4.3-9.2
[wheezy] - bash 4.2+dfsg-0.1+deb7u3
[squeeze] - bash 4.1-3+deb6u2
@@ -2052,8 +2209,7 @@
- git-annex 5.20140919
[wheezy] - git-annex <not-affected> (Vulnerable code introduced in
3.20121126)
NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
-CVE-2014-6273 [buffer overflow in the HTTP transport code in apt-get]
- RESERVED
+CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT
1.0.1 and ...)
{DSA-3031-1 DLA-58-1}
- apt 1.0.3
CVE-2014-6272
@@ -2545,8 +2701,7 @@
RESERVED
CVE-2014-6056
RESERVED
-CVE-2014-6055 [Multiple stack overflows in File Transfer feature]
- RESERVED
+CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer
feature in ...)
- libvncserver <unfixed> (bug #762745)
NOTE:
https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
NOTE:
https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
@@ -2564,8 +2719,7 @@
RESERVED
- libvncserver <unfixed> (bug #762745)
NOTE:
https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
-CVE-2014-6051 [Integer overflow in MallocFrameBuffer() on client side]
- RESERVED
+CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in
vncviewer.c in ...)
- libvncserver <unfixed> (bug #762745)
NOTE:
https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
CVE-2014-6050
@@ -3742,8 +3896,7 @@
- vnc4 <undetermined>
NOTE: According to Red Hat Bug assigned for RealVNC, which for us might
affect the vnc4 package
TODO: check
-CVE-2014-6269 [remote client denial of service vulnerability]
- RESERVED
+CVE-2014-6269 (Multiple integer overflows in the http_request_forward_body
function ...)
- haproxy 1.5.4-1
[squeeze] - haproxy <not-affected> (Vulnerable code not present)
NOTE: http://article.gmane.org/gmane.comp.web.haproxy/17726
@@ -3808,8 +3961,7 @@
RESERVED
CVE-2014-5445
RESERVED
-CVE-2014-5444 [failure to handle certificate errors]
- RESERVED
+CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning
when a TLS ...)
- geary 0.6.3-1
NOTE: Upstream bugreport:
https://bugzilla.gnome.org/show_bug.cgi?id=713247
NOTE: Upstream fix:
https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e
@@ -4330,8 +4482,7 @@
- libgcrypt11 1.5.4-1
- libgcrypt20 1.6.0-2
NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
-CVE-2014-5267 [ code change to reject any XRDS document with a /<!DOCTYPE/i
match]
- RESERVED
+CVE-2014-5267 (modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x
before 7.31 ...)
{DSA-2999-1}
- drupal7 7.31-1
CVE-2014-5266 (The Incutio XML-RPC (IXR) Library, as used in WordPress before
3.9.2 ...)
@@ -5620,11 +5771,9 @@
RESERVED
CVE-2014-4729
RESERVED
-CVE-2014-4728
- RESERVED
+CVE-2014-4728 (The web server in the TP-LINK N750 Wireless Dual Band Gigabit
Router ...)
NOT-FOR-US: TP-Link
-CVE-2014-4727
- RESERVED
+CVE-2014-4727 (Cross-site scripting (XSS) vulnerability in the DHCP clients
page in ...)
NOT-FOR-US: TP-Link
CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters ...)
NOT-FOR-US: wysija-newsletters
@@ -6605,8 +6754,7 @@
RESERVED
CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in
...)
NOT-FOR-US: OctavoCMS
-CVE-2014-4330 [stack exhaustion]
- RESERVED
+CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl
5.20.1 ...)
- perl 5.20.1-1 (bug #762256)
[wheezy] - perl <no-dsa> (Minor issue)
[squeeze] - perl <no-dsa> (Minor issue)
@@ -7848,16 +7996,16 @@
RESERVED
CVE-2014-3825
RESERVED
-CVE-2014-3824
- RESERVED
-CVE-2014-3823
- RESERVED
+CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in
the ...)
+ TODO: check
+CVE-2014-3823 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices
with ...)
+ TODO: check
CVE-2014-3822 (Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44
before ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3821 (Cross-site scripting (XSS) vulnerability in SRX Web
Authentication ...)
NOT-FOR-US: Juniper Junos
-CVE-2014-3820
- RESERVED
+CVE-2014-3820 (Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web
server ...)
+ TODO: check
CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44
before ...)
NOT-FOR-US: Juniper Junos
CVE-2014-3818
@@ -7874,8 +8022,8 @@
NOT-FOR-US: Juniper Networks NetScreen Firewall
CVE-2014-3812 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices
with ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
-CVE-2014-3811
- RESERVED
+CVE-2014-3811 (Juniper Installer Service (JIS) Client 7.x before 7.4R6 for
Windows ...)
+ TODO: check
CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in
BoonEx ...)
NOT-FOR-US: Dolphin (php thingy)
CVE-2014-3809
@@ -8242,8 +8390,7 @@
RESERVED
- neutron <unfixed>
NOTE: Regression of fix for CVE-2013-6433, possibly Red Hat specific in
RedHat Enterprise Open Stack Platform 5.0
-CVE-2014-3631 [keys: incorrect termination condition in assoc array garbage
collection]
- RESERVED
+CVE-2014-3631 (The assoc_array_gc function in the associative-array
implementation in ...)
- linux 3.16.3-1
[wheezy] - linux <not-affected> (Vulnerable code introduced later)
- linux-2.6 <not-affected> (Vulnerable code introduced later)
@@ -8465,8 +8612,7 @@
[wheezy] - samba <not-affected> (Only affects 4.x)
CVE-2014-3559 (The oVirt storage backend in Red Hat Enterprise Virtualization
3.4 ...)
NOT-FOR-US: ovirt-engine-backend
-CVE-2014-3558
- RESERVED
+CVE-2014-3558 (ReflectionHelper
(org.hibernate.validator.util.ReflectionHelper) in ...)
- libhibernate-validator-java <unfixed> (low; bug #762690)
NOTE: RedHat upgraded to new upstream versions in their security
NOTE: updates. No patches are available for the 4.0.x branch we
@@ -8551,8 +8697,7 @@
NOTE: https://www.cups.org/str.php?L4450
CVE-2014-3536
RESERVED
-CVE-2014-3535 [netdevice.h: NULL pointer dereference over VxLAN]
- RESERVED
+CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 ...)
- linux <not-affected> (RHEL-specific, incomplete backport)
- linux-2.6 <not-affected> (RHEL-specific, incomplete backport)
NOTE: Fix:
https://git.kernel.org/linus/256df2f3879efdb2e9808bdb1b54b16fbb11fa38
@@ -9059,8 +9204,8 @@
RESERVED
CVE-2014-3396
RESERVED
-CVE-2014-3395
- RESERVED
+CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers
to ...)
+ TODO: check
CVE-2014-3394
RESERVED
CVE-2014-3393
@@ -9567,43 +9712,37 @@
RESERVED
CVE-2014-3187
RESERVED
-CVE-2014-3186 [PicoLCD HID device driver pool overflow]
- RESERVED
+CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=101
NOTE: Upstream fix:
https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189
(v3.17-rc3)
-CVE-2014-3185 [Linux Kernel Buffer Overflow in Whiteheat USB Serial Driver]
- RESERVED
+CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback
function ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=98
NOTE: Upstream fix:
https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818
(v3.17-rc3)
-CVE-2014-3184 [Linux kernel HID report fixup multiple off-by-one issues]
- RESERVED
+CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux
kernel ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=91
NOTE: Upstream fix:
https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214
(v3.17-rc2)
-CVE-2014-3183 [Linux kernel hid-logitech-dj.c logi_dj_ll_raw_request heap
overflow]
- RESERVED
+CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request
function in ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=90
NOTE: Upstream fix:
https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945
(v3.17-rc2)
-CVE-2014-3182 [Linux kernel hid-logitech-dj.c device_index arbitrary kfree]
- RESERVED
+CVE-2014-3182 (Array index error in the logi_dj_raw_event function in ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <removed>
NOTE:
https://code.google.com/p/google-security-research/issues/detail?id=89
NOTE: Upstream fix:
https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36
(v3.17-rc2)
-CVE-2014-3181 [Magic Mouse HID device driver overflow]
- RESERVED
+CVE-2014-3181 (Multiple stack-based buffer overflows in the
magicmouse_raw_event ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
- linux-2.6 <not-affected> (Vulnerable code not present)
@@ -11085,8 +11224,7 @@
CVE-2014-2640
RESERVED
NOT-FOR-US: HP System Management Homepage
-CVE-2014-2639
- RESERVED
+CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module
Manager ...)
NOT-FOR-US: HP MPIO Device
CVE-2014-2638
RESERVED
@@ -18181,8 +18319,7 @@
- linux-2.6 <not-affected> (introduced by
a31ad380bed817aa25f8830ad23e1a0480fef797)
NOTE: Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797
(v3.10)
NOTE: Upstream patches: https://lkml.org/lkml/2014/6/24/619
https://lkml.org/lkml/2014/6/24/623
-CVE-2014-0205 [futex: refcount issue in case of requeue]
- RESERVED
+CVE-2014-0205 (The futex_wait function in kernel/futex.c in the Linux kernel
before ...)
- linux 2.6.37
- linux-2.6 2.6.37-1
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704
(v2.6.37)
@@ -18300,8 +18437,7 @@
[wheezy] - elfutils <no-dsa> (Minor issue)
CVE-2014-0171
RESERVED
-CVE-2014-0170
- RESERVED
+CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data ...)
NOT-FOR-US: Teiid
CVE-2014-0169
RESERVED
@@ -27613,8 +27749,8 @@
NOT-FOR-US: Siemens switches
CVE-2013-3633 (The web interface on Siemens Scalance X200 IRT switches with
firmware ...)
NOT-FOR-US: Siemens
-CVE-2013-3632
- RESERVED
+CVE-2013-3632 (The Cron service in rpc.php in OpenMediaVault allows remote ...)
+ TODO: check
CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated
users to ...)
NOT-FOR-US: NAS4Free
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators
to ...)
@@ -28803,26 +28939,26 @@
RESERVED
CVE-2013-3093
RESERVED
-CVE-2013-3092
- RESERVED
+CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to
bypass ...)
+ TODO: check
CVE-2013-3091
RESERVED
CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin
N300 ...)
NOT-FOR-US: Belkin N300 router
-CVE-2013-3089
- RESERVED
+CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in
Belkin ...)
+ TODO: check
CVE-2013-3088
RESERVED
CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin
N900 ...)
NOT-FOR-US: Belkin N900 router
-CVE-2013-3086
- RESERVED
+CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in
util_system.html in ...)
+ TODO: check
CVE-2013-3085
RESERVED
CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin
Model ...)
NOT-FOR-US: Belkin router
-CVE-2013-3083
- RESERVED
+CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Jojo CMS
CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in
...)
@@ -28858,16 +28994,16 @@
RESERVED
CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR
...)
NOT-FOR-US: NETGEAR devices
-CVE-2013-3068
- RESERVED
+CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in
...)
+ TODO: check
CVE-2013-3067
RESERVED
-CVE-2013-3066
- RESERVED
-CVE-2013-3065
- RESERVED
-CVE-2013-3064
- RESERVED
+CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly
restrict ...)
+ TODO: check
+CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental
Controls ...)
+ TODO: check
+CVE-2013-3064 (Open redirect vulnerability in ui/dynamic/unsecured.html in
Linksys ...)
+ TODO: check
CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows
remote ...)
NOT-FOR-US: SAP BASIS Communication Services
CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering
...)
@@ -30069,8 +30205,8 @@
RESERVED
CVE-2013-2587
RESERVED
-CVE-2013-2586
- RESERVED
+CVE-2013-2586 (XAMPP 1.8.1 does not properly restrict access to
xampp/lang.php, which ...)
+ TODO: check
CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail
Server ...)
NOT-FOR-US: AtMail
CVE-2013-2584
@@ -31546,8 +31682,7 @@
CVE-2013-2101
RESERVED
NOT-FOR-US: Katello
-CVE-2013-2100
- RESERVED
+CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo
Portage ...)
NOT-FOR-US: Gentoo Portage binary package installer
CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname
...)
- python2.7 2.7.5-5 (low; bug #709066)
@@ -31659,6 +31794,7 @@
[wheezy] - transifex-client <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2013/q2/394
CVE-2013-2072 (Buffer overflow in the Python bindings for the
xc_vcpu_setaffinity ...)
+ {DSA-3041-1}
- xen 4.2.2-1 (low)
[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen
DSA)
[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen
DSA)
@@ -32307,8 +32443,7 @@
REJECTED
CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote
...)
NOT-FOR-US: ruby gem command_wrap
-CVE-2013-1874 [Chicken Scheme: code execution]
- RESERVED
+CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before
4.8.2 ...)
- chicken 4.8.0.3-1 (low; bug #702410)
[squeeze] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
@@ -34137,8 +34272,7 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1365 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and
11.x ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2012-6110 [bcron file descriptors not closed]
- RESERVED
+CVE-2012-6110 (bcron-exec in bcron before 0.10 does not close file descriptors
...)
- bcron 0.09-13 (low; bug #686650)
[squeeze] - bcron 0.09-11+squeeze1
CVE-2013-1364 (The user.login function in Zabbix before 1.8.16 and 2.x before
...)
@@ -37818,8 +37952,8 @@
RESERVED
CVE-2012-6317
RESERVED
-CVE-2012-6316
- RESERVED
+CVE-2012-6316 (Multiple cross-site scripting (XSS) vulnerabilities in the
TP-LINK ...)
+ TODO: check
CVE-2012-6315
REJECTED
CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before
5.6.200, ...)
@@ -38322,8 +38456,7 @@
NOTE:
https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
CVE-2012-6108 (HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses ...)
- hplip <not-affected> (permissions are 755 on wheezy, sid and
experimental)
-CVE-2012-6107 [Does not verify that the server hostname matches a domain name
in the subject's CN or subjectAltName field of the x.509 certificate]
- RESERVED
+CVE-2012-6107 (Apache Axis2/C does not verify that the server hostname matches
a ...)
- axis2c <unfixed> (bug #697974)
NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619
CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions
...)
@@ -39897,15 +40030,13 @@
NOT-FOR-US: change_passwd plugin for Squirrelmail
CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the
management ...)
NOT-FOR-US: OpenShift
-CVE-2012-5621 [Ekiga (x < 4.0.0): DoS (crash) after receiving call from other
party with not UTF-8 valid name]
- RESERVED
+CVE-2012-5621 (lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0
allows ...)
- ekiga 3.2.7-6 (bug #702282; low)
[squeeze] - ekiga <no-dsa> (Minor issue)
CVE-2012-5620
RESERVED
NOT-FOR-US: Docecot non-issue, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138#15
-CVE-2012-5619
- RESERVED
+CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle
"." (dotfile) file ...)
- sleuthkit 4.1.2-1 (unimportant; bug #695097)
CVE-2012-5618
RESERVED
@@ -40234,80 +40365,58 @@
RESERVED
- zope2.12 2.12.26-1 (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/24
-CVE-2012-5507 [ Zope/Plone: Timing attack in password validation ]
- RESERVED
+CVE-2012-5507 (AccessControl/AuthEncoding.py in Zope before 2.13.19, as used
in Plone ...)
- zope2.12 2.12.26-1 (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/23
-CVE-2012-5506 [ Zope/Plone: DoS through RSS on private folder ]
- RESERVED
+CVE-2012-5506 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5505 [ Zope/Plone: Attempting to access a view with no name returns
an internal data structure ]
- RESERVED
+CVE-2012-5505 (atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows
remote ...)
- zope2.12 2.12.26-1 (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/21
-CVE-2012-5504 [ Zope/Plone: Persistent XSS ]
- RESERVED
+CVE-2012-5504 (Cross-site scripting (XSS) vulnerability in widget_traversal.py
in ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5503 [ Zope/Plone: Users connected through FTP can list hidden folder
contents ]
- RESERVED
+CVE-2012-5503 (ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows
remote ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5502 [ Zope/Plone: Persistent XSS via filtering bypass ]
- RESERVED
+CVE-2012-5502 (Cross-site scripting (XSS) vulnerability in safe_html.py in
Plone ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5501 [ Zope/Plone: Crafted URL allows downloading of BLOBs that are
not visible to the user ]
- RESERVED
+CVE-2012-5501 (at_download.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content
items ]
RESERVED
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5499 [ Zope/Plone: Partial denial of service through internal
function ]
- RESERVED
+CVE-2012-5499 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5498 [ Zope/Plone: Partial denial of service through Collections
functionality ]
- RESERVED
+CVE-2012-5498 (queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5497 [ Zope/Plone: Anonymous users can list user account names ]
- RESERVED
+CVE-2012-5497 (membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5496 [ Zope/Plone: DoS through unsanitised inputs into Kupu ]
- RESERVED
+CVE-2012-5496 (kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote
attackers ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5495 [ Zope/Plone: Restricted Python injection ]
- RESERVED
+CVE-2012-5495 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5494 [ Zope/Plone: Reflexive XSS ]
- RESERVED
+CVE-2012-5494 (Cross-site scripting (XSS) vulnerability in python_scripts.py
in Plone ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5493 [ Zope/Plone: Restricted Python sandbox escape ]
- RESERVED
+CVE-2012-5493 (gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows
remote ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5492 [ Zope/Plone: Partial permissions bypass ]
- RESERVED
+CVE-2012-5492 (uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5491 [ Zope/Plone: Form detail exposure ]
- RESERVED
+CVE-2012-5491 (z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1,
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5490 [ Zope/Plone: Reflexive XSS ]
- RESERVED
+CVE-2012-5490 (Cross-site scripting (XSS) vulnerability in kssdevel.py in
Plone ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5489 [ Zope/Plone: Partial restricted Python sandbox escape ]
- RESERVED
+CVE-2012-5489 (The App.Undo.UndoSupport.get_request_var_or_attr function in
Zope ...)
- zope2.12 <unfixed> (bug #692899)
[wheezy] - zope2.12 <no-dsa> (Minor issue)
NOTE: https://plone.org/products/plone/security/advisories/20121106/05
-CVE-2012-5488 [ Zope/Plone: Restricted Python injection ]
- RESERVED
+CVE-2012-5488 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1
allows ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
-CVE-2012-5487 [ Zope/Plone: Restricted Python sandbox escape ]
- RESERVED
+CVE-2012-5487 (The sandbox whitelisting function (allowmodule.py) in Plone
before ...)
- zope2.12 <unfixed> (unimportant; bug #692899)
NOTE: Non-issue, see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899#20
-CVE-2012-5486 [ Zope/Plone: Reflexive HTTP header injection ]
- RESERVED
+CVE-2012-5486 (ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19,
as used ...)
- zope2.12 2.12.26-1 (bug #692899)
NOTE: https://plone.org/products/plone/security/advisories/20121106/02
-CVE-2012-5485 [ Restricted Python injection ]
- RESERVED
+CVE-2012-5485 (registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta
1 ...)
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
NOTE: https://plone.org/products/plone/security/advisories/20121106/01
CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not
properly ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
