Author: sectracker
Date: 2014-11-18 21:10:21 +0000 (Tue, 18 Nov 2014)
New Revision: 30137
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-18 18:59:35 UTC (rev 30136)
+++ data/CVE/list 2014-11-18 21:10:21 UTC (rev 30137)
@@ -1,3 +1,379 @@
+CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form
Clean and ...)
+ TODO: check
+CVE-2014-8954 (Multiple cross-site scripting (XSS) vulnerabilities in phpSound
1.0.5 ...)
+ TODO: check
+CVE-2014-8953 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Php ...)
+ TODO: check
+CVE-2014-8952 (Multiple unspecified vulnerabilities in Check Point Security
Gateway ...)
+ TODO: check
+CVE-2014-8951 (Unspecified vulnerability in Check Point Security Gateway R75,
R76, ...)
+ TODO: check
+CVE-2014-8950 (Unspecified vulnerability in Check Point Security Gateway R77
and ...)
+ TODO: check
+CVE-2014-8949 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress
allows ...)
+ TODO: check
+CVE-2014-8948 (Cross-site request forgery (CSRF) vulnerability in the
iMember360 ...)
+ TODO: check
+CVE-2014-8947
+ RESERVED
+CVE-2014-8946
+ RESERVED
+CVE-2014-8945
+ RESERVED
+CVE-2014-8944
+ RESERVED
+CVE-2014-8943
+ RESERVED
+CVE-2014-8942
+ RESERVED
+CVE-2014-8941
+ RESERVED
+CVE-2014-8940
+ RESERVED
+CVE-2014-8939
+ RESERVED
+CVE-2014-8938
+ RESERVED
+CVE-2014-8937
+ RESERVED
+CVE-2014-8936
+ RESERVED
+CVE-2014-8935
+ RESERVED
+CVE-2014-8934
+ RESERVED
+CVE-2014-8933
+ RESERVED
+CVE-2014-8932
+ RESERVED
+CVE-2014-8931
+ RESERVED
+CVE-2014-8930
+ RESERVED
+CVE-2014-8929
+ RESERVED
+CVE-2014-8928
+ RESERVED
+CVE-2014-8927
+ RESERVED
+CVE-2014-8926
+ RESERVED
+CVE-2014-8925
+ RESERVED
+CVE-2014-8924
+ RESERVED
+CVE-2014-8923
+ RESERVED
+CVE-2014-8922
+ RESERVED
+CVE-2014-8921
+ RESERVED
+CVE-2014-8920
+ RESERVED
+CVE-2014-8919
+ RESERVED
+CVE-2014-8918
+ RESERVED
+CVE-2014-8917
+ RESERVED
+CVE-2014-8916
+ RESERVED
+CVE-2014-8915
+ RESERVED
+CVE-2014-8914
+ RESERVED
+CVE-2014-8913
+ RESERVED
+CVE-2014-8912
+ RESERVED
+CVE-2014-8911
+ RESERVED
+CVE-2014-8910
+ RESERVED
+CVE-2014-8909
+ RESERVED
+CVE-2014-8908
+ RESERVED
+CVE-2014-8907
+ RESERVED
+CVE-2014-8906
+ RESERVED
+CVE-2014-8905
+ RESERVED
+CVE-2014-8904
+ RESERVED
+CVE-2014-8903
+ RESERVED
+CVE-2014-8902
+ RESERVED
+CVE-2014-8901
+ RESERVED
+CVE-2014-8900
+ RESERVED
+CVE-2014-8899
+ RESERVED
+CVE-2014-8898
+ RESERVED
+CVE-2014-8897
+ RESERVED
+CVE-2014-8896
+ RESERVED
+CVE-2014-8895
+ RESERVED
+CVE-2014-8894
+ RESERVED
+CVE-2014-8893
+ RESERVED
+CVE-2014-8892
+ RESERVED
+CVE-2014-8891
+ RESERVED
+CVE-2014-8890
+ RESERVED
+CVE-2014-8889
+ RESERVED
+CVE-2014-8888
+ RESERVED
+CVE-2014-8887
+ RESERVED
+CVE-2014-8886
+ RESERVED
+CVE-2014-8885
+ RESERVED
+CVE-2014-8883
+ RESERVED
+CVE-2014-8882
+ RESERVED
+CVE-2014-8881
+ RESERVED
+CVE-2014-8880
+ RESERVED
+CVE-2014-8879
+ RESERVED
+CVE-2014-8878
+ RESERVED
+CVE-2014-8877
+ RESERVED
+CVE-2014-8876
+ RESERVED
+CVE-2014-8875
+ RESERVED
+CVE-2014-8874
+ RESERVED
+CVE-2014-8873
+ RESERVED
+CVE-2014-8872
+ RESERVED
+CVE-2014-8871
+ RESERVED
+CVE-2014-8870
+ RESERVED
+CVE-2014-8869
+ RESERVED
+CVE-2014-8868
+ RESERVED
+CVE-2014-8867
+ RESERVED
+CVE-2014-8866
+ RESERVED
+CVE-2014-8865
+ RESERVED
+CVE-2014-8864
+ RESERVED
+CVE-2014-8863
+ RESERVED
+CVE-2014-8862
+ RESERVED
+CVE-2014-8861
+ RESERVED
+CVE-2014-8860
+ RESERVED
+CVE-2014-8859
+ RESERVED
+CVE-2014-8858
+ RESERVED
+CVE-2014-8857
+ RESERVED
+CVE-2014-8856
+ RESERVED
+CVE-2014-8855
+ RESERVED
+CVE-2014-8854
+ RESERVED
+CVE-2014-8853
+ RESERVED
+CVE-2014-8852
+ RESERVED
+CVE-2014-8851
+ RESERVED
+CVE-2014-8850
+ RESERVED
+CVE-2014-8849
+ RESERVED
+CVE-2014-8848
+ RESERVED
+CVE-2014-8847
+ RESERVED
+CVE-2014-8846
+ RESERVED
+CVE-2014-8845
+ RESERVED
+CVE-2014-8844
+ RESERVED
+CVE-2014-8843
+ RESERVED
+CVE-2014-8842
+ RESERVED
+CVE-2014-8841
+ RESERVED
+CVE-2014-8840
+ RESERVED
+CVE-2014-8839
+ RESERVED
+CVE-2014-8838
+ RESERVED
+CVE-2014-8837
+ RESERVED
+CVE-2014-8836
+ RESERVED
+CVE-2014-8835
+ RESERVED
+CVE-2014-8834
+ RESERVED
+CVE-2014-8833
+ RESERVED
+CVE-2014-8832
+ RESERVED
+CVE-2014-8831
+ RESERVED
+CVE-2014-8830
+ RESERVED
+CVE-2014-8829
+ RESERVED
+CVE-2014-8828
+ RESERVED
+CVE-2014-8827
+ RESERVED
+CVE-2014-8826
+ RESERVED
+CVE-2014-8825
+ RESERVED
+CVE-2014-8824
+ RESERVED
+CVE-2014-8823
+ RESERVED
+CVE-2014-8822
+ RESERVED
+CVE-2014-8821
+ RESERVED
+CVE-2014-8820
+ RESERVED
+CVE-2014-8819
+ RESERVED
+CVE-2014-8818
+ RESERVED
+CVE-2014-8817
+ RESERVED
+CVE-2014-8816
+ RESERVED
+CVE-2014-8815
+ RESERVED
+CVE-2014-8814
+ RESERVED
+CVE-2014-8813
+ RESERVED
+CVE-2014-8812
+ RESERVED
+CVE-2014-8811
+ RESERVED
+CVE-2014-8810
+ RESERVED
+CVE-2014-8809
+ RESERVED
+CVE-2014-8808
+ RESERVED
+CVE-2014-8807
+ RESERVED
+CVE-2014-8806
+ RESERVED
+CVE-2014-8805
+ RESERVED
+CVE-2014-8804
+ RESERVED
+CVE-2014-8803
+ RESERVED
+CVE-2014-8802
+ RESERVED
+CVE-2014-8801
+ RESERVED
+CVE-2014-8800
+ RESERVED
+CVE-2014-8799
+ RESERVED
+CVE-2014-8798
+ RESERVED
+CVE-2014-8797
+ RESERVED
+CVE-2014-8796
+ RESERVED
+CVE-2014-8795
+ RESERVED
+CVE-2014-8794
+ RESERVED
+CVE-2014-8793
+ RESERVED
+CVE-2014-8792
+ RESERVED
+CVE-2014-8791
+ RESERVED
+CVE-2014-8790
+ RESERVED
+CVE-2014-8789
+ RESERVED
+CVE-2014-8788
+ RESERVED
+CVE-2014-8787
+ RESERVED
+CVE-2014-8786
+ RESERVED
+CVE-2014-8785
+ RESERVED
+CVE-2014-8784
+ RESERVED
+CVE-2014-8783
+ RESERVED
+CVE-2014-8782
+ RESERVED
+CVE-2014-8781
+ RESERVED
+CVE-2014-8780
+ RESERVED
+CVE-2014-8779
+ RESERVED
+CVE-2014-8778
+ RESERVED
+CVE-2014-8777
+ RESERVED
+CVE-2014-8776
+ RESERVED
+CVE-2014-8775
+ RESERVED
+CVE-2014-8774
+ RESERVED
+CVE-2014-8773
+ RESERVED
+CVE-2014-8772
+ RESERVED
+CVE-2014-8771
+ RESERVED
+CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php
in the ...)
+ TODO: check
+CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks
1.0.4 ...)
+ TODO: check
+CVE-2012-6664
+ RESERVED
+CVE-2012-6663
+ RESERVED
CVE-2014-XXXX [zoph multiple issues]
- zoph <removed>
NOTE: http://seclists.org/fulldisclosure/2014/Nov/455C
@@ -24,6 +400,7 @@
- sosreport 3.2-2 (bug #769521)
NOTE: https://github.com/sosreport/sos/issues/425
CVE-2014-8884 [ttusb-dec: overflow by descriptor]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16
(v3.18-rc1)
@@ -64,8 +441,8 @@
RESERVED
CVE-2014-8728
RESERVED
-CVE-2014-8727
- RESERVED
+CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP
before ...)
+ TODO: check
CVE-2014-8726
RESERVED
CVE-2014-8725
@@ -306,8 +683,8 @@
RESERVED
CVE-2014-8597
RESERVED
-CVE-2014-8596
- RESERVED
+CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07
allow ...)
+ TODO: check
CVE-2014-8595 [XSA-110]
RESERVED
- xen <unfixed>
@@ -339,6 +716,7 @@
CVE-2013-7410
RESERVED
CVE-2010-5312 [Title XSS Vulnerability]
+ RESERVED
- jquery <unfixed>
NOTE: http://bugs.jqueryui.com/ticket/6016
NOTE:
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
@@ -359,8 +737,7 @@
CVE-2014-XXXX [Buffer overflow while trying to send a file as base64 with
/query]
- konversation <unfixed> (bug #768656)
TODO: check
-CVE-2014-8732 [stored cross-site scripting (XSS) issues]
- RESERVED
+CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin
1.2.2 ...)
NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8731 [remote code execution flaw]
RESERVED
@@ -473,9 +850,8 @@
CVE-2014-8568
RESERVED
CVE-2014-8565
- RESERVED
-CVE-2014-8564 [Denial of service in GnuTLS 3 when printing elliptic curves
parameters]
- RESERVED
+ REJECTED
+CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in
GnuTLS ...)
- gnutls28 3.3.8-4 (bug #769154)
- gnutls26 <not-affected> (Vulnerable code not present; no support for
ECC)
NOTE:
https://gitorious.org/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b
(3.3.x branch)
@@ -488,8 +864,7 @@
CVE-2014-8558 [Escalation Access]
RESERVED
NOT-FOR-US: JExperts Tecnologia Channel Software
-CVE-2014-8557 [Cross Site Scripting]
- RESERVED
+CVE-2014-8557 (Multiple cross-site scripting (XSS) vulnerabilities in JExperts
...)
NOT-FOR-US: JExperts Tecnologia Channel Software
CVE-2014-8556
RESERVED
@@ -539,14 +914,11 @@
NOTE:
https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd
CVE-2014-8582 (FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote
Point ...)
NOT-FOR-US: FortiNet FortiADC-E
-CVE-2014-8567 [mod_auth_mellon logout requests would crash the Apache web
server]
- RESERVED
+CVE-2014-8567 (The mod_auth_mellon module before 0.8.1 allows remote attackers
to ...)
- libapache2-mod-auth-mellon 0.9.0
-CVE-2014-8566 [mod_auth_mellon information disclosure]
- RESERVED
+CVE-2014-8566 (The mod_auth_mellon module before 0.8.1 allows remote attackers
to ...)
- libapache2-mod-auth-mellon 0.9.1
-CVE-2014-8554 [SQL injection vulnerability in MantisBT SOAP API]
- RESERVED
+CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments
function ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17812
@@ -595,7 +967,7 @@
NOT-FOR-US: McAfee
CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss
Prevention ...)
NOT-FOR-US: McAfee
-CVE-2014-8518 (The (1) Removable Media or (2) CD and DVD encryption offsite
access ...)
+CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite
access ...)
NOT-FOR-US: McAfee
CVE-2014-8516
RESERVED
@@ -647,11 +1019,9 @@
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
CVE-2014-8500
RESERVED
-CVE-2014-8499
- RESERVED
+CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password
...)
NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
-CVE-2014-8498
- RESERVED
+CVE-2014-8498 (SQL injection vulnerability in BulkEditSearchResult.cc in
ManageEngine ...)
NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2014-8497
RESERVED
@@ -679,8 +1049,7 @@
- linux <unfixed>
- linux-2.6 <removed>
NOTE: References in
http://www.openwall.com/lists/oss-security/2014/10/30/7
-CVE-2014-8517 [ftp(1) can be made execute arbitrary commands by malicious
webserver]
- RESERVED
+CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used
in ...)
- tnftp 20130505-2 (low; bug #767171)
[wheezy] - tnftp <no-dsa> (Minor issue)
[squeeze] - tnftp <no-dsa> (Minor issue)
@@ -735,8 +1104,7 @@
RESERVED
CVE-2014-8477
RESERVED
-CVE-2014-8476 [getlogin kernel memory disclosure]
- RESERVED
+CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not
...)
{DSA-3070-1}
- kfreebsd-10 <unfixed> (bug #768108)
- kfreebsd-9 <removed> (bug #768104)
@@ -1028,8 +1396,8 @@
NOTE: followup: https://forge.indepnet.net/issues/5113
NOTE: appears to be a generic autoloading abuse; possibly with
NOTE: some use of simplepie being the attack vector
-CVE-2014-8359
- RESERVED
+CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner
for ...)
+ TODO: check
CVE-2014-8358
RESERVED
CVE-2014-8357
@@ -1869,10 +2237,10 @@
RESERVED
CVE-2014-7999
RESERVED
-CVE-2014-7998
- RESERVED
-CVE-2014-7997
- RESERVED
+CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa
authenticator" ...)
+ TODO: check
+CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points
does not ...)
+ TODO: check
CVE-2014-7996
RESERVED
CVE-2014-7995
@@ -1881,10 +2249,10 @@
RESERVED
CVE-2014-7993
RESERVED
-CVE-2014-7992
- RESERVED
-CVE-2014-7991
- RESERVED
+CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet
...)
+ TODO: check
+CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified
Communications ...)
+ TODO: check
CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and
AIR-CT5760 ...)
TODO: check
CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows
local ...)
@@ -2099,8 +2467,7 @@
RESERVED
CVE-2014-7879
RESERVED
-CVE-2014-7878
- RESERVED
+CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud
Development ...)
NOT-FOR-US: HP Helion Cloud Development Platform
CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31
allows ...)
NOT-FOR-US: HP-UX
@@ -2317,8 +2684,7 @@
- dbus 1.8.10-1
[wheezy] - dbus <no-dsa> (Minor issue, will be fixed trough a stable
proposed update)
[squeeze] - dbus <no-dsa> (Minor issue)
-CVE-2014-7823 [dumpxml: information leak with migratable flag]
- RESERVED
+CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows
remote ...)
- libvirt 1.2.9-4 (bug #769149)
[wheezy] - libvirt <not-affected> (Introduced in v1.0.0)
[squeeze] - libvirt <not-affected> (Introduced in v1.0.0)
@@ -2345,8 +2711,7 @@
- undertow <itp> (bug #767001)
NOTE: When this enters the archive it should be marked straight as
not-affected
NOTE: as the issue is only when undertow is running on Windows.
-CVE-2014-7815 [insufficient bits_per_pixel from the client sanitization]
- RESERVED
+CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote
...)
{DSA-3067-1 DSA-3066-1}
- qemu 2.1+dfsg-7
[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
@@ -3498,12 +3863,12 @@
RESERVED
CVE-2014-7249
RESERVED
-CVE-2014-7248
- RESERVED
+CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0
allows ...)
+ TODO: check
CVE-2014-7247
RESERVED
-CVE-2014-7246
- RESERVED
+CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through
10.0.2, ...)
+ TODO: check
CVE-2014-7245
RESERVED
CVE-2014-7244
@@ -3600,6 +3965,7 @@
CVE-2013-7404
RESERVED
CVE-2012-6662 [Tooltip: XSS vulnerability in default content]
+ RESERVED
- jquery <unfixed>
NOTE: http://bugs.jqueryui.com/ticket/8861
NOTE:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
@@ -5657,7 +6023,7 @@
TODO: check
CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility
Pack ...)
TODO: check
-CVE-2014-6332 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2,
Windows ...)
+CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2,
Windows ...)
TODO: check
CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0,
2.1, and ...)
TODO: check
@@ -6177,18 +6543,18 @@
RESERVED
CVE-2014-6111
RESERVED
-CVE-2014-6110
- RESERVED
+CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not
...)
+ TODO: check
CVE-2014-6109
RESERVED
CVE-2014-6108
RESERVED
-CVE-2014-6107
- RESERVED
+CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows
remote ...)
+ TODO: check
CVE-2014-6106
RESERVED
-CVE-2014-6105
- RESERVED
+CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows
remote ...)
+ TODO: check
CVE-2014-6104
RESERVED
CVE-2014-6103
@@ -6201,14 +6567,14 @@
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator
5.2.x ...)
NOT-FOR-US: IBM Sterling
-CVE-2014-6098
- RESERVED
+CVE-2014-6098 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows
remote ...)
+ TODO: check
CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and
...)
TODO: check
-CVE-2014-6096
- RESERVED
-CVE-2014-6095
- RESERVED
+CVE-2014-6096 (Cross-site scripting (XSS) vulnerability in IBM Security
Identity ...)
+ TODO: check
+CVE-2014-6095 (Directory traversal vulnerability in IBM Security Identity
Manager 6.x ...)
+ TODO: check
CVE-2014-6094
RESERVED
CVE-2014-6093
@@ -7597,8 +7963,8 @@
RESERVED
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a
denial ...)
NOT-FOR-US: IOServer
-CVE-2014-5424
- RESERVED
+CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before
...)
+ TODO: check
CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool
before ...)
NOT-FOR-US: CareFusion
CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool
before ...)
@@ -7716,8 +8082,7 @@
CVE-2014-5443
RESERVED
- seafile <itp> (bug #709295)
-CVE-2014-5388 [array out of bounds]
- RESERVED
+CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI
hotplug ...)
- qemu 2.1+dfsg-5
[squeeze] - qemu <not-affected> (Introduced in 1.7)
[wheezy] - qemu <not-affected> (Introduced in 1.7)
@@ -7966,8 +8331,7 @@
NOT-FOR-US: boot2docker
CVE-2014-5278
RESERVED
-CVE-2014-5277 [HTTP downgrade attack against registry]
- RESERVED
+CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to
HTTP when ...)
- docker.io 1.3.1~dfsg1-1
NOTE:
https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
CVE-2014-5276 (Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat
Rooms ...)
@@ -8853,8 +9217,7 @@
- drupal6 <removed>
- drupal7 7.29-1 (bug #755038)
NOTE: https://www.drupal.org/SA-CORE-2014-003
-CVE-2014-4975 [ruby pack.c buffer overrun]
- RESERVED
+CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby
1.9.3 and ...)
- ruby1.8 <removed> (low)
[wheezy] - ruby1.8 <no-dsa> (Minor issue)
- ruby1.9.1 <removed> (low)
@@ -10080,32 +10443,32 @@
RESERVED
CVE-2014-4464
RESERVED
-CVE-2014-4463
- RESERVED
-CVE-2014-4462
- RESERVED
-CVE-2014-4461
- RESERVED
-CVE-2014-4460
- RESERVED
-CVE-2014-4459
- RESERVED
-CVE-2014-4458
- RESERVED
-CVE-2014-4457
- RESERVED
+CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to
bypass ...)
+ TODO: check
+CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before
7.0.2, ...)
+ TODO: check
+CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2
does ...)
+ TODO: check
+CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1
does not ...)
+ TODO: check
+CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X
before ...)
+ TODO: check
+CVE-2014-4458 (The "System Profiler About This Mac" component in
Apple OS X before ...)
+ TODO: check
+CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does
not ...)
+ TODO: check
CVE-2014-4456
RESERVED
-CVE-2014-4455
- RESERVED
+CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does
not ...)
+ TODO: check
CVE-2014-4454
RESERVED
-CVE-2014-4453
- RESERVED
-CVE-2014-4452
- RESERVED
-CVE-2014-4451
- RESERVED
+CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location
data ...)
+ TODO: check
+CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before
7.0.2, ...)
+ TODO: check
+CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the
failed-passcode ...)
+ TODO: check
CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS
before ...)
NOT-FOR-US: Apple iOS
CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify
X.509 ...)
@@ -11364,8 +11727,7 @@
RESERVED
CVE-2014-3918
RESERVED
-CVE-2014-3916
- RESERVED
+CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and
2.1 ...)
- ruby2.1 <unfixed> (unimportant)
- ruby2.0 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
@@ -11848,8 +12210,7 @@
- nova 2014.1.3-6 (low)
[wheezy] - nova <no-dsa> (Minor issue)
NOTE: affected versions up to 2014.1.3, and 2014.2
-CVE-2014-3707 [duphandle read out of bounds]
- RESERVED
+CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through
7.38.0, ...)
{DSA-3069-1 DLA-84-1}
- curl 7.38.0-3
NOTE: http://curl.haxx.se/docs/adv_20141105.html
@@ -11907,8 +12268,7 @@
- linux 3.16.7-1
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a
(v3.18-rc1)
-CVE-2014-3689 [vmware_vga: insufficient parameter validation in rectangle
functions]
- RESERVED
+CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows
local ...)
{DSA-3067-1 DSA-3066-1}
- qemu 2.1+dfsg-6 (bug #765496)
- qemu-kvm <removed>
@@ -11962,8 +12322,7 @@
NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3675 (Shim allows remote attackers to cause a denial of service ...)
NOT-FOR-US: shim (the UEFI one, not the systemd)
-CVE-2014-3674
- RESERVED
+CVE-2014-3674 (Red Hat OpenShift Enterprise before 2.2 does not properly
restrict ...)
NOT-FOR-US: OpenShift Enterprise
CVE-2014-3673 (The SCTP implementation in the Linux kernel through 3.17.2
allows ...)
{DSA-3060-1}
@@ -12121,8 +12480,7 @@
NOTE: Fixed by
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
CVE-2014-3630
RESERVED
-CVE-2014-3629 [qpidd can be induced to make http requests]
- RESERVED
+CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange
module in ...)
- qpid-cpp <unfixed> (low)
[wheezy] - qpid-cpp <no-dsa> (Minor issue)
NOTE:
https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
@@ -12230,8 +12588,7 @@
- libopensaml2-java 2.6.2-1 (bug #759470)
NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
NOTE:
http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
-CVE-2014-3602
- RESERVED
+CVE-2014-3602 (Red Hat OpenShift Enterprise before 2.2 allows local users to
obtain ...)
NOT-FOR-US: OpenShift
CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the
Linux ...)
- linux 3.16.2-1
@@ -12609,14 +12966,11 @@
[squeeze] - serf <no-dsa> (Minor issue)
CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to
generate ...)
NOT-FOR-US: Apache Syncope
-CVE-2014-3502
- RESERVED
+CVE-2014-3502 (Apache Cordova Android before 3.5.1 allows remote attackers to
open ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-3501
- RESERVED
+CVE-2014-3501 (Apache Cordova Android before 3.5.1 allows remote attackers to
bypass ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-3500
- RESERVED
+CVE-2014-3500 (Apache Cordova Android before 3.5.1 allows remote attackers to
change ...)
NOT-FOR-US: Apache Cordova
CVE-2014-3499 (Docker 1.0.0 uses world-readable and world-writable permissions
on the ...)
- docker.io <not-affected> (RHEL specific, socket based activation not
shipped)
@@ -12855,14 +13209,12 @@
- zenoss <itp> (bug #361253)
CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows
remote ...)
- zenoss <itp> (bug #361253)
-CVE-2014-3756 [Mumble-SA-2014-006]
- RESERVED
+CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers
to ...)
- mumble 1.2.6-1 (bug #748189)
[squeeze] - mumble <no-dsa> (Minor issue)
[wheezy] - mumble <no-dsa> (Minor issue)
NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt
-CVE-2014-3755 [Mumble-SA-2014-005]
- RESERVED
+CVE-2014-3755 (The QSvg module in Qt, as used in the Mumble client 1.2.x
before ...)
- mumble 1.2.6-1 (bug #748189)
[squeeze] - mumble <no-dsa> (Minor issue)
[wheezy] - mumble <no-dsa> (Minor issue)
@@ -13315,8 +13667,7 @@
CVE-2014-3249 (Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to
obtain ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
-CVE-2014-3248
- RESERVED
+CVE-2014-3248 (Untrusted search path vulnerability in Puppet Enterprise 2.8
before ...)
- puppet 3.7.0-1 (low)
[wheezy] - puppet <no-dsa> (Minor issue)
[squeeze] - puppet <no-dsa> (Minor issue)
@@ -13658,8 +14009,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
NOT-FOR-US: Android
-CVE-2014-3158
- RESERVED
+CVE-2014-3158 (Integer overflow in the getword function in options.c in pppd
in ...)
{DLA-74-1}
- ppp 2.4.6-3 (medium; bug #762789)
NOTE:
https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb
@@ -13740,8 +14090,7 @@
NOT-FOR-US: SAP NetWeaver
CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM)
in SAP ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2014-3209 [ldnsutils: ldns-keygen creates private key world readable]
- RESERVED
+CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to
set the ...)
- ldns 1.6.17-4 (low; bug #746758)
[squeeze] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns 1.6.13-1+deb7u1
@@ -14954,23 +15303,19 @@
- zendframework 1.12.5-0.1 (bug #743175)
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
-CVE-2014-2684 [zendframework ZF2014-02]
- RESERVED
+CVE-2014-2684 (The GenericConsumer class in the Consumer component in
ZendOpenId ...)
- zendframework 1.12.5-0.1 (bug #743175)
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-02
-CVE-2014-2683 [zendframework ZF2014-01]
- RESERVED
+CVE-2014-2683 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before
2.1.6 ...)
- zendframework 1.12.5-0.1 (bug #743175)
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
-CVE-2014-2682 [zendframework ZF2014-01]
- RESERVED
+CVE-2014-2682 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before
2.1.6 ...)
- zendframework 1.12.5-0.1 (bug #743175)
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
-CVE-2014-2681 [zendframework ZF2014-01]
- RESERVED
+CVE-2014-2681 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before
2.1.6 ...)
- zendframework 1.12.5-0.1 (bug #743175)
[wheezy] - zendframework <no-dsa> (Minor issue)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
@@ -15004,8 +15349,7 @@
[squeeze] - couchdb <no-dsa> (Minor issue)
[wheezy] - couchdb <no-dsa> (Minor issue)
NOTE: High resource usage in CPU and memory while query is active. No
crash for deamon in 1.4.0-3+b1 and 1.2.0-5 versions.
-CVE-2014-2667 [race condition]
- RESERVED
+CVE-2014-2667 (Race condition in the _get_masked_mode function in Lib/os.py in
Python ...)
- python3.1 <removed>
[squeeze] - python3.1 <no-dsa> (Minor issue)
- python3.2 <removed> (low)
@@ -16068,8 +16412,8 @@
RESERVED
CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security
Patch 2 ...)
NOT-FOR-US: vTiger CRM
-CVE-2014-2268
- RESERVED
+CVE-2014-2268 (views/Index.php in the Install module in vTiger 6.0 before
Security ...)
+ TODO: check
CVE-2014-2267
RESERVED
CVE-2014-2266
@@ -22044,8 +22388,7 @@
RESERVED
CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint
Server 2007 ...)
NOT-FOR-US: Microsoft SharePoint
-CVE-2014-0250 [freerdp: multiple integer overflows in xf_graphics.c]
- RESERVED
+CVE-2014-0250 (Multiple integer overflows in client/X11/xf_graphics.c in
FreeRDP ...)
- freerdp 1.1.0~git20140809.1.b07a5c1+dfsg-1 (unimportant; bug #749585)
NOTE: A malicious RDP server has many more ways to mess with an RDP
client
CVE-2014-0249 (The System Security Services Daemon (SSSD) 1.11.6 does not
properly ...)
@@ -22123,8 +22466,7 @@
CVE-2014-0234
RESERVED
NOT-FOR-US: OpenShift
-CVE-2014-0233
- RESERVED
+CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin
allow ...)
NOT-FOR-US: OpenShift
CVE-2014-0232 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Apache OFBiz
@@ -22135,8 +22477,7 @@
RESERVED
CVE-2014-0229
RESERVED
-CVE-2014-0228
- RESERVED
+CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based
authorization ...)
NOT-FOR-US: Apache Hive
CVE-2014-0227
RESERVED
@@ -22791,8 +23132,7 @@
- postgresql-8.4 <removed>
[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only
provides PL/Perl)
- postgresql-9.3 9.3.3-1
-CVE-2014-0059
- RESERVED
+CVE-2014-0059 (JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise ...)
NOT-FOR-US: JBossSX
CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise
...)
NOT-FOR-US: JBoss EAP
@@ -31424,8 +31764,8 @@
- phpmyadmin 4:4.0.1-3 (low)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2013-3737
- RESERVED
+CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04
in ...)
+ TODO: check
CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka
...)
NOT-FOR-US: Request Tracker extension MobileUI
CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and
5.5.0 ...)
@@ -31552,8 +31892,8 @@
RESERVED
CVE-2013-3679
RESERVED
-CVE-2013-3678
- RESERVED
+CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk,
and ...)
+ TODO: check
CVE-2013-3677
RESERVED
CVE-2013-3676
@@ -41183,8 +41523,7 @@
- thttpd <removed> (low)
[squeeze] - thttpd <no-dsa> (Minor issue)
NOTE:
http://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/
-CVE-2013-0347 [webfs world-readable logdir]
- RESERVED
+CVE-2013-0347 (The Gentoo init script for webfs uses world-readable
permissions for ...)
- webfs 1.21+ds1-9 (low; bug #701638)
[wheezy] - webfs <no-dsa> (Minor issue)
[squeeze] - webfs <no-dsa> (Minor issue)
@@ -52977,8 +53316,7 @@
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before
6.x-1.4 ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution]
- RESERVED
+CVE-2012-2301 (The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows
remote ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the
Ubercart ...)
NOT-FOR-US: Drupal addon not packaged
@@ -54571,8 +54909,8 @@
NOT-FOR-US: phpPaleo
CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows
remote ...)
NOT-FOR-US: PHP Grade Book
-CVE-2012-1669
- RESERVED
+CVE-2012-1669 (Directory traversal vulnerability in index.php in phpMoneyBooks
before ...)
+ TODO: check
CVE-2012-1668
RESERVED
CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x
before ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
