Author: sectracker
Date: 2014-12-06 21:14:12 +0000 (Sat, 06 Dec 2014)
New Revision: 30573
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-06 19:32:14 UTC (rev 30572)
+++ data/CVE/list 2014-12-06 21:14:12 UTC (rev 30573)
@@ -1,3 +1,223 @@
+CVE-2014-9298
+ RESERVED
+CVE-2014-9297
+ RESERVED
+CVE-2014-9296
+ RESERVED
+CVE-2014-9295
+ RESERVED
+CVE-2014-9294
+ RESERVED
+CVE-2014-9293
+ RESERVED
+CVE-2014-9292 (Server-side request forgery (SSRF) vulnerability in proxy.php
in the ...)
+ TODO: check
+CVE-2014-9291
+ RESERVED
+CVE-2014-9290
+ RESERVED
+CVE-2014-9289
+ RESERVED
+CVE-2014-9288
+ RESERVED
+CVE-2014-9287
+ RESERVED
+CVE-2014-9286
+ RESERVED
+CVE-2014-9285
+ RESERVED
+CVE-2014-9284
+ RESERVED
+CVE-2014-9283
+ RESERVED
+CVE-2014-9282
+ RESERVED
+CVE-2014-9268
+ RESERVED
+CVE-2014-9267
+ RESERVED
+CVE-2014-9266
+ RESERVED
+CVE-2014-9265
+ RESERVED
+CVE-2014-9264
+ RESERVED
+CVE-2014-9263
+ RESERVED
+CVE-2014-9262
+ RESERVED
+CVE-2014-9261
+ RESERVED
+CVE-2014-9260
+ RESERVED
+CVE-2014-9259
+ RESERVED
+CVE-2014-9258
+ RESERVED
+CVE-2014-9257
+ RESERVED
+CVE-2014-9256
+ RESERVED
+CVE-2014-9255
+ RESERVED
+CVE-2014-9254
+ RESERVED
+CVE-2014-9253
+ RESERVED
+CVE-2014-9252
+ RESERVED
+CVE-2014-9251
+ RESERVED
+CVE-2014-9250
+ RESERVED
+CVE-2014-9249
+ RESERVED
+CVE-2014-9248
+ RESERVED
+CVE-2014-9247
+ RESERVED
+CVE-2014-9246
+ RESERVED
+CVE-2014-9245
+ RESERVED
+CVE-2014-9244
+ RESERVED
+CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in
WebsiteBaker ...)
+ TODO: check
+CVE-2014-9242 (SQL injection vulnerability in admin/pages/modify.php in
WebsiteBaker ...)
+ TODO: check
+CVE-2014-9241 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB
(aka ...)
+ TODO: check
+CVE-2014-9240 (SQL injection vulnerability in member.php in MyBB (aka ...)
+ TODO: check
+CVE-2014-9239 (SQL injection vulnerability in the IPS Connect service ...)
+ TODO: check
+CVE-2014-9238 (D-link IP camera DCS-2103 with firmware 1.0.0 allows remote
attackers ...)
+ TODO: check
+CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows
remote ...)
+ TODO: check
+CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php
in ...)
+ TODO: check
+CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph
Organizes ...)
+ TODO: check
+CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in
D-link ...)
+ TODO: check
+CVE-2014-9233
+ RESERVED
+CVE-2014-9232
+ RESERVED
+CVE-2014-9231
+ RESERVED
+CVE-2014-9230
+ RESERVED
+CVE-2014-9229
+ RESERVED
+CVE-2014-9228
+ RESERVED
+CVE-2014-9227
+ RESERVED
+CVE-2014-9226
+ RESERVED
+CVE-2014-9225
+ RESERVED
+CVE-2014-9224
+ RESERVED
+CVE-2014-9223
+ RESERVED
+CVE-2014-9222
+ RESERVED
+CVE-2014-9221
+ RESERVED
+CVE-2014-9217
+ RESERVED
+CVE-2014-9216
+ RESERVED
+CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in ...)
+ TODO: check
+CVE-2014-9214
+ RESERVED
+CVE-2014-9213
+ RESERVED
+CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude
uAgent ...)
+ TODO: check
+CVE-2014-9211
+ RESERVED
+CVE-2014-9210
+ RESERVED
+CVE-2014-9209
+ RESERVED
+CVE-2014-9208
+ RESERVED
+CVE-2014-9207
+ RESERVED
+CVE-2014-9206
+ RESERVED
+CVE-2014-9205
+ RESERVED
+CVE-2014-9204
+ RESERVED
+CVE-2014-9203
+ RESERVED
+CVE-2014-9202
+ RESERVED
+CVE-2014-9201
+ RESERVED
+CVE-2014-9200
+ RESERVED
+CVE-2014-9199
+ RESERVED
+CVE-2014-9198
+ RESERVED
+CVE-2014-9197
+ RESERVED
+CVE-2014-9196
+ RESERVED
+CVE-2014-9195
+ RESERVED
+CVE-2014-9194
+ RESERVED
+CVE-2014-9193
+ RESERVED
+CVE-2014-9192
+ RESERVED
+CVE-2014-9191
+ RESERVED
+CVE-2014-9190
+ RESERVED
+CVE-2014-9189
+ RESERVED
+CVE-2014-9188
+ RESERVED
+CVE-2014-9187
+ RESERVED
+CVE-2014-9186
+ RESERVED
+CVE-2014-9185
+ RESERVED
+CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass
authentication via ...)
+ TODO: check
+CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin
...)
+ TODO: check
+CVE-2014-9182 (models/comment.php in Anchor CMS 0.9.2 and earlier allows
remote ...)
+ TODO: check
+CVE-2014-9181 (Multiple directory traversal vulnerabilities in Plex Media
Server ...)
+ TODO: check
+CVE-2014-9180 (Open redirect vulnerability in go.php in Eleanor CMS allows
remote ...)
+ TODO: check
+CVE-2014-9179 (Cross-site scripting (XSS) vulnerability in the SupportEzzy
Ticket ...)
+ TODO: check
+CVE-2014-9178 (Multiple SQL injection vulnerabilities in classes/ajax.php in
the ...)
+ TODO: check
+CVE-2014-9177 (The HTML5 MP3 Player with Playlist Free plugin before 2.7 for
...)
+ TODO: check
+CVE-2014-9176 (Cross-site scripting (XSS) vulnerability in the InstaSqueeze
Sexy ...)
+ TODO: check
+CVE-2014-9175 (SQL injection vulnerability in wpdatatables.php in the
wpDataTables ...)
+ TODO: check
+CVE-2014-9174 (Cross-site scripting (XSS) vulnerability in the Google
Analytics by ...)
+ TODO: check
+CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc
Embedder ...)
+ TODO: check
CVE-2014-XXXX [buffer overflow in mpfr_strtofr]
- mpfr4 <unfixed> (bug #772008)
NOTE:
https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
@@ -122,33 +342,40 @@
CVE-2015-0301
RESERVED
CVE-2014-9275 [crashes]
+ RESERVED
- unrtf <unfixed>
NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1170233
CVE-2014-9274 [out-of-bounds memory access]
+ RESERVED
- unrtf <unfixed>
NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1170233
CVE-2014-9278 [~/.k5users unexpectedly grants remote login]
+ RESERVED
- openssh <not-affected> (patch not applied to Debian)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169843
NOTE: Patch https://bugzilla.mindrot.org/show_bug.cgi?id=1867 from not
applied in Debian
CVE-2014-9277 [<cross-domain-policy> mangling allows injection in API
format=php]
+ RESERVED
- mediawiki <unfixed>
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
CVE-2014-9276 [XSS in Special:ExpandTemplates]
+ RESERVED
- mediawiki <unfixed>
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111
-CVE-2014-9220
+CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and
5.x ...)
NOT-FOR-US: OpenVAS Manager
CVE-2014-9219 [XSS vulnerability in redirection mechanism]
+ RESERVED
- phpmyadmin <unfixed>
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
TODO: check older versions
CVE-2014-9218 [DoS vulnerability with long passwords]
+ RESERVED
- phpmyadmin <unfixed>
NOTE:
https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1
(master)
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
@@ -205,17 +432,14 @@
RESERVED
CVE-2014-9145
RESERVED
-CVE-2014-9144
- RESERVED
+CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows
remote ...)
NOT-FOR-US: Technicolor routers
-CVE-2014-9143
- RESERVED
+CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with
firmware ...)
NOT-FOR-US: Technicolor routers
-CVE-2014-9142
- RESERVED
+CVE-2014-9142 (Cross-site scripting (XSS) vulnerability in Technicolor Router
TD5130 ...)
NOT-FOR-US: Technicolor routers
-CVE-2014-9141
- RESERVED
+CVE-2014-9141 (The installer in Thomson Reuters Fixed Assets CS 13.1.4 and
earlier ...)
+ TODO: check
CVE-2014-9139
RESERVED
CVE-2014-9138
@@ -226,8 +450,8 @@
RESERVED
CVE-2014-9135
RESERVED
-CVE-2014-9134
- RESERVED
+CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube
Wireless ...)
+ TODO: check
CVE-2014-9133
RESERVED
CVE-2014-9132
@@ -258,8 +482,8 @@
RESERVED
CVE-2014-9115
RESERVED
-CVE-2014-9113
- RESERVED
+CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement)
7.1 ...)
+ TODO: check
CVE-2014-9111
RESERVED
CVE-2014-9110
@@ -390,7 +614,7 @@
RESERVED
CVE-2014-9029 [input sanitization errors]
RESERVED
- {DSA-3089-1}
+ {DSA-3089-1 DLA-101-1}
- jasper 1.900.1-debian1-2.2 (bug #772036)
CVE-2014-9027 (Multiple cross-site request forgery (CSRF) vulnerabilities in
ZTE ...)
NOT-FOR-US: ZTE ZXDSL 831CII
@@ -454,58 +678,61 @@
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314
(v2.6.38-rc1)
CVE-2014-9156 (The FileField module 6.x-3.x before 6.x-3.13 for Drupal does
not ...)
NOT-FOR-US: Drupal module FileField
-CVE-2014-9129
- RESERVED
+CVE-2014-9129 (Cross-site request forgery (CSRF) vulnerability in the
CreativeMinds ...)
NOT-FOR-US: WordPress plugin cm-download-manager
-CVE-2014-8123 [buffer overflow]
- RESERVED
+CVE-2014-8123 (Buffer overflow in the bGetPPS function in wordole.c in
Antiword 0.37 ...)
- antiword 0.37-5 (bug #771768)
NOTE: http://www.openwall.com/lists/oss-security/2014/12/01/4
NOTE: This actually was fixed long time ago in
https://bugs.debian.org/407015
-CVE-2014-8104 [DoS]
- RESERVED
+CVE-2014-8104 (OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x
before ...)
{DSA-3084-1 DLA-98-1}
- openvpn 2.3.4-5
NOTE:
https://github.com/OpenVPN/openvpn/commit/c5590a6821e37f3b29735f55eb0c2b9c0924138c
NOTE: https://forums.openvpn.net/topic17625.html
CVE-2014-9272 [XSS in string_insert_hrefs()]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/05378e00
NOTE: http://www.mantisbt.org/bugs/view.php?id=17297
CVE-2014-9281 [XSS in admin panel / copy_field.php]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a
NOTE: http://www.mantisbt.org/bugs/view.php?id=17876
CVE-2014-9271 [XSS in file uploads]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17874
NOTE: http://github.com/mantisbt/mantisbt/commit/9fb8cf36f
CVE-2014-9270 [XSS in projax_api.php]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec
NOTE: http://www.mantisbt.org/bugs/view.php?id=17583
CVE-2014-9269 [XSS in extended project browser]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc
NOTE: http://www.mantisbt.org/bugs/view.php?id=17890
CVE-2014-9280 [PHP Object Injection in MantisBT filter API]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2
NOTE: http://www.mantisbt.org/bugs/view.php?id=17875
CVE-2014-9279 [DB credentials disclosure in MantisBT's unattended upgrade
script]
+ RESERVED
- mantis <removed> (unimportant)
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE: http://github.com/mantisbt/mantisbt/commit/0826cef8
NOTE: http://www.mantisbt.org/bugs/view.php?id=17877
NOTE: unimportant, source affected but unrelevant for Debian,
upgrade_unattended.php removed also in binary package
-CVE-2014-9140 [buffer overflow in the PPP dissector]
- RESERVED
+CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in
tcpdump ...)
{DSA-3086-1}
- tcpdump 4.6.2-3
NOTE:
https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda
@@ -524,8 +751,7 @@
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
NOTE:
http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
NOTE: https://www.mantisbt.org/bugs/view.php?id=17811
-CVE-2014-9116 [mutt: incorrect use of mutt_substrdup() in write_one_header()]
- RESERVED
+CVE-2014-9116 (The write_one_header function in mutt 1.5.23 does not properly
handle ...)
{DSA-3083-1}
- mutt 1.5.23-2 (bug #771125)
NOTE: Detailed analysis in
https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4
@@ -537,8 +763,7 @@
[wheezy] - util-linux <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2014/11/26/13
NOTE:
https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc
-CVE-2014-9112 [heap-based buffer overflow]
- RESERVED
+CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in
GNU Cpio ...)
- cpio <unfixed>
NOTE: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
NOTE: https://savannah.gnu.org/bugs/?43709
@@ -551,6 +776,7 @@
NOTE: https://www.mantisbt.org/bugs/view.php?id=17841
NOTE: http://github.com/mantisbt/mantisbt/commit/b0021673
CVE-2014-9273 [does not properly handle small-sized hive files]
+ RESERVED
- hivex 1.3.11-1 (low)
[wheezy] - hivex <no-dsa> (Minor issue)
[squeeze] - hivex <no-dsa> (Minor issue)
@@ -562,8 +788,7 @@
- gnupg2 <not-affected> (Affects only 2.1 and betas)
NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
NOTE: Upstream commit:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7
-CVE-2014-9157 [format string vulnerability]
- RESERVED
+CVE-2014-9157 (Format string vulnerability in the yyerror function in ...)
- graphviz <unfixed>
NOTE:
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
CVE-2014-XXXX [parse_datetime() bug]
@@ -702,8 +927,7 @@
- drupal7 7.32-1+deb8u1 (bug #770469)
- drupal6 <not-affected> (Only affects Drupal 7.x)
NOTE: https://www.drupal.org/SA-CORE-2014-006
-CVE-2014-9018 [on-connect scripts: icecast can leak output to attentive
sources]
- RESERVED
+CVE-2014-9018 (Icecast before 2.4.1 transmits the output of the on-connect
script, ...)
- icecast2 2.4.0-1.1 (bug #770222)
NOTE: https://trac.xiph.org/ticket/2089
CVE-2015-0300
@@ -1556,14 +1780,13 @@
RESERVED
CVE-2014-8878
RESERVED
-CVE-2014-8877
- RESERVED
+CVE-2014-8877 (The alterSearchQuery function in ...)
+ TODO: check
CVE-2014-8876
RESERVED
CVE-2014-8875
RESERVED
-CVE-2014-8874
- RESERVED
+CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses
...)
NOT-FOR-US: TYPO3 Extension ke_questionnaire
CVE-2014-8873
RESERVED
@@ -1714,8 +1937,8 @@
RESERVED
CVE-2014-8801 (Directory traversal vulnerability in services/getfile.php in
the Paid ...)
NOT-FOR-US: Paid Memberships Pro plugin for WordPress
-CVE-2014-8800
- RESERVED
+CVE-2014-8800 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-8799 (Directory traversal vulnerability in the dp_img_resize function
in ...)
NOT-FOR-US: dp_img_resize function in php/dp-functions.php in the
DukaPress plugin for WordPress
CVE-2014-8798
@@ -1736,10 +1959,10 @@
NOT-FOR-US: Enalean Tuleap
CVE-2014-8790
RESERVED
-CVE-2014-8789
- RESERVED
-CVE-2014-8788
- RESERVED
+CVE-2014-8789 (GleamTech FileVista before 6.1 allows remote authenticated
users to ...)
+ TODO: check
+CVE-2014-8788 (GleamTech FileVista before 6.1 allows remote authenticated
users to ...)
+ TODO: check
CVE-2014-8787
RESERVED
CVE-2014-8786
@@ -1764,16 +1987,16 @@
RESERVED
CVE-2014-8776
RESERVED
-CVE-2014-8775
- RESERVED
-CVE-2014-8774
- RESERVED
-CVE-2014-8773
- RESERVED
-CVE-2014-8772
- RESERVED
-CVE-2014-8771
- RESERVED
+CVE-2014-8775 (MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly
flag ...)
+ TODO: check
+CVE-2014-8774 (Cross-site scripting (XSS) vulnerability in manager/index.php
in MODX ...)
+ TODO: check
+CVE-2014-8773 (MODX Revolution 2.x before 2.2.15 allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2014-8772 (Cross-site scripting (XSS) vulnerability in the
search_controller in ...)
+ TODO: check
+CVE-2014-8771 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php
in the ...)
NOT-FOR-US: Magento
CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks
1.0.4 ...)
@@ -1845,8 +2068,8 @@
RESERVED
CVE-2014-8729
RESERVED
-CVE-2014-8728
- RESERVED
+CVE-2014-8728 (SQL injection vulnerability in the login page (login/login) in
Subex ...)
+ TODO: check
CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP
before ...)
NOT-FOR-US: F5 BIG-IP
CVE-2014-8726
@@ -2108,8 +2331,7 @@
NOTE: To be REJECTED
CVE-2014-8584 (Cross-site scripting (XSS) vulnerability in the Web Dorado
Spider ...)
NOT-FOR-US: WordPress plugin Web Dorado Spider Video Player (aka
WordPress Video Player)
-CVE-2013-7416 [canto: feed URL parsing command line injection]
- RESERVED
+CVE-2013-7416 (canto_curses/guibase.py in Canto Curses before 0.9.0 allows
remote ...)
- canto <removed> (bug #731582)
[wheezy] - canto <not-affected> (Vulnerable code not present)
[squeeze] - canto <not-affected> (Vulnerable code not present)
@@ -2472,8 +2694,7 @@
RESERVED
CVE-2014-8490
RESERVED
-CVE-2014-8990 [code execution]
- RESERVED
+CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote
...)
- lsyncd <unfixed> (low; bug #767227)
[wheezy] - lsyncd <no-dsa> (Minor issue)
[squeeze] - lsyncd <no-dsa> (Minor issue)
@@ -3056,8 +3277,7 @@
NOT-FOR-US: Panasonic Network Camera
CVE-2014-8755 (Panasonic Network Camera View 3 and 4 allows remote attackers
to ...)
NOT-FOR-US: Panasonic Network Camera
-CVE-2014-8754
- RESERVED
+CVE-2014-8754 (Open redirect vulnerability in track-click.php in the
Ad-Manager ...)
NOT-FOR-US: WordPress plugin ad-manager-for-wp
CVE-2014-8753
RESERVED
@@ -3980,10 +4200,10 @@
NOT-FOR-US: Drupal module Custom Search
CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration
UI in ...)
NOT-FOR-US: Drupal module Context Form Alteration
-CVE-2014-7868
- RESERVED
-CVE-2014-7867
- RESERVED
+CVE-2014-7868 (Multiple SQL injection vulnerabilities in ZOHO ManageEngine
OpManager ...)
+ TODO: check
+CVE-2014-7867 (SQL injection vulnerability in the ...)
+ TODO: check
CVE-2014-7866
RESERVED
CVE-2014-7865
@@ -5329,22 +5549,22 @@
RESERVED
CVE-2014-7260
RESERVED
-CVE-2014-7259
- RESERVED
-CVE-2014-7258
- RESERVED
+CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25
for ...)
+ TODO: check
+CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board
2.91 ...)
+ TODO: check
CVE-2014-7257
RESERVED
-CVE-2014-7256
- RESERVED
-CVE-2014-7255
- RESERVED
-CVE-2014-7254
- RESERVED
-CVE-2014-7253
- RESERVED
-CVE-2014-7252
- RESERVED
+CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up
Networking ...)
+ TODO: check
+CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50
...)
+ TODO: check
+CVE-2014-7254 (Unspecified vulnerability in ARROWS Me F-11D allows physically
...)
+ TODO: check
+CVE-2014-7253 (FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and
REGZA ...)
+ TODO: check
+CVE-2014-7252 (Multiple unspecified vulnerabilities in the Syslink driver for
Texas ...)
+ TODO: check
CVE-2014-7251
RESERVED
CVE-2014-7250
@@ -5362,8 +5582,8 @@
RESERVED
CVE-2014-7244
RESERVED
-CVE-2014-7243
- RESERVED
+CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does
not ...)
+ TODO: check
CVE-2014-7242
RESERVED
CVE-2014-7241
@@ -8212,12 +8432,12 @@
NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in
ZOHO ...)
NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
-CVE-2014-6036
- RESERVED
-CVE-2014-6035
- RESERVED
-CVE-2014-6034
- RESERVED
+CVE-2014-6036 (Directory traversal vulnerability in the multipartRequest
servlet in ...)
+ TODO: check
+CVE-2014-6035 (Directory traversal vulnerability in the FileCollector servlet
in ZOHO ...)
+ TODO: check
+CVE-2014-6034 (Directory traversal vulnerability in the ...)
+ TODO: check
CVE-2014-6033
REJECTED
NOT-FOR-US: F5 Networks Big-IP
@@ -9398,8 +9618,7 @@
- torrentflux <removed> (bug #759574)
[wheezy] - torrentflux <no-dsa> (Minor issue)
[squeeze] - torrentflux <no-dsa> (Minor issue)
-CVE-2014-6040 [crashes on invalid input in IBM gconv modules]
- RESERVED
+CVE-2014-6040 (GNU C Library (aka glibc) before 2.20 allows context-dependent
...)
{DLA-97-1}
- glibc 2.19-12
- eglibc <removed>
@@ -9428,10 +9647,10 @@
NOT-FOR-US: HL7 C-CDA
CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: MODX Revolution
-CVE-2014-5446
- RESERVED
-CVE-2014-5445
- RESERVED
+CVE-2014-5446 (Directory traversal vulnerability in the DisplayChartPDF
servlet in ...)
+ TODO: check
+CVE-2014-5445 (Multiple absolute path traversal vulnerabilities in ZOHO
ManageEngine ...)
+ TODO: check
CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning
when a TLS ...)
- geary 0.6.3-1
NOTE: Upstream bugreport:
https://bugzilla.gnome.org/show_bug.cgi?id=713247
@@ -9898,8 +10117,7 @@
NOT-FOR-US: Drupal addon
CVE-2014-5249 (SQL injection vulnerability in the "Biblio self
autocomplete" ...)
NOT-FOR-US: Drupal addon
-CVE-2012-6656 [iconv() segfaults if the invalid multibyte character 0xffff is
input when converting from IBM930]
- RESERVED
+CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16
allows ...)
{DLA-97-1}
- glibc 2.17-1
- eglibc <removed>
@@ -13041,10 +13259,10 @@
- php-horde-ldap 2.0.6-1
CVE-2014-3998
RESERVED
-CVE-2014-3997
- RESERVED
-CVE-2014-3996
- RESERVED
+CVE-2014-3997 (SQL injection vulnerability in the MetadataServlet servlet in
...)
+ TODO: check
+CVE-2014-3996 (SQL injection vulnerability in the LinkViewFetchServlet servlet
in ...)
+ TODO: check
CVE-2014-3993
RESERVED
CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM
3.5.3 allow ...)
@@ -13055,8 +13273,8 @@
RESERVED
CVE-2014-3989
RESERVED
-CVE-2014-3988
- RESERVED
+CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in
SunHater ...)
+ TODO: check
CVE-2014-3987
RESERVED
CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12
allow ...)
@@ -14013,8 +14231,7 @@
NOTE:
https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
CVE-2014-3628
RESERVED
-CVE-2014-3627
- RESERVED
+CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through
0.23.11 ...)
NOT-FOR-US: Apache Hadoop
CVE-2014-3626
RESERVED
@@ -14297,8 +14514,7 @@
NOTE: http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
CVE-2014-3562 (Red Hat Directory Server 8 and 389 Directory Server, when
debugging is ...)
- 389-ds-base 1.3.2.21-1 (bug #757437)
-CVE-2014-3561
- RESERVED
+CVE-2014-3561 (The rhevm-log-collector package in Red Hat Enterprise
Virtualization ...)
NOT-FOR-US: rhevm-log-collector
CVE-2014-3560 (NetBIOS name services daemon (nmbd) in Samba 4.0.x before
4.0.21 and ...)
- samba 2:4.1.11+dfsg-1 (bug #756759)
@@ -14703,20 +14919,17 @@
CVE-2014-3771 (TeamPass before 2.1.20 allows remote attackers to bypass access
...)
- teampass <itp> (bug #730180)
NOTE:
https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
-CVE-2014-4703 [check_dhcp: Race Condition]
- RESERVED
+CVE-2014-4703 (lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to
obtain ...)
- nagios-plugins <removed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
NOTE: http://seclists.org/fulldisclosure/2014/Jun/141
- monitoring-plugins <undetermined> (unimportant)
-CVE-2014-4702 [vulerability in check_icmp]
- RESERVED
+CVE-2014-4702 (The check_icmp plugin in Nagios Plugins before 2.0.2 allows
local ...)
- nagios-plugins <removed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2014/May/74
NOTE: check_imcp is not installed with root suid permissions in Debian
- monitoring-plugins <undetermined> (unimportant)
-CVE-2014-4701 [check_dhcp: arbitray option file read]
- RESERVED
+CVE-2014-4701 (The check_dhcp plugin in Nagios Plugins before 2.0.2 allows
local ...)
- nagios-plugins <removed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
NOTE: http://seclists.org/fulldisclosure/2014/May/74
@@ -17947,8 +18160,8 @@
RESERVED
CVE-2014-2274
RESERVED
-CVE-2014-2273
- RESERVED
+CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before
V100R001C00B043 ...)
+ TODO: check
CVE-2014-2272
RESERVED
CVE-2014-2271
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
