Author: sectracker
Date: 2014-12-31 21:10:15 +0000 (Wed, 31 Dec 2014)
New Revision: 31066
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-31 16:28:30 UTC (rev 31065)
+++ data/CVE/list 2014-12-31 21:10:15 UTC (rev 31066)
@@ -1,3 +1,23 @@
+CVE-2014-9426 (The apprentice_load function in libmagic/apprentice.c in the
Fileinfo ...)
+ TODO: check
+CVE-2014-9423
+ RESERVED
+CVE-2014-9422
+ RESERVED
+CVE-2014-9421
+ RESERVED
+CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in
Huawei ...)
+ TODO: check
+CVE-2014-9417 (The Meeting component in Huawei eSpace Desktop before
V100R001C03 ...)
+ TODO: check
+CVE-2014-9416 (Multiple untrusted search path vulnerabilities in Huawei eSpace
...)
+ TODO: check
+CVE-2014-9415 (Huawei eSpace Desktop before V100R001C03 allows local users to
...)
+ TODO: check
+CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not
...)
+ TODO: check
+CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the IP ...)
+ TODO: check
CVE-2014-XXXX [dwarfdump use after free]
- dwarfutils <unfixed>
NOTE: CVE request
http://www.openwall.com/lists/oss-security/2014/12/31/3
@@ -429,10 +449,10 @@
RESERVED
CVE-2015-0361
RESERVED
-CVE-2014-9425 [php5: zend_ts_hash.c double free]
+CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy
...)
- php5 <unfixed> (unimportant; bug #774154)
NOTE: php5 binary packages not built with --with-maintainer-zts
-CVE-2014-9424 [Double-free in ssl_parse_clienthello_use_srtp_ext() function]
+CVE-2014-9424 (Double free vulnerability in the
ssl_parse_clienthello_use_srtp_ext ...)
- libressl <itp> (bug #754513)
CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ
Access ...)
NOT-FOR-US: NetIQ Access Manager
@@ -525,11 +545,11 @@
CVE-2014-XXXX [Malicious site can bypass CORS restrictions in
$wgCrossSiteAJAXdomains]
- mediawiki <not-affected> (CORS support was added in 1.20)
NOTE: https://phabricator.wikimedia.org/T77028
-CVE-2014-9419 [x86_64: userspace address leak]
+CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the
Linux ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e
(v3.19-rc1)
-CVE-2014-9420 [fs: isofs: infinite loop in CE records]
+CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux
kernel ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream fix:
https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d
(v3.19-rc1)
@@ -665,8 +685,8 @@
NOT-FOR-US: WordPress plugin iTwitter
CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
NOT-FOR-US: WordPress plugin DandyID Services
-CVE-2014-9334
- RESERVED
+CVE-2014-9334 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Bird ...)
+ TODO: check
CVE-2014-9333
RESERVED
CVE-2014-9332
@@ -917,12 +937,10 @@
RESERVED
CVE-2014-9224
RESERVED
-CVE-2014-9223
- RESERVED
+CVE-2014-9223 (Multiple buffer overflows in AllegroSoft RomPager, as used in
Huawei ...)
NOT-FOR-US: RomPager
NOTE: http://mis.fortunecook.ie/
-CVE-2014-9222
- RESERVED
+CVE-2014-9222 (AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home
Gateway ...)
NOT-FOR-US: RomPager
NOTE: http://mis.fortunecook.ie/
CVE-2014-9221
@@ -985,8 +1003,8 @@
RESERVED
CVE-2014-9189
RESERVED
-CVE-2014-9188
- RESERVED
+CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in
Schneider ...)
+ TODO: check
CVE-2014-9187
RESERVED
CVE-2014-9186
@@ -2744,10 +2762,10 @@
RESERVED
CVE-2014-8811
RESERVED
-CVE-2014-8810
- RESERVED
-CVE-2014-8809
- RESERVED
+CVE-2014-8810 (SQL injection vulnerability in ajax/mail_functions.php in the
WP ...)
+ TODO: check
+CVE-2014-8809 (Multiple cross-site scripting (XSS) vulnerabilities in the WP
...)
+ TODO: check
CVE-2014-8808
RESERVED
CVE-2014-8807
@@ -3474,14 +3492,14 @@
RESERVED
CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to
execute ...)
NOT-FOR-US: uTorrent
-CVE-2014-8514
- RESERVED
-CVE-2014-8513
- RESERVED
-CVE-2014-8512
- RESERVED
-CVE-2014-8511
- RESERVED
+CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in
Schneider ...)
+ TODO: check
+CVE-2014-8513 (Buffer overflow in an ActiveX control in MDraw30.ocx in
Schneider ...)
+ TODO: check
+CVE-2014-8512 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider
...)
+ TODO: check
+CVE-2014-8511 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider
...)
+ TODO: check
CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual
Appliance ...)
NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka
Bootstrap) ...)
@@ -4444,6 +4462,7 @@
CVE-2014-8143
RESERVED
CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data
function in ...)
+ {DSA-3117-1}
- php5 <unfixed> (unimportant)
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
NOTE:
http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
@@ -4460,12 +4479,10 @@
RESERVED
{DSA-3113-1 DLA-124-1}
- unzip 6.0-13 (bug #773722)
-CVE-2014-8138 [heap overflow in jp2_decode()]
- RESERVED
+CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer
...)
{DSA-3106-1 DLA-121-1}
- jasper 1.900.1-debian1-2.3 (bug #773463)
-CVE-2014-8137 [double-free in in jas_iccattrval_destroy()]
- RESERVED
+CVE-2014-8137 (Double free vulnerability in the jas_iccattrval_destroy
function in ...)
{DSA-3106-1 DLA-121-1}
- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2)
qemuDomainMigrateFinish2 ...)
@@ -4488,8 +4505,7 @@
- linux <unfixed>
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=41bdc78544b8a93a9c6814b8bbbfef966272abbe
-CVE-2014-8132 [Possible double free on a dangling pointer with crafted kexinit
packet]
- RESERVED
+CVE-2014-8132 (Double free vulnerability in the ssh_packet_kexinit function in
kex.c ...)
- libssh <unfixed> (bug #773577)
[wheezy] - libssh <no-dsa> (Minor issue)
[squeeze] - libssh <not-affected> (Issue only present in versions >
0.5.1, squeeze has 0.4.5)
@@ -4556,8 +4572,7 @@
RESERVED
CVE-2014-8110
RESERVED
-CVE-2014-8109 [apache mod_lua LuaAuthzProvider uses wrong arguments]
- RESERVED
+CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x
and ...)
- apache2 2.4.10-9
[wheezy] - apache2 <not-affected> (mod_lua only in 2.4)
[squeeze] - apache2 <not-affected> (mod_lua only in 2.4)
@@ -4842,20 +4857,20 @@
NOT-FOR-US: Cisco
CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service
9.1(1) ...)
NOT-FOR-US: Cisco
-CVE-2014-7999
- RESERVED
+CVE-2014-7999 (Cisco-Meraki MS, MR, and MX devices with firmware before
2014-09-24 ...)
+ TODO: check
CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa
authenticator" ...)
NOT-FOR-US: Cisco IOS
CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points
does not ...)
NOT-FOR-US: Cisco IOS
CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web
framework ...)
NOT-FOR-US: Cisco
-CVE-2014-7995
- RESERVED
-CVE-2014-7994
- RESERVED
-CVE-2014-7993
- RESERVED
+CVE-2014-7995 (Cisco-Meraki MS, MR, and MX devices with firmware before
2014-09-24 ...)
+ TODO: check
+CVE-2014-7994 (Cisco-Meraki MS, MR, and MX devices with firmware before
2014-09-24 ...)
+ TODO: check
+CVE-2014-7993 (Cisco-Meraki MS, MR, and MX devices with firmware before
2014-09-24 ...)
+ TODO: check
CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet
...)
NOT-FOR-US: Cisco IOS
CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified
Communications ...)
@@ -6638,8 +6653,7 @@
RESERVED
CVE-2000-1253
RESERVED
-CVE-2014-7300 [gnome-shell lockscreen bypass with printscreen key]
- RESERVED
+CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature
is ...)
- gnome-shell 3.14.1-1 (low)
[wheezy] - gnome-shell <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456
@@ -6677,8 +6691,7 @@
NOT-FOR-US: Spotfire Web Player
CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4,
Managed File ...)
NOT-FOR-US: TIBCO
-CVE-2014-7193 [Crumb CORS Token Disclosure]
- RESERVED
+CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly
restrict ...)
NOT-FOR-US: Crumb
CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error
package ...)
- nodejs <unfixed> (bug #773623)
@@ -8926,10 +8939,10 @@
NOT-FOR-US: WordPress plugin All In One WP Security
CVE-2014-6230 (WP-Ban plugin before 1.6.4 for WordPress, when running in
certain ...)
NOT-FOR-US: WordPress plugin WP-Ban
-CVE-2014-6229
- RESERVED
-CVE-2014-6228
- RESERVED
+CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in
Facebook ...)
+ TODO: check
+CVE-2014-6228 (Integer overflow in the string_chunk_split function in ...)
+ TODO: check
CVE-2010-5305
RESERVED
CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail
3.22 ...)
@@ -9037,12 +9050,12 @@
RESERVED
CVE-2014-6189
RESERVED
-CVE-2014-6188
- RESERVED
-CVE-2014-6187
- RESERVED
-CVE-2014-6186
- RESERVED
+CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
WebSphere ...)
+ TODO: check
+CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in
IBM ...)
+ TODO: check
+CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x
before ...)
+ TODO: check
CVE-2014-6185
RESERVED
CVE-2014-6184
@@ -9051,16 +9064,16 @@
NOT-FOR-US: IBM Security Network Protection
CVE-2014-6182 (Directory traversal vulnerability in an export function in the
Process ...)
NOT-FOR-US: IBM
-CVE-2014-6181
- RESERVED
-CVE-2014-6180
- RESERVED
-CVE-2014-6179
- RESERVED
-CVE-2014-6178
- RESERVED
-CVE-2014-6177
- RESERVED
+CVE-2014-6181 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x
before ...)
+ TODO: check
+CVE-2014-6180 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM
...)
+ TODO: check
+CVE-2014-6179 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM
...)
+ TODO: check
+CVE-2014-6178 (Cross-site scripting (XSS) vulnerability in the widgets in IBM
...)
+ TODO: check
+CVE-2014-6177 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x
before ...)
+ TODO: check
CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service
Bus ...)
NOT-FOR-US: IBM
CVE-2014-6175
@@ -9077,8 +9090,8 @@
RESERVED
CVE-2014-6169
RESERVED
-CVE-2014-6168
- RESERVED
+CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security
...)
+ TODO: check
CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting
feature ...)
NOT-FOR-US: IBM
CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM
WebSphere ...)
@@ -9093,8 +9106,8 @@
RESERVED
CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli
Netcool/Impact ...)
NOT-FOR-US: IBM
-CVE-2014-6160
- RESERVED
+CVE-2014-6160 (IBM WebSphere Service Registry and Repository (WSRR) 8.5 before
...)
+ TODO: check
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and
10.5 ...)
NOT-FOR-US: IBM
CVE-2014-6158
@@ -9103,12 +9116,12 @@
RESERVED
CVE-2014-6156
RESERVED
-CVE-2014-6155
- RESERVED
+CVE-2014-6155 (Multiple directory traversal vulnerabilities in the
ServiceRegistry UI ...)
+ TODO: check
CVE-2014-6154
RESERVED
-CVE-2014-6153
- RESERVED
+CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository
(WSRR) ...)
+ TODO: check
CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Tivoli ...)
NOT-FOR-US: IBM Tivoli
CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal
(TIP) ...)
@@ -9149,8 +9162,8 @@
RESERVED
CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to
obtain ...)
NOT-FOR-US: IBM API Management
-CVE-2014-6132
- RESERVED
+CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM
...)
+ TODO: check
CVE-2014-6131
RESERVED
CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android
lacks a ...)
@@ -9167,8 +9180,8 @@
NOT-FOR-US: IBM WebSphere Portal
CVE-2014-6124
RESERVED
-CVE-2014-6123
- RESERVED
+CVE-2014-6123 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through
...)
+ TODO: check
CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6
before ...)
NOT-FOR-US: IBM
CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security
AppScan ...)
@@ -10688,8 +10701,8 @@
NOT-FOR-US: WordPress plugin Content Audit
CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab
ExpressionEngine ...)
NOT-FOR-US: EllisLab ExpressionEngine Core
-CVE-2014-5386
- RESERVED
+CVE-2014-5386 (The mcrypt_create_iv function in ...)
+ TODO: check
CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer
1.1.5 ...)
NOT-FOR-US: Shopizer
CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0
before p6 ...)
@@ -12724,8 +12737,7 @@
RESERVED
CVE-2014-4635
RESERVED
-CVE-2014-4634
- RESERVED
+CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication
Manager ...)
NOT-FOR-US: EMC Replication Manager and EMC AppSync
CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC
...)
NOT-FOR-US: EMC RSA Archer GRC Platform
@@ -12733,8 +12745,7 @@
RESERVED
CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1
P3, when ...)
NOT-FOR-US: RSA Adaptive Authentication
-CVE-2014-4630
- RESERVED
+CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and
RSA ...)
NOT-FOR-US: RSA BSAFE
CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7
before ...)
NOT-FOR-US: EMC Documentum Content Server
@@ -13423,8 +13434,8 @@
RESERVED
CVE-2014-4323 (The mdp_lut_hw_update function in drivers/video/msm/mdp.c in
the MDP ...)
- linux <not-affected> (Vulnerable code drivers/video/msm not present)
-CVE-2014-4322
- RESERVED
+CVE-2014-4322 (drivers/misc/qseecom.c in the QSEECOM driver for the Linux
kernel 3.x, ...)
+ TODO: check
CVE-2014-4321
RESERVED
CVE-2014-4320
@@ -14283,8 +14294,8 @@
[wheezy] - frontaccounting <no-dsa> (Minor issue)
CVE-2014-3972
RESERVED
-CVE-2014-3971
- RESERVED
+CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in ...)
+ TODO: check
CVE-2014-3965
RESERVED
CVE-2014-3964
@@ -15387,8 +15398,7 @@
RESERVED
CVE-2014-3570
RESERVED
-CVE-2014-3569 [OpenSSL 1.0.1j build with no-ssl3 NULL pointer dererences]
- RESERVED
+CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL
1.0.1j ...)
{DLA-81-1}
- openssl <unfixed>
[wheezy] - openssl <not-affected> (Doesn't use no-ssl3 yet)
@@ -15487,8 +15497,7 @@
NOTE: Fixed with 4.2.1-1 to experimental, update info with first
version in unstable when fix in sid
CVE-2014-3557
RESERVED
-CVE-2014-3556 [SMTP STARTTLS plaintext injection flaw]
- RESERVED
+CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in
the ...)
- nginx 1.6.1-1 (bug #757196)
[wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
[squeeze] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
@@ -19208,8 +19217,8 @@
CVE-2014-2225
RESERVED
NOT-FOR-US: Ubiquiti Networks
-CVE-2014-2224
- RESERVED
+CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does
not ...)
+ TODO: check
CVE-2014-2223 (Unrestricted file upload vulnerability in
plog-admin/plog-upload.php ...)
NOT-FOR-US: Plogger
CVE-2014-2222
@@ -19222,18 +19231,18 @@
NOT-FOR-US: CMSimple
CVE-2014-2218
RESERVED
-CVE-2014-2217
- RESERVED
+CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload
control in ...)
+ TODO: check
CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before
4.3.16 ...)
NOT-FOR-US: Fortinet FortiOS
CVE-2014-2215
RESERVED
CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web
Portal ...)
NOT-FOR-US: Erwin Web Portal
-CVE-2014-2209
- RESERVED
-CVE-2014-2208
- RESERVED
+CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not
drop ...)
+ TODO: check
+CVE-2014-2208 (CRLF injection vulnerability in the LightProcess protocol ...)
+ TODO: check
CVE-2014-2207
RESERVED
CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator
(ePO) ...)
@@ -20022,14 +20031,14 @@
NOT-FOR-US: Foscam camera
CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before
2.4.4 ...)
NOT-FOR-US: Citrix ShareFile Mobile
-CVE-2014-1908
- RESERVED
+CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) ...)
+ TODO: check
CVE-2014-1907 (Multiple directory traversal vulnerabilities in the
VideoWhisper Live ...)
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
-CVE-2014-1905
- RESERVED
+CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php
in the ...)
+ TODO: check
CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in ...)
{DSA-2890-1}
- libspring-java 3.0.6.RELEASE-13 (bug #741604)
@@ -21776,8 +21785,8 @@
RESERVED
CVE-2014-1450
RESERVED
-CVE-2014-1449
- RESERVED
+CVE-2014-1449 (The Maxthon Cloud Browser application before 4.1.6.2000 for
Android ...)
+ TODO: check
CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote
authenticated users ...)
NOT-FOR-US: Core FTP Server
CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before
build ...)
@@ -22996,8 +23005,7 @@
CVE-2014-0749 (Stack-based buffer overflow in lib/Libdis/disrsi_.c in
Terascale ...)
{DSA-2936-1}
- torque 2.4.16+dfsg-1.4 (bug #748827)
-CVE-2014-0748
- RESERVED
+CVE-2014-0748 (apinit on Cray devices with CLE before 4.2.UP02 and 5.x before
...)
NOT-FOR-US: Aprun/apinit on Cray supercomputers
CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI
implementation in ...)
NOT-FOR-US: Cisco Unified Communications Manager
@@ -24794,7 +24802,7 @@
CVE-2013-6999 (** DISPUTED ** The IsHandleEntrySecure function in win32k.sys
in the ...)
NOT-FOR-US: Microsoft Windows Server 2008 SP2
CVE-2013-6998
- RESERVED
+ REJECTED
CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in
Open-Xchange ...)
- open-xchange <itp> (bug #269329)
CVE-2013-6996
@@ -26055,8 +26063,8 @@
NOT-FOR-US: Enorth Webpublisher CMS
CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do
not ...)
NOT-FOR-US: Siemens
-CVE-2013-6919
- RESERVED
+CVE-2013-6919 (The default configuration of phpThumb before 1.7.12 has a false
value ...)
+ TODO: check
CVE-2013-6917
RESERVED
CVE-2013-6916 (Cross-site scripting (XSS) vulnerability in the Yahoo! User
Interface ...)
@@ -27923,8 +27931,7 @@
CVE-2013-6242
RESERVED
- open-xchange <itp> (bug #269329)
-CVE-2013-6241
- RESERVED
+CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX)
AppSuite 7.2.x ...)
- open-xchange <itp> (bug #269329)
CVE-2013-6240
RESERVED
@@ -27957,8 +27964,8 @@
NOT-FOR-US: AtMail
CVE-2013-6228
RESERVED
-CVE-2013-6227
- RESERVED
+CVE-2013-6227 (Unrestricted file upload vulnerability in ...)
+ TODO: check
CVE-2013-6226 (Directory traversal vulnerability in ...)
NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
CVE-2013-6225
@@ -28360,12 +28367,12 @@
CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x
before ...)
{DSA-2740-1}
- python-django 1.5.2-1
-CVE-2013-6043
- RESERVED
+CVE-2013-6043 (The login function in Softaculous Webuzo before 2.1.4 provides
...)
+ TODO: check
CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in
filemanager/login.php in ...)
NOT-FOR-US: Softaculous Webuzo
-CVE-2013-6041
- RESERVED
+CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote
attackers ...)
+ TODO: check
CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec,
DataMatrix, and ...)
NOT-FOR-US: MW6 Technologies
CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL
3.2 ...)
@@ -28532,8 +28539,8 @@
NOT-FOR-US: WordPress plugin Lazy SEO
CVE-2013-5960 (The authenticated-encryption feature in the
symmetric-encryption ...)
NOT-FOR-US: OWASP Enterprise Security API for Java
-CVE-2013-5958
- RESERVED
+CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x
before ...)
+ TODO: check
CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: CiviCRM
CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in
includes/flvthumbnail.php ...)
@@ -31359,8 +31366,8 @@
- reviewboard <itp> (bug #653113)
CVE-2013-4794
RESERVED
-CVE-2013-4793
- RESERVED
+CVE-2013-4793 (The update function in ...)
+ TODO: check
CVE-2011-5266
RESERVED
CVE-2013-4792
@@ -31414,8 +31421,7 @@
RESERVED
CVE-2013-4770
RESERVED
-CVE-2013-4769
- RESERVED
+CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x
and 3.4.x ...)
- eucalyptus <removed>
CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow
remote ...)
- eucalyptus <removed>
@@ -31451,10 +31457,10 @@
NOTE:
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4
CVE-2013-4755
RESERVED
-CVE-2013-4754
- RESERVED
-CVE-2013-4753
- RESERVED
+CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl
Intranet ...)
+ TODO: check
+CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in
Claroline ...)
+ TODO: check
CVE-2013-4752
RESERVED
NOT-FOR-US: Symfony HttpFoundation component
@@ -31675,8 +31681,8 @@
RESERVED
CVE-2013-4664
RESERVED
-CVE-2013-4663
- RESERVED
+CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for
Redmine ...)
+ TODO: check
CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0
through ...)
NOT-FOR-US: CiviCRM
CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not
properly ...)
@@ -35494,8 +35500,8 @@
RESERVED
CVE-2013-3296
RESERVED
-CVE-2013-3295
- RESERVED
+CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in
Exponent CMS ...)
+ TODO: check
CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before
2.2.0 ...)
NOT-FOR-US: Exponent CMS
CVE-2013-3293
@@ -58243,8 +58249,8 @@
NOT-FOR-US: Yealink VoIP Phone
CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
NOT-FOR-US: SocialCMS
-CVE-2012-1415
- RESERVED
+CVE-2012-1415 (Cross-site request forgery (CSRF) vulnerability in
lib/logout.php in ...)
+ TODO: check
CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in
manager/news.php in ...)
NOT-FOR-US: Plume CMS
CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
@@ -58468,10 +58474,10 @@
RESERVED
CVE-2012-1304
RESERVED
-CVE-2012-1303
- RESERVED
-CVE-2012-1302
- RESERVED
+CVE-2012-1303 (Multiple cross-site scripting (XSS) vulnerabilities in amCharts
Flash ...)
+ TODO: check
+CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap
2.6.3 ...)
+ TODO: check
CVE-2012-1301
RESERVED
NOT-FOR-US: Umbraco
@@ -58674,8 +58680,8 @@
NOT-FOR-US: Relocate Upload plugin
CVE-2012-1204
RESERVED
-CVE-2012-1203
- RESERVED
+CVE-2012-1203 (Cross-site request forgery (CSRF) vulnerability in
starnet/index.php ...)
+ TODO: check
CVE-2012-1202
RESERVED
CVE-2012-1201
@@ -61133,8 +61139,7 @@
RESERVED
CVE-2004-2772
RESERVED
-CVE-2004-2771
- RESERVED
+CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier
and ...)
{DSA-3105-1 DLA-114-1}
- heirloom-mailx 12.5-3.1 (bug #773417)
- bsd-mailx 8.1.2-0.20071201cvs-1
@@ -62584,12 +62589,12 @@
RESERVED
CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which
allows ...)
NOT-FOR-US: D-Link DIR-300 router
-CVE-2011-4722
- RESERVED
+CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24
in ...)
+ TODO: check
CVE-2011-4721
RESERVED
-CVE-2011-4720
- RESERVED
+CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause
a ...)
+ TODO: check
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- chromium-browser <not-affected>
- webkit <not-affected>
@@ -62643,8 +62648,8 @@
NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before
3.4.23 ...)
NOT-FOR-US: Eye-Fi Helper
-CVE-2010-5075
- RESERVED
+CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet
Security ...)
+ TODO: check
CVE-2012-0785 [Jenkins and hash collision attack]
RESERVED
- jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553)
@@ -66125,8 +66130,7 @@
- ruby1.9.1 <removed> (low; bug #646020)
[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
-CVE-2011-3623 [media-video/vlc-1.0.2: Multiple stack-based buffer overflows in
ASF, AVI, MP4 demuxers]
- RESERVED
+CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media
player ...)
- vlc 1.1.3-1
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
CVE-2011-3622
@@ -66235,13 +66239,11 @@
NOTE: relatively obscure client crash
CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function
in ...)
- linux-2.6 <not-affected> (RHEL6 only because of badly backported
patches)
-CVE-2011-3592 [phpMyAdmin did not properly sanitize the content of db, table,
and column names prior use of their values.]
- RESERVED
+CVE-2011-3592 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- phpmyadmin 4:3.4.5-1
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-3591 [PMASA-2011-14 XSS]
- RESERVED
+CVE-2011-3591 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- phpmyadmin 4:3.4.5-1
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -68936,8 +68938,7 @@
CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before
5.14.2 ...)
- perl 5.14.2-1 (unimportant)
NOTE: requires the attacker to manipulate glob flags
-CVE-2011-2727
- RESERVED
+CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php,
and ...)
NOT-FOR-US: Tribiq CMS
CVE-2011-2726 [SA-CORE-2011-003]
RESERVED
@@ -71460,31 +71461,26 @@
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform
casts of ...)
{DSA-2245-1}
- chromium-browser 11.0.696.68~r84545-1
-CVE-2011-1798
- RESERVED
+CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google
Chrome ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
{DSA-2245-1}
- chromium-browser 12.0.742.91~r87961-1
-CVE-2011-1796
- RESERVED
+CVE-2011-1796 (Use-after-free vulnerability in the ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84300
-CVE-2011-1795
- RESERVED
+CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement
function ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/83690
-CVE-2011-1794
- RESERVED
+CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function
in ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84422
-CVE-2011-1793
- RESERVED
+CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit
in ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/85406
@@ -77175,7 +77171,7 @@
CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows
remote ...)
- namazu2 2.0.20-1.0 (low)
CVE-2009-5027
- RESERVED
+ REJECTED
CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and
5.1.x ...)
- mysql-5.1 5.1.53-1
CVE-2009-5025 [PyForum XSS+CSRF]
@@ -83980,8 +83976,7 @@
{DSA-2061-1}
- samba 2:3.4.0~pre1-1 (high)
NOTE: the affected code has been completely rewritten since 3.4.x
-CVE-2010-2062 [VLC: integer underflow in Real RTSP]
- RESERVED
+CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c,
as ...)
{DSA-2044-1 DSA-2043-1}
- vlc 1.0.1-1
[lenny] - vlc 0.8.6.h-4+lenny2.3
@@ -85815,27 +85810,22 @@
{DSA-2053-1}
- linux-2.6 2.6.32-12 (unimportant)
NOTE: KGDB is not currently enabled in debian builds
-CVE-2010-1445 [Heap buffer overflow in RTMP access]
- RESERVED
+CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before
1.0.6 ...)
- vlc 1.0.6-1
[lenny] - vlc <not-affected> (Vulnerable code not present)
NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1444 [Invalid memory access in ZIP archive decompressor]
- RESERVED
+CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player
before 1.0.6 ...)
- vlc 1.0.6-1
[lenny] - vlc <not-affected> (Vulnerable code not present)
NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1443 [Invalid memory access in XSPF playlist parser]
- RESERVED
+CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c
in the ...)
- vlc 1.0.6-1 (unimportant)
NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1442 [Invalid memory access in AVI, ASF, Matroska (MKV) demuxers]
- RESERVED
+CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers
to ...)
- vlc 1.0.6-1
[lenny] - vlc 0.8.6.h-4+lenny3
NOTE: http://www.videolan.org/security/sa1003.html
-CVE-2010-1441 [Heap buffer overflow vulnerability in A/52, DTS and MPEG Audio
decoders]
- RESERVED
+CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media
player ...)
- vlc 1.0.6-1
[lenny] - vlc 0.8.6.h-4+lenny3
NOTE: http://www.videolan.org/security/sa1003.html
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
