diff options
author | Joey Hess <joeyh@debian.org> | 2014-02-07 09:14:11 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2014-02-07 09:14:11 +0000 |
commit | f51a1c77240bf4dc45b108786bae7b780a8f5651 (patch) | |
tree | dd332bccdb7ab96bb06f970c5d8b93e9e2318cc2 /data/CVE | |
parent | 676c2fcadeaa4fcf070f3fd0a0405b34c47ac389 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@25560 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2001.list | 1 | ||||
-rw-r--r-- | data/CVE/2011.list | 27 | ||||
-rw-r--r-- | data/CVE/2012.list | 31 | ||||
-rw-r--r-- | data/CVE/2013.list | 156 | ||||
-rw-r--r-- | data/CVE/2014.list | 198 |
5 files changed, 203 insertions, 210 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index a5fcc6ca92..75bba65641 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,4 +1,5 @@ CVE-2001-1593 [insecure use of /tmp] + RESERVED - a2ps <unfixed> (low; bug #737385) [wheezy] - a2ps <no-dsa> (Minor issue) [squeeze] - a2ps <no-dsa> (Minor issue) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 6a764b6b38..8ec41b64b5 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1518,8 +1518,7 @@ CVE-2011-4614 (PHP remote file inclusion vulnerability in ...) - typo3-src 4.5.9+dfsg1-1 (bug #652365) [squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards) [lenny] - typo3-src <not-affected> (Only affects 4.5 onwards) -CVE-2011-4613 [X launcher permission bypass] - RESERVED +CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...) {DSA-2364-1} - xorg 1:7.6+10 (low; bug #652249) [lenny] - xorg <not-affected> (Introduced in 1:7.4~4) @@ -2227,8 +2226,7 @@ CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3 CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ...) {DSA-2435-1} - gnash 0.8.10-1 (low; bug #649384) -CVE-2011-4327 - RESERVED +CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain ...) - openssh <not-affected> (Only affects platforms w/o /dev/random) NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel ...) @@ -4797,8 +4795,7 @@ CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote . - rpm 4.9.1.2-1 (low; bug #645325) [squeeze] - rpm 4.8.1-6+squeeze1 [lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector) -CVE-2011-3377 [IcedTea browser plugin Same Origin Policy suffix issue] - RESERVED +CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x ...) {DSA-2420-1} - openjdk-6 6b21~pre1-1 - icedtea-web 1.1.4-1 @@ -4911,8 +4908,7 @@ CVE-2011-3346 [squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15) CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...) - ofa-kernel <itp> (bug #541849) -CVE-2011-3344 - RESERVED +CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...) {DSA-2386-1} @@ -6128,8 +6124,7 @@ CVE-2011-2929 (The template selection functionality in ...) CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 3.0.0-2 -CVE-2011-2927 - RESERVED +CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2926 RESERVED @@ -6149,11 +6144,9 @@ CVE-2011-2922 CVE-2011-2921 RESERVED - ktsuss <removed> -CVE-2011-2920 - RESERVED +CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...) NOT-FOR-US: Red Hat Network Satellite server -CVE-2011-2919 - RESERVED +CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does ...) {DSA-2303-1} @@ -6775,8 +6768,7 @@ CVE-2011-2727 CVE-2011-2726 [SA-CORE-2011-003] RESERVED - drupal7 7.6-1 -CVE-2011-2725 [ark directory traversal] - RESERVED +CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows ...) - kdeutils 4:4.6.5-4 (low; bug #635541) [lenny] - kdeutils <no-dsa> (Minor issue) [squeeze] - kdeutils 4:4.4.5-1+squeeze1 @@ -9721,8 +9713,7 @@ CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in - rdesktop 1.7.0-1 (low; bug #623552) [squeeze] - rdesktop <no-dsa> (Minor issue) [lenny] - rdesktop <no-dsa> (Minor issue) -CVE-2011-1594 - RESERVED +CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...) {DSA-2264-1 DSA-2240-1} diff --git a/data/CVE/2012.list b/data/CVE/2012.list index c759ff20c8..37759741ca 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -364,8 +364,8 @@ CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw [wheezy] - moin 1.9.4-8+deb7u1 CVE-2012-6494 RESERVED -CVE-2012-6493 - RESERVED +CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose ...) + TODO: check CVE-2012-6492 RESERVED CVE-2012-6491 @@ -7920,8 +7920,7 @@ CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in ...) NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server) -CVE-2012-3427 - RESERVED +CVE-2012-3427 (EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server) CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...) - keystone 2012.1.1-1 @@ -8949,8 +8948,7 @@ CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allow NOT-FOR-US: Foscam, Wansview IP cameras CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...) NOT-FOR-US: Mutiny Standard -CVE-2012-3000 - RESERVED +CVE-2012-3000 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: F5 BIG-IP CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Cerberus FTP @@ -10834,12 +10832,10 @@ CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync ...) {DSA-2578-1} - rssh 2.3.3-6 -CVE-2012-2250 - RESERVED +CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of ...) - tor 0.2.3.24-rc-1 (low) [squeeze] - tor <no-dsa> (Minor issue) -CVE-2012-2249 - RESERVED +CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of ...) - tor 0.2.3.23-rc-1 (low) [squeeze] - tor <no-dsa> (Minor issue) CVE-2012-2248 [build-influenced PATH set in dhclient] @@ -11212,16 +11208,13 @@ CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenS NOTE: http://www.openssl.org/news/secadv_20120419.txt CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin ...) NOT-FOR-US: wordpress buddypress plugin -CVE-2012-2108 - RESERVED +CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c ...) - csound 1:5.17.6~dfsg-1 (low; bug #661197) [squeeze] - csound <no-dsa> (Minor issue) -CVE-2012-2107 - RESERVED +CVE-2012-2107 (Integer overflow in the main function in util/lpci_main.c in Csound ...) - csound 1:5.17.6~dfsg-1 (bug #661197) [squeeze] - csound <no-dsa> (Minor issue) -CVE-2012-2106 - RESERVED +CVE-2012-2106 (Integer overflow in the pv_import function in util/pv_import.c in ...) - csound 1:5.17.6~dfsg-1 (bug #661197) [squeeze] - csound <no-dsa> (Minor issue) CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...) @@ -14123,8 +14116,7 @@ CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash v - xmlrpc-c 1.16.33-3.2 (low; bug #687672) [squeeze] - xmlrpc-c <no-dsa> (Minor issue) - python2.6 <not-affected> (configured with --with-system-expat since 2.6.6-4) -CVE-2012-0875 [systemtap invalid read leading to kernel DoS] - RESERVED +CVE-2012-0875 (SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged ...) - systemtap 1.7-1 (low; bug #660929; bug #660886) [squeeze] - systemtap <not-affected> (Vulnerable code not present) [lenny] - systemtap <not-affected> (Vulnerable code not present) @@ -16184,8 +16176,7 @@ CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 doe CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which ...) - rpm 4.9.1.3-1 (bug #667031) [squeeze] - rpm <no-dsa> (Minor issue) -CVE-2012-0059 - RESERVED +CVE-2012-0059 (Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 ...) NOT-FOR-US: RHN Satellite CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before ...) - linux-2.6 3.2.2-1 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index b65b3af21d..ba86ac943e 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -75,20 +75,17 @@ CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with - tor 0.2.4.20-1 (low) [wheezy] - tor <no-dsa> (Minor issue) [squeeze] - tor <not-affected> (OpenSSL in oldstable not affected) -CVE-2013-7303 [cross-site scripting] - RESERVED +CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - spip 3.0.13-1 (bug #736170) [wheezy] - spip <no-dsa> (Minor issue) [squeeze] - spip <no-dsa> (Minor issue) CVE-2013-7302 RESERVED NOT-FOR-US: Drupal contrib -CVE-2013-7301 [external network interface is used with no access control for reading queued music files] - RESERVED +CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...) - cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154) NOTE: https://code.google.com/p/cantata/issues/detail?id=356 -CVE-2013-7300 [absolute path traversal vulnerability] - RESERVED +CVE-2013-7300 (Absolute path traversal vulnerability in cantata before 1.2.2 allows ...) - cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154) NOTE: https://code.google.com/p/cantata/issues/detail?id=356 CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...) @@ -227,8 +224,8 @@ CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and NOT-FOR-US: Franklin Fueling Systems TS-550 CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...) NOT-FOR-US: Franklin Fueling Systems TS-550 -CVE-2013-7246 - RESERVED +CVE-2013-7246 (Buffer overflow in the IconCreate method in an ActiveX control in the ...) + TODO: check CVE-2013-7245 RESERVED CVE-2013-7244 @@ -339,27 +336,22 @@ CVE-2013-7185 RESERVED CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...) NOT-FOR-US: Gretech GOM Media Player -CVE-2013-7183 - RESERVED -CVE-2013-7182 - RESERVED +CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote ...) + TODO: check +CVE-2013-7182 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Fortinet FortiOS -CVE-2013-7181 - RESERVED +CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add in ...) NOT-FOR-US: FortiWeb CVE-2013-7180 RESERVED -CVE-2013-7179 - RESERVED +CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech ...) NOT-FOR-US: Seowon Intech SWC-9100 routers CVE-2013-7178 RESERVED -CVE-2013-7177 - RESERVED +CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban ...) - fail2ban 0.8.11-1 NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087 -CVE-2013-7176 - RESERVED +CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...) - fail2ban 0.8.11-1 CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...) NOT-FOR-US: Avanset Visual CertExam Manager @@ -1552,15 +1544,14 @@ CVE-2013-6729 RESERVED CVE-2013-6728 RESERVED -CVE-2013-6727 - RESERVED +CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...) NOT-FOR-US: IBM Sametime CVE-2013-6726 RESERVED CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) NOT-FOR-US: IBM WebSphere -CVE-2013-6724 - RESERVED +CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...) + TODO: check CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6722 @@ -2130,8 +2121,7 @@ CVE-2013-6493 CVE-2013-6492 RESERVED NOT-FOR-US: Pirhana -CVE-2013-6491 - RESERVED +CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...) - nova <unfixed> CVE-2013-6490 RESERVED @@ -2858,8 +2848,7 @@ CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5 CVE-2013-6236 RESERVED NOT-FOR-US: Stem Innovations IZON -CVE-2013-6235 [Multiple Reflected XSS vulnerabilities] - RESERVED +CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java ...) - libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh) NOTE: http://seclists.org/bugtraq/2014/Jan/92 CVE-2013-6234 @@ -3050,8 +3039,8 @@ CVE-2013-6145 RESERVED CVE-2013-6144 RESERVED -CVE-2013-6143 - RESERVED +CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware ...) + TODO: check CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...) NOT-FOR-US: Schneider Electric ClearSCADA CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...) @@ -3296,15 +3285,14 @@ CVE-2013-6037 RESERVED CVE-2013-6036 RESERVED -CVE-2013-6035 - RESERVED -CVE-2013-6034 - RESERVED -CVE-2013-6033 - RESERVED +CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...) + TODO: check +CVE-2013-6034 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...) + TODO: check +CVE-2013-6033 (Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 ...) NOT-FOR-US: Lexmark -CVE-2013-6032 - RESERVED +CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...) + TODO: check CVE-2013-6031 RESERVED CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...) @@ -3558,7 +3546,7 @@ CVE-2013-5912 (VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Se NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...) NOT-FOR-US: Tenable SecurityCenter -CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, and Java SE ...) +CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) @@ -3633,7 +3621,7 @@ CVE-2013-5886 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS compo NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...) NOT-FOR-US: Oracle Solaris -CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE Java SE 5.0u55, 6u65, and ...) +CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...) @@ -4821,8 +4809,8 @@ CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Ident NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...) NOT-FOR-US: IBM WebSphere DataPower XC10 appliances -CVE-2013-5427 - RESERVED +CVE-2013-5427 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...) + TODO: check CVE-2013-5426 (Session fixation vulnerability in IBM InfoSphere Master Data ...) NOT-FOR-US: IBM CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) @@ -5722,11 +5710,9 @@ CVE-2013-4981 CVE-2013-4980 RESERVED NOT-FOR-US: AVTECH DVR -CVE-2013-4979 [Buffer Overflow] - RESERVED +CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and ...) NOT-FOR-US: EPS Viewer -CVE-2013-4978 [Buffer Overflow] - RESERVED +CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...) NOT-FOR-US: Aloaha PDF Suite CVE-2013-4977 RESERVED @@ -6293,11 +6279,9 @@ CVE-2013-4741 RESERVED CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...) NOT-FOR-US: Goodix gt915 Android touchscreen driver -CVE-2013-4739 - RESERVED +CVE-2013-4739 (The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm ...) - linux <not-affected> (Android-specific camera drivers) -CVE-2013-4738 - RESERVED +CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...) - linux <not-affected> (Android-specific camera drivers) CVE-2013-4737 RESERVED @@ -7036,8 +7020,7 @@ CVE-2013-4465 (Unrestricted file upload vulnerability in the avatar upload ...) NOT-FOR-US: Simple Machines Forum CVE-2013-4464 RESERVED -CVE-2013-4463 [Compressed disk image DoS] - RESERVED +CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...) - nova 2013.2-3 (bug #728605) CVE-2013-4462 RESERVED @@ -7081,8 +7064,7 @@ CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before - nodejs 0.10.21~dfsg1-1 (medium) NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692 NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/ -CVE-2013-4449 [slapd segfaults on certain queries with rwm overlay enabled] - RESERVED +CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not ...) - openldap <unfixed> (low; bug #729367) [wheezy] - openldap <no-dsa> (Minor issue) [squeeze] - openldap <no-dsa> (Minor issue) @@ -7305,8 +7287,7 @@ CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in the NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26 CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search module ...) NOT-FOR-US: Drupal module -CVE-2013-4383 - RESERVED +CVE-2013-4383 (Cross-site scripting (XSS) vulnerability in the jQuery Countdown ...) NOT-FOR-US: Drupal module CVE-2013-4382 REJECTED @@ -7498,8 +7479,7 @@ CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Librar - eglibc 2.17-93 (bug #722536) [wheezy] - eglibc <no-dsa> (Will be fixed in next point update) [squeeze] - eglibc <no-dsa> (Will be fixed in next point update) -CVE-2013-4331 [incorrect .Xauthority permissions] - RESERVED +CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...) - lightdm 1.6.2-1 (bug #721744) [wheezy] - lightdm <not-affected> (Introduced in 1.4) CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, ...) @@ -8434,8 +8414,8 @@ CVE-2013-4045 (Cross-site scripting (XSS) vulnerability in the Portal applicatio NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4044 (IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services -CVE-2013-4043 - RESERVED +CVE-2013-4043 (The server in IBM SPSS Collaboration and Deployment Services 4.x ...) + TODO: check CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...) @@ -9325,8 +9305,8 @@ CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a for NOT-FOR-US: The Pizza Hut Japan Official Order for Android CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...) NOT-FOR-US: FileMaker Pro -CVE-2013-3639 - RESERVED +CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...) + TODO: check CVE-2013-3638 RESERVED CVE-2013-3637 @@ -9926,8 +9906,8 @@ CVE-2013-3367 RESERVED CVE-2013-3366 RESERVED -CVE-2013-3365 - RESERVED +CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to ...) + TODO: check CVE-2013-3364 RESERVED CVE-2013-3363 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...) @@ -10512,8 +10492,8 @@ CVE-2013-3100 RESERVED CVE-2013-3099 RESERVED -CVE-2013-3098 - RESERVED +CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...) + TODO: check CVE-2013-3097 RESERVED CVE-2013-3096 @@ -10528,21 +10508,20 @@ CVE-2013-3092 RESERVED CVE-2013-3091 RESERVED -CVE-2013-3090 - RESERVED +CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 ...) + TODO: check CVE-2013-3089 RESERVED CVE-2013-3088 RESERVED -CVE-2013-3087 - RESERVED +CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 ...) NOT-FOR-US: Belkin N900 router CVE-2013-3086 RESERVED CVE-2013-3085 RESERVED -CVE-2013-3084 - RESERVED +CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model ...) + TODO: check CVE-2013-3083 RESERVED CVE-2013-3082 @@ -11539,8 +11518,8 @@ CVE-2013-2693 RESERVED CVE-2013-2692 RESERVED -CVE-2013-2691 - RESERVED +CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...) + TODO: check CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology ...) NOT-FOR-US: Synchroweb Technology SynConnect 2.0 CVE-2013-2689 @@ -13287,8 +13266,7 @@ CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, on CVE-2013-2075 RESERVED - chicken <not-affected> (Incomplete fix was never applied) -CVE-2013-2074 [prints passwords contained in HTTP URLs in error messages] - RESERVED +CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows ...) - kde4libs 4:4.10.5-1 (low; bug #707776) [squeeze] - kde4libs <no-dsa> (Minor issue) [wheezy] - kde4libs <no-dsa> (Minor issue) @@ -13652,8 +13630,7 @@ CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote .. {DSA-2703-1} - subversion 1.7.9-1+nmu2 (bug #711033) NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt -CVE-2013-1967 [mediaelement flashmediaelement XSS] - RESERVED +CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in ...) - owncloud <not-affected> (Vulnerable code not present) NOTE: oC >= 4.5 only CVE-2013-1966 (Apache Struts 2 before 2.3.14.1 allows remote attackers to execute ...) @@ -13953,8 +13930,7 @@ CVE-2013-1882 CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary ...) - librsvg 2.40.0-1 (bug #724741) [wheezy] - librsvg 2.36.1-2 -CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application] - RESERVED +CVE-2013-1880 (Cross-site scripting (XSS) vulnerability in the Portfolio publisher ...) - activemq <not-affected> (portfolio demo app not shipped in Debian package) NOTE: https://issues.apache.org/jira/browse/AMQ-4398 CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ...) @@ -14053,8 +14029,8 @@ CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when - almanah 0.9.1-1 (bug #702905) [squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117 -CVE-2013-1852 - RESERVED +CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager ...) + TODO: check CVE-2013-1851 [user_migrate: Local file disclosure] RESERVED - owncloud 4.0.8debian-1.6 (bug #703094) @@ -15406,8 +15382,7 @@ CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c CVE-2013-1572 (The dissect_oampdu_event_notification function in ...) - wireshark <unfixed> (unimportant) NOTE: Not suitable for code injection -CVE-2013-1470 [XSS in geeklog] - RESERVED +CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the ...) NOTE: There was a RFP long time ago, bug #203818 NOTE: https://www.htbridge.com/advisory/HTB23143 NOT-FOR-US: Geeklog @@ -15421,8 +15396,8 @@ CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles NOTE: https://www.htbridge.com/advisory/HTB23144 CVE-2013-1467 RESERVED -CVE-2013-1466 - RESERVED +CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion before ...) + TODO: check CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...) NOT-FOR-US: CubeCart CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...) @@ -15671,8 +15646,7 @@ CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.16 NOT-FOR-US: Adobe Flash Plugin CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ...) NOT-FOR-US: Adobe Digital Editions -CVE-2013-1376 - RESERVED +CVE-2013-1376 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...) NOT-FOR-US: Adobe Flash Plugin @@ -18572,8 +18546,7 @@ CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers - wordpress 3.5.1+dfsg-1 (bug #698916) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7 -CVE-2013-0234 - RESERVED +CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...) - elgg <itp> (bug #526197) CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...) - ruby-devise <itp> (bug #691525) @@ -18761,8 +18734,7 @@ CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swa [squeeze] - redis <no-dsa> (Minor issue) [wheezy] - redis <no-dsa> (Minor issue) NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6 -CVE-2013-0177 - RESERVED +CVE-2013-0177 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: OFBiz CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...) - libssh 0.5.4-1 (low; bug #698963) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 99f5ca598a..aec632b6b9 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1,3 +1,59 @@ +CVE-2014-1868 + RESERVED +CVE-2014-1867 + RESERVED +CVE-2014-1866 + RESERVED +CVE-2014-1865 + RESERVED +CVE-2014-1864 + RESERVED +CVE-2014-1863 + RESERVED +CVE-2014-1862 + RESERVED +CVE-2014-1861 + RESERVED +CVE-2014-1859 + RESERVED +CVE-2014-1858 + RESERVED +CVE-2014-1857 + RESERVED +CVE-2014-1856 + RESERVED +CVE-2014-1855 + RESERVED +CVE-2014-1854 + RESERVED +CVE-2014-1853 + RESERVED +CVE-2014-1852 + RESERVED +CVE-2014-1851 + RESERVED +CVE-2014-1850 + RESERVED +CVE-2014-1849 + RESERVED +CVE-2014-1848 + RESERVED +CVE-2014-1847 + RESERVED +CVE-2014-1844 + RESERVED +CVE-2014-1843 + RESERVED +CVE-2014-1842 + RESERVED +CVE-2014-1841 + RESERVED +CVE-2014-1840 + RESERVED +CVE-2014-1830 + RESERVED +CVE-2014-1829 + RESERVED CVE-2014-XXXX [buffer overflow in socket.recvfrom_into] - python2.5 <removed> (low) - python2.6 <removed> (low) @@ -33,38 +89,48 @@ CVE-2014-XXXX [shell injection] NOTE: Security fix in 0.3.5-1 is invalid NOTE: https://code.google.com/p/python-gnupg/issues/detail?id=98 CVE-2014-1860 [PHP object insertion] + RESERVED NOT-FOR-US: Contao CMS CVE-2014-1832 [incomplete fix of CVE-2014-1831] + RESERVED - ruby-passenger <not-affected> (incomplete patch never applied) - passenger <not-affected> (incomplete patch never applied) CVE-2014-1831 [insecure use of /tmp] + RESERVED - ruby-passenger <unfixed> (low; bug #736958) [wheezy] - ruby-passenger <no-dsa> (low; bug #736958) - passenger <removed> [squeeze] - passenger <no-dsa> (minor issue) CVE-2014-1845 [hardening to the defaults] + RESERVED - e17 <unfixed> (bug #737705) NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463 NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77 CVE-2014-1846 [hardening to the defaults] + RESERVED - e17 <unfixed> (bug #737705) NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463 NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77 CVE-2014-1839 + RESERVED - logilab-common <unfixed> (bug #737051) CVE-2014-1838 + RESERVED - logilab-common <unfixed> (bug #737051) -CVE-2014-1837 +CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento ...) NOT-FOR-US: Joomla com_komento CVE-2014-1836 + RESERVED NOT-FOR-US: ImpressCMS CVE-2014-1835 + RESERVED NOT-FOR-US: Echor Ruby Gem CVE-2014-1834 + RESERVED NOT-FOR-US: Echor Ruby Gem -CVE-2014-1833 [uupdate (devscripts) directory traversal] +CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 ...) - devscripts <unfixed> (bug #737160) CVE-2014-XXXX [no input validation for search function] - fookebox <unfixed> (bug #736821) @@ -337,8 +403,7 @@ CVE-2014-1695 CVE-2014-1750 RESERVED NOT-FOR-US: WordPress plugin nokia-mapsplaces -CVE-2014-1694 - RESERVED +CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...) - otrs2 3.3.4-1 NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/ CVE-2014-1693 @@ -509,11 +574,9 @@ CVE-2014-1614 RESERVED CVE-2014-1613 RESERVED -CVE-2014-1612 - RESERVED +CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web ...) NOT-FOR-US: Mediatrix -CVE-2014-1610 - RESERVED +CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before ...) - mediawiki 1:1.19.11+dfsg-1 CVE-2014-1609 RESERVED @@ -753,80 +816,65 @@ CVE-2014-1493 RESERVED CVE-2014-1492 RESERVED -CVE-2014-1491 - RESERVED +CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...) - iceweasel <unfixed> - icedove <unfixed> - nss 2:3.15.4-1 [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1490 - RESERVED +CVE-2014-1490 (Race condition in libssl in Mozilla Network Security Services (NSS) ...) - iceweasel <unfixed> - icedove <unfixed> - nss 2:3.15.4-1 [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1489 - RESERVED +CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to ...) - iceweasel <not-affected> (Only affects Firefox 26) - icedove <not-affected> (Only affects Firefox 26) -CVE-2014-1488 - RESERVED +CVE-2014-1488 (The Web workers implementation in Mozilla Firefox before 27.0 and ...) - iceweasel <not-affected> (Only affects Firefox 26) - icedove <not-affected> (Only affects Firefox 26) -CVE-2014-1487 - RESERVED +CVE-2014-1487 (The Web workers implementation in Mozilla Firefox before 27.0, Firefox ...) - iceweasel 24.3.0esr-1 - icedove <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1486 - RESERVED +CVE-2014-1486 (Use-after-free vulnerability in the imgRequestProxy function in ...) - iceweasel 24.3.0esr-1 - icedove <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1485 - RESERVED +CVE-2014-1485 (The Content Security Policy (CSP) implementation in Mozilla Firefox ...) - iceweasel <not-affected> (Only affects Firefox 26) - icedove <not-affected> (Only affects Firefox 26) -CVE-2014-1484 - RESERVED +CVE-2014-1484 (Mozilla Firefox before 27.0 on Android 4.2 and earlier creates ...) - iceweasel <not-affected> (Only affects Firefox for Android) - icedove <not-affected> (Only affects Firefox for Android) -CVE-2014-1483 - RESERVED +CVE-2014-1483 (Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote ...) - iceweasel <not-affected> (Only affects Firefox 26) - icedove <not-affected> (Only affects Firefox 26) -CVE-2014-1482 - RESERVED +CVE-2014-1482 (RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x ...) - iceweasel 24.3.0esr-1 - icedove <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1481 - RESERVED +CVE-2014-1481 (Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird ...) - iceweasel 24.3.0esr-1 - icedove <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1480 - RESERVED +CVE-2014-1480 (The file-download implementation in Mozilla Firefox before 27.0 and ...) - iceweasel <not-affected> (Only affects Firefox 26) - icedove <not-affected> (Only affects Firefox 26) -CVE-2014-1479 - RESERVED +CVE-2014-1479 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...) - iceweasel 24.3.0esr-1 - icedove <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> -CVE-2014-1478 - RESERVED +CVE-2014-1478 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <not-affected> (Only affects Firefox 26) - icedove <not-affected> (Only affects Firefox 26) -CVE-2014-1477 - RESERVED +CVE-2014-1477 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 24.3.0esr-1 - icedove <unfixed> [squeeze] - iceweasel <end-of-life> @@ -858,8 +906,7 @@ CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function - pyxdg 0.25-4 (low; bug #736247) [squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version) [wheezy] - pyxdg <not-affected> (get_runtime_dir introduced in later version) -CVE-2014-1611 - RESERVED +CVE-2014-1611 (Cross-site scripting (XSS) vulnerability in the Anonymous Posting ...) NOT-FOR-US: Drupal contrib CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka ...) - python-rply 0.7.1-1 @@ -868,8 +915,7 @@ CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the NOT-FOR-US: McAfee Vulnerability Manager CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise ...) NOT-FOR-US: McAfee Vulnerability Manager -CVE-2014-1471 - RESERVED +CVE-2014-1471 (SQL injection vulnerability in the StateGetStatesByType function in ...) - otrs2 3.3.4-1 NOTE: https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/ CVE-2014-1470 @@ -896,8 +942,8 @@ CVE-2014-1460 RESERVED CVE-2014-1459 RESERVED -CVE-2014-1458 - RESERVED +CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...) + TODO: check CVE-2014-1457 RESERVED CVE-2014-1456 @@ -927,8 +973,8 @@ CVE-2014-1441 NOT-FOR-US: Core FTP Server CVE-2014-1440 RESERVED -CVE-2014-1439 - RESERVED +CVE-2014-1439 (The libxml_disable_entity_loader function in ...) + TODO: check CVE-2014-1437 RESERVED CVE-2014-1436 @@ -1023,8 +1069,7 @@ CVE-2014-1409 RESERVED CVE-2014-1404 RESERVED -CVE-2014-1403 - RESERVED +CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM ...) NOT-FOR-US: easyXDM CVE-2014-1397 RESERVED @@ -1407,8 +1452,8 @@ CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open We NOT-FOR-US: Open Web Analytics CVE-2014-1205 RESERVED -CVE-2014-1204 - RESERVED +CVE-2014-1204 (SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and ...) + TODO: check CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows ...) NOT-FOR-US: SoapUI CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...) @@ -1794,16 +1839,16 @@ CVE-2014-0836 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar S NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-0835 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...) NOT-FOR-US: IBM Security QRadar SIEM -CVE-2014-0834 - RESERVED -CVE-2014-0833 - RESERVED -CVE-2014-0832 - RESERVED -CVE-2014-0831 - RESERVED -CVE-2014-0830 - RESERVED +CVE-2014-0834 (IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 ...) + TODO: check +CVE-2014-0833 (The OAC component in IBM Financial Transaction Manager (FTM) 2.0 ...) + TODO: check +CVE-2014-0832 (Multiple cross-site scripting (XSS) vulnerabilities in ...) + TODO: check +CVE-2014-0831 (Cross-site request forgery (CSRF) vulnerability in the OAC component ...) + TODO: check +CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation ...) + TODO: check CVE-2014-0829 RESERVED CVE-2014-0828 @@ -1838,8 +1883,8 @@ CVE-2014-0814 RESERVED CVE-2014-0813 RESERVED -CVE-2014-0812 - RESERVED +CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...) + TODO: check CVE-2014-0811 RESERVED CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...) @@ -1876,8 +1921,7 @@ CVE-2014-0795 RESERVED CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...) NOT-FOR-US: JV Comment Joomla Extension -CVE-2014-0793 - RESERVED +CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...) NOT-FOR-US: Komento Joomla Extension CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to ...) NOT-FOR-US: Sonatype Nexus @@ -1951,12 +1995,11 @@ CVE-2014-0759 RESERVED CVE-2014-0758 RESERVED -CVE-2014-0757 - RESERVED +CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...) + TODO: check CVE-2014-0756 RESERVED -CVE-2014-0755 - RESERVED +CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not ...) NOT-FOR-US: Rockwell Automation RSLogix CVE-2014-0754 RESERVED @@ -2094,8 +2137,7 @@ CVE-2014-0688 RESERVED CVE-2014-0687 RESERVED -CVE-2014-0686 - RESERVED +CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0685 RESERVED @@ -2478,8 +2520,7 @@ CVE-2014-0499 RESERVED CVE-2014-0498 RESERVED -CVE-2014-0497 - RESERVED +CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...) NOT-FOR-US: Flash plugin CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader @@ -2868,8 +2909,8 @@ CVE-2014-0331 RESERVED CVE-2014-0330 RESERVED -CVE-2014-0329 - RESERVED +CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded ...) + TODO: check CVE-2014-0328 RESERVED CVE-2014-0327 @@ -3514,8 +3555,7 @@ CVE-2014-0021 [traffic amplification in cmdmon protocol] CVE-2014-0020 RESERVED - pidgin 2.10.8-1 -CVE-2014-0019 [PROXY-CONNECT address overflow] - RESERVED +CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and ...) - socat 1.7.2.3-1 (low; bug #736993) [squeeze] - socat <no-dsa> (Minor issue) [wheezy] - socat <no-dsa> (Minor issue) @@ -3526,8 +3566,7 @@ CVE-2014-0017 RESERVED CVE-2014-0016 RESERVED -CVE-2014-0015 - RESERVED +CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...) {DSA-2849-1} - curl 7.35.0-1 CVE-2014-0014 @@ -3566,8 +3605,7 @@ CVE-2014-0003 RESERVED CVE-2014-0002 RESERVED -CVE-2014-0001 [command-line tool buffer overflow via long server version string] - RESERVED +CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...) - mysql-5.1 <removed> - mysql-5.5 <unfixed> (bug #737596) - mariadb-5.5 <unfixed> (bug #737597) |