CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...) - libdbi-perl 1.643-3 (bug #972180) [buster] - libdbi-perl 1.642-1+deb10u2 [stretch] - libdbi-perl (Revisit when fixed upstream) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 CVE-2014-10401 (An issue was discovered in the DBI module before 1.632 for Perl. DBD:: ...) - libdbi-perl 1.633-1 NOTE: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508 NOTE: Proposed fix: https://github.com/perl5-dbi/dbi/pull/93 CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...) - lua-cgi (session generation changed in 5.1.x, cf. CVE-2014-10399) NOTE: https://seclists.org/fulldisclosure/2014/Apr/318 CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...) - lua-cgi (session generation changed in 5.2.x, cf. CVE-2014-2875) NOTE: https://seclists.org/fulldisclosure/2014/Apr/318 CVE-2014-10398 (Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank ...) NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client CVE-2014-10397 (The Antioch theme through 2014-09-07 for WordPress allows arbitrary fi ...) NOT-FOR-US: Antioch theme for WordPress CVE-2014-10396 (The epic theme through 2014-09-07 for WordPress allows arbitrary file ...) NOT-FOR-US: epic theme for WordPress CVE-2014-10395 (The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes li ...) NOT-FOR-US: cp-polls plugin for WordPress CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has JavaScript inje ...) NOT-FOR-US: rich-counter plugin for WordPress CVE-2014-10393 (The cforms2 plugin before 10.5 for WordPress has XSS. ...) NOT-FOR-US: cforms2 plugin for WordPress CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...) NOT-FOR-US: cforms2 plugin for WordPress CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 for Wor ...) NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10390 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10389 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10388 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10387 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10386 (The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScr ...) NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress has XSS ...) NOT-FOR-US: memphis-documents-library plugin for WordPress CVE-2014-10384 (The memphis-documents-library plugin before 3.0 for WordPress has Loca ...) NOT-FOR-US: memphis-documents-library plugin for WordPress CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress has Remo ...) NOT-FOR-US: memphis-documents-library plugin for WordPress CVE-2014-10382 (The feature-comments plugin before 1.2.5 for WordPress has CSRF for fe ...) NOT-FOR-US: feature-comments plugin for WordPress CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2014-10380 (The profile-builder plugin before 1.1.66 for WordPress has multiple XS ...) NOT-FOR-US: profile-builder plugin for WordPress CVE-2014-10379 (The duplicate-post plugin before 2.6 for WordPress has SQL injection. ...) NOT-FOR-US: duplicate-post plugin for WordPress CVE-2014-10378 (The duplicate-post plugin before 2.6 for WordPress has XSS. ...) NOT-FOR-US: duplicate-post plugin for WordPress CVE-2014-10377 (The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. ...) NOT-FOR-US: cforms2 plugin for WordPress CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...) NOT-FOR-US: i-recommend-this plugin for WordPress CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...) - libexosip2 (bug #934766) [buster] - libexosip2 (Minor issue) [stretch] - libexosip2 (Minor issue) [jessie] - libexosip2 (Minor issue) NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070 CVE-2014-1200 RESERVED CVE-2014-1199 RESERVED CVE-2014-1198 RESERVED CVE-2014-1197 RESERVED CVE-2014-1196 RESERVED CVE-2014-1195 RESERVED CVE-2014-1194 RESERVED CVE-2014-1193 RESERVED CVE-2014-1192 RESERVED CVE-2014-1191 RESERVED CVE-2014-1190 RESERVED CVE-2014-1189 RESERVED CVE-2014-1188 RESERVED CVE-2014-1187 RESERVED CVE-2014-1186 RESERVED CVE-2014-1185 RESERVED CVE-2014-1184 RESERVED CVE-2014-1183 RESERVED CVE-2014-1182 RESERVED CVE-2014-1181 RESERVED CVE-2014-1180 RESERVED CVE-2014-1179 RESERVED CVE-2014-1178 RESERVED CVE-2014-1177 RESERVED CVE-2014-1176 RESERVED CVE-2014-1175 RESERVED CVE-2014-1174 RESERVED CVE-2014-1173 RESERVED CVE-2014-1172 RESERVED CVE-2014-1171 RESERVED CVE-2014-1170 RESERVED CVE-2014-1169 RESERVED CVE-2014-1168 RESERVED CVE-2014-1167 RESERVED CVE-2014-1166 RESERVED CVE-2014-1165 RESERVED CVE-2014-1164 RESERVED CVE-2014-1163 RESERVED CVE-2014-1162 RESERVED CVE-2014-1161 RESERVED CVE-2014-1160 RESERVED CVE-2014-1159 RESERVED CVE-2014-1158 RESERVED CVE-2014-1157 RESERVED CVE-2014-1156 RESERVED CVE-2014-1154 RESERVED CVE-2014-1153 RESERVED CVE-2014-1152 RESERVED CVE-2014-1151 RESERVED CVE-2014-1150 RESERVED CVE-2014-1149 RESERVED CVE-2014-1148 RESERVED CVE-2014-1147 RESERVED CVE-2014-1146 RESERVED CVE-2014-1145 RESERVED CVE-2014-1144 RESERVED CVE-2014-1143 RESERVED CVE-2014-1142 RESERVED CVE-2014-1141 RESERVED CVE-2014-1140 RESERVED CVE-2014-1139 RESERVED CVE-2014-1138 RESERVED CVE-2014-1136 RESERVED CVE-2014-1135 RESERVED CVE-2014-1134 RESERVED CVE-2014-1133 RESERVED CVE-2014-1132 RESERVED CVE-2014-1131 RESERVED CVE-2014-1130 RESERVED CVE-2014-1129 RESERVED CVE-2014-1128 RESERVED CVE-2014-1127 RESERVED CVE-2014-1126 RESERVED CVE-2014-1125 RESERVED CVE-2014-1124 RESERVED CVE-2014-1123 RESERVED CVE-2014-1122 RESERVED CVE-2014-1121 RESERVED CVE-2014-1120 RESERVED CVE-2014-1119 RESERVED CVE-2014-1118 RESERVED CVE-2014-1117 RESERVED CVE-2014-1116 RESERVED CVE-2014-1115 RESERVED CVE-2014-1114 RESERVED CVE-2014-1113 RESERVED CVE-2014-1112 RESERVED CVE-2014-1111 RESERVED CVE-2014-1110 RESERVED CVE-2014-1109 RESERVED CVE-2014-1108 RESERVED CVE-2014-1107 RESERVED CVE-2014-1106 RESERVED CVE-2014-1105 RESERVED CVE-2014-1104 RESERVED CVE-2014-1103 RESERVED CVE-2014-1102 RESERVED CVE-2014-1101 RESERVED CVE-2014-1100 RESERVED CVE-2014-1099 RESERVED CVE-2014-1098 RESERVED CVE-2014-1097 RESERVED CVE-2014-1096 RESERVED CVE-2014-1095 RESERVED CVE-2014-1094 RESERVED CVE-2014-1093 RESERVED CVE-2014-1092 RESERVED CVE-2014-1091 RESERVED CVE-2014-1090 RESERVED CVE-2014-1089 RESERVED CVE-2014-1088 RESERVED CVE-2014-1087 RESERVED CVE-2014-1086 RESERVED CVE-2014-1085 RESERVED CVE-2014-1084 RESERVED CVE-2014-1083 RESERVED CVE-2014-1082 RESERVED CVE-2014-1081 RESERVED CVE-2014-1080 RESERVED CVE-2014-1079 RESERVED CVE-2014-1078 RESERVED CVE-2014-1077 RESERVED CVE-2014-1076 RESERVED CVE-2014-1075 RESERVED CVE-2014-1074 RESERVED CVE-2014-1073 RESERVED CVE-2014-1072 RESERVED CVE-2014-1071 RESERVED CVE-2014-1070 RESERVED CVE-2014-1069 RESERVED CVE-2014-1068 RESERVED CVE-2014-1067 RESERVED CVE-2014-1066 RESERVED CVE-2014-1065 RESERVED CVE-2014-1064 RESERVED CVE-2014-1063 RESERVED CVE-2014-1062 RESERVED CVE-2014-1061 RESERVED CVE-2014-1060 RESERVED CVE-2014-1059 RESERVED CVE-2014-1058 RESERVED CVE-2014-1057 RESERVED CVE-2014-1056 RESERVED CVE-2014-1055 RESERVED CVE-2014-1054 RESERVED CVE-2014-1053 RESERVED CVE-2014-1052 RESERVED CVE-2014-1051 RESERVED CVE-2014-1050 RESERVED CVE-2014-1049 RESERVED CVE-2014-1048 RESERVED CVE-2014-1047 RESERVED CVE-2014-1046 RESERVED CVE-2014-1045 RESERVED CVE-2014-1044 RESERVED CVE-2014-1043 RESERVED CVE-2014-1042 RESERVED CVE-2014-1041 RESERVED CVE-2014-1040 RESERVED CVE-2014-1039 RESERVED CVE-2014-1038 RESERVED CVE-2014-10374 (On Fitbit activity-tracker devices, certain addresses never change. Ac ...) NOT-FOR-US: Fitbit activity-tracker devices CVE-2014-10373 RESERVED CVE-2014-10372 RESERVED CVE-2014-10371 RESERVED CVE-2014-10370 RESERVED CVE-2014-1037 RESERVED CVE-2014-10369 RESERVED CVE-2014-10368 RESERVED CVE-2014-10367 RESERVED CVE-2014-10366 RESERVED CVE-2014-10365 RESERVED CVE-2014-10364 RESERVED CVE-2014-10363 RESERVED CVE-2014-10362 RESERVED CVE-2014-10361 RESERVED CVE-2014-10360 RESERVED CVE-2014-1036 RESERVED CVE-2014-10359 RESERVED CVE-2014-10358 RESERVED CVE-2014-10357 RESERVED CVE-2014-10356 RESERVED CVE-2014-10355 RESERVED CVE-2014-10354 RESERVED CVE-2014-10353 RESERVED CVE-2014-10352 RESERVED CVE-2014-10351 RESERVED CVE-2014-10350 RESERVED CVE-2014-1035 RESERVED CVE-2014-10349 RESERVED CVE-2014-10348 RESERVED CVE-2014-10347 RESERVED CVE-2014-10346 RESERVED CVE-2014-10345 RESERVED CVE-2014-10344 RESERVED CVE-2014-10343 RESERVED CVE-2014-10342 RESERVED CVE-2014-10341 RESERVED CVE-2014-10340 RESERVED CVE-2014-1034 RESERVED CVE-2014-10339 RESERVED CVE-2014-10338 RESERVED CVE-2014-10337 RESERVED CVE-2014-10336 RESERVED CVE-2014-10335 RESERVED CVE-2014-10334 RESERVED CVE-2014-10333 RESERVED CVE-2014-10332 RESERVED CVE-2014-10331 RESERVED CVE-2014-10330 RESERVED CVE-2014-1033 RESERVED CVE-2014-10329 RESERVED CVE-2014-10328 RESERVED CVE-2014-10327 RESERVED CVE-2014-10326 RESERVED CVE-2014-10325 RESERVED CVE-2014-10324 RESERVED CVE-2014-10323 RESERVED CVE-2014-10322 RESERVED CVE-2014-10321 RESERVED CVE-2014-10320 RESERVED CVE-2014-1032 RESERVED CVE-2014-10319 RESERVED CVE-2014-10318 RESERVED CVE-2014-10317 RESERVED CVE-2014-10316 RESERVED CVE-2014-10315 RESERVED CVE-2014-10314 RESERVED CVE-2014-10313 RESERVED CVE-2014-10312 RESERVED CVE-2014-10311 RESERVED CVE-2014-10310 RESERVED CVE-2014-1031 RESERVED CVE-2014-10309 RESERVED CVE-2014-10308 RESERVED CVE-2014-10307 RESERVED CVE-2014-10306 RESERVED CVE-2014-10305 RESERVED CVE-2014-10304 RESERVED CVE-2014-10303 RESERVED CVE-2014-10302 RESERVED CVE-2014-10301 RESERVED CVE-2014-10300 RESERVED CVE-2014-1030 RESERVED CVE-2014-10299 RESERVED CVE-2014-10298 RESERVED CVE-2014-10297 RESERVED CVE-2014-10296 RESERVED CVE-2014-10295 RESERVED CVE-2014-10294 RESERVED CVE-2014-10293 RESERVED CVE-2014-10292 RESERVED CVE-2014-10291 RESERVED CVE-2014-10290 RESERVED CVE-2014-1029 RESERVED CVE-2014-10289 RESERVED CVE-2014-10288 RESERVED CVE-2014-10287 RESERVED CVE-2014-10286 RESERVED CVE-2014-10285 RESERVED CVE-2014-10284 RESERVED CVE-2014-10283 RESERVED CVE-2014-10282 RESERVED CVE-2014-10281 RESERVED CVE-2014-10280 RESERVED CVE-2014-1028 RESERVED CVE-2014-10279 RESERVED CVE-2014-10278 RESERVED CVE-2014-10277 RESERVED CVE-2014-10276 RESERVED CVE-2014-10275 RESERVED CVE-2014-10274 RESERVED CVE-2014-10273 RESERVED CVE-2014-10272 RESERVED CVE-2014-10271 RESERVED CVE-2014-10270 RESERVED CVE-2014-1027 RESERVED CVE-2014-10269 RESERVED CVE-2014-10268 RESERVED CVE-2014-10267 RESERVED CVE-2014-10266 RESERVED CVE-2014-10265 RESERVED CVE-2014-10264 RESERVED CVE-2014-10263 RESERVED CVE-2014-10262 RESERVED CVE-2014-10261 RESERVED CVE-2014-10260 RESERVED CVE-2014-1026 RESERVED CVE-2014-10259 RESERVED CVE-2014-10258 RESERVED CVE-2014-10257 RESERVED CVE-2014-10256 RESERVED CVE-2014-10255 RESERVED CVE-2014-10254 RESERVED CVE-2014-10253 RESERVED CVE-2014-10252 RESERVED CVE-2014-10251 RESERVED CVE-2014-10250 RESERVED CVE-2014-1025 RESERVED CVE-2014-10249 RESERVED CVE-2014-10248 RESERVED CVE-2014-10247 RESERVED CVE-2014-10246 RESERVED CVE-2014-10245 RESERVED CVE-2014-10244 RESERVED CVE-2014-10243 RESERVED CVE-2014-10242 RESERVED CVE-2014-10241 RESERVED CVE-2014-10240 RESERVED CVE-2014-1024 RESERVED CVE-2014-10239 RESERVED CVE-2014-10238 RESERVED CVE-2014-10237 RESERVED CVE-2014-10236 RESERVED CVE-2014-10235 RESERVED CVE-2014-10234 RESERVED CVE-2014-10233 RESERVED CVE-2014-10232 RESERVED CVE-2014-10231 RESERVED CVE-2014-10230 RESERVED CVE-2014-1023 RESERVED CVE-2014-10229 RESERVED CVE-2014-10228 RESERVED CVE-2014-10227 RESERVED CVE-2014-10226 RESERVED CVE-2014-10225 RESERVED CVE-2014-10224 RESERVED CVE-2014-10223 RESERVED CVE-2014-10222 RESERVED CVE-2014-10221 RESERVED CVE-2014-10220 RESERVED CVE-2014-1022 RESERVED CVE-2014-10219 RESERVED CVE-2014-10218 RESERVED CVE-2014-10217 RESERVED CVE-2014-10216 RESERVED CVE-2014-10215 RESERVED CVE-2014-10214 RESERVED CVE-2014-10213 RESERVED CVE-2014-10212 RESERVED CVE-2014-10211 RESERVED CVE-2014-10210 RESERVED CVE-2014-1021 RESERVED CVE-2014-10209 RESERVED CVE-2014-10208 RESERVED CVE-2014-10207 RESERVED CVE-2014-10206 RESERVED CVE-2014-10205 RESERVED CVE-2014-10204 RESERVED CVE-2014-10203 RESERVED CVE-2014-10202 RESERVED CVE-2014-10201 RESERVED CVE-2014-10200 RESERVED CVE-2014-1020 RESERVED CVE-2014-10199 RESERVED CVE-2014-10198 RESERVED CVE-2014-10197 RESERVED CVE-2014-10196 RESERVED CVE-2014-10195 RESERVED CVE-2014-10194 RESERVED CVE-2014-10193 RESERVED CVE-2014-10192 RESERVED CVE-2014-10191 RESERVED CVE-2014-10190 RESERVED CVE-2014-1019 RESERVED CVE-2014-10189 RESERVED CVE-2014-10188 RESERVED CVE-2014-10187 RESERVED CVE-2014-10186 RESERVED CVE-2014-10185 RESERVED CVE-2014-10184 RESERVED CVE-2014-10183 RESERVED CVE-2014-10182 RESERVED CVE-2014-10181 RESERVED CVE-2014-10180 RESERVED CVE-2014-1018 RESERVED CVE-2014-10179 RESERVED CVE-2014-10178 RESERVED CVE-2014-10177 RESERVED CVE-2014-10176 RESERVED CVE-2014-10175 RESERVED CVE-2014-10174 RESERVED CVE-2014-10173 RESERVED CVE-2014-10172 RESERVED CVE-2014-10171 RESERVED CVE-2014-10170 RESERVED CVE-2014-1017 RESERVED CVE-2014-10169 RESERVED CVE-2014-10168 RESERVED CVE-2014-10167 RESERVED CVE-2014-10166 RESERVED CVE-2014-10165 RESERVED CVE-2014-10164 RESERVED CVE-2014-10163 RESERVED CVE-2014-10162 RESERVED CVE-2014-10161 RESERVED CVE-2014-10160 RESERVED CVE-2014-1016 RESERVED CVE-2014-10159 RESERVED CVE-2014-10158 RESERVED CVE-2014-10157 RESERVED CVE-2014-10156 RESERVED CVE-2014-10155 RESERVED CVE-2014-10154 RESERVED CVE-2014-10153 RESERVED CVE-2014-10152 RESERVED CVE-2014-10151 RESERVED CVE-2014-10150 RESERVED CVE-2014-1015 RESERVED CVE-2014-10149 RESERVED CVE-2014-10148 RESERVED CVE-2014-10147 RESERVED CVE-2014-10146 RESERVED CVE-2014-10145 RESERVED CVE-2014-10144 RESERVED CVE-2014-10143 RESERVED CVE-2014-10142 RESERVED CVE-2014-10141 RESERVED CVE-2014-10140 RESERVED CVE-2014-1014 RESERVED CVE-2014-10139 RESERVED CVE-2014-10138 RESERVED CVE-2014-10137 RESERVED CVE-2014-10136 RESERVED CVE-2014-10135 RESERVED CVE-2014-10134 RESERVED CVE-2014-10133 RESERVED CVE-2014-10132 RESERVED CVE-2014-10131 RESERVED CVE-2014-10130 RESERVED CVE-2014-1013 RESERVED CVE-2014-10129 RESERVED CVE-2014-10128 RESERVED CVE-2014-10127 RESERVED CVE-2014-10126 RESERVED CVE-2014-10125 RESERVED CVE-2014-10124 RESERVED CVE-2014-10123 RESERVED CVE-2014-10122 RESERVED CVE-2014-10121 RESERVED CVE-2014-10120 RESERVED CVE-2014-1012 RESERVED CVE-2014-10119 RESERVED CVE-2014-10118 RESERVED CVE-2014-10117 RESERVED CVE-2014-10116 RESERVED CVE-2014-10115 RESERVED CVE-2014-10114 RESERVED CVE-2014-10113 RESERVED CVE-2014-10112 RESERVED CVE-2014-10111 RESERVED CVE-2014-10110 RESERVED CVE-2014-1011 RESERVED CVE-2014-10109 RESERVED CVE-2014-10108 RESERVED CVE-2014-10107 RESERVED CVE-2014-10106 RESERVED CVE-2014-10105 RESERVED CVE-2014-10104 RESERVED CVE-2014-10103 RESERVED CVE-2014-10102 RESERVED CVE-2014-10101 RESERVED CVE-2014-10100 RESERVED CVE-2014-1010 RESERVED CVE-2014-10099 RESERVED CVE-2014-10098 RESERVED CVE-2014-10097 RESERVED CVE-2014-10096 RESERVED CVE-2014-10095 RESERVED CVE-2014-10094 RESERVED CVE-2014-10093 RESERVED CVE-2014-10092 RESERVED CVE-2014-10091 RESERVED CVE-2014-10090 RESERVED CVE-2014-1009 RESERVED CVE-2014-10089 RESERVED CVE-2014-10088 RESERVED CVE-2014-10087 RESERVED CVE-2014-10086 RESERVED CVE-2014-10085 RESERVED CVE-2014-10084 RESERVED CVE-2014-10083 RESERVED CVE-2014-10082 RESERVED CVE-2014-10081 RESERVED CVE-2014-10080 RESERVED CVE-2014-1008 RESERVED CVE-2014-1007 RESERVED CVE-2014-1006 RESERVED CVE-2014-1005 RESERVED CVE-2014-1003 RESERVED CVE-2014-1002 RESERVED CVE-2014-1001 RESERVED CVE-2014-1000 RESERVED CVE-2014-10079 (In Vembu StoreGrid 4.4.x, the front page of the server web interface l ...) NOT-FOR-US: Vembu StoreGrid CVE-2014-10078 (Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregs ...) NOT-FOR-US: Vembu StoreGrid CVE-2014-1000000 REJECTED CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 f ...) {DLA-1584-1} - ruby-i18n 0.7.0-3 (bug #913093) [stretch] - ruby-i18n 0.7.0-2+deb9u1 NOTE: https://github.com/svenfuchs/i18n/pull/289 NOTE: https://github.com/svenfuchs/i18n/commit/24e71a9a4901ed18c9cab5c53109fd9bf2416bcb CVE-2014-10076 (The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character ...) NOT-FOR-US: wp-db-backup plugin WordPress CVE-2014-10075 (The karo gem 2.3.8 for Ruby allows Remote command injection via the ho ...) NOT-FOR-US: karo gem CVE-2014-10074 (Umbraco before 7.2.0 has a remote PHP code execution vulnerability bec ...) NOT-FOR-US: Umbraco CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1. ...) {DLA-1361-1} - psensor 1.1.5-1 (low; bug #896195) [jessie] - psensor 1.1.3-2+deb8u1 NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow when scanni ...) {DLA-1304-1} - zsh 5.0.6-1 NOTE: https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210 CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for very lon ...) {DLA-1304-1} - zsh 5.0.7-3 NOTE: https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055 NOTE: Debian needed to add cherry-pick-9982ab6f-missing-changelog-entry CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of integer va ...) {DLA-1304-1} - zsh 5.0.7-3 NOTE: https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72 CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared ...) NOT-FOR-US: Hitron CVE-30360 devices CVE-2014-10068 (The inert directory handler in inert node module before 1.1.1 always a ...) NOT-FOR-US: inert CVE-2014-10067 (paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...) NOT-FOR-US: paypal-ipn CVE-2014-10066 (Versions less than 0.1.4 of the static file server module fancy-server ...) NOT-FOR-US: fancy-server CVE-2014-10065 (Certain input when passed into remarkable before 1.4.1 will bypass the ...) NOT-FOR-US: remarkable CVE-2014-10064 (The qs module before 1.0.0 does not have an option or default for spec ...) - node-qs 2.2.4-1 (unimportant) NOTE: https://nodesecurity.io/advisories/28 NOTE: nodejs not security by security support CVE-2014-9998 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9997 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9996 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9995 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9992 REJECTED CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9989 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9988 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9987 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9986 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9985 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10061 REJECTED CVE-2014-10060 REJECTED CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10057 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10056 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10055 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10054 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10053 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10052 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10049 REJECTED CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10046 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10045 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10044 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10043 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-10039 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.20 doe ...) - glibc 2.19-14 - eglibc [wheezy] - eglibc (Vulnerable code not present) NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f CVE-2014-9982 REJECTED CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash c ...) - jasypt 1.9.2-1 [jessie] - jasypt (Minor issue) [wheezy] - jasypt (Minor issue) NOTE: https://sourceforge.net/p/jasypt/code/668/ CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a Time-of-che ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ov ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer over ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9959 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9958 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9957 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9956 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) NOT-FOR-US: Qualcomm component for Android CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the L ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9944 (In the Secure File System in all Android releases from CAF using the L ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux kernel, a Use ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in th ...) {DSA-3945-1} - linux 4.0.2-1 (low) [wheezy] - linux (Vulnerable code not present) CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...) - git 1:2.0.0~rc2-1 [wheezy] - git (Vulnerable code introduced in 1.8.1-rc0) NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f NOTE: https://github.com/njhartwell/pw3nage NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250 CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could potentia ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a buffer ove ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android releases f ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9933 (Due to missing input validation in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially occur ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux kernel, a Bu ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel, a Buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux kernel, a Use ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel, a Buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel, a Signe ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel, a Buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local us ...) - linux 4.0.2-1 [jessie] - linux 3.16.39-1 [wheezy] - linux 3.2.82-1 NOTE: Fixed by: https://git.kernel.org/linus/69c433ed2ecd2d3264efd7afec4439524b319121 (v3.18-rc2) CVE-2014-9921 (Information disclosure vulnerability in McAfee (now Intel Security) Cl ...) NOT-FOR-US: Intel antivirus CVE-2014-9920 (Unauthorized execution of binary vulnerability in McAfee (now Intel Se ...) NOT-FOR-US: Intel antivirus CVE-2014-9919 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the f ...) NOT-FOR-US: Bilboplanet CVE-2014-9918 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the u ...) NOT-FOR-US: Bilboplanet CVE-2014-9917 (An issue was discovered in Bilboplanet 2.0. There is a stored XSS vuln ...) NOT-FOR-US: Bilboplanet CVE-2014-9916 (Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 ...) NOT-FOR-US: Bilboplanet CVE-2014-9914 (Race condition in the ip4_datagram_release_cb function in net/ipv4/dat ...) - linux 3.16.2-1 [wheezy] - linux (Vulnerable code introduced later) CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip UnZip ...) {DLA-741-1} - unzip 6.0-21 (bug #847485) [jessie] - unzip 6.0-16+deb8u3 NOTE: Upstream bug: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750 NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash NOTE: in different areas of the unzip codebase) NOTE: https://www.openwall.com/lists/oss-security/2014/11/03/5 CVE-2014-9912 (The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...) - php5 5.6.0+dfsg-1 [wheezy] - php5 5.4.34-0+deb7u1 NOTE: Fixed in 5.6.0, 5.5.14, 5.4.30, 5.3.29 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=67397 NOTE: Upstream patch: https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest NOTE: PHP workaround for CVE-2014-9911 in icu CVE-2014-9911 (Stack-based buffer overflow in the ures_getByKeyWithFallback function ...) {DSA-3725-1 DLA-744-1} - icu 55.1-3 NOTE: http://bugs.icu-project.org/trac/ticket/10891 NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699 NOTE: The patch addressing CVE-2014-9911 is applied in 54.1 , but the NOTE: first fixed package version uploaded to unstable is 55.1-3 . CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Android Broadcom driver CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) NOT-FOR-US: Android Broadcom driver CVE-2014-9908 (A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0. ...) NOT-FOR-US: Android CVE-2014-9907 (coders/dds.c in ImageMagick allows remote attackers to cause a denial ...) {DSA-3652-1 DLA-731-1} - imagemagick 8:6.9.6.2+dfsg-2 (bug #832942) NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52 NOTE: https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2 NOTE: https://www.openwall.com/lists/oss-security/2016/08/07/1 CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows attacke ...) {DSA-3635-1 DLA-576-1} - libdbd-mysql-perl 4.033-1 NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625 NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27 NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc CVE-2014-9905 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Calenda ...) - sogo 2.2.5-1 [wheezy] - sogo (not supported in Wheezy LTS) NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9 (SOGo-2.2.0) NOTE: https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765 (SOGo-2.2.0) NOTE: https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501 (SOGo-2.2.0) NOTE: https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625 (SOGo-2.2.0) NOTE: https://sogo.nu/bugs/view.php?id=2598 CVE-2014-9904 (The snd_compress_check_input function in sound/core/compress_offload.c ...) {DSA-3616-1} - linux 4.0.2-1 [wheezy] - linux (Vulnerable code not present) NOTE: 4.0.2-1 the first version in unstable after 3.17-rc1 NOTE: Fixed by: https://git.kernel.org/linus/6217e5ede23285ddfee10d2e4ba0cc2d4c046205 (3.17-rc1) NOTE: Introduced by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1) CVE-2014-9903 (The sched_read_attr function in kernel/sched/core.c in the Linux kerne ...) - linux NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4 CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualc ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9901 (The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (201 ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9900 (The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...) - linux (unimportant) CVE-2014-9899 (drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android bef ...) - linux (Android-specific driver) CVE-2014-9898 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components ...) - linux (Android-specific driver) CVE-2014-9897 (sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in A ...) - linux (Android-specific driver) CVE-2014-9896 (drivers/char/adsprpc.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9895 (drivers/media/media-device.c in the Linux kernel before 3.11, as used ...) {DLA-833-1} - linux 3.11.5-1 CVE-2014-9894 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9893 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in And ...) - linux (Android-specific driver) CVE-2014-9892 (The snd_compr_tstamp function in sound/core/compress_offload.c in the ...) - linux (unimportant) NOTE: Not considered a security issue/invalid issue by the Debian kernel team CVE-2014-9891 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9890 (Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/ms ...) - linux (Android-specific driver) CVE-2014-9889 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualco ...) - linux (Android-specific driver) CVE-2014-9888 (arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platf ...) {DLA-833-1} - linux 3.13.4-1 CVE-2014-9887 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9886 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components ...) - linux (Android-specific driver) CVE-2014-9885 (Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qu ...) - linux (Android-specific driver) CVE-2014-9884 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9883 (Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm compo ...) - linux (Android-specific driver) CVE-2014-9882 (Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm co ...) - linux (Android-specific driver) CVE-2014-9881 (drivers/media/radio/radio-iris.c in the Qualcomm components in Android ...) - linux (Android-specific driver) CVE-2014-9880 (drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in ...) - linux (Android-specific driver) CVE-2014-9879 (The mdss mdp3 driver in the Qualcomm components in Android before 2016 ...) - linux (Android-specific driver) CVE-2014-9878 (drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Androi ...) - linux (Android-specific driver) CVE-2014-9877 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...) - linux (Android-specific driver) CVE-2014-9876 (drivers/char/diag/diagfwd.c in the Qualcomm components in Android befo ...) - linux (Android-specific driver) CVE-2014-9875 (drivers/char/diag/diag_dci.c in the Qualcomm components in Android bef ...) - linux (Android-specific driver) CVE-2014-9874 (Buffer overflow in the Qualcomm components in Android before 2016-08-0 ...) - linux (Android-specific driver) CVE-2014-9873 (Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm comp ...) - linux (Android-specific driver) CVE-2014-9872 (The diag driver in the Qualcomm components in Android before 2016-08-0 ...) - linux (Android-specific driver) CVE-2014-9871 (Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/ ...) - linux (Android-specific driver) CVE-2014-9870 (The Linux kernel before 3.11 on ARM platforms, as used in Android befo ...) - linux 3.11.5-1 [wheezy] - linux (Minor issue, hardly a security impact, cf. kernel-sec) CVE-2014-9869 (drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Q ...) - linux (Android-specific driver) CVE-2014-9868 (drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the ...) - linux (Android-specific driver) CVE-2014-9867 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qua ...) - linux (Android-specific driver) CVE-2014-9866 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qua ...) - linux (Android-specific driver) CVE-2014-9865 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9864 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific driver) CVE-2014-9863 (Integer underflow in the diag driver in the Qualcomm components in And ...) - linux (Android-specific driver) CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...) {DLA-2010-1 DLA-697-1} - bsdiff 4.3-17 NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525 CVE-2014-9861 RESERVED CVE-2014-9860 RESERVED CVE-2014-9859 RESERVED CVE-2014-9858 RESERVED CVE-2014-9857 RESERVED CVE-2014-9856 RESERVED CVE-2014-9855 RESERVED CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-n ...) - linux (Vulnerable code never present, introduced and fixed in 3.16 development cycle) NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1) NOTE: Fixed by (revert of commit): https://git.kernel.org/linus/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (v3.16-rc1) CVE-2014-9804 (vision.c in ImageMagick allows remote attackers to cause a denial of s ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (Vulnerable code introduced later) CVE-2014-9805 (ImageMagick allows remote attackers to cause a denial of service (segm ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9806 (ImageMagick allows remote attackers to cause a denial of service (file ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9807 (The pdb coder in ImageMagick allows remote attackers to cause a denial ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9808 (ImageMagick allows remote attackers to cause a denial of service (segm ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9809 (ImageMagick allows remote attackers to cause a denial of service (segm ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9810 (The dpx file handler in ImageMagick allows remote attackers to cause a ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9811 (The xwd file handler in ImageMagick allows remote attackers to cause a ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9812 (ImageMagick allows remote attackers to cause a denial of service (NULL ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9813 (ImageMagick allows remote attackers to cause a denial of service (appl ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9814 (ImageMagick allows remote attackers to cause a denial of service (NULL ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9815 (ImageMagick allows remote attackers to cause a denial of service (appl ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9816 (ImageMagick allows remote attackers to cause a denial of service (out- ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9817 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9818 (ImageMagick allows remote attackers to cause a denial of service (out- ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9819 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9820 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (Vulnerable code not present) CVE-2014-9821 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9822 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9823 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9824 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9825 (Heap-based buffer overflow in ImageMagick allows remote attackers to h ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (Vulnerable code not present) CVE-2014-9826 (ImageMagick allows remote attackers to have unspecified impact via vec ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (No apparent security impact) CVE-2014-9827 (coders/xpm.c in ImageMagick allows remote attackers to have unspecifie ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (Vulnerable code not present) CVE-2014-9828 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9829 (coders/sun.c in ImageMagick allows remote attackers to cause a denial ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9830 (coders/sun.c in ImageMagick allows remote attackers to have unspecifie ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9831 (coders/wpg.c in ImageMagick allows remote attackers to have unspecifie ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9832 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9833 (Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9834 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9835 (Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9836 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of servi ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9837 (coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote att ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9838 (magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9839 (magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attacke ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9840 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of servi ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9841 (The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allo ...) {DLA-960-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9842 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (Leak in a code path that does not exist in this version) CVE-2014-9843 (The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 al ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9844 (The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allow ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9845 (The ReadDIBImage function in coders/dib.c in ImageMagick allows remote ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9846 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageM ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9847 (The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9848 (Memory leak in ImageMagick allows remote attackers to cause a denial o ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9849 (The png coder in ImageMagick allows remote attackers to cause a denial ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9850 (Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (Affected section of code not present in wheezy; examine diff introduced by commit 2257d1eadd02d89d225fce21013a1219d221dc7d with context of 20) NOTE: patch supposed to be https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=2257d1eadd02d89d225fce21013a1219d221dc7d CVE-2014-9851 (ImageMagick 6.8.9.9 allows remote attackers to cause a denial of servi ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) NOTE: https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=33b2d377b94eb738011bc7d5e90ca0a16ce4d471 CVE-2014-9852 (distribute-cache.c in ImageMagick re-uses objects after they have been ...) - imagemagick 8:6.8.9.9-4 (bug #773834) [wheezy] - imagemagick (distribute-cache.c does not exist in 6.7.7.10) CVE-2014-9853 (Memory leak in coders/rle.c in ImageMagick allows remote attackers to ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9854 (coders/tiff.c in ImageMagick allows remote attackers to cause a denial ...) {DLA-731-1} - imagemagick 8:6.8.9.9-4 (bug #773834) CVE-2014-9802 (Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm compone ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9801 (Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm comp ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9800 (Integer overflow in lib/heap/heap.c in the Qualcomm components in Andr ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9799 (The makefile in the Qualcomm components in Android before 2016-07-05 o ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9798 (platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android b ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9797 REJECTED CVE-2014-9796 (app/aboot/aboot.c in the Qualcomm components in Android before 2016-07 ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9795 (app/aboot/aboot.c in the Qualcomm components in Android before 2016-07 ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9794 REJECTED CVE-2014-9793 (platform/msm_shared/mmc.c in the Qualcomm components in Android before ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9792 (arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android b ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9791 REJECTED CVE-2014-9790 (drivers/mmc/core/debugfs.c in the Qualcomm components in Android befor ...) NOT-FOR-US: Qualcomm components for Android CVE-2014-9789 (The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio ...) - linux (Android-specific) CVE-2014-9788 (Multiple buffer overflows in the voice drivers in the Qualcomm compone ...) - linux (Android-specific) CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm components ...) - linux (Android-specific) CVE-2014-9786 (Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sen ...) - linux (Android-specific) CVE-2014-9785 (drivers/misc/qseecom.c in the Qualcomm components in Android before 20 ...) - linux (Android-specific) CVE-2014-9784 (Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Q ...) - linux (Android-specific) CVE-2014-9783 (drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualc ...) - linux (Android-specific) CVE-2014-9782 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...) - linux (Android-specific) CVE-2014-9781 (Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components i ...) - linux (Android-specific) CVE-2014-9780 (drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Andro ...) - linux (Android-specific) CVE-2014-9779 (arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components i ...) - linux (Android-specific) CVE-2014-9778 (The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/com ...) - linux (Android-specific) CVE-2014-9777 (The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common ...) - linux (Android-specific) CVE-2014-9776 RESERVED CVE-2014-9775 RESERVED CVE-2014-9774 RESERVED CVE-2014-9773 (modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attacker ...) - atheme-services 7.0.7-2 [jessie] - atheme-services (Vulnerable code introduced later) NOTE: https://github.com/atheme/atheme/issues/397 NOTE: Fixed by: https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b NOTE: Introduced in: https://github.com/atheme/atheme/commit/5c734f28068cf47b9b450af4dcf37195734b15be NOTE: https://www.openwall.com/lists/oss-security/2016/05/02/2 CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote attackers ...) - validator.js (Fixed before initial release) CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to cau ...) {DSA-3555-1} - imlib2 1.4.7-1 (bug #820206) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774 NOTE: https://www.openwall.com/lists/oss-security/2016/04/09/3 CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions fo ...) - systemd 215-1 [wheezy] - systemd (Vulnerable code not present) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612 NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213) NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214) CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to o ...) - pcre3 2:8.38-1 (bug #819050) [jessie] - pcre3 2:8.35-3.3+deb8u4 [wheezy] - pcre3 (Vulnerable code not present) NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1475 (8.36) NOTE: Introduced in: http://vcs.pcre.org/pcre?view=revision&revision=1434 (8.35) NOTE: https://www.openwall.com/lists/oss-security/2016/03/26/1 CVE-2014-9768 (** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote ...) NOT-FOR-US: Tivoli CVE-2014-9767 (Directory traversal vulnerability in the ZipArchive::extractTo functio ...) - hhvm 3.12.1+dfsg-1 - php5 5.6.13+dfsg-1 [jessie] - php5 5.6.13+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=70350 NOTE: https://bugs.php.net/bug.php?id=67996 NOTE: https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686 CVE-2014-9766 (Integer overflow in the create_bits function in pixman-bits-image.c in ...) {DSA-3525-1 DLA-429-1} - pixman 0.32.6-1 NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=972647 CVE-2014-9765 (Buffer overflow in the main_get_appheader function in xdelta3-main.h i ...) {DSA-3484-1 DLA-417-1} - xdelta3 3.0.8-dfsg-1.1 (bug #814067) NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2 NOTE: https://www.openwall.com/lists/oss-security/2016/02/08/1 CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49 CVE-2014-9763 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2 CVE-2014-9762 (imlib2 before 1.4.7 allows remote attackers to cause a denial of servi ...) {DSA-3537-1 DLA-401-1} - imlib2 1.4.7-1 NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56 CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka glibc ...) {DLA-411-1} - glibc 2.23-1 (bug #813187) [jessie] - glibc (Minor issue) - eglibc [wheezy] - eglibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8 NOTE: Fixed for 2.23 upstream CVE-2014-9760 (Cross-site scripting (XSS) vulnerability in the displayLogin function ...) - gosa 2.7.4+reloaded1-5 [wheezy] - gosa 2.7.4-4.3~deb7u2 [squeeze] - gosa 2.6.11-3+squeeze4 NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5 NOTE: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732 CVE-2014-9759 (Incomplete blacklist vulnerability in the config_is_private function i ...) - mantis (Affects >= 1.3.0-beta.1) NOTE: http://github.com/mantisbt/mantisbt/commit/7927c275 NOTE: https://sourceforge.net/p/mantisbt/mailman/message/32948048/ NOTE: https://mantisbt.org/bugs/view.php?id=20277 NOTE: https://www.openwall.com/lists/oss-security/2016/01/02/1 CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platfor ...) NOT-FOR-US: Magento CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...) NOT-FOR-US: Atlassian Bamboo CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...) NOT-FOR-US: Viprinet CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...) NOT-FOR-US: Viprinet CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...) {DLA-928-1 DLA-356-1} - libsndfile 1.0.25-10 (bug #804447) [jessie] - libsndfile 1.0.25-9.1+deb8u1 NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 CVE-2014-9753 (confirm.php in ATutor 2.2 and earlier allows remote attackers to bypas ...) NOT-FOR-US: ATutor CVE-2014-9752 (Unrestricted file upload vulnerability in mods/_core/properties/lib/co ...) NOT-FOR-US: ATutor CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...) {DSA-3154-1 DLA-149-1} - ntp 1:4.2.6.p5+dfsg-4 NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public) CVE-2014-9750 (ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentic ...) {DSA-3154-2 DSA-3154-1 DLA-149-1} - ntp 1:4.2.6.p5+dfsg-5 NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671 CVE-2014-9749 (Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest auth ...) - squid (related code not present in 2.7.X) - squid3 3.4.8-6 (bug #776464) [wheezy] - squid3 (Minor issue) [squeeze] - squid3 (Minor issue) NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4066 NOTE: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 (Squid 3.4) NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5) CVE-2014-9748 (The uv_rwlock_t fallback implementation for Windows XP and Server 2003 ...) - libuv 1.7.4-1 (unimportant) - nodejs 4.0.0~dfsg-1 (unimportant) NOTE: Only affects Windows CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ...) {DSA-3370-1 DLA-319-1} - freetype 2.6-1 (bug #798620) NOTE: https://launchpad.net/bugs/1492124 NOTE: http://www.ubuntu.com/usn/usn-2739-1/ NOTE: https://savannah.nongnu.org/bugs/?41590 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3) NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4 CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse ...) {DSA-3370-1 DLA-319-1} - freetype 2.6-1 (bug #798619) NOTE: https://launchpad.net/bugs/1449225 NOTE: http://www.ubuntu.com/usn/usn-2739-1/ NOTE: https://savannah.nongnu.org/bugs/?41309 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3) NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4 CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType befor ...) {DSA-3370-1 DLA-319-1} - freetype 2.6-1 (bug #798619) NOTE: https://launchpad.net/bugs/1449225 NOTE: http://www.ubuntu.com/usn/usn-2739-1/ NOTE: https://savannah.nongnu.org/bugs/?41309 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3) NOTE: https://www.openwall.com/lists/oss-security/2015/09/11/4 CVE-2014-9744 (Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause ...) - polarssl 1.3.9-1 [wheezy] - polarssl (Affects only 1.3.x series) [squeeze] - polarssl (Affects only 1.3.x series) CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError functi ...) - vlc 2.2.0~rc2-1 [squeeze] - vlc (Unsupported in squeeze-lts) [wheezy] - vlc (Unsupported in wheezy-lts) CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x bef ...) {DLA-449-1} - botan1.10 1.10.8-1 NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9 NOTE: http://botan.randombit.net/security.html CVE-2014-9939 (ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow wh ...) {DLA-552-1 DLA-324-1} - binutils 2.25.90.20151125-1 [jessie] - binutils (Minor issue) - gdb 7.10-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2015/07/31/6 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18750 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when "automatic encry ...) - kdepim 4:4.14.5-1 (bug #791800) [jessie] - kdepim (Minor issue) [wheezy] - kdepim (Minor issue) [squeeze] - kdepim (Bogus condition not present) NOTE: https://bugs.kde.org/show_bug.cgi?id=340312 NOTE: https://www.openwall.com/lists/oss-security/2015/07/15/5 CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...) NOT-FOR-US: ArcGIS CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x- ...) NOT-FOR-US: Rules Link module for Drupal CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module 7.x- ...) NOT-FOR-US: Node Field module for Drupal CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tournament ...) NOT-FOR-US: Tournament module for Drupal CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module 7 ...) NOT-FOR-US: Language Switcher Dropdown module for Drupal CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...) NOT-FOR-US: GE Healthcare Centricity Clinical Archive Audit Trail Repository CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...) NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...) NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress CVE-2014-9733 (nw.js before 0.11.5 can simulate user input events in a normal frame, ...) NOT-FOR-US: nw.js CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: AVM Fritz!Box CVE-2014-9731 (The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...) {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3) NOTE: https://www.openwall.com/lists/oss-security/2015/06/03/4 CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel be ...) {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3) NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7 CVE-2014-9729 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel befo ...) {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3) NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7 CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18.2 do ...) {DLA-246-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.68-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c (v3.19-rc3) NOTE: https://www.openwall.com/lists/oss-security/2015/06/02/7 CVE-2014-9726 RESERVED CVE-2014-9725 RESERVED CVE-2014-9724 RESERVED CVE-2014-9723 RESERVED CVE-2014-9722 RESERVED CVE-2014-9720 (Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...) {DLA-475-1 DLA-279-1} - python-tornado 3.2.2-1 NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=930362 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222816 CVE-2014-9719 RESERVED CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to ...) {DSA-3255-1} - zeromq3 4.0.5+dfsg-3 (bug #784366) NOTE: https://github.com/zeromq/libzmq/issues/1273 NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51 NOTE: https://www.openwall.com/lists/oss-security/2015/05/07/8 CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH u ...) - linux 4.0.2-1 (low) [jessie] - linux (Too intrusive to backport) [wheezy] - linux (user namespaces known broken before 3.5, see kernel-sec info) - linux-2.6 (user namespaces known broken before 3.5, see kernel-sec info) NOTE: https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs NOTE: Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html NOTE: https://www.openwall.com/lists/oss-security/2015/04/17/4 NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2 CVE-2014-9716 (Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows ...) - owncloud (embedded partial copy doesn't contain the related code) - owncloud-documents (embedded partial copy doesn't contain the related code) - webodf (bug #727529) CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem ...) {DSA-3237-1} - linux 3.14.5-1 (bug #741667) - linux-2.6 (Introduced in 3.6) NOTE: http://marc.info/?l=netfilter-devel&m=140112364215200&w=2 NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279 (v3.15-rc1) NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b423f6a40a0327f9d40bc8b97ce9be266f74368 (v3.6-rc5) NOTE: Introduced in 3.2.x in https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?id=cc1b75d796ad050c83c95733c4220aaa04fa1304 (v3.2.33) NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/1 CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveA ...) - hhvm 3.11.0+dfsg-1 NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34 CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 b ...) NOT-FOR-US: Websense TRITON V-Series appliances CVE-2014-9713 (The default slapd configuration in the Debian openldap package 2.4.23- ...) {DSA-3209-1 DLA-203-1} - openldap 2.4.40-2 (bug #761406) CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the Investigati ...) NOT-FOR-US: Websense CVE-2014-9708 (Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attac ...) NOT-FOR-US: Appweb Web Server CVE-2014-9707 (EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path se ...) NOT-FOR-US: GoAhead Web Server CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ensu ...) - linux 3.16.7-ckt9-1 [wheezy] - linux (btrfs in 3.2 is just a tech preview and not usable for production) - linux-2.6 [squeeze] - linux-2.6 (btrfs in 2.6.32 is just a tech preview and not usable for production) NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1) NOTE: https://www.openwall.com/lists/oss-security/2015/03/24/11 CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...) {DSA-3259-1} - qemu 1:2.3+dfsg-1 (unimportant; bug #781250) [wheezy] - qemu (Can be fixed along in later update) - qemu-kvm (unimportant) [wheezy] - qemu-kvm (Can be fixed along in later update) NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2) NOTE: https://www.openwall.com/lists/oss-security/2015/03/24/4 NOTE: Per maintainer not a security issue: NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily NOTE: mitigated using some kind of resource limits in security-sensitive environments, NOTE: and looping can trivially be done inside the virtual machine just fine, achieving NOTE: the same effect CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before 0.9.9 ...) {DSA-3206-1} - dulwich 0.10.1-1 (bug #780989) [jessie] - dulwich 0.9.7-3 [squeeze] - dulwich (Repo.checkout (later renamed to build_index_from_tree) introduced past 0.6.1) NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176 NOTE: https://www.openwall.com/lists/oss-security/2015/03/21/1 CVE-2014-9704 RESERVED CVE-2014-9703 RESERVED CVE-2014-9702 (system/classes/DbPDO.php in Cmfive through 2015-03-15, when database c ...) NOT-FOR-US: Cmfive CVE-2014-9700 RESERVED CVE-2014-9699 (The MakerBot Replicator 5G printer runs an Apache HTTP Server with dir ...) NOT-FOR-US: MakerBot Replicator 5G printer CVE-2014-9698 RESERVED CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...) {DSA-3215-1 DLA-189-1} - libgd2 2.1.0-5 - php5 5.6.5+dfsg-1 (unimportant) - hhvm 3.12.11+dfsg-1 (bug #835032) NOTE: https://bugs.php.net/bug.php?id=68601 NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 NOTE: Also related: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5 NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/469990b43c294692493f15f8400560fe5d966a02 CVE-2014-9701 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and ...) - mantis (bug #780875) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: Fixed by https://github.com/mantisbt/mantisbt/commit/d95f070d (1.2.x) NOTE: http://article.gmane.org/gmane.comp.security.oss.general/15022 NOTE: https://www.mantisbt.org/bugs/view.php?id=19493 CVE-2014-9697 (Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attack ...) NOT-FOR-US: Huawei CVE-2014-9696 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chass ...) NOT-FOR-US: Huawei CVE-2014-9695 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chass ...) NOT-FOR-US: Huawei CVE-2014-9694 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...) NOT-FOR-US: Huawei CVE-2014-9693 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...) NOT-FOR-US: Huawei CVE-2014-9692 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...) NOT-FOR-US: Huawei CVE-2014-9691 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal R ...) NOT-FOR-US: Huawei CVE-2014-9690 (Huawei home gateways WS318 with software V100R001C01B022 and earlier v ...) NOT-FOR-US: Huawei CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function ...) {DSA-3195-1 DLA-212-1} - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68552 NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803 NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/6 CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in Go ...) - chromium-browser 41.0.2272.76-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2014-9687 (eCryptfs 104 and earlier uses a default salt to encrypt the mount pass ...) - ecryptfs-utils 103-4 (bug #780385) [wheezy] - ecryptfs-utils (Minor issue) [squeeze] - ecryptfs-utils (Minor issue) NOTE: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839 CVE-2014-9686 (The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attack ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...) NOT-FOR-US: Vanilla Forums CVE-2014-9684 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through ...) - glance (Only affects 2014.2.x releases, only present in experimental) [wheezy] - glance (Vulnerable code not present) NOTE: https://review.openstack.org/#/c/122427/ CVE-2014-9683 (Off-by-one error in the ecryptfs_decode_from_filename function in fs/e ...) {DSA-3170-1 DLA-246-1} - linux 3.16.7-ckt4-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1) CVE-2014-9682 (The dns-sync module before 0.1.1 for node.js allows context-dependent ...) NOT-FOR-US: node-dns-sync CVE-2014-XXXX [more to CVE-2014-6585] [experimental] - icu 55.1-1 - icu 52.1-10 (low; bug #778511) [jessie] - icu 52.1-8+deb8u2 [wheezy] - icu 4.8.1.1-12+deb7u3 [squeeze] - icu (All relevant changes already applied) NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37086 NOTE: icu_4.4.1-8+squeeze3 already has the full patch except for the changes in source/layout/ContextualSubstSubtables.cpp which are commented out anyway... and the remaining if test is probably only meaningful when the backtrackClassArray call is uncommented. CVE-2014-9678 (FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers ...) NOT-FOR-US: FlexPaper CVE-2014-9677 (Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Fle ...) NOT-FOR-US: FlexPaper CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...) {DLA-464-1} - ffmpeg (Vulnerable code not present in a ffmpeg version in the archive) - libav 6:11.2-1 NOTE: Patch in https://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348 NOTE: https://www.openwall.com/lists/oss-security/2015/01/04/10 CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by onl ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7 NOTE: https://code.google.com/p/google-security-research/issues/detail?id=151 CVE-2014-9674 (The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType befor ...) {DSA-3461-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=153 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in bas ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=154 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in FreeTy ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=155 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c i ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=157 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3 CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function i ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=158 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6 CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 a ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=163 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565 CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 ...) - freetype 2.5.2-3 (bug #777656) [wheezy] - freetype (Vulnerable code not present) [squeeze] - freetype (Vulnerable code not present) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538 CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length cal ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=166 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=167 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439 CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 ...) {DLA-185-1} - freetype 2.5.2-3 (bug #777656) [wheezy] - freetype (Vulnerable code not present) [squeeze] - freetype (Vulnerable code not present) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=168 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727 CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ce ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=183 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5 ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=184 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1 CVE-2014-9662 (cff/cf2ft.c in FreeType before 2.5.4 does not validate the return valu ...) - freetype 2.5.2-3 (bug #777656) [wheezy] - freetype (Vulnerable code not present) [squeeze] - freetype (Vulnerable code not present) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=185 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2 CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that scan ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=187 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669 CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5. ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2. ...) - freetype 2.5.2-3 (bug #777656; bug #773084) [wheezy] - freetype (vulnerable code not present and thus incomplete fix not applied as well) [squeeze] - freetype (vulnerable code not present and thus incomplete fix not applied as well) NOTE: https://savannah.nongnu.org/bugs/?43661 NOTE: http://code.google.com/p/google-security-research/issues/detail?id=190 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8 NOTE: CVE due to incomplete fix for CVE-2014-2240 CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5 ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=194 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType befor ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=195 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55 CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType b ...) {DSA-3188-1 DLA-185-1} - freetype 2.5.2-3 (bug #777656) NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in filter/raste ...) {DSA-3172-1 DLA-159-1} [experimental] - cups 2.0.2-1 - cups 1.7.5-11 (bug #778387) NOTE: Marked with [experimental] tag as the fix is only in experimental so far NOTE: Switch this to regular fixed version once the fix is in unstable NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch NOTE: https://www.openwall.com/lists/oss-security/2015/02/10/15 CVE-2014-9681 REJECTED CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...) {DSA-3167-1 DLA-160-1} - sudo 1.8.12-1 (bug #772707) [jessie] - sudo 1.8.10p3-1+deb8u2 NOTE: https://www.openwall.com/lists/oss-security/2014/10/15/24 NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x) NOTE: http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0 (typos) NOTE: http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description) NOTE: http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description) NOTE: https://www.openwall.com/lists/oss-security/2015/02/09/12 CVE-2014-XXXX [RPATH set to untrusted directory] [experimental] - noise (bug #759868) CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeX ...) {DSA-3273-1 DLA-610-1 DLA-221-1} - tiff 4.0.3-12.1 (bug #777390) - tiff3 NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif CVE-2014-9654 (The Regular Expressions package in International Components for Unicod ...) {DSA-3187-1 DLA-219-1} - icu 52.1-7.1 (bug #776719) NOTE: https://ssl.icu-project.org/trac/changeset/36801 NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component in PH ...) {DSA-3196-1 DLA-204-1} - file 1:5.22+15-1 (bug #777585) - php5 (readelf.c not used and even removed in 5.4.36-0+deb7u3) NOTE: http://bugs.gw.com/view.php?id=409 NOTE: http://mx.gw.com/pipermail/file/2014/001649.html NOTE: https://www.openwall.com/lists/oss-security/2015/02/04/13 CVE-2014-9983 (Directory Traversal exists in RAR 4.x and 5.x because an unpack operat ...) - rar 2:5.3.b2-1 (bug #774172) [jessie] - rar (Non-free not supported) [wheezy] - rar (Non-free not supported) [squeeze] - rar (Not fixed upstream and license does not allow modification) NOTE: Version 5.21 upstream changes behaviour: by default rar skips symbolic links NOTE: symbolic links with absolute paths in link target when extracting. CVE-2014-9648 (components/navigation_interception/intercept_navigation_resource_throt ...) - chromium-browser (Chrome on Android) CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google Chrome befor ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-9646 (Unquoted Windows search path vulnerability in the GoogleChromeDistribu ...) - chromium-browser (Windows specific problem for chromium-browser) CVE-2014-9643 (K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and T ...) NOT-FOR-US: K7 components for Windows CVE-2014-9642 (bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protect ...) NOT-FOR-US: BullGuard components CVE-2014-9641 (The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, ...) NOT-FOR-US: Trend Micro CVE-2014-9633 (The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote at ...) NOT-FOR-US: COMODO Backup CVE-2014-9632 (The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 ...) NOT-FOR-US: AVG CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...) {DSA-3170-1} - linux 3.16.7-ckt4-2 - linux-2.6 [squeeze] - linux-2.6 (Introduced in v2.6.38-rc1) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1) CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...) {DLA-1445-1} - busybox 1:1.22.0-15 (low; bug #776186) [wheezy] - busybox (Minor issue) [squeeze] - busybox (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652 NOTE: http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b CVE-2014-9631 RESERVED CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...) {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-7 (unimportant; bug #776086) [jessie] - vorbis-tools 1.4.0-6+deb8u1 - opus-tools 0.1.10-1 (unimportant; bug #780160) NOTE: https://trac.xiph.org/ticket/2137 NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e NOTE: No security impact NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html CVE-2014-9639 (Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attacke ...) {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-7 (low; bug #776086) [jessie] - vorbis-tools 1.4.0-6+deb8u1 [squeeze] - vorbis-tools (Minor issue) - opus-tools 0.1.10-1 (bug #780160) [jessie] - opus-tools (Minor issue) [wheezy] - opus-tools (Minor issue) NOTE: https://trac.xiph.org/ticket/2136 NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause ...) {DLA-1010-1 DLA-317-1} - vorbis-tools 1.4.0-6 (bug #771363) [squeeze] - vorbis-tools (Minor issue) NOTE: https://trac.xiph.org/ticket/2009 NOTE: Upstream fix: https://trac.xiph.org/changeset/19117 CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in R ...) - rabbitmq-server 3.4.1-1 [jessie] - rabbitmq-server (Minor issue) [wheezy] - rabbitmq-server (Minor issue) [squeeze] - rabbitmq-server (Management web UI not available in version 1.8.1) NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs NOTE: https://www.openwall.com/lists/oss-security/2015/01/21/13 CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...) - rabbitmq-server 3.4.1-1 [jessie] - rabbitmq-server (Minor issue) [wheezy] - rabbitmq-server (Minor issue) [squeeze] - rabbitmq-server (Management web UI not available in version 1.8.1) NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad NOTE: https://www.openwall.com/lists/oss-security/2015/01/21/13 CVE-2014-9732 (The cabd_extract function in cabd.c in libmspack before 0.5 does not p ...) - libmspack 0.5-1 (bug #774665) NOTE: https://www.openwall.com/lists/oss-security/2015/02/03/11 CVE-2014-9637 (GNU patch 2.7.2 and earlier allows remote attackers to cause a denial ...) - patch 2.7.1-7 [wheezy] - patch (Vulnerability introduced later) [squeeze] - patch (Vulnerability introduced later) NOTE: https://savannah.gnu.org/bugs/?44051 NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944 CVE-2014-XXXX [formail: memory corruption] - procmail 3.22-24 (bug #769937) [wheezy] - procmail (Minor issue) [squeeze] - procmail (Minor issue) NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/01/21/9 CVE-2014-9630 (The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c ...) {DSA-3150-1} - vlc 2.2.0~rc2-2 (bug #775866) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97 CVE-2014-9629 (Integer overflow in the Encode function in modules/codec/schroedinger. ...) {DSA-3150-1} - vlc 2.2.0~rc2-2 (bug #775866) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5 CVE-2014-9628 (The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...) {DSA-3150-1} - vlc 2.2.0~rc2-2 (bug #775866) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 CVE-2014-9627 (The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...) {DSA-3150-1} - vlc 2.2.0~rc2-2 (bug #775866) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 CVE-2014-9626 (Integer underflow in the MP4_ReadBox_String function in modules/demux/ ...) {DSA-3150-1} - vlc 2.2.0~rc2-2 (bug #775866) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39 CVE-2014-9625 (The GetUpdateFile function in misc/update.c in the Updater in VideoLAN ...) - vlc (Update mechanism not enabled in the Debian package) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14 CVE-2014-9623 (OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allo ...) - glance 2014.1.3-12 (bug #776580) [wheezy] - glance (Minor issue) NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1 CVE-2014-9619 (Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/aja ...) NOT-FOR-US: Netsweeper CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x befo ...) NOT-FOR-US: Netsweeper CVE-2014-9617 (Open redirect vulnerability in remotereporter/load_logfiles.php in Net ...) NOT-FOR-US: Netsweeper CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 a ...) NOT-FOR-US: Netsweeper CVE-2014-9615 (Cross-site scripting (XSS) vulnerability in Netsweeper 4.0.4 allows re ...) NOT-FOR-US: Netsweeper CVE-2014-9614 (The Web Panel in Netsweeper before 4.0.5 has a default password of bra ...) NOT-FOR-US: Netsweeper CVE-2014-9613 (Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 ...) NOT-FOR-US: Netsweeper CVE-2014-9612 (SQL injection vulnerability in remotereporter/load_logfiles.php in Net ...) NOT-FOR-US: Netsweeper CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass authenticati ...) NOT-FOR-US: Netsweeper CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 a ...) NOT-FOR-US: Netsweeper CVE-2014-9609 (Directory traversal vulnerability in webadmin/reporter/view_server_log ...) NOT-FOR-US: Netsweeper CVE-2014-9608 (Cross-site scripting (XSS) vulnerability in webadmin/policy/group_tabl ...) NOT-FOR-US: Netsweeper CVE-2014-9607 (Cross-site scripting (XSS) vulnerability in remotereporter/load_logfil ...) NOT-FOR-US: Netsweeper CVE-2014-9606 (Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper befo ...) NOT-FOR-US: Netsweeper CVE-2014-9605 (WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x ...) NOT-FOR-US: Netsweeper CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ze ...) {DSA-3189-1} - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg (Not supported in Squeeze LTS) - libav 6:11.3-1 (bug #775593) NOTE: Applies to 0.8, but in different file (utvideo.c) NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5. ...) - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg (Not supported in Squeeze LTS) - libav (Vulnerable code not present, reproducer tested with 8, 11 and trunk) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits a ...) - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of servi ...) - pillow 2.6.1-2 (bug #776303) - python-imaging [wheezy] - python-imaging (Minor issue) [squeeze] - python-imaging (Minor issue) NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40 NOTE: http://web.archive.org/web/20150921104441/http://pillow.readthedocs.org:80/releasenotes/2.7.0.html#png-text-chunk-size-limits CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 al ...) NOT-FOR-US: Macroplant iExplorer CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in b2evolu ...) - b2evolution CVE-2014-9598 (The picture_Release function in misc/picture.c in VideoLAN VLC media p ...) NOTE: https://trac.videolan.org/vlc/ticket/13390 NOTE: http://seclists.org/fulldisclosure/2015/Jan/72 NOTE: This was originally reported for VLC; but upstream states that it is in libavcodec NOTE: This seems to be Windows-specific issue, the reported error couldn't be reproduced NOTE: with any ffmpeg release and libav/0.8. CVE-2014-9597 (The picture_pool_Delete function in misc/picture_pool.c in VideoLAN VL ...) NOTE: https://trac.videolan.org/vlc/ticket/13389 NOTE: http://seclists.org/fulldisclosure/2015/Jan/72 NOTE: This was originally reported for VLC; but upstream states that it is in libavcodec NOTE: This seems to be Windows-specific issue, the reported error couldn't be reproduced NOTE: with any ffmpeg release and libav/0.8. CVE-2014-9596 (Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 bui ...) NOT-FOR-US: Panasonic Arbitrator Back-End Server CVE-2014-9595 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32- ...) NOT-FOR-US: SAP NetWeaver CVE-2014-9594 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32- ...) NOT-FOR-US: SAP NetWeaver CVE-2014-9593 (Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote at ...) NOT-FOR-US: Apache CloudStack CVE-2014-9624 (CAPTCHA bypass vulnerability in MantisBT before 1.2.19. ...) - mantis (bug #780875) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726 NOTE: https://www.mantisbt.org/bugs/view.php?id=17984 CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS] - typo3-src 4.5.40+dfsg1-1 (bug #766502) [wheezy] - typo3-src (See DSA 3314) [squeeze] - typo3-src (Unsupported in squeeze-lts) NOTE: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/ CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service (out-of ...) {DSA-3152-1 DLA-150-1} - unzip 6.0-15 (bug #776589) NOTE: http://seclists.org/oss-sec/2014/q4/489 NOTE: http://seclists.org/oss-sec/2014/q4/507 NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 CVE-2014-9635 (Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie he ...) - jenkins 1.565.3-3 (bug #769682) CVE-2014-9634 (Jenkins before 1.586 does not set the secure flag on session cookies w ...) - jenkins 1.565.3-3 (bug #769682) CVE-2014-999999 REJECTED CVE-2014-99999 REJECTED CVE-2014-9999 REJECTED CVE-2014-9592 REJECTED CVE-2014-9591 REJECTED CVE-2014-9590 REJECTED CVE-2014-9589 REJECTED CVE-2014-9588 REJECTED CVE-2014-9586 RESERVED - binpac 0.43-1 CVE-2014-72038 REJECTED CVE-2014-62771 REJECTED CVE-2014-59156 REJECTED CVE-2014-54321 REJECTED CVE-2014-456132 REJECTED CVE-2014-32537 REJECTED CVE-2014-123456 REJECTED CVE-2014-10042 RESERVED CVE-2014-10041 RESERVED CVE-2014-10040 RESERVED CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and ...) NOT-FOR-US: DomPHP CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier allows re ...) NOT-FOR-US: DomPHP CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before ...) NOT-FOR-US: JetBrains TeamCity CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the admin area ...) NOT-FOR-US: couponPHP CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in couponPHP ...) NOT-FOR-US: couponPHP CVE-2014-10033 (SQL injection vulnerability in the update_zone function in catalog/adm ...) NOT-FOR-US: osCommerce Online Merchant CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 ...) NOT-FOR-US: Taboada MacroNews CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0. ...) NOT-FOR-US: Qualcomm Eudora WorldMail CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB before 1.4.1 ...) NOT-FOR-US: FluxBB CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and ...) NOT-FOR-US: FluxBB CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router wit ...) NOT-FOR-US: D-Link DAP-1360 router CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link DAP-1360 CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows re ...) NOT-FOR-US: D-Link DAP-1360 CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link DAP-1360 CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter, as used i ...) NOT-FOR-US: Divx Web Player, Divx Player and Divx plugins CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allo ...) NOT-FOR-US: TopicsViewer CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in the WP ...) NOT-FOR-US: WP Symposium plugin for WordPress CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document 1.31 all ...) NOT-FOR-US: Simple e-document CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in webconfi ...) NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.htm ...) NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugi ...) NOT-FOR-US: Welcart e-Commerce plugin for WordPress CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart e-C ...) NOT-FOR-US: Welcart e-Commerce plugin for WordPress CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers Event B ...) NOT-FOR-US: PHPJabbers Event Booking Calendar CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbe ...) NOT-FOR-US: PHPJabbers Event Booking Calendar CVE-2014-10013 (SQL injection vulnerability in the Another WordPress Classifieds Plugi ...) NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another WordPress Clas ...) NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Con ...) NOT-FOR-US: TRENDnet SecurView camera TV-IP422WN CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment Scheduler ...) NOT-FOR-US: PHPJabbers Appointment Scheduler CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 a ...) NOT-FOR-US: Stark CRM CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CR ...) NOT-FOR-US: Stark CRM CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4. ...) NOT-FOR-US: Maian Weblog CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Up ...) NOT-FOR-US: Maian Uploader CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: Maian Uploader CVE-2014-100040 RESERVED CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in Maian Uplo ...) NOT-FOR-US: Maian Uploader CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local ...) NOT-FOR-US: Malwarebytes Anti-Exploit CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earli ...) NOT-FOR-US: Storytlr CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earli ...) NOT-FOR-US: Storytlr CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows rem ...) - flatpress (bug #466297) CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin interface ...) NOT-FOR-US: LicensePal ArcticDesk CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend interface in ...) NOT-FOR-US: LicensePal ArcticDesk CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk before 1.2. ...) NOT-FOR-US: LicensePal ArcticDesk CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the Airties Ai ...) NOT-FOR-US: Airties Air 6372 modem CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL ...) NOT-FOR-US: Ganesha Digital Library CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in module/search/function.php ...) NOT-FOR-US: Ganesha Digital Library CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...) NOT-FOR-US: Maian Uploader CVE-2014-100029 (Multiple directory traversal vulnerabilities in class/session.php in G ...) NOT-FOR-US: Ganesha Digital Library CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted allo ...) NOT-FOR-US: WEBCrafted CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin bef ...) NOT-FOR-US: WP SlimStat plugin for WordPress CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the April's ...) NOT-FOR-US: April's Super Functions Pack plugin for WordPress CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in index.php/user_data ...) NOT-FOR-US: Savsoft Quiz CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 all ...) NOT-FOR-US: Seo Panel CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question.php in ...) NOT-FOR-US: mTouch Quiz CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...) NOT-FOR-US: mTouch Quiz CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/ ...) NOT-FOR-US: OrangeHRM CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.0 ...) NOT-FOR-US: iTechClassifieds CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remo ...) NOT-FOR-US: JetBrains TeamCity CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm before 1.1. ...) NOT-FOR-US: LTree converter in Pomm CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin bef ...) NOT-FOR-US: Unconfirmed plugin for WordPress CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in PhpOnlin ...) NOT-FOR-US: PhpOnlineChat CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in photocrati-gallery/ecomm-s ...) NOT-FOR-US: Photocrati theme for WordPress CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in SolidWorks Wor ...) NOT-FOR-US: SolidWorks Workgroup PDM CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks ...) NOT-FOR-US: SolidWorks Workgroup PDM CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in clientResponse ...) NOT-FOR-US: clientResponse CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote att ...) NOT-FOR-US: Sendy CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote ...) NOT-FOR-US: Sendy CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows r ...) NOT-FOR-US: ClanSphere CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbe ...) NOT-FOR-US: PHPJabbers Appointment Scheduler CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) p ...) NOT-FOR-US: JS MultiHotel CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in includes/delete_img.php in ...) NOT-FOR-US: JS MultiHotel CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin be ...) NOT-FOR-US: HK Exif Tags plugin for WordPress CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/goog ...) NOT-FOR-US: webtrees CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link DIR-600 router CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Up ...) NOT-FOR-US: Sitecore CMS CVE-2014-100003 (SQL injection vulnerability in includes/ym-download_functions.include. ...) NOT-FOR-US: Code Futures YourMembers plugin for WordPress CVE-2014-100002 (Directory traversal vulnerability in ManageEngine SupportCenter Plus 7 ...) NOT-FOR-US: ManageEngine SupportCenter Plus CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO Plugin Live ...) NOT-FOR-US: SEO Plugin LiveOptim CVE-2014-100000 REJECTED CVE-2014-10000 REJECTED CVE-2014-9651 (Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, ...) - chicken 4.10.0-1 (bug #775346) [jessie] - chicken (Minor issue) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2015/01/12/3 NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt CVE-2014-1155 REJECTED CVE-2014-1137 REJECTED CVE-2014-1004 REJECTED CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel thro ...) {DSA-3170-1 DLA-155-1} - linux 3.16.7-ckt4-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb NOTE: http://marc.info/?l=linux-kernel&m=141911002822659&w=2 CVE-2014-9583 (common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2 ...) NOT-FOR-US: infosvr in ASUS WRT firmware CVE-2014-9582 (Cross-site scripting (XSS) vulnerability in components/filemanager/dia ...) NOT-FOR-US: Codiad CVE-2014-9581 (Directory traversal vulnerability in components/filemanager/download.p ...) NOT-FOR-US: Codiad CVE-2014-9580 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...) NOT-FOR-US: ProjectSend CVE-2014-9579 (VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credent ...) NOT-FOR-US: VDG Security SENSE CVE-2014-9578 (VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with ...) NOT-FOR-US: VDG Security SENSE CVE-2014-9577 (VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when ...) NOT-FOR-US: VDG Security SENSE CVE-2014-9576 (VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of ...) NOT-FOR-US: VDG Security SENSE CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attacke ...) NOT-FOR-US: VDG Security SENSE CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB before 1.5. ...) NOT-FOR-US: FluxBB CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT before ...) - mantis (bug #780875) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/69c2d28d (1.2.x) NOTE: https://www.mantisbt.org/bugs/view.php?id=17940 CVE-2014-9572 (MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly ...) - mantis (bug #780875) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/5571bcf9 (1.2.x) NOTE: https://www.mantisbt.org/bugs/view.php?id=17939 CVE-2014-9571 (Cross-site scripting (XSS) vulnerability in admin/install.php in Manti ...) - mantis (bug #780875) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x) NOTE: https://www.mantisbt.org/bugs/view.php?id=17938 CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAd ...) NOT-FOR-US: WordPress plugin MyWebsiteAdvisor Simple Security CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver B ...) NOT-FOR-US: SAP NetWeaver Business Client CVE-2014-9568 (puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie ...) NOT-FOR-US: Puppet module rabbitmq CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in Projec ...) NOT-FOR-US: ProjectSend CVE-2014-9566 (Multiple SQL injection vulnerabilities in the Manage Accounts page in ...) NOT-FOR-US: SolarWinds CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex System EN6 ...) NOT-FOR-US: IBM CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet a ...) NOT-FOR-US: IBM CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) interfa ...) NOT-FOR-US: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 O ...) NOT-FOR-US: M2 OptimalSite CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php i ...) NOT-FOR-US: SoftBB CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1. ...) NOT-FOR-US: SoftBB CVE-2014-9559 (Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, an ...) NOT-FOR-US: SnipSnap CVE-2014-9558 (Multiple SQL injection vulnerabilities in SmartCMS v.2. ...) NOT-FOR-US: SmartCMS CVE-2014-9557 (Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. ...) NOT-FOR-US: SmartCMS CVE-2014-9555 RESERVED CVE-2014-9554 RESERVED CVE-2014-9553 RESERVED CVE-2014-9552 RESERVED CVE-2014-9551 RESERVED CVE-2014-9550 RESERVED CVE-2014-9549 RESERVED CVE-2014-9548 RESERVED CVE-2014-9547 RESERVED CVE-2014-9546 RESERVED CVE-2014-9545 RESERVED CVE-2014-9544 RESERVED CVE-2014-9543 RESERVED CVE-2014-9542 RESERVED CVE-2014-9541 RESERVED CVE-2014-9540 RESERVED CVE-2014-9539 RESERVED CVE-2014-9538 RESERVED CVE-2014-9537 RESERVED CVE-2014-9536 RESERVED CVE-2014-9535 RESERVED CVE-2014-9534 RESERVED CVE-2014-9533 RESERVED CVE-2014-9532 RESERVED CVE-2014-9531 RESERVED CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw methods ...) NOT-FOR-US: nw.js CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in protected/m ...) NOT-FOR-US: HumHub CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cau ...) - libapache-poi-java 3.10.1-2 (low; bug #775171) [wheezy] - libapache-poi-java (Minor issue) CVE-2014-9587 (Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcub ...) {DLA-613-1} - roundcube 1.1.1+dfsg.1-2 (bug #775576) [squeeze] - roundcube (Minor issue) [wheezy] - roundcube (Minor issue) NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1 CVE-2014-9526 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2 ...) NOT-FOR-US: concrete5 CVE-2014-9525 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Time ...) NOT-FOR-US: Timed Popup (wp-timed-popup) plugin for WordPress CVE-2014-9524 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Face ...) NOT-FOR-US: Facebook Like Box (cardoza-facebook-like-box) plugin for WordPress CVE-2014-9523 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Our ...) NOT-FOR-US: Our Team Showcase (our-team-enhanced) plugin for WordPress CVE-2014-9522 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light ...) NOT-FOR-US: CMS Papoo Light CVE-2014-9521 (Unrestricted file upload vulnerability in uploadScript.php in Infinite ...) NOT-FOR-US: InfiniteWP Admin Panel CVE-2014-9520 (SQL injection vulnerability in execute.php in InfiniteWP Admin Panel b ...) NOT-FOR-US: InfiniteWP Admin Panel CVE-2014-9519 (SQL injection vulnerability in login.php in InfiniteWP Admin Panel bef ...) NOT-FOR-US: InfiniteWP Admin Panel CVE-2014-9518 (Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router ...) NOT-FOR-US: login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 CVE-2014-9517 (Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 ...) NOT-FOR-US: D-link IP camera DCS-2103 CVE-2014-9516 (Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1 ...) NOT-FOR-US: Social Microblogging PRO CVE-2014-9515 (Dozer improperly uses a reflection-based approach to type conversion, ...) NOT-FOR-US: Dozer CVE-2014-9514 (Cross-site scripting (XSS) vulnerability in BMC Footprints Service Cor ...) NOT-FOR-US: BMC CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...) - rsync 3.1.1-3 (low; bug #778333) [wheezy] - rsync (Affected sanitising functionality not yet present) [squeeze] - rsync (Affected sanitising functionality not yet present) NOTE: http://xteam.baidu.com/?p=169 CVE-2014-9511 RESERVED CVE-2014-9510 (Cross-site request forgery (CSRF) vulnerability in the administration ...) NOT-FOR-US: TP-Link TL-WR840N router CVE-2014-9509 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x t ...) - typo3-src [wheezy] - typo3-src (See DSA 3314) [squeeze] - typo3-src (Unsupported in squeeze-lts) NOTE: Solution is to remove he configuration options config.prefixLocalAnchors NOTE: (and optionally also config.baseUrl) in favor of config.absRefPrefix CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x t ...) - typo3-src 4.5.40+dfsg1-1 (bug #775105) [wheezy] - typo3-src (See DSA 3314) [squeeze] - typo3-src (Unsupported in squeeze-lts) NOTE: https://review.typo3.org/#/c/35222/ NOTE: https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96 CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School Administration ...) NOT-FOR-US: School Administration module for Drupal CVE-2014-9504 (The OG Subgroups module, when used with the Open Atrium module 7.x-2.x ...) NOT-FOR-US: Open Atrium module for Drupal CVE-2014-9503 (The Discussions sub module in the Open Atrium module 7.x-2.x before 7. ...) NOT-FOR-US: Open Atrium module for Drupal CVE-2014-9502 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...) NOT-FOR-US: Open Atrium module for Drupal CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart Block modul ...) NOT-FOR-US: Poll Chart Block module for Drupal CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x be ...) NOT-FOR-US: Moip module for Drupal CVE-2014-9499 (Cross-site scripting (XSS) vulnerability in the Godwin's Law module be ...) NOT-FOR-US: Godwin's Law for Drupal CVE-2014-9498 (Cross-site scripting (XSS) vulnerability in the Webform Invitation mod ...) NOT-FOR-US: Webform Invitation module for Drupal CVE-2014-9492 REJECTED CVE-2014-9491 (The devzvol_readdir function in illumos does not check the return valu ...) NOT-FOR-US: illumos CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem befor ...) NOT-FOR-US: raven ruby gem CVE-2014-9488 (The is_utf8_well_formed function in GNU less before 475 allows remote ...) - less 481-1 (unimportant; bug #780247) NOTE: https://www.openwall.com/lists/oss-security/2015/03/10/14 NOTE: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html CVE-2014-9484 RESERVED CVE-2014-9473 (Unrestricted file upload vulnerability in lib_nonajax.php in the Cform ...) NOT-FOR-US: formsII plugin for WordPress CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before ...) {DSA-3176-1 DLA-158-1} - request-tracker4 4.2.8-3 - request-tracker3.8 (unimportant) CVE-2014-9470 (Cross-site scripting (XSS) vulnerability in the loadForm function in F ...) NOT-FOR-US: Fork CMS CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3. ...) NOT-FOR-US: vBulletin CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP Inst ...) NOT-FOR-US: InstantASP InstantForum.NET CVE-2014-9467 RESERVED CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before ...) NOT-FOR-US: Open-Xchange CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS 0.95 bef ...) NOT-FOR-US: Microweber CMS CVE-2014-9463 (functions_vbseo_hook.php in the VBSEO module for vBulletin allows remo ...) NOT-FOR-US: vBulletin CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...) {DSA-3257-1 DLA-237-1} - mercurial 3.4-1 (bug #783237) NOTE: http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html NOTE: http://selenic.com/hg/rev/e3f30068d2eb CVE-2014-9461 (Directory traversal vulnerability in models/Cart66.php in the Cart66 L ...) NOT-FOR-US: Cart66 Lite plugin for WordPress CVE-2014-9460 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-V ...) NOT-FOR-US: WP-ViperGB plugin for WordPress CVE-2014-9459 (Cross-site request forgery (CSRF) vulnerability in the AdminObserver f ...) NOT-FOR-US: e107 CVE-2014-9458 (Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA ...) NOT-FOR-US: Hex-Rays IDA Pro CVE-2014-9457 (SQL injection vulnerability in classes/mono_display.class.php in PMB 4 ...) NOT-FOR-US: PMB CVE-2014-9456 (Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have uns ...) NOT-FOR-US: NotePad++ CVE-2014-9455 (SQL injection vulnerability in showads.php in CTS Projects & Softw ...) NOT-FOR-US: CTS Projects & Software ClassAd CVE-2014-9454 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...) NOT-FOR-US: Simple Sticky Footer plugin for WordPress CVE-2014-9453 (Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor- ...) NOT-FOR-US: Simple visitor stat plugin for WordPress CVE-2014-9452 (Directory traversal vulnerability in VDG Security SENSE (formerly DIVA ...) NOT-FOR-US: VDG Security SENSE CVE-2014-9451 (Multiple stack-based buffer overflows in the DIVA web service API (/we ...) NOT-FOR-US: VDG Security SENS CVE-2014-9448 (Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 all ...) NOT-FOR-US: Mini-stream RM-MP3 Converter CVE-2014-9445 (SQL injection vulnerability in incl/create.inc.php in Installatron GQ ...) NOT-FOR-US: GQ File Manager CVE-2014-9444 (Cross-site scripting (XSS) vulnerability in the Frontend Uploader plug ...) NOT-FOR-US: Frontend Uploader plugin for WordPress CVE-2014-9443 (Cross-site scripting (XSS) vulnerability in the Relevanssi plugin befo ...) NOT-FOR-US: Relevanssi plugin for WordPress CVE-2014-9442 (SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lit ...) NOT-FOR-US: Cart66 Lite plugin for WordPress CVE-2014-9441 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ligh ...) NOT-FOR-US: Lightbox Photo Gallery plugin for WordPress CVE-2014-9440 (SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows ...) NOT-FOR-US: phpMyRecipes CVE-2014-9439 (Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Serv ...) NOT-FOR-US: Easy File Sharing Web Server CVE-2014-9438 (Cross-site request forgery (CSRF) vulnerability in the Moderator Contr ...) NOT-FOR-US: vBulletin CVE-2014-9437 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Slid ...) NOT-FOR-US: Sliding Social Icons plugin for WordPress CVE-2014-9436 (Absolute path traversal vulnerability in SysAid On-Premise before 14.4 ...) NOT-FOR-US: SysAid CVE-2014-9435 (Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow re ...) NOT-FOR-US: Absolut Engine CVE-2014-9434 (Cross-site scripting (XSS) vulnerability in admin/managerrelated.php i ...) NOT-FOR-US: Absolut Engine CVE-2014-9431 (Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwa ...) NOT-FOR-US: Smoothwall CVE-2014-9430 (Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnc ...) NOT-FOR-US: Smoothwall CVE-2014-9429 (Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Expr ...) NOT-FOR-US: Smoothwall CVE-2014-9507 (MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, whe ...) - mediawiki (There is no content handler in REL1_19) NOTE: Upstream bug https://phabricator.wikimedia.org/T72901 CVE-2014-9506 (MantisBT before 1.2.18 does not properly check permissions when sendin ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://www.mantisbt.org/bugs/view.php?id=9885 CVE-2014-9584 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...) {DSA-3128-1 DLA-155-1} - linux 3.16.7-ckt4-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3) CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...) - trafficserver 5.2.0-1 (bug #778895) [wheezy] - trafficserver (Only affects 5.x) NOTE: https://issues.apache.org/jira/browse/TS-3223 (fixed in 5.1.2) NOTE: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12 NOTE: notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963 CVE-2014-XXXX [crashes on crafted ELF] - ht 2.1.0-1 (low; bug #773308) [jessie] - ht (Minor issue) [wheezy] - ht (Minor issue) [squeeze] - ht (Minor issue) CVE-2014-XXXX [insecure LUA default load path] - libquvi 0.4.1-3 (low; bug #774555) [wheezy] - libquvi (Minor issue) [squeeze] - libquvi (Minor issue) CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and ...) NOT-FOR-US: Gollum wiki CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.1 ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9481 (The Scribunto extension for MediaWiki allows remote attackers to obtai ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension f ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9479 (Cross-site scripting (XSS) vulnerability in the preview in the Templat ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9478 (Cross-site scripting (XSS) vulnerability in the preview in the ExpandT ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9477 (Multiple cross-site scripting (XSS) vulnerabilities in the Listings ex ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9450 (Multiple SQL injection vulnerabilities in chart_bar.php in the fronten ...) - zabbix 1:2.2.7+dfsg-2 (bug #774750) [squeeze] - zabbix (Unsupported in squeeze-lts) NOTE: https://support.zabbix.com/browse/ZBX-8582 NOTE: https://github.com/svn2github/zabbix/commit/984bd3bec2d6ca5a80104a5574d19b7f4d04f24b CVE-2014-9449 (Buffer overflow in the RiffVideo::infoTagsHandler function in riffvide ...) - exiv2 0.24-4.1 (bug #773846) [wheezy] - exiv2 (Vulnerable code not present) [squeeze] - exiv2 (Vulnerable code not present) NOTE: http://dev.exiv2.org/issues/960 NOTE: http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263 CVE-2014-9447 (Directory traversal vulnerability in the read_long_names function in l ...) - elfutils 0.159-4.1 (bug #775536) [wheezy] - elfutils (Minor issue) [squeeze] - elfutils (Minor issue) NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e CVE-2014-9529 (Race condition in the key_gc_unused_keys function in security/keys/gc. ...) {DSA-3128-1} - linux 3.16.7-ckt4-1 - linux-2.6 (Vulnerable code not present) NOTE: http://marc.info/?l=linux-kernel&m=141986398232547&w=2 NOTE: http://marc.info/?l=linux-kernel&m=142047362307894&w=2 CVE-2014-9513 (Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows rem ...) - xbindkeys-config (unimportant; bug #772473) [jessie] - xbindkeys-config (Minor issue) [wheezy] - xbindkeys-config (Minor issue) [squeeze] - xbindkeys-config (Minor issue) NOTE: Not exploitable with kernel hardening since jessie CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng b ...) - libpng (Affects 1.5.x and 1.6.x series) - texlive-bin 2014.20140926.35254-4 (bug #773824) [squeeze] - texlive-bin (has a copy of libpng 1.2) [wheezy] - texlive-bin (uses system libpng) - libpng1.6 1.6.16-1 (bug #773823) - iceweasel (squeeze used the system libpng, and later versions define their own limits) - icedove (squeeze used the system libpng, and later versions define their own limits) NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/ CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Z ...) - zarafa (bug #658433) CVE-2014-9446 (Multiple cross-site scripting (XSS) vulnerabilities in the Staff clien ...) - koha (bug #702134) CVE-2014-9433 (Multiple cross-site scripting (XSS) vulnerabilities in cms/front_conte ...) NOT-FOR-US: Contenido CMS CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/ ...) - serendipity CVE-2014-XXXX [denial of service with specific packets] - libhtp 1:0.5.25-1 (bug #774897) [wheezy] - libhtp (Minor issue) [squeeze] - libhtp (Minor issue) NOTE: https://redmine.openinfosecfoundation.org/issues/1272 NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4 NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035 CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile functi ...) - minizip 1.1-5 (low; bug #774321) CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c i ...) NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific) CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadm ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 CVE-2014-9421 (The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eS ...) NOT-FOR-US: Huawei CVE-2014-9417 (The Meeting component in Huawei eSpace Desktop before V100R001C03 allo ...) NOT-FOR-US: Huawei CVE-2014-9416 (Multiple untrusted search path vulnerabilities in Huawei eSpace Deskto ...) NOT-FOR-US: Huawei CVE-2014-9415 (Huawei eSpace Desktop before V100R001C03 allows local users to cause a ...) NOT-FOR-US: Huawei CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not proper ...) NOT-FOR-US: WordPress plugin W3 Total Cache CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP B ...) NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...) - dwarfutils (Vulnerable code introduced later, see bug #774530) NOTE: https://www.openwall.com/lists/oss-security/2014/12/31/3 CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...) {DSA-3117-1} - php5 5.6.5+dfsg-1 [squeeze] - php5 (Introduced in 5.4.1) NOTE: https://bugs.php.net/bug.php?id=68618 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 CVE-2014-XXXX [CRAM-MD5 authentication bypass] - dbmail (Only affects versions supporting cram-md5, so 3.0.0 and later) NOTE: http://blog.gmane.org/gmane.mail.imap.dbmail/day=20141219 CVE-2014-9483 (Emacs 24.4 allows remote attackers to bypass security restrictions. ...) - emacs24 24.5+1-1 (unimportant; bug #774090) - emacs23 (Only affects Emacs 24) NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939 NOTE: Plain bug, security implications rather far-fetched CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4 allo ...) - libmspack 0.4-2 (bug #773041) - cabextract 1.4-5 (bug #772891) [wheezy] - cabextract (Minor issue) [squeeze] - cabextract (Minor issue) NOTE: Starting with 1.4-5 cabextract uses the mspack system library CVE-2014-9428 (The batadv_frag_merge_packets function in net/batman-adv/fragmentation ...) - linux 3.16.7-ckt4-1 (bug #774155) [wheezy] - linux (Introduced in 3.13) - linux-2.6 (Introduced in 3.13) NOTE: http://thread.gmane.org/gmane.linux.network/343494 NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attacke ...) {DLA-928-1 DLA-356-1} - libsndfile 1.0.25-9.1 (low; bug #774162) [squeeze] - libsndfile (Minor issue) CVE-2014-XXXX [a2p: buffer overflow] - perl 5.22.0~rc2-1 (unimportant; bug #769606) CVE-2014-9486 REJECTED CVE-2014-9497 (Buffer overflow in mpg123 before 1.18.0. ...) {DLA-655-1} - mpg123 1.18.0-1 [squeeze] - mpg123 (Introduced in 1.14.1) NOTE: http://sourceforge.net/p/mpg123/bugs/201/ CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy functio ...) - php5 (unimportant; bug #774154) NOTE: php5 binary packages not built with --with-maintainer-zts CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext fu ...) - libressl (bug #754513) CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Ma ...) NOT-FOR-US: NetIQ Access Manager CVE-2014-9411 (In all Qualcomm products with Android releases from CAF using the Linu ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9410 (The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-9409 RESERVED CVE-2014-9408 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...) NOT-FOR-US: Ekahau Real-Time Location Tracking System CVE-2014-9407 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive A ...) NOT-FOR-US: Revive Adserver CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT ...) NOT-FOR-US: ARRIS Touchstone TG862G/CT Telephony Gateway CVE-2014-9405 (A Cross-Site Scripting (XSS) vulnerability exists in the description f ...) NOT-FOR-US: Freebox OS CVE-2014-9404 REJECTED CVE-2014-9401 (Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts ...) NOT-FOR-US: WP Limit Posts Automatically plugin for WordPress CVE-2014-9400 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp U ...) NOT-FOR-US: Wp Unique Article Header Image plugin for WordPress CVE-2014-9399 (Cross-site request forgery (CSRF) vulnerability in the TweetScribe plu ...) NOT-FOR-US: TweetScribe plugin for WordPress CVE-2014-9398 (Cross-site request forgery (CSRF) vulnerability in the Twitter LiveBlo ...) NOT-FOR-US: Twitter LiveBlog plugin for WordPress CVE-2014-9397 (Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin ...) NOT-FOR-US: twimp-wp plugin for WordPress CVE-2014-9396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...) NOT-FOR-US: SimpleFlickr plugin for WordPress CVE-2014-9395 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...) NOT-FOR-US: Simplelife plugin for WordPress CVE-2014-9394 (Multiple cross-site request forgery (CSRF) vulnerabilities in the PWGR ...) NOT-FOR-US: PWGRandom plugin for WordPress CVE-2014-9393 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Post ...) NOT-FOR-US: Post to Twitter plugin for WordPress CVE-2014-9392 (Cross-site request forgery (CSRF) vulnerability in the PictoBrowser (p ...) NOT-FOR-US: PictoBrowser plugin for WordPress CVE-2014-9391 (Multiple cross-site request forgery (CSRF) vulnerabilities in the gSli ...) NOT-FOR-US: gSlideShow plugin for WordPress CVE-2014-9389 (Directory traversal vulnerability in Sonatype Nexus OSS and Pro before ...) NOT-FOR-US: Sonatype Nexus OSS and Pro CVE-2014-9388 (bug_report.php in MantisBT before 1.2.18 allows remote attackers to as ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://www.mantisbt.org/bugs/view.php?id=17878 CVE-2014-9387 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_ ...) NOT-FOR-US: SAP BussinessObjects Edge CVE-2014-9386 (Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the sessi ...) - zenoss (bug #361253) CVE-2014-9385 (Cross-site request forgery (CSRF) vulnerability in Zenoss Core through ...) - zenoss (bug #361253) CVE-2014-9384 RESERVED CVE-2014-9383 RESERVED CVE-2014-9382 (Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user accou ...) NOT-FOR-US: Freebox OS CVE-2014-9375 (Directory traversal vulnerability in the LibraryFileUploadServlet serv ...) NOT-FOR-US: Lexmark CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet serv ...) NOT-FOR-US: ManageEngine NetFlow Analyzer CVE-2014-9372 (Directory traversal vulnerability in the UploadAccountActivities servl ...) NOT-FOR-US: ManageEngine Password Manager Pro CVE-2014-9371 (The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 ...) NOT-FOR-US: ManageEngine Desktop Central MSP CVE-2014-9370 RESERVED CVE-2014-9369 (Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 all ...) NOT-FOR-US: Siemens CVE-2014-9368 (Cross-site request forgery (CSRF) vulnerability in the twitterDash plu ...) NOT-FOR-US: WordPress plugin twitterDash CVE-2014-9367 (Incomplete blacklist vulnerability in the urlEncode function in lib/TW ...) - twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367 CVE-2014-9366 RESERVED CVE-2014-9493 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) b ...) - glance 2014.1.3-6 (bug #773836) [wheezy] - glance (Vulnerable code not present) NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1 NOTE: fixed in experimental with 2014.2.1-2 CVE-2014-XXXX - json-glib (unimportant; bug #772585) [squeeze] - json-glib (Tool not yet present) [wheezy] - json-glib (Tool not yet present) NOTE: Negligible security impact CVE-2014-9475 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki bef ...) {DSA-3110-1} - mediawiki 1:1.19.20+dfsg-2.2 (bug #773654) [squeeze] - mediawiki NOTE: https://phabricator.wikimedia.org/T76686 (still not public) CVE-2014-9476 (MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before ...) - mediawiki (CORS support was added in 1.20) NOTE: https://phabricator.wikimedia.org/T77028 CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...) {DSA-3128-1} - linux 3.16.7-ckt4-1 - linux-2.6 [squeeze] - linux-2.6 (Too risky to backport) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e (v3.19-rc1) CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel thro ...) {DLA-155-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.65-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1) CVE-2014-9390 (Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x befo ...) {DLA-237-1} - git 1:2.1.4-1 [wheezy] - git (Minor issue) [squeeze] - git (Minor issue) - libgit2 0.21.3-1 (bug #774048) [jessie] - libgit2 0.21.1-3 - jgit 3.7.0-1 (bug #774050) [jessie] - jgit (Minor issue) [wheezy] - jgit (Minor issue) - mercurial 3.1.2-2 (bug #773640) [wheezy] - mercurial 2.2.2-4 [squeeze] - mercurial (Minor issue) - dulwich 0.10.1-1 [jessie] - dulwich (Minor issue) [wheezy] - dulwich (Minor issue) [squeeze] - dulwich (Minor issue) CVE-2014-9376 (Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a ...) - ettercap 1:0.8.1-3 (bug #773416) [squeeze] - ettercap (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20) CVE-2014-9377 (Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns ...) - ettercap 1:0.8.1-3 (bug #773416) [squeeze] - ettercap (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20) CVE-2014-9378 (Ettercap 0.8.1 does not validate certain return values, which allows r ...) - ettercap 1:0.8.1-3 (bug #773416) [squeeze] - ettercap (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20) CVE-2014-9379 (The radius_get_attribute function in dissectors/ec_radius.c in Etterca ...) - ettercap 1:0.8.1-3 (bug #773416) [squeeze] - ettercap (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20) CVE-2014-9380 (The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 al ...) {DLA-126-1} - ettercap 1:0.8.1-3 (bug #773416) NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20 CVE-2014-9381 (Integer signedness error in the dissector_cvs function in dissectors/e ...) {DLA-126-1} - ettercap 1:0.8.1-3 (bug #773416) NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20 CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC bef ...) - znc 1.2-4 (bug #744712) [wheezy] - znc (Minor issue) [squeeze] - znc (Minor issue) NOTE: https://github.com/znc/znc/issues/528 NOTE: https://github.com/znc/znc/commit/8756be513ab6663dcd64087006b257ff34e8e487 CVE-2014-9620 (The ELF parser in file 5.08 through 5.21 allows remote attackers to ca ...) {DSA-3121-1} - file 1:5.21+15-1 [squeeze] - file (Introduced in 5.08) - php5 (readelf.c not used and even removed in 5.4.36-0+deb7u3) NOTE: Report: http://mx.gw.com/pipermail/file/2014/001653.html NOTE: Fix: https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4 NOTE: Introduced by: https://github.com/file/file/commit/956a45ab1c54b11304b367056f41905e72a02380#diff-bc5c24ef9f39a5f4963ca28ecbc645b3L423 CVE-2014-9621 (The ELF parser in file 5.16 through 5.21 allows remote attackers to ca ...) - file 1:5.21+15-1 [wheezy] - file (Introduced in 5.16) [squeeze] - file (Introduced in 5.16) - php5 5.6.5+dfsg-1 [wheezy] - php5 (Vulnerable code not present) [squeeze] - php5 (Vulnerable code not present) NOTE: Report: http://mx.gw.com/pipermail/file/2014/001654.html NOTE: Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c NOTE: Introduced by: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 (5.16) NOTE: readelf.c has been removed in PHP in 5.6.5, see http://php.net/ChangeLog-5.php#5.6.5 CVE-2014-9494 (RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_u ...) - rabbitmq-server 3.4.1-1 (bug #773134) [jessie] - rabbitmq-server 3.3.5-1.1 [wheezy] - rabbitmq-server (does not have this access control mechanism) [squeeze] - rabbitmq-server (does not have this access control mechanism) NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt CVE-2014-9652 (The mconvert function in softmagic.c in file before 5.21, as used in t ...) {DSA-3126-1 DSA-3121-1 DLA-145-1} - file 1:5.21+15-1 [squeeze] - file (The code was not vulnerable, confirmed with Valgrind on the test data submitted to upstream) [wheezy] - file 5.11-2+deb7u7 - php5 5.6.5+dfsg-1 [wheezy] - php5 5.4.36-0+deb7u3 NOTE: http://bugs.gw.com/view.php?id=398 NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158 NOTE: https://bugs.php.net/bug.php?id=68735 CVE-2014-9402 (The nss_dns implementation of getnetbyname in GNU C Library (aka glibc ...) {DSA-3169-1 DLA-122-1} - glibc 2.19-14 (bug #775572) - eglibc NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630 CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in ...) NOT-FOR-US: LoginToboggan Drupal Module CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...) NOT-FOR-US: Meta tags quick Drupal Module CVE-2014-9362 (Cross-site scripting (XSS) vulnerability in the path-based meta tag ed ...) NOT-FOR-US: Meta tags quick Drupal module CVE-2014-9361 (The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not pr ...) NOT-FOR-US: LoginToboggan Drupal Module CVE-2014-9360 (XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12 ...) NOT-FOR-US: Scalix Web Access CVE-2014-9359 RESERVED CVE-2014-9358 (Docker before 1.3.3 does not properly validate image IDs, which allows ...) - docker.io 1.3.3~dfsg1-1 (bug #772909) CVE-2014-9357 (Docker 1.3.2 allows remote attackers to execute arbitrary code with ro ...) - docker.io 1.3.3~dfsg1-1 (bug #772909) CVE-2014-9356 (Path traversal vulnerability in Docker before 1.3.3 allows remote atta ...) - docker.io 1.3.3~dfsg1-1 (bug #772909) CVE-2014-9355 (Puppet Enterprise before 3.7.1 allows remote authenticated users to ob ...) - puppet (Only affects Puppet Enterprise) CVE-2014-9354 (NetApp OnCommand Balance before 4.2P3 allows local users to obtain sen ...) NOT-FOR-US: NetApp OnCommand Balance CVE-2014-9353 (NetApp OnCommand Balance before 4.2P2 contains a "default privileged a ...) NOT-FOR-US: NetApp OnCommand Balance CVE-2014-9352 (Cross-site scripting (XSS) vulnerability in the mail administration lo ...) NOT-FOR-US: Scalix Web Access CVE-2014-9350 (TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 13 ...) NOT-FOR-US: TP-Link Router CVE-2014-9349 (Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.li ...) NOT-FOR-US: RobotStats CVE-2014-9348 (SQL injection vulnerability in the formulaireRobot function in admin/r ...) NOT-FOR-US: RobotStats CVE-2014-9347 (SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allo ...) NOT-FOR-US: phpMyRecipes CVE-2014-9346 (Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchica ...) NOT-FOR-US: Hierarchical Select Drupal Module CVE-2014-9345 (SQL injection vulnerability in Guruperl.net Advertise With Pleasure! P ...) NOT-FOR-US: AWP PRO CVE-2014-9344 (Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before ...) NOT-FOR-US: Snowfox CMS CVE-2014-9343 (Open redirect vulnerability in modules/system/controller/selectlanguag ...) NOT-FOR-US: Snowfox CMS CVE-2014-9342 (Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php ...) NOT-FOR-US: F5 BIG-IP CVE-2014-9341 (Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ...) NOT-FOR-US: WordPress plugin yURL ReTwitt CVE-2014-9340 (Multiple cross-site request forgery (CSRF) vulnerabilities in the wpCo ...) NOT-FOR-US: WordPress plugin wpCommentTwit CVE-2014-9339 (Multiple cross-site request forgery (CSRF) vulnerabilities in the SPNb ...) NOT-FOR-US: WordPress plugin SPNbabble CVE-2014-9338 (Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tw ...) NOT-FOR-US: WordPress plugin O2Tweet CVE-2014-9337 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Miki ...) NOT-FOR-US: WordPress plugin Mikiurl Wordpress Eklentisi CVE-2014-9336 (Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwi ...) NOT-FOR-US: WordPress plugin iTwitter CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Dand ...) NOT-FOR-US: WordPress plugin DandyID Services CVE-2014-9334 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird ...) NOT-FOR-US: Bird Feeder plugin for WordPress CVE-2014-9333 RESERVED CVE-2014-9332 RESERVED CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine D ...) NOT-FOR-US: ZOHO ManageEngine Desktop Central CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...) {DSA-3273-1 DLA-221-1} - tiff 4.0.3-12 (bug #773987) - tiff3 (The tiff3 source package doesn't build the TIFF tools) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494 CVE-2014-9329 RESERVED CVE-2014-9328 (ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...) {DLA-233-1} - clamav 0.98.6+dfsg-1 [wheezy] - clamav 0.98.6+dfsg-0+deb7u1 NOTE: https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d CVE-2014-9327 RESERVED CVE-2014-9326 (The automatic signature update functionality in the (1) Phone Home fea ...) NOT-FOR-US: F5 BIG-IP CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 all ...) - twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325 CVE-2014-9324 (The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x befo ...) {DSA-3124-1} - otrs2 3.3.9-3 [squeeze] - otrs2 (Problematic module got introduced later) NOTE: https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/ NOTE: Fix for 3.1.x: https://github.com/OTRS/otrs/commit/3058438a372db0d1a11c365d48a5fc7b1db24e90 CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not ...) - linux 3.16.7-ckt2-1 [wheezy] - linux 3.2.63-2+deb7u2 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze9 CVE-2014-9321 RESERVED CVE-2014-9320 RESERVED NOT-FOR-US: SAP Business Objects CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg ...) - libav (Vulnerable code not present, reproducer tested with 8, 11 and trunk) - ffmpeg 2.4.4-1 [squeeze] - ffmpeg (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...) - libav (Vulnerable code not present, format not supported) - ffmpeg 2.4.4-1 [squeeze] - ffmpeg (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...) {DLA-1611-1} - libav - ffmpeg 2.4.4-1 [squeeze] - ffmpeg (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8 CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg befor ...) - libav (Vulnerable code not present, reproducer tested with 8, 11 and trunk) - ffmpeg 2.4.4-1 [squeeze] - ffmpeg (Not supported in Squeeze LTS) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844 CVE-2014-9315 RESERVED CVE-2014-9314 RESERVED CVE-2014-9313 RESERVED CVE-2014-9312 (Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. ...) NOT-FOR-US: Photo Gallery CVE-2014-9311 (Cross-site scripting (XSS) vulnerability in admin.php in the Shareahol ...) NOT-FOR-US: Shareaholic plugin for WordPress CVE-2014-9310 (Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dr ...) NOT-FOR-US: WordPress Backup to Dropbox plugin for WordPress CVE-2014-9309 RESERVED CVE-2014-9308 (Unrestricted file upload vulnerability in inc/amfphp/administration/ba ...) NOT-FOR-US: WordPress plugin WP EasyCart CVE-2014-9307 RESERVED CVE-2014-9306 RESERVED CVE-2014-9305 (SQL injection vulnerability in the shortcodeProductsTable function in ...) NOT-FOR-US: shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin for WordPress CVE-2014-9304 (Plex Media Server before 0.9.9.3 allows remote attackers to bypass the ...) NOT-FOR-US: Plex Media Server CVE-2014-9303 (EntryPass N5200 Active Network Control Panel allows remote attackers t ...) NOT-FOR-US: EntryPass CVE-2014-9302 (Server-side request forgery (SSRF) vulnerability in the cmisbrowser se ...) NOT-FOR-US: Alfresco Community Edition CVE-2014-9301 (Server-side request forgery (SSRF) vulnerability in the proxy servlet ...) NOT-FOR-US: Alfreso Community Edition CVE-2014-9300 (Cross-site request forgery (CSRF) vulnerability in the cmisbrowser ser ...) NOT-FOR-US: Alfreso Community Edition CVE-2014-9299 REJECTED CVE-2014-9374 (Double free vulnerability in the WebSocket Server (res_http_websocket ...) - asterisk 1:13.1.0~dfsg-1 (bug #773230) [jessie] - asterisk 1:11.13.1~dfsg-2 [wheezy] - asterisk (Web socket code not yet present) [squeeze] - asterisk (Web socket code not yet present) NOTE: http://downloads.digium.com/pub/security/AST-2014-019.html CVE-2014-9323 (The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x befo ...) {DSA-3109-1 DLA-130-1 DLA-123-1} - firebird2.5 2.5.3.26778.ds4-5 (bug #772880) - firebird2.1 NOTE: http://sourceforge.net/p/firebird/code/60331 NOTE: http://tracker.firebirdsql.org/browse/CORE-4630 CVE-2014-9298 REJECTED CVE-2014-9297 REJECTED CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 contin ...) {DSA-3108-1 DLA-116-1} - ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576) NOTE: http://bugs.ntp.org/show_bug.cgi?id=2670 (not yet open) CVE-2014-9295 (Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allo ...) {DSA-3108-1 DLA-116-1} - ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576) NOTE: http://bugs.ntp.org/show_bug.cgi?id=2667 (not yet open) NOTE: http://bugs.ntp.org/show_bug.cgi?id=2668 (not yet open) NOTE: http://bugs.ntp.org/show_bug.cgi?id=2669 (not yet open) CVE-2014-9294 (util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RN ...) {DSA-3108-1 DLA-116-1} - ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576) NOTE: http://bugs.ntp.org/show_bug.cgi?id=2666 (not yet open) CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...) {DSA-3108-1 DLA-116-1} - ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576) NOTE: http://bugs.ntp.org/show_bug.cgi?id=2665 (not yet open) CVE-2014-9292 (Server-side request forgery (SSRF) vulnerability in proxy.php in the j ...) NOT-FOR-US: jRSS WordPress Plugin CVE-2014-9291 REJECTED CVE-2014-9290 REJECTED CVE-2014-9289 REJECTED CVE-2014-9288 REJECTED CVE-2014-9287 REJECTED CVE-2014-9286 REJECTED CVE-2014-9285 REJECTED CVE-2014-9284 (The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, ...) NOT-FOR-US: Buffalo routers CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remot ...) NOT-FOR-US: BestWebSoft plugin for WordPress CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer applicati ...) NOT-FOR-US: Speed Root Explorer CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) ...) NOT-FOR-US: Autodesk Design Review CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows r ...) NOT-FOR-US: PTC IsoView CVE-2014-9266 (The STWConfig ActiveX control in Samsung SmartViewer does not properly ...) NOT-FOR-US: Samsung SmartViewer CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ...) NOT-FOR-US: Samsung SmartViewer CVE-2014-9264 (Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywh ...) NOT-FOR-US: SAP SQL Anywhere CVE-2014-9263 (Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMedi ...) NOT-FOR-US: 3S Pocketnet Tech VMS CVE-2014-9262 (The Duplicator plugin in Wordpress before 0.5.10 allows remote authent ...) NOT-FOR-US: Duplicator plugin in Wordpress CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement f ...) NOT-FOR-US: Codoforum CVE-2014-9260 (The basic_settings function in the download manager plugin for WordPre ...) NOT-FOR-US: download manager plugin for WordPress CVE-2014-9259 RESERVED CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI befor ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2014-9257 RESERVED CVE-2014-9256 RESERVED CVE-2014-9255 RESERVED CVE-2014-9254 (bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regu ...) NOT-FOR-US: MiniBB CVE-2014-9253 (The default file type whitelist configuration in conf/mime.conf in the ...) - dokuwiki 0.0.20140929.d-1 (bug #773429) [jessie] - dokuwiki (Minor issue) [wheezy] - dokuwiki (Minor issue) [squeeze] - dokuwiki (Minor issue) NOTE: https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960 NOTE: Advisory: http://security.szurek.pl/dokuwiki-20140929a-xss.html CVE-2014-9252 (Zenoss Core through 5 Beta 3 stores cleartext passwords in the session ...) - zenoss (bug #361253) CVE-2014-9251 (Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, ...) - zenoss (bug #361253) CVE-2014-9250 (Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a S ...) - zenoss (bug #361253) CVE-2014-9249 (The default configuration of Zenoss Core before 5 allows remote attack ...) - zenoss (bug #361253) CVE-2014-9248 (Zenoss Core through 5 Beta 3 does not require complex passwords, which ...) - zenoss (bug #361253) CVE-2014-9247 (Zenoss Core through 5 Beta 3 allows remote authenticated users to obta ...) - zenoss (bug #361253) CVE-2014-9246 REJECTED CVE-2014-9245 (Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensiti ...) - zenoss (bug #361253) CVE-2014-9244 REJECTED CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2. ...) NOT-FOR-US: WebsiteBaker CVE-2014-9242 (SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker ...) NOT-FOR-US: WebsiteBaker CVE-2014-9241 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBul ...) NOT-FOR-US: MyBB CVE-2014-9240 (SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard ...) NOT-FOR-US: MyBB CVE-2014-9239 (SQL injection vulnerability in the IPS Connect service (interface/ipsc ...) NOT-FOR-US: Invision Power Board CVE-2014-9238 (D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers ...) NOT-FOR-US: D-link DCS-2103 CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote ...) NOT-FOR-US: Proticaret E-Commerce CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zop ...) - zoph (unimportant) NOTE: http://seclists.org/fulldisclosure/2014/Nov/45 NOTE: https://github.com/jeroenrnl/zoph/issues/59 NOTE: The SQL injection and XSS claims appear to be mostly unfounded. CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Pho ...) - zoph (unimportant) NOTE: http://seclists.org/fulldisclosure/2014/Nov/45 NOTE: https://github.com/jeroenrnl/zoph/issues/59 NOTE: The SQL injection and XSS claims appear to be mostly unfounded. CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link ...) NOT-FOR-US: D-link DCS-2103 CVE-2014-9233 REJECTED CVE-2014-9232 REJECTED CVE-2014-9231 REJECTED CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration console ...) NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts in the ...) NOT-FOR-US: Symantec CVE-2014-9228 (sysplant.sys in the Manager component in Symantec Endpoint Protection ...) NOT-FOR-US: Symantec CVE-2014-9227 (Multiple untrusted search path vulnerabilities in the Manager componen ...) NOT-FOR-US: Symantec CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) 5. ...) NOT-FOR-US: Symantec Data Center Security CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical Syst ...) NOT-FOR-US: Symantec Data Center Security CVE-2014-9224 (Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the ...) NOT-FOR-US: Symantec Data Center Security CVE-2014-9223 (Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei H ...) NOT-FOR-US: RomPager NOTE: http://mis.fortunecook.ie/ CVE-2014-9222 (AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway ...) NOT-FOR-US: RomPager NOTE: http://mis.fortunecook.ie/ CVE-2014-9221 (strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to ...) {DSA-3118-1} - strongswan 5.2.1-5 [squeeze] - strongswan (MODP_CUSTOM Diffie-Hellman group not implemented in 4.4.1) CVE-2014-9217 (Graylog2 before 0.92 allows remote attackers to bypass LDAP authentica ...) - graylog2 (bug #652273) CVE-2014-9216 RESERVED CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in includes/fun ...) NOT-FOR-US: PBBoard CVE-2014-9214 RESERVED CVE-2014-9213 RESERVED CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent ...) NOT-FOR-US: Altitude uAgent CVE-2014-9211 (ClickDesk version 4.3 and below has persistent cross site scripting ...) NOT-FOR-US: ClickDesk CVE-2014-9210 REJECTED CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application i ...) NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform CVE-2014-9208 (Multiple stack-based buffer overflows in unspecified DLL files in Adva ...) NOT-FOR-US: Advantech CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2. ...) NOT-FOR-US: CIMON CmnView CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ear ...) NOT-FOR-US: Schneider Electric Invensys CVE-2014-9205 (Stack-based buffer overflow in the PmBase64Decode function in an unspe ...) NOT-FOR-US: MICROSYS PROMOTIC CVE-2014-9204 (Stack-based buffer overflow in OPCTest.exe in Rockwell Automation RSLi ...) NOT-FOR-US: OPCTest.exe in Rockwell Automation RSLinx Classic CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in th ...) NOT-FOR-US: HART Device Type Manager (DTM) library CVE-2014-9202 (Multiple stack-based buffer overflows in an unspecified DLL file in Ad ...) NOT-FOR-US: Advantech WebAccess CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with firmwa ...) NOT-FOR-US: Beckwith Electric digital voltage regulators CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM develo ...) NOT-FOR-US: Schneider Electric CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...) NOT-FOR-US: Clorius Controls Java web client CVE-2014-9198 (The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gatew ...) NOT-FOR-US: Schneider Electric CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware b ...) NOT-FOR-US: Schneider Electric CVE-2014-9196 (Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 ...) NOT-FOR-US: Eaton Cooper Power Systems CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...) NOT-FOR-US: Phoenix Contact ProConOs and MultiProg CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a ...) NOT-FOR-US: Arbiter 1094B GPS Substation Clock CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allo ...) NOT-FOR-US: Innominate mGuard CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 t ...) NOT-FOR-US: Trihedral Engineering VTScada CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson HART ...) NOT-FOR-US: Emerson HART DTM CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch A ...) NOT-FOR-US: Schneider Electric CVE-2014-9189 (Multiple stack-based buffer overflow vulnerabilities were found in Hon ...) NOT-FOR-US: Honeywell Experion PKS CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...) NOT-FOR-US: Schneider Electric ProClima CVE-2014-9187 (Multiple heap-based buffer overflow vulnerabilities exist in Honeywell ...) NOT-FOR-US: Honeywell Experion PKS CVE-2014-9186 (A file inclusion vulnerability exists in the confd.exe module in Honey ...) NOT-FOR-US: Honeywell CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 a ...) NOT-FOR-US: Morfy CMS CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...) NOT-FOR-US: ZTE ZXDSL Modem CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin account ...) NOT-FOR-US: ZTE ZDSL Modem CVE-2014-9182 (models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attac ...) NOT-FOR-US: Anchor CMS CVE-2014-9181 (Multiple directory traversal vulnerabilities in Plex Media Server befo ...) NOT-FOR-US: Plex Media Server CVE-2014-9180 (Open redirect vulnerability in go.php in Eleanor CMS allows remote att ...) NOT-FOR-US: Eleanor CMS CVE-2014-9179 (Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket Sys ...) NOT-FOR-US: SupportEzzy Ticket System plugin for WordPress CVE-2014-9178 (Multiple SQL injection vulnerabilities in classes/ajax.php in the Smar ...) NOT-FOR-US: Smarty Pants Plugin for WordPress CVE-2014-9177 (The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPres ...) NOT-FOR-US: Playlist Free WordPress Plugin CVE-2014-9176 (Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Sque ...) NOT-FOR-US: InstaSqueeze Sexy Squeeze Pages plugin for WordPress CVE-2014-9175 (SQL injection vulnerability in wpdatatables.php in the wpDataTables pl ...) NOT-FOR-US: wpDataTables WordPress Plugin CVE-2014-9174 (Cross-site scripting (XSS) vulnerability in the Google Analytics by Yo ...) NOT-FOR-US: Google Analytics by Yoast (google-analytics-for-wordpress) plugin for WordPress CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc Embedder plu ...) NOT-FOR-US: Google Doc Embedder plugin for WordPress CVE-2014-9474 (Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2- ...) - mpfr4 3.1.2-2 (low; bug #772008) [squeeze] - mpfr4 (Minor issue) [wheezy] - mpfr4 (Minor issue) NOTE: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243 CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service (out-of-bou ...) {DSA-3158-1 DLA-133-1} - unrtf 0.21.5-2 (bug #772811) NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00001.html NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/1df886f2e65f7c512a6217588ae8d94d4bcbc63d NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/3c7ff3f888de0f0d957fe67b6bd4bec9c0d475f3 CVE-2014-9274 (UnRTF allows remote attackers to cause a denial of service (crash) and ...) {DSA-3158-1 DLA-133-1} - unrtf 0.21.5-2 (bug #772811) NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00000.html NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/b0cef89a170a66bc48f8dd288ce562ea8ca91f7a CVE-2014-9278 (The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 a ...) - openssh (patch not applied to Debian) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169843 NOTE: Patch https://bugzilla.mindrot.org/show_bug.cgi?id=1867 from not applied in Debian CVE-2014-9277 (The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki bef ...) {DSA-3100-1} - mediawiki 1:1.19.20+dfsg-2.1 (bug #772764) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478 NOTE: backported patches for 1.19: NOTE: https://gerrit.wikimedia.org/r/#/c/175725/ NOTE: https://gerrit.wikimedia.org/r/#/c/175960/ CVE-2014-9276 (Cross-site request forgery (CSRF) vulnerability in the Special:Expande ...) - mediawiki (Vulnerable code not present) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111 NOTE: No special expand templates before 1.23.x but available as extension. CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x be ...) NOT-FOR-US: OpenVAS Manager CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...) - phpmyadmin 4:4.2.12-2 (bug #774194) [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 NOTE: https://www.phpmyadmin.net/security/PMASA-2014-18/ CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x be ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.2.12-2 (low; bug #774194) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-17/ CVE-2014-9172 REJECTED CVE-2014-9171 REJECTED CVE-2014-9170 REJECTED CVE-2014-9169 REJECTED CVE-2014-9168 REJECTED CVE-2014-9167 REJECTED CVE-2014-9166 (Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows att ...) NOT-FOR-US: Adobe ColdFusion CVE-2014-9165 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-9164 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-9163 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 an ...) NOT-FOR-US: Adobe Flash Player CVE-2014-9162 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x ...) NOT-FOR-US: Adobe CVE-2014-9160 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x ...) NOT-FOR-US: Adobe CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...) NOT-FOR-US: Adobe Reader CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-9155 (Directory traversal vulnerability in the Avatar Uploader module 6.x-1. ...) NOT-FOR-US: Avatar Uploader module for Drupal CVE-2014-9154 (The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly ...) NOT-FOR-US: Notify module for Drupal CVE-2014-9153 (Cross-site scripting (XSS) vulnerability in the Services module 7.x-3. ...) NOT-FOR-US: Services module for Drupal CVE-2014-9152 (The _user_resource_create function in the Services module 7.x-3.x befo ...) NOT-FOR-US: Services module for Drupal CVE-2014-9151 (The Services module 7.x-3.x before 7.x-3.10 for Drupal does not proper ...) NOT-FOR-US: Services module for Drupal CVE-2014-9150 (Race condition in the MoveFileEx call hook feature in Adobe Reader and ...) NOT-FOR-US: Adobe CVE-2014-9149 RESERVED CVE-2014-9148 (Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access res ...) NOT-FOR-US: Fiyo CMS CVE-2014-9147 (Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive informati ...) NOT-FOR-US: Fiyo CMS CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1. ...) NOT-FOR-US: Fiyo CMS CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remot ...) NOT-FOR-US: Fiyo CMS CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attac ...) NOT-FOR-US: Technicolor routers CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with firmware ...) NOT-FOR-US: Technicolor routers CVE-2014-9142 (Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 ...) NOT-FOR-US: Technicolor routers CVE-2014-9141 (The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier us ...) NOT-FOR-US: Thomson Reuters Fixed Assets CVE-2014-9139 RESERVED CVE-2014-9138 RESERVED CVE-2014-9137 (Huawei USG9500 with software V200R001C01SPC800 and earlier versions, V ...) NOT-FOR-US: Huawei CVE-2014-9136 (Huawei FusionManager with software V100R002C03 and V100R003C00 could a ...) NOT-FOR-US: Huawei CVE-2014-9135 (The PackageInstaller module in Huawei P7-L10 smartphones before V100R0 ...) NOT-FOR-US: PackageInstaller module in Huawei P7-L10 CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube Wireless R ...) NOT-FOR-US: Huawei Wireless Router CVE-2014-9133 RESERVED CVE-2014-9132 RESERVED CVE-2014-9131 RESERVED CVE-2014-9128 RESERVED CVE-2014-9127 (Open-School Community Edition 2.2 does not properly restrict access to ...) NOT-FOR-US: Open-School Community Edition CVE-2014-9126 (Multiple cross-site scripting (XSS) vulnerabilities in Open-School Com ...) NOT-FOR-US: Open-School Community Edition CVE-2014-9125 RESERVED CVE-2014-9124 RESERVED CVE-2014-9123 RESERVED CVE-2014-9122 RESERVED CVE-2014-9121 RESERVED CVE-2014-9120 (Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 a ...) NOT-FOR-US: Subrion CMS CVE-2014-9119 (Directory traversal vulnerability in download.php in the DB Backup plu ...) NOT-FOR-US: WordPress plugin db-backup CVE-2014-9118 (The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 ...) NOT-FOR-US: ZHONE Router CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in include/fu ...) - piwigo [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 an ...) NOT-FOR-US: PFX Engagement CVE-2014-9111 RESERVED CVE-2014-9110 RESERVED CVE-2014-9109 RESERVED CVE-2014-9108 RESERVED CVE-2014-9107 RESERVED CVE-2014-9106 RESERVED CVE-2014-9105 RESERVED CVE-2014-9104 (Multiple cross-site request forgery (CSRF) vulnerabilities in the XML- ...) NOT-FOR-US: Desktop Client in OpenVPN Access Server CVE-2014-9103 (Multiple cross-site scripting (XSS) vulnerabilities in the Kunena comp ...) NOT-FOR-US: Kunena component for Joomla! CVE-2014-9102 (Multiple SQL injection vulnerabilities in the Kunena component before ...) NOT-FOR-US: Kunena component for Joomla! CVE-2014-9101 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1 ...) NOT-FOR-US: Oxwall and SkaDate Lite CVE-2014-9100 (Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense plug ...) NOT-FOR-US: WhyDoWork AdSense plugin for WordPress CVE-2014-9099 (Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSen ...) NOT-FOR-US: WhyDoWork AdSense plugin for WordPress CVE-2014-9098 (Multiple cross-site scripting (XSS) vulnerabilities in the Apptha Word ...) NOT-FOR-US: Apptha WordPress Plugin CVE-2014-9097 (Multiple SQL injection vulnerabilities in the Apptha WordPress Video G ...) NOT-FOR-US: Apptha WordPress Plugin CVE-2014-9096 (Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0 ...) NOT-FOR-US: Pligg CVE-2014-9095 (Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4 ...) NOT-FOR-US: Raritan Power IQ CVE-2014-9094 (Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer ...) NOT-FOR-US: Digital Zoom Studio (DZS) Video Gallery plugin for WordPress CVE-2014-9088 RESERVED CVE-2014-9086 RESERVED CVE-2014-9085 RESERVED CVE-2014-9084 RESERVED CVE-2014-9083 RESERVED CVE-2014-9082 RESERVED CVE-2014-9081 RESERVED CVE-2014-9080 RESERVED CVE-2014-9079 RESERVED CVE-2014-9078 RESERVED CVE-2014-9077 RESERVED CVE-2014-9076 RESERVED CVE-2014-9075 RESERVED CVE-2014-9074 RESERVED CVE-2014-9073 RESERVED CVE-2014-9072 RESERVED CVE-2014-9071 RESERVED CVE-2014-9070 RESERVED CVE-2014-9069 RESERVED CVE-2014-9068 RESERVED CVE-2014-9067 RESERVED CVE-2014-9066 (Xen 4.4.x and earlier, when using a large number of VCPUs, does not pr ...) - xen (unimportant) NOTE: Architectual/design limitation, not treated as a security issue CVE-2014-9065 (common/spinlock.c in Xen 4.4.x and earlier does not properly handle re ...) - xen 4.4.1-6 [wheezy] - xen (Only affects 4.2 and later) [squeeze] - xen (Only affects 4.2 and later) CVE-2014-9064 RESERVED CVE-2014-9063 RESERVED CVE-2014-9062 RESERVED CVE-2014-9061 RESERVED CVE-2014-9060 (The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x bef ...) - moodle 2.7.5+dfsg-1 [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927 NOTE: https://moodle.org/mod/forum/discuss.php?d=275165 CVE-2014-9058 RESERVED CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type b ...) {DSA-3183-1} - movabletype-opensource (bug #774192) [squeeze] - movabletype-opensource (Not supported in Squeeze LTS) NOTE: https://movabletype.org/news/2014/12/6.0.6.html NOTE: https://movabletype.org/documentation/appendices/release-notes/6.0.6.html CVE-2014-9056 RESERVED CVE-2014-9055 RESERVED CVE-2014-9054 RESERVED CVE-2014-9053 RESERVED CVE-2014-9052 RESERVED CVE-2014-9051 RESERVED CVE-2014-9049 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-025 CVE-2014-9048 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-024 CVE-2014-9047 (Multiple unspecified vulnerabilities in the preview system in ownCloud ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-026 CVE-2014-9046 (The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-023 CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 5.0.18 and ...) - owncloud 7~20140504+dfsg-1 NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-022 CVE-2014-9044 (Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the ab ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-021 CVE-2014-9043 (The user_ldap (aka LDAP user and group backend) application in ownClou ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-020 CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import functionality i ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-028 CVE-2014-9041 (The import functionality in the bookmarks application in ownCloud serv ...) - owncloud 7.0.3+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019 CVE-2014-9040 RESERVED CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jp ...) {DSA-3089-1 DLA-101-1} - jasper 1.900.1-debian1-2.2 (bug #772036) CVE-2014-9027 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDS ...) NOT-FOR-US: ZTE ZXDSL 831CII CVE-2014-9026 (The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properl ...) NOT-FOR-US: Ubercart module for Drupal CVE-2014-9025 (The default checkout completion rule in the commerce_order module in t ...) NOT-FOR-US: Drupal Commerce module for Drupal CVE-2014-9024 (The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows re ...) NOT-FOR-US: Protected Pages module for Drupal CVE-2014-9023 (The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly ...) NOT-FOR-US: Twilio module for Drupal CVE-2014-9022 (The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x ...) NOT-FOR-US: Webform Component Roles module for Drupal CVE-2014-9021 (Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 a ...) NOT-FOR-US: ZTE ZXDSL 831 CVE-2014-9020 (Cross-site scripting (XSS) vulnerability in the Quick Stats page (psil ...) NOT-FOR-US: ZTE ZXDSL 831 and 831CII CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDS ...) NOT-FOR-US: ZTE ZXDSL 831CII CVE-2014-9017 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (buil ...) NOT-FOR-US: OpenKM CVE-2014-9156 (The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not prope ...) NOT-FOR-US: Drupal module FileField CVE-2014-9129 (Cross-site request forgery (CSRF) vulnerability in the CreativeMinds C ...) NOT-FOR-US: WordPress plugin cm-download-manager CVE-2014-8123 (Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 ...) - antiword 0.37-5 (bug #771768) NOTE: https://www.openwall.com/lists/oss-security/2014/12/01/4 NOTE: This actually was fixed long time ago in https://bugs.debian.org/407015 CVE-2014-8104 (OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...) {DSA-3084-1 DLA-98-1} - openvpn 2.3.4-5 NOTE: https://github.com/OpenVPN/openvpn/commit/c5590a6821e37f3b29735f55eb0c2b9c0924138c NOTE: http://web.archive.org/web/20150514123219/https://forums.openvpn.net/topic17625.html CVE-2014-9272 (The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x befo ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/05378e00 NOTE: http://www.mantisbt.org/bugs/view.php?id=17297 CVE-2014-9281 (Cross-site scripting (XSS) vulnerability in admin/copy_field.php in Ma ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a NOTE: http://www.mantisbt.org/bugs/view.php?id=17876 CVE-2014-9271 (Cross-site scripting (XSS) vulnerability in file_download.php in Manti ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=17874 NOTE: http://github.com/mantisbt/mantisbt/commit/9fb8cf36f CVE-2014-9270 (Cross-site scripting (XSS) vulnerability in the projax_array_serialize ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec NOTE: http://www.mantisbt.org/bugs/view.php?id=17583 CVE-2014-9269 (Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc NOTE: http://www.mantisbt.org/bugs/view.php?id=17890 CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2 NOTE: http://www.mantisbt.org/bugs/view.php?id=17875 CVE-2014-9279 (The print_test_result function in admin/upgrade_unattended.php in Mant ...) - mantis (unimportant) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/0826cef8 NOTE: http://www.mantisbt.org/bugs/view.php?id=17877 NOTE: unimportant, source affected but unrelevant for Debian, upgrade_unattended.php removed also in binary package CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6 ...) {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-3 NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda NOTE: http://seclists.org/tcpdump/2014/q4/72 CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...) {DSA-3115-1 DSA-3103-1 DSA-3102-1 DLA-127-1 DLA-110-1 DLA-109-1} - libyaml 0.1.6-3 (bug #771366) - libyaml-libyaml-perl 0.41-6 (bug #771365) - pyyaml 3.11-2 (bug #772815) NOTE: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure NOTE: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE NOTE: for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/ CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd NOTE: https://www.mantisbt.org/bugs/view.php?id=17811 CVE-2014-9116 (The write_one_header function in mutt 1.5.23 does not properly handle ...) {DSA-3083-1 DLA-100-1} - mutt 1.5.23-2 (bug #771125) NOTE: Detailed analysis in https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4 NOTE: Upstream bugreport: http://dev.mutt.org/trac/ticket/3716 CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute arbi ...) - util-linux 2.25.2-4 (bug #771274) [squeeze] - util-linux (Minor issue) [wheezy] - util-linux (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2014/11/26/13 NOTE: https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...) {DSA-3111-1 DLA-111-1} - cpio 2.11+dfsg-4 (bug #772793) NOTE: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio NOTE: https://savannah.gnu.org/bugs/?43709 NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 (fix buffer overflow) NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a (fix range checking of length of link name) NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b (fixup of former commit) NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d11 (fix null deref) NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=f6a8a2cb (fix test suite in former commit) CVE-2014-9089 (Multiple SQL injection vulnerabilities in view_all_bug_page.php in Man ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://www.mantisbt.org/bugs/view.php?id=17841 NOTE: http://github.com/mantisbt/mantisbt/commit/b0021673 CVE-2014-9273 (lib/handle.c in Hivex before 1.3.11 allows local users to execute arbi ...) - hivex 1.3.11-1 (low) [jessie] - hivex 1.3.10-2+deb8u1 [wheezy] - hivex (Minor issue) [squeeze] - hivex (Minor issue) NOTE: https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb NOTE: https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705 CVE-2014-9087 (Integer underflow in the ksba_oid_to_str function in Libksba before 1. ...) {DSA-3078-1 DLA-141-1} - libksba 1.3.2-1 (bug #770972) - gnupg2 (Fixed before entering unstable; affected only 2.1 and betas) NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html NOTE: Upstream commit: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7 CVE-2014-9157 (Format string vulnerability in the yyerror function in lib/cgraph/scan ...) {DSA-3098-1 DLA-105-1} - graphviz 2.38.0-7 (bug #772648) NOTE: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 CVE-2014-9471 (The parse_datetime function in GNU coreutils allows remote attackers t ...) - coreutils 8.23-1 (low) [wheezy] - coreutils (Minor issue) [squeeze] - coreutils (Minor issue) NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872 NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872 NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872 CVE-2014-9365 (The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ...) - python2.5 [squeeze] - python2.5 (Too intrusive to backport) - python2.6 [wheezy] - python2.6 (Too intrusive to backport) [squeeze] - python2.6 (Too intrusive to backport) - python2.7 2.7.9-1 [wheezy] - python2.7 (Too intrusive to backport) - python3.1 [squeeze] - python3.1 (Too intrusive to backport) - python3.2 [wheezy] - python3.2 (Too intrusive to backport) - python3.3 - python3.4 3.4.2-2 [jessie] - python3.4 (Backporting to stable would break existing applications) NOTE: http://bugs.python.org/issue22417 CVE-2014-9351 (engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote ...) - teeworlds 0.6.2+dfsg-2 (bug #770514) [wheezy] - teeworlds (Minor issue) [squeeze] - teeworlds (Vulnerable code not present) NOTE: https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85 NOTE: https://www.teeworlds.com/?page=news&id=11200 CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denial of ...) {DSA-3163-1} - libreoffice 1:4.3.3-2 (bug #771163) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449 NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401 NOTE: fixed in experimental with 1:4.4.0~beta1-1 CVE-2014-9092 (libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial o ...) - libjpeg-turbo 1:1.3.1-11 (bug #768369) CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux k ...) {DSA-3093-1 DLA-103-1} - linux 3.16.7-ckt2-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6) CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x befo ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966 NOTE: https://moodle.org/mod/forum/discuss.php?d=275146 CVE-2014-9050 (Heap-based buffer overflow in the cli_scanpe function in libclamav/pe. ...) {DLA-95-1} - clamav 0.98.5+dfsg-1 (bug #770985) [wheezy] - clamav 0.98.5+dfsg-0+deb7u1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11155 NOTE: Upstream commit: https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e CVE-2014-9039 (wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x befo ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30431 NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9038 (wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3. ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ NOTE: Upstream patch: https://core.trac.wordpress.org/changeset/30444 CVE-2014-9037 (WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4. ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9036 (Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3. ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9035 (Cross-site scripting (XSS) vulnerability in Press This in WordPress be ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9034 (wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3 ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30467 CVE-2014-9033 (Cross-site request forgery (CSRF) vulnerability in wp-login.php in Wor ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30418 CVE-2014-9032 (Cross-site scripting (XSS) vulnerability in the media-playlists featur ...) - wordpress 4.0.1+dfsg-1 (bug #770425) [wheezy] - wordpress (Affects 3.9, 3.9.1, 3.9.2, 4.0 only) [squeeze] - wordpress (Affects 3.9, 3.9.1, 3.9.2, 4.0 only) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9031 (Cross-site scripting (XSS) vulnerability in the wptexturize function i ...) {DSA-3085-1 DLA-236-1} - wordpress 4.0.1+dfsg-1 (bug #770425) NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/ CVE-2014-9028 (Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 ...) {DSA-3082-1 DLA-99-1} - flac 1.3.0-3 (bug #770918) NOTE: Upstream patches: NOTE: https://github.com/xiph/flac/commit/fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 (1.3.1pre1) NOTE: https://github.com/xiph/flac/commit/5a365996d739bdf4711af51d9c2c71c8a5e14660 (1.3.1) CVE-2014-9014 (Directory traversal vulnerability in the ajaxinit function in wpmarket ...) NOT-FOR-US: WP Marketplace plugin for WordPress CVE-2014-9013 (The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketp ...) NOT-FOR-US: WP Marketplace plugin for WordPress CVE-2014-9012 RESERVED CVE-2014-9011 RESERVED CVE-2014-9010 RESERVED CVE-2014-9009 RESERVED CVE-2014-9008 RESERVED CVE-2014-9007 RESERVED CVE-2014-9006 (Monstra 3.0.1 and earlier uses a cookie to track how many login attemp ...) NOT-FOR-US: Monstra CVE-2014-9005 (Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 al ...) NOT-FOR-US: vldPersonals CVE-2014-9004 (Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 ...) NOT-FOR-US: vldPersonals CVE-2014-9003 (Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintSer ...) NOT-FOR-US: Lantronix xPrintServer CVE-2014-9002 (Lantronix xPrintServer does not properly restrict access to ips/, whic ...) NOT-FOR-US: Lantronix xPrintServer CVE-2014-9001 (reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authe ...) NOT-FOR-US: Incredible PBX CVE-2014-9000 (Mule Enterprise Management Console (MMC) does not properly restrict ac ...) NOT-FOR-US: Mule Enterprise Management Console CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php in XOOP ...) NOT-FOR-US: XOOPS CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authent ...) NOT-FOR-US: X7 Chat CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in D ...) NOT-FOR-US: DigitalVidhya Digi Online Examination System CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog befo ...) NOT-FOR-US: Nibbleblog CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote atta ...) NOT-FOR-US: Maarch LetterBox CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) NOT-FOR-US: Open-Xchange CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/Fil ...) NOT-FOR-US: MODX Revolution CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...) {DSA-3140-1} - xen 4.4.1-4 (low; bug #770230) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-9015 (Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...) {DSA-3075-1} - drupal7 7.32-1+deb8u1 (bug #770469) - drupal6 [squeeze] - drupal6 NOTE: https://www.drupal.org/SA-CORE-2014-006 CVE-2014-9016 (The password hashing API in Drupal 7.x before 7.34 and the Secure Pass ...) {DSA-3075-1} - drupal7 7.32-1+deb8u1 (bug #770469) - drupal6 (Only affects Drupal 7.x) NOTE: https://www.drupal.org/SA-CORE-2014-006 CVE-2014-9018 (Icecast before 2.4.1 transmits the output of the on-connect script, wh ...) - icecast2 2.4.0-1.1 (bug #770222) [wheezy] - icecast2 (Minor issue) [squeeze] - icecast2 (Minor issue) NOTE: https://trac.xiph.org/ticket/2089 CVE-2014-8994 (The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows ...) NOT-FOR-US: check_diskio nagios/icinga plugin CVE-2014-8989 (The Linux kernel through 3.17.4 does not properly restrict dropping of ...) - linux 3.16.7-ckt4-1 [wheezy] - linux (User namespaces only usable in later kernels) - linux-2.6 (User namespaces only usable in later kernels) NOTE: http://thread.gmane.org/gmane.linux.man/7385/ CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in the ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40 NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x) CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft CVE-2014-8984 REJECTED CVE-2014-8983 REJECTED CVE-2014-8982 REJECTED CVE-2014-8981 REJECTED CVE-2014-8980 REJECTED CVE-2014-8979 REJECTED CVE-2014-8978 REJECTED CVE-2014-8977 REJECTED CVE-2014-8976 REJECTED CVE-2014-8975 REJECTED CVE-2014-8974 REJECTED CVE-2014-8973 REJECTED CVE-2014-8972 REJECTED CVE-2014-8971 REJECTED CVE-2014-8970 REJECTED CVE-2014-8969 REJECTED CVE-2014-8968 REJECTED CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows rem ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Internet Explorer CVE-2014-8965 RESERVED CVE-2014-8964 (Heap-based buffer overflow in PCRE 8.36 and earlier allows remote atta ...) - pcre3 2:8.35-3.3 (bug #770478) [wheezy] - pcre3 (Minor issue) [squeeze] - pcre3 (Minor issue) NOTE: http://bugs.exim.org/show_bug.cgi?id=1546 NOTE: http://www.exim.org/viewvc/pcre2?revision=154&view=revision CVE-2014-8963 RESERVED CVE-2014-8962 (Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3. ...) {DSA-3082-1 DLA-99-1} - flac 1.3.0-3 (bug #770918) NOTE: https://github.com/xiph/flac/commit/5b3033a2b355068c11fe637e14ac742d273f076e (1.3.1pre1) NOTE: http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html CVE-2014-8961 (Directory traversal vulnerability in libraries/error_report.lib.php in ...) - phpmyadmin 4:4.2.12-1 [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-16/ CVE-2014-8960 (Cross-site scripting (XSS) vulnerability in libraries/error_report.lib ...) - phpmyadmin 4:4.2.12-1 [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-15/ CVE-2014-8959 (Directory traversal vulnerability in libraries/gis/GIS_Factory.class.p ...) - phpmyadmin 4:4.2.12-1 [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-14/ CVE-2014-8958 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.2.12-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-13/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need NOTE: to be backported to 3.4 CVE-2014-8957 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allow ...) NOT-FOR-US: OpenKM CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (ak ...) NOT-FOR-US: K7 Computing CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...) NOT-FOR-US: WordPress plugin clean-and-simple-contact-form-by-meg-nicholas CVE-2014-8954 (Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 ...) NOT-FOR-US: phpSound CVE-2014-8953 (Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scri ...) NOT-FOR-US: Php Scriptlerim Who's Who CVE-2014-8952 (Multiple unspecified vulnerabilities in Check Point Security Gateway R ...) NOT-FOR-US: Check Point Security Gateway CVE-2014-8951 (Unspecified vulnerability in Check Point Security Gateway R75, R76, R7 ...) NOT-FOR-US: Check Point Security Gateway CVE-2014-8950 (Unspecified vulnerability in Check Point Security Gateway R77 and R77. ...) NOT-FOR-US: Check Point Security Gateway CVE-2014-8949 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows rem ...) NOT-FOR-US: WordPress plugin iMember360 CVE-2014-8948 (Cross-site request forgery (CSRF) vulnerability in the iMember360 plug ...) NOT-FOR-US: WordPress plugin iMember360 CVE-2014-8947 RESERVED CVE-2014-8946 RESERVED CVE-2014-8945 (admin.php?page=projects in Lexiglot through 2014-11-20 allows command ...) NOT-FOR-US: Lexiglot CVE-2014-8944 (Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, o ...) NOT-FOR-US: Lexiglot CVE-2014-8943 (Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=project ...) NOT-FOR-US: Lexiglot CVE-2014-8942 (Lexiglot through 2014-11-20 allows CSRF. ...) NOT-FOR-US: Lexiglot CVE-2014-8941 (Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page ...) NOT-FOR-US: Lexiglot CVE-2014-8940 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Lexiglot CVE-2014-8939 (Lexiglot through 2014-11-20 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Lexiglot CVE-2014-8938 (Lexiglot through 2014-11-20 allows local users to obtain sensitive inf ...) NOT-FOR-US: Lexiglot CVE-2014-8937 (Lexiglot through 2014-11-20 allows denial of service because api/updat ...) NOT-FOR-US: Lexiglot CVE-2014-8936 REJECTED CVE-2014-8935 REJECTED CVE-2014-8934 REJECTED CVE-2014-8933 REJECTED CVE-2014-8932 REJECTED CVE-2014-8931 REJECTED CVE-2014-8930 RESERVED CVE-2014-8929 REJECTED CVE-2014-8928 REJECTED CVE-2014-8927 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Met ...) NOT-FOR-US: IBM CVE-2014-8926 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Met ...) NOT-FOR-US: IBM CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in I ...) NOT-FOR-US: IBM CVE-2014-8924 (The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before ...) NOT-FOR-US: IBM CVE-2014-8923 (The (1) IBM Tivoli Identity Manager Active Directory adapter before 5. ...) NOT-FOR-US: IBM CVE-2014-8922 RESERVED CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411 ...) NOT-FOR-US: IBM Notes Traveler Companion CVE-2014-8920 (Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 ...) NOT-FOR-US: IBM CVE-2014-8919 RESERVED CVE-2014-8918 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not ...) NOT-FOR-US: IBM CVE-2014-8917 (Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/ ...) NOT-FOR-US: IBM CVE-2014-8916 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...) NOT-FOR-US: IBM CVE-2014-8915 RESERVED CVE-2014-8914 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...) NOT-FOR-US: IBM CVE-2014-8913 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...) NOT-FOR-US: IBM CVE-2014-8912 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-8911 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0. ...) NOT-FOR-US: IBM Content Navigator CVE-2014-8910 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 t ...) NOT-FOR-US: IBM DB2 CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-8908 RESERVED CVE-2014-8907 RESERVED CVE-2014-8906 RESERVED CVE-2014-8905 RESERVED CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows ...) NOT-FOR-US: IBM AIX, VIOS CVE-2014-8903 (IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before ...) NOT-FOR-US: IBM CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM We ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 thro ...) NOT-FOR-US: IBM CVE-2014-8900 (Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Relea ...) NOT-FOR-US: IBM CVE-2014-8899 (Cross-site scripting (XSS) vulnerability in the Collaboration Server i ...) NOT-FOR-US: IBM CVE-2014-8898 (Cross-site scripting (XSS) vulnerability in the Collaboration Server i ...) NOT-FOR-US: IBM CVE-2014-8897 (Cross-site scripting (XSS) vulnerability in the Collaboration Server i ...) NOT-FOR-US: IBM CVE-2014-8896 (The Collaboration Server in IBM InfoSphere Master Data Management Serv ...) NOT-FOR-US: IBM CVE-2014-8895 (IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3. ...) NOT-FOR-US: IBM CVE-2014-8894 (Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1. ...) NOT-FOR-US: IBM CVE-2014-8893 (Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.js ...) NOT-FOR-US: IBM CVE-2014-8892 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK ...) NOT-FOR-US: IBM Java CVE-2014-8891 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK ...) NOT-FOR-US: IBM Java CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...) NOT-FOR-US: IBM CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to o ...) NOT-FOR-US: Dropbox SDK for Android CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with fir ...) NOT-FOR-US: D-Link CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8. ...) NOT-FOR-US: IBM Marketing Operations CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates bef ...) NOT-FOR-US: AVM FRITZ!OS CVE-2014-8885 RESERVED CVE-2014-8883 RESERVED CVE-2014-8882 RESERVED CVE-2014-8881 RESERVED CVE-2014-8880 RESERVED CVE-2014-8879 RESERVED CVE-2014-8877 (The alterSearchQuery function in lib/controllers/CmdownloadController. ...) NOT-FOR-US: CreativeMinds CM Downloads Manager plugin for WordPress CVE-2014-8876 RESERVED CVE-2014-8875 (The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver bef ...) NOT-FOR-US: Revive Adserver CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predic ...) NOT-FOR-US: TYPO3 Extension ke_questionnaire CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 in ...) {DSA-3316-1 DSA-3235-1} - openjdk-8 8u45-b14-1 (high) - openjdk-7 7u79-2.5.5-1 (high) [wheezy] - openjdk-7 (MIME type setting is harmless on wheezy) [squeeze] - openjdk-7 (MIME type setting is harmless on this squeeze) - openjdk-6 (high) [wheezy] - openjdk-6 (MIME type setting is harmless on wheezy) [squeeze] - openjdk-6 (MIME type setting is harmless on squeeze) NOTE: Starting with mime-support 3.53, MimeType entries in desktop NOTE: files end up in /etc/mailcap, which introduces the user-initiated NOTE: code execution. CVE-2014-8872 (Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 ...) NOT-FOR-US: AVM FRITZ!Box CVE-2014-8871 (Directory traversal vulnerability in hybris Commerce software suite 5. ...) NOT-FOR-US: hybris Commerce CVE-2014-8870 (Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the ...) NOT-FOR-US: Woltlab Burning Board plugin Tapatalk CVE-2014-8869 (Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartba ...) NOT-FOR-US: Woltlab Burning Board plugin Tapatalk CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly restric ...) NOT-FOR-US: EntryPass N5200 CVE-2014-8867 (The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, ...) {DSA-3140-1} - xen 4.4.1-5 (bug #770230) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-8866 (The compatibility mode hypercall argument translation in Xen 3.3.x thr ...) {DSA-3140-1} - xen 4.4.1-5 (bug #770230) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-8865 REJECTED CVE-2014-8864 REJECTED CVE-2014-8863 REJECTED CVE-2014-8862 REJECTED CVE-2014-8861 REJECTED CVE-2014-8860 REJECTED CVE-2014-8859 REJECTED CVE-2014-8858 REJECTED CVE-2014-8857 REJECTED CVE-2014-8856 REJECTED CVE-2014-8855 REJECTED CVE-2014-8854 REJECTED CVE-2014-8853 REJECTED CVE-2014-8852 REJECTED CVE-2014-8851 REJECTED CVE-2014-8850 REJECTED CVE-2014-8849 REJECTED CVE-2014-8848 REJECTED CVE-2014-8847 REJECTED CVE-2014-8846 REJECTED CVE-2014-8845 REJECTED CVE-2014-8844 REJECTED CVE-2014-8843 REJECTED CVE-2014-8842 RESERVED CVE-2014-8841 RESERVED CVE-2014-8840 (The iTunes Store component in Apple iOS before 8.1.3 allows remote att ...) NOT-FOR-US: Apple CVE-2014-8839 (Spotlight in Apple OS X before 10.10.2 does not enforce the Mail "Load ...) NOT-FOR-US: Apple CVE-2014-8838 (The Security component in Apple OS X before 10.10.2 does not properly ...) NOT-FOR-US: Apple CVE-2014-8837 (Multiple unspecified vulnerabilities in the Bluetooth driver in Apple ...) NOT-FOR-US: Apple CVE-2014-8836 (The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to ...) NOT-FOR-US: Apple CVE-2014-8835 (The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 ...) NOT-FOR-US: Apple CVE-2014-8834 (UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF doc ...) NOT-FOR-US: Apple CVE-2014-8833 (SpotlightIndex in Apple OS X before 10.10.2 does not properly perform ...) NOT-FOR-US: Apple CVE-2014-8832 (The indexing functionality in Spotlight in Apple OS X before 10.10.2 w ...) NOT-FOR-US: Apple CVE-2014-8831 (security_taskgate in Apple OS X before 10.10.2 allows attackers to rea ...) NOT-FOR-US: Apple CVE-2014-8830 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 al ...) NOT-FOR-US: Apple CVE-2014-8829 (SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbi ...) NOT-FOR-US: Apple CVE-2014-8828 (Sandbox in Apple OS X before 10.10 allows attackers to write to the sa ...) NOT-FOR-US: Apple CVE-2014-8827 (LoginWindow in Apple OS X before 10.10.2 does not transition to the lo ...) NOT-FOR-US: Apple CVE-2014-8826 (LaunchServices in Apple OS X before 10.10.2 does not properly handle f ...) NOT-FOR-US: Apple CVE-2014-8825 (The kernel in Apple OS X before 10.10.2 does not properly perform iden ...) NOT-FOR-US: Apple CVE-2014-8824 (The kernel in Apple OS X before 10.10.2 does not properly validate IOD ...) NOT-FOR-US: Apple CVE-2014-8823 (The IOUSBControllerUserClient::ReadRegister function in the IOUSB cont ...) NOT-FOR-US: Apple CVE-2014-8822 (IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute a ...) NOT-FOR-US: Apple CVE-2014-8821 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local us ...) NOT-FOR-US: Apple CVE-2014-8820 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local us ...) NOT-FOR-US: Apple CVE-2014-8819 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local us ...) NOT-FOR-US: Apple CVE-2014-8818 REJECTED CVE-2014-8817 (coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 d ...) NOT-FOR-US: Apple CVE-2014-8816 (CoreGraphics in Apple OS X before 10.10 allows remote attackers to exe ...) NOT-FOR-US: Apple CVE-2014-8815 RESERVED CVE-2014-8814 RESERVED CVE-2014-8813 RESERVED CVE-2014-8812 RESERVED CVE-2014-8811 RESERVED CVE-2014-8810 (SQL injection vulnerability in ajax/mail_functions.php in the WP Sympo ...) NOT-FOR-US: WP Symposium plugin for WordPress CVE-2014-8809 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposiu ...) NOT-FOR-US: WP Symposium plugin for WordPress CVE-2014-8808 RESERVED CVE-2014-8807 RESERVED CVE-2014-8806 RESERVED CVE-2014-8805 RESERVED CVE-2014-8804 RESERVED CVE-2014-8803 RESERVED CVE-2014-8802 (The Pie Register plugin before 2.0.14 for WordPress does not properly ...) NOT-FOR-US: WordPress plugin Pie Register CVE-2014-8801 (Directory traversal vulnerability in services/getfile.php in the Paid ...) NOT-FOR-US: Paid Memberships Pro plugin for WordPress CVE-2014-8800 (Cross-site scripting (XSS) vulnerability in nextend-facebook-settings. ...) NOT-FOR-US: Nextend Facebook Connect plugin for WordPress CVE-2014-8799 (Directory traversal vulnerability in the dp_img_resize function in php ...) NOT-FOR-US: dp_img_resize function in php/dp-functions.php in the DukaPress plugin for WordPress CVE-2014-8798 RESERVED CVE-2014-8797 RESERVED CVE-2014-8796 RESERVED CVE-2014-8795 RESERVED CVE-2014-8794 RESERVED CVE-2014-8793 (Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/Pub ...) NOT-FOR-US: Revive Adserver CVE-2014-8792 RESERVED CVE-2014-8791 (project/register.php in Tuleap before 7.7, when sys_create_project_in_ ...) NOT-FOR-US: Enalean Tuleap CVE-2014-8790 (XML external entity (XXE) vulnerability in admin/api.php in GetSimple ...) NOT-FOR-US: GetSimple CMS CVE-2014-8789 (GleamTech FileVista before 6.1 allows remote authenticated users to cr ...) NOT-FOR-US: GleamTech FileVista CVE-2014-8788 (GleamTech FileVista before 6.1 allows remote authenticated users to ob ...) NOT-FOR-US: GleamTech FileVista CVE-2014-8787 RESERVED CVE-2014-8786 RESERVED CVE-2014-8785 RESERVED CVE-2014-8784 RESERVED CVE-2014-8783 RESERVED CVE-2014-8782 RESERVED CVE-2014-8781 RESERVED CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote a ...) NOT-FOR-US: Jease CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different c ...) NOT-FOR-US: Pexip Infinity CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authent ...) NOT-FOR-US: Checkmarx CVE-2014-8777 RESERVED CVE-2014-8776 RESERVED CVE-2014-8775 (MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag i ...) NOT-FOR-US: MODx Revolution CVE-2014-8774 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODX ...) NOT-FOR-US: MODx Revolution CVE-2014-8773 (MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass th ...) NOT-FOR-US: MODx Revolution CVE-2014-8772 (Cross-site scripting (XSS) vulnerability in the search_controller in X ...) NOT-FOR-US: X3 CMS CVE-2014-8771 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: X3 CMS CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in the M ...) NOT-FOR-US: Magento CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b NOTE: http://www.mantisbt.org/bugs/view.php?id=17742 CVE-2014-9622 (Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ...) {DSA-3131-1 DLA-217-1} - xdg-utils 1.1.0~rc1+git20111210-7.3 (bug #773085) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670 CVE-2014-8991 (pip 1.3 through 1.5.6 allows local users to cause a denial of service ...) - python-pip 1.5.6-4 (bug #725847) [wheezy] - python-pip (Vulnerable code only in >= 1.3) [squeeze] - python-pip (Vulnerable code only in >= 1.3) NOTE: https://github.com/pypa/pip/pull/2122 CVE-2014-8987 (Cross-site scripting (XSS) vulnerability in the "set configuration" bo ...) - mantis (Vulnerable code introduced later) NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17 NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089 NOTE: http://www.mantisbt.org/bugs/view.php?id=17870 CVE-2014-8884 (Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_ ...) {DSA-3093-1 DLA-118-1} - linux 3.16.7-ckt2-1 - linux-2.6 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1) CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensi ...) {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-2 (bug #770424) NOTE: http://www.securityfocus.com/archive/1/534009/30/0/threaded CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in tcpdump 4. ...) - tcpdump 4.6.2-2 (bug #770415) [wheezy] - tcpdump (Vulnerable code added in 4.5.0) [squeeze] - tcpdump (Vulnerable code added in 4.5.0) NOTE: http://www.securityfocus.com/archive/1/534010/30/0/threaded CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 through ...) {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-2 (bug #770434) NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded CVE-2014-8742 (Directory traversal vulnerability in the ReportDownloadServlet servlet ...) NOT-FOR-US: Lexmark CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet servle ...) NOT-FOR-US: Lexmark CVE-2014-8740 RESERVED CVE-2014-8739 (Unrestricted file upload vulnerability in server/php/UploadHandler.php ...) NOT-FOR-US: Joomla/Wordpress plugin CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote a ...) NOT-FOR-US: Drupal module Open Atrium Core CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7 ...) NOT-FOR-US: Drupal module Bad Behavior CVE-2014-8734 (The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal ...) NOT-FOR-US: Drupal module Organic Groups Menu CVE-2014-8733 (Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password ...) NOT-FOR-US: Cloudera Manager CVE-2014-8730 (The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 throu ...) NOT-FOR-US: SSL/TLS implementation error in F5 products (and historic NSS releases) CVE-2014-8729 RESERVED CVE-2014-8728 (SQL injection vulnerability in the login page (login/login) in Subex R ...) NOT-FOR-US: Subex CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2. ...) NOT-FOR-US: F5 BIG-IP CVE-2014-8726 RESERVED CVE-2014-8725 RESERVED CVE-2014-8724 (Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin ...) NOT-FOR-US: W3 Total Cache plugin for WordPress CVE-2014-8723 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: GetSimple CMS CVE-2014-8722 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: GetSimple CMS CVE-2014-8721 RESERVED CVE-2014-8720 RESERVED CVE-2014-8719 RESERVED CVE-2014-8718 RESERVED CVE-2014-8717 RESERVED CVE-2014-8715 RESERVED CVE-2014-8708 (Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: Pluck CMS CVE-2014-8707 (Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 ...) NOT-FOR-US: Pluck CMS CVE-2014-8706 (Pluck CMS 4.7.2 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Pluck CMS CVE-2014-8705 (PHP remote file inclusion vulnerability in editInplace.php in Wonder C ...) NOT-FOR-US: Wonder CMS CVE-2014-8704 (Directory traversal vulnerability in index.php in Wonder CMS 2014 allo ...) NOT-FOR-US: Wonder CMS CVE-2014-8703 (Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows rem ...) NOT-FOR-US: Wonder CMS CVE-2014-8702 (Wonder CMS 2014 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Wonder CMS CVE-2014-8701 (Wonder CMS 2014 allows remote attackers to obtain sensitive informatio ...) NOT-FOR-US: Wonder CMS CVE-2014-8700 RESERVED CVE-2014-8699 RESERVED CVE-2014-8698 RESERVED CVE-2014-8697 RESERVED CVE-2014-8696 RESERVED CVE-2014-8695 RESERVED CVE-2014-8694 RESERVED CVE-2014-8693 RESERVED CVE-2014-8692 RESERVED CVE-2014-8691 RESERVED CVE-2014-8690 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS be ...) NOT-FOR-US: Exponent CMS CVE-2014-8689 RESERVED CVE-2014-8688 (An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 fo ...) NOT-FOR-US: Telegram Messenger CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow rem ...) NOT-FOR-US: Seagate Business NAS devices CVE-2014-8686 (CodeIgniter before 2.2.0 makes it easier for attackers to decode sessi ...) - codeigniter (bug #471583) CVE-2014-8685 RESERVED CVE-2014-8684 (CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through ...) - codeigniter (bug #471583) CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (a ...) NOT-FOR-US: Go Git Service CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0. ...) NOT-FOR-US: Go Git Service CVE-2014-8681 (SQL injection vulnerability in the GetIssues function in models/issue. ...) NOT-FOR-US: Go Git Service CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remot ...) - bind9 (Only affects 9.10 to 9.11) NOTE: https://kb.isc.org/article/AA-01217/0 CVE-2014-8679 RESERVED CVE-2014-8678 (The ConfigSaveServlet servlet in ManageEngine OpUtils before build 710 ...) NOT-FOR-US: ManageEngine OpUtils CVE-2014-8677 (The installation process for SOPlanning 1.32 and earlier allows remote ...) NOT-FOR-US: SOPlanning CVE-2014-8676 (Directory traversal vulnerability in the file_get_contents function in ...) NOT-FOR-US: SOPlanning CVE-2014-8675 (Soplanning 1.32 and earlier generates static links for sharing ICAL ca ...) NOT-FOR-US: SOPlanning CVE-2014-8674 (Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple On ...) NOT-FOR-US: Simple Online Planning CVE-2014-8673 (Multiple SQL vulnerabilities exist in planning.php, user_list.php, pro ...) NOT-FOR-US: Simple Online Planning CVE-2014-8672 (Cross-site scripting (XSS) vulnerability in the RewardingYourself appl ...) NOT-FOR-US: RewardingYourself application for Android and BlackBerry CVE-2014-8671 (Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Sh ...) NOT-FOR-US: GWT Mobile PhoneGap Showcase application for Android CVE-2014-8670 (Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote ...) NOT-FOR-US: vBulletin CVE-2014-8669 (The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM ...) NOT-FOR-US: SAP CVE-2014-8668 (SQL injection vulnerability in SAP Contract Accounting allows remote a ...) NOT-FOR-US: SAP CVE-2014-8667 (Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Develop ...) NOT-FOR-US: SAP CVE-2014-8666 (The User & Server configuration, InfoView refresh, user rights (BI ...) NOT-FOR-US: SAP CVE-2014-8665 (The SAP Business Intelligence Development Workbench allows remote atta ...) NOT-FOR-US: SAP CVE-2014-8664 (SQL injection vulnerability in Product Safety (EHS-SAF) component in S ...) NOT-FOR-US: SAP CVE-2014-8663 (SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeave ...) NOT-FOR-US: SAP CVE-2014-8662 (Unspecified vulnerability in SAP Payroll Process allows remote attacke ...) NOT-FOR-US: SAP CVE-2014-8661 (The SAP CRM Internet Sales module allows remote attackers to execute a ...) NOT-FOR-US: SAP CVE-2014-8660 (SAP Document Management Services allows local users to execute arbitra ...) NOT-FOR-US: SAP CVE-2014-8659 (Directory traversal vulnerability in SAP Environment, Health, and Safe ...) NOT-FOR-US: SAP CVE-2014-8658 (Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme ...) NOT-FOR-US: Atlassian Confluence theme CVE-2014-8657 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gatew ...) NOT-FOR-US: Compal Gateways CVE-2014-8656 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gatew ...) NOT-FOR-US: Compal Gateways CVE-2014-8655 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gatew ...) NOT-FOR-US: Compal Gateways CVE-2014-8654 (Multiple cross-site request forgery (CSRF) vulnerabilities in Compal B ...) NOT-FOR-US: Compal Gateways CVE-2014-8653 (Cross-site scripting (XSS) vulnerability in Compal Broadband Networks ...) NOT-FOR-US: Compal Gateways CVE-2014-8652 (Elipse E3 3.x and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Elipse E3 CVE-2014-8649 REJECTED CVE-2014-8648 REJECTED CVE-2014-8647 REJECTED CVE-2014-8646 REJECTED CVE-2014-8645 REJECTED CVE-2014-8644 RESERVED CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to bypa ...) - iceweasel (Only affects Firefox on Windows) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-07.html CVE-2014-8642 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider ...) - iceweasel (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-08.html CVE-2014-8641 (Use-after-free vulnerability in the WebRTC implementation in Mozilla F ...) {DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-06.html CVE-2014-8640 (The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in ...) - iceweasel (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-05.html CVE-2014-8639 (Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird ...) {DSA-3132-1 DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel - icedove 31.4.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-04.html CVE-2014-8638 (The navigator.sendBeacon implementation in Mozilla Firefox before 35.0 ...) {DSA-3132-1 DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel - icedove 31.4.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-03.html CVE-2014-8637 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly ...) - iceweasel (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-02.html CVE-2014-8636 (The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaM ...) - iceweasel (Only affects versions > 31.x) NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-09.html CVE-2014-8635 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects versions > 31.x) CVE-2014-8634 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3132-1 DSA-3127-1} - iceweasel 31.4.0esr-1 [squeeze] - iceweasel - icedove 31.4.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-01.html CVE-2014-8633 RESERVED CVE-2014-8632 (The structured-clone implementation in Mozilla Firefox before 34.0 and ...) - iceweasel (Only affects Firefox 33) CVE-2014-8631 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...) - iceweasel (Only affects Firefox 33) CVE-2014-8630 (Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x ...) - bugzilla4 (bug #669643) - bugzilla [squeeze] - bugzilla NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065 CVE-2014-8629 (Cross-site scripting (XSS) vulnerability in the Page visualization age ...) NOT-FOR-US: Pandora FMS CVE-2014-8624 RESERVED CVE-2014-8623 RESERVED CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in th ...) NOT-FOR-US: Compfight plugin for WordPress CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 through 3. ...) NOT-FOR-US: Wordpress plugin CVE-2014-8620 RESERVED CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn configuratio ...) NOT-FOR-US: Fortinet FortiWeb CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in the theme login page in Fo ...) NOT-FOR-US: Fortinet FortiADC CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine ...) NOT-FOR-US: FortiMail CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiO ...) NOT-FOR-US: Fortinet FortiOS CVE-2014-8615 REJECTED CVE-2014-8614 REJECTED CVE-2014-8613 (The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before ...) [experimental] - kfreebsd-11 11.0~svn284956-1 - kfreebsd-10 10.1~svn274115-2 (bug #776416) - kfreebsd-9 [wheezy] - kfreebsd-9 9.0-10+deb70.8 NOTE: kfreebsd-9/9.0-10+deb70.8 disabled SCTP protocol - kfreebsd-8 [wheezy] - kfreebsd-8 (kfreebsd-8 only a test kernel, can be fixed in a point release) [squeeze] - kfreebsd-8 (kfreebsd-i386/amd64 not supported in Squeeze LTS) NOTE: https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc CVE-2014-8612 (Multiple array index errors in the Stream Control Transmission Protoco ...) [experimental] - kfreebsd-11 11.0~svn284956-1 - kfreebsd-10 10.1~svn274115-2 (bug #776415) - kfreebsd-9 [wheezy] - kfreebsd-9 9.0-10+deb70.8 NOTE: kfreebsd-9/9.0-10+deb70.8 disabled SCTP protocol - kfreebsd-8 [wheezy] - kfreebsd-8 (kfreebsd-8 only a test kernel, can be fixed in a point release) [squeeze] - kfreebsd-8 (kfreebsd-i386/amd64 not supported in Squeeze LTS) NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-15:02.kmem.asc CVE-2014-8611 (The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and ...) NOT-FOR-US: Apple CVE-2014-8610 (AndroidManifest.xml in Android before 5.0.0 does not require the SEND_ ...) NOT-FOR-US: Android CVE-2014-8609 (The addAccount method in src/com/android/settings/accounts/AddAccountS ...) NOT-FOR-US: Android CVE-2014-8608 (The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) be ...) NOT-FOR-US: K7 Computing CVE-2014-8607 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides ...) NOT-FOR-US: XCloner plugin for WordPress and Joomla! CVE-2014-8606 (Directory traversal vulnerability in the XCloner plugin 3.1.1 for Word ...) NOT-FOR-US: XCloner plugin for WordPress and Joomla! CVE-2014-8605 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores da ...) NOT-FOR-US: XCloner plugin for WordPress and Joomla! CVE-2014-8604 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns t ...) NOT-FOR-US: XCloner plugin for WordPress and Joomla! CVE-2014-8603 (cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5 ...) NOT-FOR-US: XCloner plugin for WordPress and Joomla! CVE-2014-8602 (iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegatio ...) {DSA-3097-1 DLA-107-1} - unbound 1.4.22-3 (bug #772622) NOTE: http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining, whi ...) {DSA-3096-1 DLA-104-1} - pdns-recursor 3.6.2-1 NOTE: http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ NOTE: Backported patches available at https://downloads.powerdns.com/patches/2014-02/ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.1 ...) - kde-runtime 4:4.14.2-2 (bug #769632) [wheezy] - kde-runtime (Minor issue) - kdebase-runtime [squeeze] - kdebase-runtime (Minor issue) - webkitkde 1.3.4-2 (unimportant) NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689 NOTE: kde-runtime: http://quickgit.kde.org/?p=kde-runtime.git&a=commit&h=d68703900edc8416fbcd2550cd336cbbb76decb9 NOTE: Upstream advisory: https://www.kde.org/info/security/advisory-20141113-1.txt NOTE: webkit not covered by security support CVE-2014-8599 RESERVED CVE-2014-8597 RESERVED CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...) NOT-FOR-US: PHP-Fusion CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...) {DSA-3140-1} - xen 4.4.1-4 (bug #770230) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x d ...) {DSA-3140-1} - xen 4.4.1-4 (low; bug #770230) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblin ...) NOT-FOR-US: Allomani Weblinks CVE-2014-8587 (SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8 ...) NOT-FOR-US: SAP NetWeaver CVE-2014-8586 (SQL injection vulnerability in the CP Multi View Event Calendar plugin ...) NOT-FOR-US: WordPress plugin CP Multi View Event Calendar CVE-2014-8585 (Directory traversal vulnerability in the WordPress Download Manager pl ...) NOT-FOR-US: WordPress plugin WordPress Download Manager NOTE: To be REJECTED CVE-2014-8584 (Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Vide ...) NOT-FOR-US: WordPress plugin Web Dorado Spider Video Player (aka WordPress Video Player) CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU bi ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141124-1 - binutils-mingw-w64 5.2 NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533 NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141124-1 - binutils-mingw-w64 5.2 NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552 NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 an ...) NOT-FOR-US: phpMemcachedAdmin CVE-2014-8731 (PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute ...) NOT-FOR-US: phpMemcachedAdmin CVE-2014-8716 (The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to c ...) {DLA-960-1 DLA-90-1} - imagemagick 8:6.8.9.9-3 (bug #768494) [squeeze] - imagemagick (Minor issue) NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456 CVE-2014-8714 (The dissect_write_structured_field function in epan/dissectors/packet- ...) {DSA-3076-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-2 (bug #769410) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-23.html NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. CVE-2014-8713 (Stack-based buffer overflow in the build_expert_data function in epan/ ...) {DSA-3076-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-2 (bug #769410) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. CVE-2014-8712 (The build_expert_data function in epan/dissectors/packet-ncp2222.inc i ...) {DSA-3076-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-2 (bug #769410) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. CVE-2014-8711 (Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQ ...) {DSA-3076-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-2 (bug #769410) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-21.html NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. CVE-2014-8710 (The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the ...) {DSA-3076-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-2 (bug #769410) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. CVE-2014-8709 (The ieee80211_fragment function in net/mac80211/tx.c in the Linux kern ...) {DLA-118-1} - linux 3.14.2-1 [wheezy] - linux 3.2.57-1 - linux-2.6 NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f (v3.14-rc3) NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2de8e0d999b8790861cd3749bec2236ccc1c8110 (v2.6.30-rc1) CVE-2014-8650 (python-requests-Kerberos through 0.5 does not handle mutual authentica ...) - python-requests-kerberos 0.5-2 (bug #768408) NOTE: https://github.com/requests/requests-kerberos/pull/36 NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6 CVE-2014-8628 (Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows re ...) {DSA-3116-1 DLA-129-1} - polarssl 1.3.9-1 NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following. NOTE: Patch for 1.2.x: https://github.com/polarssl/polarssl/commit/6b440389136afbcb0d831f880176c830bd3e0c7c NOTE: Version 1.2.11 also brings other security-relevant fixes. Maybe update to new upstream version? CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorithm to ...) - polarssl 1.3.9-1 [wheezy] - polarssl (Problem introduced in 1.3.8) [squeeze] - polarssl (Problem introduced in 1.3.8) CVE-2014-8626 (Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ...) - php5 5.2.9.dfsg.1-1 NOTE: https://bugs.php.net/bug.php?id=45226 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db CVE-2014-8625 (Multiple format string vulnerabilities in the parse_error_msg function ...) - dpkg 1.17.22 (unimportant; bug #768485) [wheezy] - dpkg 1.16.16 [squeeze] - dpkg (Regression introduced in 1.16.2) NOTE: Rendered non-exploitable by toolchain hardening NOTE: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135 NOTE: Regression introduced with https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=0b8652b226a7601dfd71471797d15168a7337242 (1.16.2) CVE-2014-8598 (The XML Import/Export plugin in MantisBT 1.2.x does not restrict acces ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://github.com/mantisbt/mantisbt/commit/80a15487 NOTE: http://www.mantisbt.org/bugs/view.php?id=17780 CVE-2014-8592 (Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver ...) NOT-FOR-US: SAP NetWeaver CVE-2014-8591 (Unspecified vulnerability in SAP Internet Communication Manager (ICM), ...) NOT-FOR-US: SAP NetWeaver CVE-2014-8590 (XML external entity (XXE) vulnerability in the Web Service Navigator i ...) NOT-FOR-US: SAP NetWeaver Application Server CVE-2014-8589 (Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allo ...) NOT-FOR-US: SAP Network Interface Router CVE-2014-8588 (SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.37937 ...) NOT-FOR-US: SAP HANA CVE-2014-8581 RESERVED CVE-2014-8580 (Citrix NetScaler Application Delivery Controller and NetScaler Gateway ...) NOT-FOR-US: Citrix Netscaler CVE-2014-8579 (TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardco ...) NOT-FOR-US: TRENDnet TEW-823DRU devices CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in OpenSt ...) - horizon 2014.1.1-3 [wheezy] - horizon (Vulnerable code not present) NOTE: this was split from CVE-2014-3475 by MITRE CVE-2014-8577 (Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2 ...) NOT-FOR-US: Croogo CVE-2014-8576 REJECTED CVE-2014-8575 REJECTED CVE-2014-8574 REJECTED CVE-2014-8573 REJECTED CVE-2014-8572 (Huawei AC6605 with software V200R001C00; AC6605 with software V200R002 ...) NOT-FOR-US: Huawei CVE-2014-8571 (Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001 ...) NOT-FOR-US: Huawei CVE-2014-8570 (Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703 ...) NOT-FOR-US: Huawei CVE-2014-8569 RESERVED CVE-2014-8568 RESERVED CVE-2014-8565 REJECTED CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3. ...) - gnutls28 3.3.8-4 (bug #769154) - gnutls26 (Vulnerable code not present; no support for ECC) NOTE: https://gitlab.com/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b (3.3.x branch) NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 NOTE: in experimental fixed in 3.3.10-1 CVE-2014-8563 (Synacor Zimbra Collaboration before 8.0.9 allows plaintext command inj ...) NOT-FOR-US: Synacor Zimbra Collaboration CVE-2014-8560 RESERVED CVE-2014-8558 (JExperts Channel Platform 5.0.33_CCB allows remote authenticated users ...) NOT-FOR-US: JExperts Tecnologia Channel Software CVE-2014-8557 (Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channe ...) NOT-FOR-US: JExperts Tecnologia Channel Software CVE-2014-8556 RESERVED CVE-2014-8555 (Directory traversal vulnerability in report/reportViewAction.jsp in Pr ...) NOT-FOR-US: Progress Software OpenEdge CVE-2014-8553 (The mci_account_get_array_by_id function in api/soap/mc_account_api.ph ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://www.mantisbt.org/bugs/view.php?id=17243 (currently private) NOTE: https://github.com/mantisbt/mantisbt/commit/f779e3d4394a0638d822849863c4098421d911c5 CVE-2014-8552 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before ...) NOT-FOR-US: Siemens CVE-2014-8551 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before ...) NOT-FOR-US: Siemens CVE-2014-8550 RESERVED CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the numb ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Vulnerable code not present) - libav 6:11.2-1 (bug #773626) [wheezy] - libav (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686 CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows rem ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute i ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903 CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allow ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav (Vulnerable code not present, reproducer tested with 8, 11 and trunk) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5 CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-blac ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6 CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bi ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.3-1 (bug #773626) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186 CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all line ...) {DSA-3189-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28 CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID dur ...) {DLA-1654-1} - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) [wheezy] - libav (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=88626e5af8d006e67189bf10b96b982502a7e8ad CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...) - ffmpeg 7:2.4.3-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:11.2-1 (bug #773626) [wheezy] - libav (Vulnerable code not present) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550 CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 an ...) NOT-FOR-US: Simple Email CVE-2014-8651 (The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...) - kde-workspace 4:4.11.13-2 (unimportant) NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6 NOTE: On Debian changing the clock requires authentication, so it's not exploitable NOTE: in the standard setup CVE-2014-8583 (mod_wsgi before 4.2.4 for Apache, when creating a daemon process group ...) - mod-wsgi 4.2.7-1 [wheezy] - mod-wsgi (Minor issue) [squeeze] - mod-wsgi (Minor issue) NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd CVE-2014-8582 (FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point ...) NOT-FOR-US: FortiNet FortiADC-E CVE-2014-8567 (The mod_auth_mellon module before 0.8.1 allows remote attackers to cau ...) - libapache2-mod-auth-mellon 0.9.0 CVE-2014-8566 (The mod_auth_mellon module before 0.8.1 allows remote attackers to obt ...) - libapache2-mod-auth-mellon 0.9.1 CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments function ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=17812 NOTE: http://github.com/mantisbt/mantisbt/commit/99ffb0af (1.2.x branch) NOTE: http://github.com/mantisbt/mantisbt/commit/5faf97ab (master) CVE-2014-8540 (The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authen ...) - gitlab (Fixed before initial upload to Debian) CVE-2014-8538 (The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for A ...) NOT-FOR-US: Hijab Modern (aka com.Aisyaidea.HijabModern) application for Android CVE-2014-8537 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local u ...) NOT-FOR-US: McAfee CVE-2014-8536 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local u ...) NOT-FOR-US: McAfee CVE-2014-8535 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local u ...) NOT-FOR-US: McAfee CVE-2014-8534 (Unspecified vulnerability in the login form in McAfee Network Data Los ...) NOT-FOR-US: McAfee CVE-2014-8533 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote at ...) NOT-FOR-US: McAfee CVE-2014-8532 (Unspecified vulnerability in McAfee Network Data Loss Prevention befor ...) NOT-FOR-US: McAfee CVE-2014-8531 (The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) befor ...) NOT-FOR-US: McAfee CVE-2014-8530 (Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP ...) NOT-FOR-US: McAfee CVE-2014-8529 (McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH k ...) NOT-FOR-US: McAfee CVE-2014-8528 (McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session IDs ...) NOT-FOR-US: McAfee CVE-2014-8527 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local use ...) NOT-FOR-US: McAfee CVE-2014-8526 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local use ...) NOT-FOR-US: McAfee CVE-2014-8525 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include ...) NOT-FOR-US: McAfee CVE-2014-8524 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable ...) NOT-FOR-US: McAfee CVE-2014-8523 (Cross-site request forgery (CSRF) vulnerability in McAfee Network Data ...) NOT-FOR-US: McAfee CVE-2014-8522 (The MySQL database in McAfee Network Data Loss Prevention (NDLP) befor ...) NOT-FOR-US: McAfee CVE-2014-8521 (Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss P ...) NOT-FOR-US: McAfee CVE-2014-8520 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote at ...) NOT-FOR-US: McAfee CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP ...) NOT-FOR-US: McAfee CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite access o ...) NOT-FOR-US: McAfee CVE-2014-8516 (Unrestricted file upload vulnerability in Visual Mining NetCharts Serv ...) NOT-FOR-US: Visual Mining NetCharts Server CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute arb ...) NOT-FOR-US: uTorrent CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...) NOT-FOR-US: Schneider Electric ProClima CVE-2014-8513 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Elec ...) NOT-FOR-US: Schneider Electric ProClima CVE-2014-8512 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electr ...) NOT-FOR-US: Schneider Electric ProClima CVE-2014-8511 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electr ...) NOT-FOR-US: Schneider Electric ProClima CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (I ...) NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...) NOT-FOR-US: BitTorrent bootstrap-dht (aka Bootstrap) CVE-2014-8508 (Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon ...) NOT-FOR-US: Denon devices CVE-2014-8507 (Multiple SQL injection vulnerabilities in the queryLastApp method in p ...) NOT-FOR-US: Android CVE-2014-8506 (Multiple SQL injection vulnerabilities in Etiko CMS allow remote attac ...) NOT-FOR-US: Etiko CMS CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...) NOT-FOR-US: Etiko CMS CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141104-1 - binutils-mingw-w64 5.2 NOTE: http://openwall.com/lists/oss-security/2014/10/27/4 NOTE: http://openwall.com/lists/oss-security/2014/10/27/5 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0 CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141104-1 - binutils-mingw-w64 5.2 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32 CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in bfd/peXXi ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141104-1 - binutils-mingw-w64 5.2 NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339 CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutil ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141104-1 - binutils-mingw-w64 5.2 - gdb (unimportant) NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...) {DSA-3094-1 DLA-112-1} - bind9 1:9.9.5.dfsg-7 (bug #772610) NOTE: https://kb.isc.org/article/AA-01216/0 CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password Manage ...) NOT-FOR-US: ManageEngine Password Manager Pro (PMP) CVE-2014-8498 (SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine ...) NOT-FOR-US: ManageEngine Password Manager Pro (PMP) CVE-2014-8497 RESERVED CVE-2014-8496 (Digicom DG-5514T ADSL router with firmware 3.2 generates predictable s ...) NOT-FOR-US: Digicom Router CVE-2014-8495 (Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 app ...) NOT-FOR-US: Citrix XenMobile MDX Toolkit CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) ...) NOT-FOR-US: ESTsoft ALUpdate CVE-2014-8493 (ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to ...) NOT-FOR-US: ZTE ZXHN H108L CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fal ...) NOT-FOR-US: Wordpress plugin CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...) NOT-FOR-US: Grand Flagallery plugin for WordPress CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...) NOT-FOR-US: TennisConnect COMPONENTS CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...) {DSA-3130-1} - lsyncd 2.1.5-2 (low; bug #767227) [squeeze] - lsyncd (Minor issue) NOTE: https://github.com/axkibe/lsyncd/issues/220 NOTE: Upstream commit: https://github.com/creshal/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52 NOTE: also required: https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b NOTE: the initial commit would be an incomplete fix and needs additional changes CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 ...) {DSA-3170-1} - linux 3.16.7-ckt4-1 - linux-2.6 (Introduced in 2.6.38) NOTE: References in https://www.openwall.com/lists/oss-security/2014/10/30/7 NOTE: Upstream fix: https://git.kernel.org/linus/ca5358ef75fc69fee5322a38a340f5739d997c10 (v3.19-rc1) NOTE: Upstream fix: https://git.kernel.org/linus/946e51f2bf37f1656916eb75bd0742ba33983c28 (v3.19-rc1) CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in Net ...) - tnftp 20130505-2 (low; bug #767171) [wheezy] - tnftp (Minor issue) [squeeze] - tnftp (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2014/10/28/4 CVE-2014-9915 (Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers ...) - imagemagick 8:6.8.9.9-1 (bug #767240) [wheezy] - imagemagick (Vulnerable code not present) [squeeze] - imagemagick (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 CVE-2014-8355 (PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers ...) {DLA-960-1 DLA-242-1} - imagemagick 8:6.8.9.9-1 (bug #767240) [squeeze] - imagemagick (Minor issue) NOTE: https://int21.de/cve/CVE-2014-8355-pcx-oob-heap-overflow.html - graphicsmagick 1.3.20-3+deb8u1 (bug #778238) [wheezy] - graphicsmagick (Minor issue) [squeeze] - graphicsmagick (Minor issue) NOTE: http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/ (graphicsmagick) CVE-2014-8562 (DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to ca ...) {DLA-960-1 DLA-242-1} - imagemagick 8:6.8.9.9-1 (bug #767240) [squeeze] - imagemagick (Minor issue) CVE-2014-8354 (The HorizontalFilter function in resize.c in ImageMagick before 6.8.9- ...) {DLA-960-1 DLA-242-1} - imagemagick 8:6.8.9.9-1 [squeeze] - imagemagick (Minor issue) NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html CVE-2014-8561 (imagemagick 6.8.9.6 has remote DOS via infinite loop ...) - imagemagick 8:6.8.9.9-1 (bug #764872) [wheezy] - imagemagick (Vulnerable code introduced later; regression) [squeeze] - imagemagick (Vulnerable code introduced later; regression) CVE-2014-8489 (Open redirect vulnerability in startSSO.ping in the SP Endpoints in Pi ...) NOT-FOR-US: PingFederate SP Endpoints CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...) NOT-FOR-US: yourls CVE-2014-8487 (Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and earl ...) NOT-FOR-US: Kony Management CVE-2014-8486 REJECTED CVE-2014-8482 RESERVED CVE-2014-8479 (The FTP server on Siemens SCALANCE X-300 switches with firmware before ...) NOT-FOR-US: FTP server on Siemens SCALANCE X-300 switches CVE-2014-8478 (The web server on Siemens SCALANCE X-300 switches with firmware before ...) NOT-FOR-US: web server on Siemens SCALANCE X-300 switches CVE-2014-8477 RESERVED CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initial ...) {DSA-3070-1} [experimental] - kfreebsd-11 11.0~svn284956-1 (bug #768109) - kfreebsd-10 10.1~svn274115-1 (bug #768108) - kfreebsd-9 (bug #768104) - kfreebsd-8 (bug #768106) [wheezy] - kfreebsd-8 (kfreebsd-8 only a test kernel, can be fixed in a point release) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) NOTE: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc CVE-2014-8475 (FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos suppo ...) - openssh (freebsd-specific build system issue) CVE-2014-8474 (CA Cloud Service Management (CSM) before Summer 2014 allows remote att ...) NOT-FOR-US: CA Cloud Service Management CVE-2014-8473 (Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Ma ...) NOT-FOR-US: CA Cloud Service Management CVE-2014-8472 (CA Cloud Service Management (CSM) before Summer 2014 does not properly ...) NOT-FOR-US: CA Cloud Service Management CVE-2014-8471 (CA Cloud Service Management (CSM) before Summer 2014 allows remote att ...) NOT-FOR-US: CA Cloud Service Management CVE-2014-8470 RESERVED CVE-2014-8469 (Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in ...) NOT-FOR-US: PHPFox CVE-2014-7401 REJECTED CVE-2014-8483 (The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allo ...) {DSA-3068-1 DSA-3063-1 DLA-168-1} - quassel 0.10.0-2.1 (bug #766962) [squeeze] - quassel (Problematic code does not exist in 0.6.3-2+squeeze2) NOTE: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138 NOTE: http://bugs.quassel-irc.org/issues/1314 - konversation 1.5-2 (bug #768191) NOTE: https://bugs.kde.org/show_bug.cgi?id=210792 CVE-2014-8481 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...) - linux (Present in 3.17 with incomplete fix) - linux-2.6 (Present in 3.17 with incomplete fix) NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32 CVE-2014-8480 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...) - linux (Introduced in 3.17) - linux-2.6 (Introduced in 3.17) NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1) NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5 CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 a ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.90.20141104-1 - binutils-mingw-w64 5.2 NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510 CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...) {DSA-3123-2 DSA-3123-1 DLA-184-1} - binutils 2.24.51.20140903-1 - binutils-mingw-w64 5.2 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509 NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f NOTE: http://openwall.com/lists/oss-security/2014/10/23/5 CVE-2014-8468 RESERVED CVE-2014-8467 RESERVED CVE-2014-8466 RESERVED CVE-2014-8465 RESERVED CVE-2014-8464 RESERVED CVE-2014-8463 RESERVED CVE-2014-8462 RESERVED CVE-2014-8461 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8460 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...) NOT-FOR-US: Adobe Reader CVE-2014-8459 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8458 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8457 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...) NOT-FOR-US: Adobe Reader CVE-2014-8456 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8455 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-8454 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-8453 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8452 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8451 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader CVE-2014-8450 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-8449 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-8448 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...) NOT-FOR-US: Adobe Reader CVE-2014-8447 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8446 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8445 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 o ...) NOT-FOR-US: Adobe Reader CVE-2014-8444 REJECTED CVE-2014-8443 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 a ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8442 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8441 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8440 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8439 (Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8438 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 a ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8437 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-8436 RESERVED CVE-2014-8435 RESERVED CVE-2014-8434 RESERVED CVE-2014-8433 RESERVED CVE-2014-8432 RESERVED CVE-2014-8431 RESERVED CVE-2014-8430 RESERVED CVE-2014-8429 (Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats x ...) NOT-FOR-US: xEpan CMS CVE-2014-8428 (Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.01 ...) NOT-FOR-US: Barracuda CVE-2014-8427 RESERVED CVE-2014-8426 (Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. ...) NOT-FOR-US: Barracuda CVE-2014-8425 (The management portal in ARRIS VAP2500 before FW08.41 allows remote at ...) NOT-FOR-US: Management portal in ARRIS VAP2500 CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords, whi ...) NOT-FOR-US: ARRIS VAP2500 CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 be ...) NOT-FOR-US: ARRIS VAP2500 CVE-2014-8422 (The web-based management (WBM) interface in Unify (former Siemens) Ope ...) NOT-FOR-US: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 de ...) NOT-FOR-US: Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management Syst ...) NOT-FOR-US: Dell SonicWALL CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...) NOT-FOR-US: Wibu-Systems CodeMeter Runtime CVE-2014-8418 (The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...) {DLA-455-1} - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24534 NOTE: http://downloads.digium.com/pub/security/AST-2014-018.html CVE-2014-8417 (ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13 ...) - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 [wheezy] - asterisk (Only affects 11.x, 12.x and 13.x) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490 NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html CVE-2014-8416 (Use-after-free vulnerability in the PJSIP channel driver in Asterisk O ...) - asterisk 1:13.1.0~dfsg-1 [jessie] - asterisk (PJSIP channel not available yet) [wheezy] - asterisk (PJSIP channel not available yet) [squeeze] - asterisk (PJSIP channel not available yet) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471 NOTE: http://downloads.digium.com/pub/security/AST-2014-016.html CVE-2014-8415 (Race condition in the chan_pjsip channel driver in Asterisk Open Sourc ...) - asterisk 1:13.1.0~dfsg-1 [jessie] - asterisk (PJSIP channel not available yet) [wheezy] - asterisk (PJSIP channel not available yet) [squeeze] - asterisk (PJSIP channel not available yet) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471 NOTE: http://downloads.digium.com/pub/security/AST-2014-015.html CVE-2014-8414 (ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...) - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 [wheezy] - asterisk (Only affects 11.x) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440 NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html CVE-2014-8413 (The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 an ...) - asterisk 1:13.1.0~dfsg-1 [jessie] - asterisk (PJSIP channel not available yet) [wheezy] - asterisk (PJSIP channel not available yet) [squeeze] - asterisk (PJSIP channel not available yet) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531 NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html CVE-2014-8412 (The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Inte ...) {DLA-455-1} - asterisk 1:13.1.0~dfsg-1 (bug #771463) [jessie] - asterisk 1:11.13.1~dfsg-2 [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24469 NOTE: http://downloads.digium.com/pub/security/AST-2014-012.html CVE-2014-8411 RESERVED CVE-2014-8410 RESERVED CVE-2014-8409 RESERVED CVE-2014-8408 RESERVED CVE-2014-8407 RESERVED CVE-2014-8406 RESERVED CVE-2014-8405 RESERVED CVE-2014-8404 RESERVED CVE-2014-8403 RESERVED CVE-2014-8402 RESERVED CVE-2014-8401 RESERVED CVE-2014-8400 RESERVED CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick allo ...) NOT-FOR-US: Corel FastFlick CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or Fas ...) NOT-FOR-US: Corel CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local u ...) NOT-FOR-US: Corel PDF Fusion CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local ...) NOT-FOR-US: Corel Painter CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow ...) NOT-FOR-US: Corel CAD CVE-2014-8393 (DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Cor ...) NOT-FOR-US: Corel CVE-2014-8392 RESERVED CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle sess ...) NOT-FOR-US: Sendio CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...) NOT-FOR-US: Schneider Electric CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 ...) NOT-FOR-US: AirLive CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point all ...) NOT-FOR-US: Advantech EKI-6340 CVE-2014-8386 (Multiple stack-based buffer overflows in Advantech AdamView 4.3 and ea ...) NOT-FOR-US: Advantech AdamView CVE-2014-8385 (Buffer overflow on Advantech EKI-1200 gateways with firmware before 1. ...) NOT-FOR-US: Advantech EKI-1200 gateways CVE-2014-8384 (The InFocus IN3128HD projector with firmware 0.26 does not restrict ac ...) NOT-FOR-US: InFocus IN3128HD projector CVE-2014-8383 (The InFocus IN3128HD projector with firmware 0.26 allows remote attack ...) NOT-FOR-US: InFocus IN3128HD projector CVE-2014-8382 RESERVED CVE-2014-8381 (Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Porta ...) NOT-FOR-US: Megapolis.Portal Manager CVE-2014-8380 (Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote ...) NOT-FOR-US: Splunk CVE-2014-8379 (Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA ...) NOT-FOR-US: Drupal module Marketo MA CVE-2014-8378 (Cross-site scripting (XSS) vulnerability in the TableField module 7.x- ...) NOT-FOR-US: Drupal module TableField CVE-2014-8377 (Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2 ...) NOT-FOR-US: Webasyst Shop-Script CVE-2014-8376 (Cross-site scripting (XSS) vulnerability in the context administration ...) NOT-FOR-US: Drupal module Site Banner CVE-2014-8375 (SQL injection vulnerability in GBgallery.php in the GB Gallery Slidesh ...) NOT-FOR-US: WordPress plugin GB Gallery Slideshow CVE-2014-8374 REJECTED CVE-2014-8373 (The VMware Remote Console (VMRC) function in VMware vCloud Automation ...) NOT-FOR-US: VMware vCloud Automation Center CVE-2014-8372 (AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote ...) NOT-FOR-US: VMware AirWatch CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...) NOT-FOR-US: VMware vSphere CVE-2014-8370 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, ...) NOT-FOR-US: VMware CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kern ...) {DSA-3093-1} - linux 3.16.7-ckt2-1 - linux-2.6 (Incomplete fix for CVE-2014-3601 was not applied) NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 NOTE: Fixed by: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f CVE-2014-8368 (The web interface in Aruba Networks AirWave before 7.7.14 and 8.x befo ...) NOT-FOR-US: Aruba Networks AirWave CVE-2014-8367 (SQL injection vulnerability in Aruba Networks ClearPass Policy Manager ...) NOT-FOR-US: Aruba Networks ClearPass Policy Manager CVE-2014-8366 (SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote a ...) NOT-FOR-US: openSIS CVE-2014-8365 (Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact ...) NOT-FOR-US: Xornic Contact Us Form CVE-2014-8364 (Cross-site scripting (XSS) vulnerability in ss_handler.php in the Word ...) NOT-FOR-US: WordPress plugin wpSS CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress Spreads ...) NOT-FOR-US: WordPress plugin wpSS CVE-2014-8362 (Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable ...) NOT-FOR-US: Vivint Sky Control Panel CVE-2014-8361 (The miniigd SOAP service in Realtek SDK allows remote attackers to exe ...) NOT-FOR-US: Realtek SDK CVE-2014-8360 (Directory traversal vulnerability in inc/autoload.function.php in GLPI ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: original bug: https://forge.indepnet.net/issues/5101 NOTE: followup: https://forge.indepnet.net/issues/5113 NOTE: appears to be a generic autoloading abuse; possibly with NOTE: some use of simplepie being the attack vector CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for Windo ...) NOT-FOR-US: Huawei Mobile Partner for Windows CVE-2014-8358 (Huawei EC156, EC176, and EC177 USB Modem products with software before ...) NOT-FOR-US: Huawei CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID GPO ...) NOT-FOR-US: ZHONE Router CVE-2014-8356 (The web administrative portal in Zhone zNID 2426A before S3.0.501 allo ...) NOT-FOR-US: ZHONE Router CVE-2014-8353 RESERVED CVE-2014-8352 (Cross-site scripting (XSS) vulnerability in json.php in French Nationa ...) NOT-FOR-US: CookieViz CVE-2014-8351 (SQL injection vulnerability in info.php in French National Commission ...) NOT-FOR-US: CookieViz CVE-2014-8349 (Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise ...) NOT-FOR-US: Liferay Portal CVE-2014-8348 RESERVED CVE-2014-8347 (An Authentication Bypass vulnerability exists in the MatchPasswordData ...) NOT-FOR-US: Filemaker CVE-2014-8346 (The Remote Controls feature on Samsung mobile devices does not validat ...) NOT-FOR-US: Samsung mobile devices CVE-2014-8345 RESERVED CVE-2014-8344 RESERVED CVE-2014-8343 RESERVED CVE-2014-8342 RESERVED CVE-2014-8341 RESERVED CVE-2014-8340 (SQL injection vulnerability in Php/Functions/log_function.php in phpTr ...) NOT-FOR-US: phpTrafficA CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...) NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare CVE-2014-8338 (Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/ ...) NOT-FOR-US: VideoWhisper Webcam plugins for Drupal CVE-2014-8337 (Unrestricted file upload vulnerability in includes/classes/uploadify-v ...) NOT-FOR-US: HelpDEZk CVE-2014-8336 (The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugi ...) NOT-FOR-US: WP-DBManager plugin for WordPress CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager ( ...) NOT-FOR-US: WP-DBManager (aka Database Manager) plugin for WordPress CVE-2014-8334 (The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPr ...) NOT-FOR-US: WordPress plugin wp-dbmanager CVE-2014-8332 RESERVED CVE-2014-8331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei H ...) NOT-FOR-US: Huawei HiLink CVE-2014-8330 (Cross-site scripting (XSS) vulnerability in EspoCRM allows remote auth ...) NOT-FOR-US: EspoCRM CVE-2014-8329 (Schrack Technik microControl with firmware before 1.7.0 (937) stores s ...) NOT-FOR-US: Schrack Technik microControl CVE-2014-8324 (network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/16 CVE-2014-8323 (buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70 NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/15 CVE-2014-8322 (Stack-based buffer overflow in the tcp_test function in aireplay-ng.c ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/14 CVE-2014-8321 (Stack-based buffer overflow in the gps_tracker function in airodump-ng ...) - aircrack-ng 1:1.2-0~beta3-2 (bug #767979) NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5 NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/13 CVE-2014-8320 (Cross-site scripting (XSS) vulnerability in the Custom Search module 6 ...) NOT-FOR-US: Drupal module Custom Search CVE-2014-8319 (Cross-site scripting (XSS) vulnerability in the easy_social_admin_summ ...) NOT-FOR-US: Drupal module Easy Social CVE-2014-8318 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...) NOT-FOR-US: Drupal module Webform CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validation mod ...) NOT-FOR-US: Drupal module Webform Validation CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...) {DLA-452-1} - smarty3 3.1.21-1 (bug #765920) [squeeze] - smarty3 (Unsupported in squeeze-lts) - smarty (Only affects 3.x series) NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon debugg ...) - systemd-shim 8-4 NOTE: Fixed by: https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893 NOTE: with version 8-4 systemd-shim does not ship anymore a dbus policy, see https://bugs.debian.org/765101 CVE-2014-8333 (The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows r ...) - nova 2014.1.3-7 [wheezy] - nova (Vulnerable code not present) NOTE: versions affected up to to 2014.1.3 NOTE: https://launchpad.net/bugs/1359138 NOTE: https://review.openstack.org/125492 CVE-2014-8328 (The default configuration in the Dynamic Content Elements (dce) extens ...) NOT-FOR-US: TYPO3 extension dce CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions fo ...) NOT-FOR-US: TYPO3 extension fal_sftp CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) - phpmyadmin 4:4.2.10.1-1 (low) [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-12/ CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 ...) NOT-FOR-US: TYPO3 extension cal CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP Bus ...) NOT-FOR-US: SAP BusinessObjects Explorer CVE-2014-8315 (polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 repl ...) NOT-FOR-US: SAP BusinessObjects Explorer CVE-2014-8314 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Develo ...) NOT-FOR-US: SAP HANA CVE-2014-8313 (Eval injection in ide/core/base/server/net.xsjs in the Developer Workb ...) NOT-FOR-US: SAP HANA CVE-2014-8312 (Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote au ...) NOT-FOR-US: SAP Netweaver AS ABAP CVE-2014-8311 (SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensiti ...) NOT-FOR-US: SAP BusinessObjects Edge CVE-2014-8310 (The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows remot ...) NOT-FOR-US: SAP BusinessObjects BI Edge CVE-2014-8309 (SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 gener ...) NOT-FOR-US: SAP CVE-2014-8308 (Cross-site scripting (XSS) vulnerability in the Send to Inbox function ...) NOT-FOR-US: SAP BusinessObjects BI EDGE CVE-2014-8307 (Multiple cross-site scripting (XSS) vulnerabilities in skins/default/o ...) NOT-FOR-US: C97net Cart Engine CVE-2014-8306 (SQL injection vulnerability in the sql_query function in cart.php in C ...) NOT-FOR-US: C97net Cart Engine CVE-2014-8305 (Open redirect vulnerability in the redir function in includes/function ...) NOT-FOR-US: C97net Cart Engine CVE-2014-8304 (Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and ea ...) NOT-FOR-US: In-Portal CVE-2014-8303 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...) NOT-FOR-US: Splunk Web CVE-2014-8302 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...) NOT-FOR-US: Splunk Web CVE-2014-8301 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...) NOT-FOR-US: Splunk Web CVE-2014-8300 RESERVED CVE-2014-8299 RESERVED CVE-2014-8298 (The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R ...) - nvidia-graphics-drivers 340.65-1 [wheezy] - nvidia-graphics-drivers (Non-free not supported) [squeeze] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx 304.125-1 - nvidia-graphics-drivers-legacy-173xx (bug #772973) [wheezy] - nvidia-graphics-drivers-legacy-173xx (Non-free not supported) [squeeze] - nvidia-graphics-drivers-legacy-173xx (Non-free not supported) - nvidia-graphics-drivers-legacy-96xx (bug #772972) [wheezy] - nvidia-graphics-drivers-legacy-96xx (Non-free not supported) [squeeze] - nvidia-graphics-drivers-legacy-96xx (Non-free not supported) CVE-2014-8297 RESERVED CVE-2014-8296 (Cross-site scripting (XSS) vulnerability in the Modal Frame API module ...) NOT-FOR-US: Drupal module Modal Frame API CVE-2014-XXXX [freecad downloads and executes code] - freecad 0.14.3702+dfsg-3 (bug #764814) [squeeze] - freecad (Problematic code not present) NOTE: http://freecadweb.org/tracker/view.php?id=1785 CVE-2014-8295 (SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows ...) NOT-FOR-US: Bacula-Web NOTE: Bacula-Web is not part of bacula itself and not ITP #656891 CVE-2014-8294 (Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4 ...) NOT-FOR-US: Voice Of Web AllMyGuests CVE-2014-8293 (Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests 0 ...) NOT-FOR-US: Voice Of Web AllMyGuests CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP ...) {DSA-3059-1 DLA-79-1} - dokuwiki 0.0.20140929.a-1 (bug #766545) [jessie] - dokuwiki (PHP 5.6 in jessie fixes this on the PHP level, see #766545) NOTE: Fix at PHP level: https://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP auth ...) {DSA-3059-1 DLA-79-1} - dokuwiki 0.0.20140929.a-1 (bug #766545) [jessie] - dokuwiki (PHP 5.6 in jessie fixes this on the PHP level, see #766545) NOTE: Fix at PHP level: https://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remo ...) {DSA-3059-1} - dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545) [squeeze] - dokuwiki (Vulnerable code not present) CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access ...) {DSA-3059-1} - dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545) [squeeze] - dokuwiki (Vulnerable code not present) CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required setting ...) {DLA-881-1} - ejabberd 14.07-3 (low; bug #767535) [squeeze] - ejabberd (Minor issue) NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b CVE-2014-8759 RESERVED CVE-2014-8758 (Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin ...) NOT-FOR-US: Wordpress plugin CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to byp ...) NOT-FOR-US: LG On-Screen Phone CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder befo ...) NOT-FOR-US: Panasonic Network Camera CVE-2014-8755 (Panasonic Network Camera View 3 and 4 allows remote attackers to execu ...) NOT-FOR-US: Panasonic Network Camera CVE-2014-8754 (Open redirect vulnerability in track-click.php in the Ad-Manager plugi ...) NOT-FOR-US: WordPress plugin ad-manager-for-wp CVE-2014-8753 (Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e ...) NOT-FOR-US: Cit-e-Net CVE-2014-8752 (Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE ...) NOT-FOR-US: JCE-Tech PHP Video Script CVE-2014-8751 (Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress ...) NOT-FOR-US: goYWP WebPress CVE-2014-8749 (Server-side request forgery (SSRF) vulnerability in admin/htaccess/bps ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2014-8748 (Cross-site scripting (XSS) vulnerability in the Google Doubleclick for ...) NOT-FOR-US: Drupal module Google Doubleclick for Publishers CVE-2014-8747 (Cross-site scripting (XSS) vulnerability in the Drupal Commons module ...) NOT-FOR-US: Drupal module Drupal Commons CVE-2014-8746 (Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 ...) NOT-FOR-US: Drupal theme Skeleton CVE-2014-8745 (Cross-site scripting (XSS) vulnerability in the Custom Search module 6 ...) NOT-FOR-US: Drupal module Custom Search CVE-2014-8744 (Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x ...) NOT-FOR-US: Drupal module Nivo Slider CVE-2014-8743 (Multiple cross-site scripting (XSS) vulnerabilities in the Maestro mod ...) NOT-FOR-US: Drupal module Maestro CVE-2014-8292 REJECTED CVE-2014-8291 REJECTED CVE-2014-8290 REJECTED CVE-2014-8289 REJECTED CVE-2014-8288 REJECTED CVE-2014-8287 REJECTED CVE-2014-8286 REJECTED CVE-2014-8285 REJECTED CVE-2014-8284 REJECTED CVE-2014-8283 REJECTED CVE-2014-8282 REJECTED CVE-2014-8281 REJECTED CVE-2014-8280 REJECTED CVE-2014-8279 REJECTED CVE-2014-8278 REJECTED CVE-2014-8277 REJECTED CVE-2014-8276 REJECTED CVE-2014-8275 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k d ...) {DSA-3125-1 DLA-132-1} - openssl 1.0.1k-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=86edf13b1c97526c0cf63c37342aaa01f5442688 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5951cc004b96cd681ffdf39d3fc9238a1ff597ae NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8565530e27718760220df469f0a071c85b9e731 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=178c562a4621162dbe19a7c34fa2ad558684f40e CVE-2014-8274 RESERVED CVE-2014-8273 RESERVED CVE-2014-8272 (The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 ...) NOT-FOR-US: Dell iDRAC6 CVE-2014-8271 (Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 1 ...) NOT-FOR-US: uefi CVE-2014-8270 (BMC Track-It! 11.3 allows remote attackers to gain privileges and exec ...) NOT-FOR-US: BMC Track-It! CVE-2014-8269 (Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) H ...) NOT-FOR-US: Honeywell OPOS Suite CVE-2014-8268 (QPR Portal before 2012.2.1 allows remote attackers to modify or delete ...) NOT-FOR-US: QPR Portal CVE-2014-8267 (Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and ea ...) NOT-FOR-US: QPR Portal CVE-2014-8266 (Multiple cross-site scripting (XSS) vulnerabilities in the note-creati ...) NOT-FOR-US: QPR Portal CVE-2014-8265 RESERVED CVE-2014-8264 RESERVED CVE-2014-8263 RESERVED CVE-2014-8262 RESERVED CVE-2014-8261 RESERVED CVE-2014-8260 RESERVED CVE-2014-8259 RESERVED CVE-2014-8258 RESERVED CVE-2014-8257 RESERVED CVE-2014-8256 RESERVED CVE-2014-8255 RESERVED CVE-2014-8254 RESERVED CVE-2014-8253 RESERVED CVE-2014-8252 RESERVED CVE-2014-8251 RESERVED CVE-2014-8250 RESERVED CVE-2014-8249 RESERVED CVE-2014-8248 (SQL injection vulnerability in CA Release Automation (formerly iTKO LI ...) NOT-FOR-US: CA Release Automation CVE-2014-8247 (Cross-site scripting (XSS) vulnerability in CA Release Automation (for ...) NOT-FOR-US: CA Release Automation CVE-2014-8246 (Cross-site request forgery (CSRF) vulnerability in CA Release Automati ...) NOT-FOR-US: CA Release Automation CVE-2014-8245 RESERVED CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.4 ...) NOT-FOR-US: Linksys SMART WiFi CVE-2014-8243 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.4 ...) NOT-FOR-US: Linksys SMART WiFi CVE-2014-8239 REJECTED CVE-2014-8238 REJECTED CVE-2014-8237 REJECTED CVE-2014-8236 REJECTED CVE-2014-8235 REJECTED CVE-2014-8234 REJECTED CVE-2014-8233 REJECTED CVE-2014-8232 REJECTED CVE-2014-8231 REJECTED CVE-2014-8230 REJECTED CVE-2014-8229 REJECTED CVE-2014-8228 REJECTED CVE-2014-8227 REJECTED CVE-2014-8226 REJECTED CVE-2014-8225 REJECTED CVE-2014-8224 REJECTED CVE-2014-8223 REJECTED CVE-2014-8222 REJECTED CVE-2014-8221 REJECTED CVE-2014-8220 REJECTED CVE-2014-8219 REJECTED CVE-2014-8218 REJECTED CVE-2014-8217 REJECTED CVE-2014-8216 REJECTED CVE-2014-8215 REJECTED CVE-2014-8214 REJECTED CVE-2014-8213 REJECTED CVE-2014-8212 REJECTED CVE-2014-8211 REJECTED CVE-2014-8210 REJECTED CVE-2014-8209 REJECTED CVE-2014-8208 REJECTED CVE-2014-8207 REJECTED CVE-2014-8206 REJECTED CVE-2014-8205 REJECTED CVE-2014-8204 REJECTED CVE-2014-8203 REJECTED CVE-2014-8202 REJECTED CVE-2014-8201 REJECTED CVE-2014-8200 REJECTED CVE-2014-8199 REJECTED CVE-2014-8198 REJECTED CVE-2014-8197 REJECTED CVE-2014-8196 REJECTED CVE-2014-8195 REJECTED CVE-2014-8194 REJECTED CVE-2014-8193 REJECTED CVE-2014-8192 REJECTED CVE-2014-8191 REJECTED CVE-2014-8190 REJECTED CVE-2014-8189 REJECTED CVE-2014-8188 REJECTED CVE-2014-8187 REJECTED CVE-2014-8186 REJECTED CVE-2014-8185 REJECTED CVE-2014-8184 (A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A ...) - liblouis 2.6.2-1 (bug #880621) [jessie] - liblouis 2.5.3-3+deb8u1 [wheezy] - liblouis (Vulnerable code introduced in 2.5.0) NOTE: https://github.com/liblouis/liblouis/issues/425 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701 NOTE: Introduced by: https://github.com/liblouis/liblouis/commit/26ca8619a29951d6b4acf8b7a732a8b35e4e7bd3 (liblouis_2_5_0) NOTE: Fixed in merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524 NOTE: CVE is for several buffer overflows in the findTable function, cf. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7 CVE-2014-8183 (It was found that foreman, versions 1.x.x before 1.15.6, in Satellite ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8182 (An off-by-one error leading to a crash was discovered in openldap 2.4 ...) - openldap (Vulnerable code introduced in RHEL specific patch) NOTE: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027 NOTE: Reference for upstream fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736 NOTE: and: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims this flaw was never in a OpenLDAP release CVE-2014-8181 (The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garb ...) - linux (Specific to RHEL 7) CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass authentica ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8179 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does ...) - docker.io 1.8.3~ds1-1 CVE-2014-8178 (Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do no ...) - docker.io 1.8.3~ds1-1 CVE-2014-8177 (The Red Hat gluster-swift package, as used in Red Hat Gluster Storage ...) NOT-FOR-US: gluster-swift CVE-2014-8176 (The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9. ...) {DSA-3287-1 DLA-247-1} - openssl 1.0.1h-1 NOTE: http://openssl.org/news/secadv/20150611.txt CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to b ...) NOT-FOR-US: JBoss Fuse CVE-2014-8174 (eDeploy makes it easier for remote attackers to execute arbitrary code ...) - edeploy (bug #717664) CVE-2014-8173 (The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generi ...) - linux 3.13.4-1 [wheezy] - linux (Introduced in 3.10 with 1998cc048901) - linux-2.6 (Introduced in 3.10 with 1998cc048901) NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee53664bda169f519ce3c6a22d378f0b946c8178 (v3.13-rc5) CVE-2014-8172 (The filesystem implementation in the Linux kernel before 3.13 performs ...) - linux 3.13.4-1 [wheezy] - linux (Too intrusive to backport) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee5cc2702929fd41cce28058dc6d6717f723f87 (v3.13-rc1) CVE-2014-8171 (The memory resource controller (aka memcg) in the Linux kernel allows ...) - linux 3.12.6-1 [wheezy] - linux (Too difficult and risky to backport) - linux-2.6 [squeeze] - linux-2.6 (Too difficult and risky to backport) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3812c8c8f3953921ef18544110dafc3505c1ac62 (v3.12-rc1) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4942642080ea82d99ab5b653abb9a12b7ba31f4a (v3.12-rc6) CVE-2014-8170 (ovirt_safe_delete_config in ovirtfunctions.py and other unspecified lo ...) - ovirt-node (bug #502024) CVE-2014-8169 (automount 5.0.8, when a program map uses certain interpreted languages ...) - autofs 5.0.8-2 (bug #779591) [wheezy] - autofs (Vulnerable code introduced in 5.0.8) - autofs5 (Vulnerable code introduced in 5.0.8) CVE-2014-8168 (Red Hat Satellite 6 allows local users to access mongod and delete pul ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8167 (vdsm and vdsclient does not validate certficate hostname from another ...) NOT-FOR-US: Red Hat vdms and vdsclient CVE-2014-8166 (The browsing feature in the server in CUPS does not filter ANSI escape ...) - cups (unimportant) NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761 NOTE: Terminal emulators need to perform proper escaping CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the p ...) - powerpc-utils (Vulnerable code not present) NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230 CVE-2014-8164 RESERVED NOT-FOR-US: Red Hat CloudForms CVE-2014-8163 (Directory traversal vulnerability in the XMLRPC interface in Red Hat S ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8162 (XML external entity (XXE) in the RPC interface in Spacewalk and Red Ha ...) NOT-FOR-US: Red Hat Satellite CVE-2014-8161 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...) {DSA-3155-1 DLA-152-1} - postgresql-9.4 9.4.1-1 - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) CVE-2014-8160 (net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before ...) {DSA-3170-1 DLA-155-1} - linux 3.16.7-ckt4-1 - linux-2.6 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1) NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before ...) {DSA-3237-1 DLA-246-1} - linux 3.16.7-ckt9-1 - linux-2.6 CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...) {DSA-3138-1 DLA-138-1} - jasper 1.900.1-debian1-2.4 (bug #775970) NOTE: http://www.ocert.org/advisories/ocert-2015-001.html CVE-2014-8157 (Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 ...) {DSA-3138-1 DLA-138-1} - jasper 1.900.1-debian1-2.4 (bug #775970) NOTE: http://www.ocert.org/advisories/ocert-2015-001.html CVE-2014-8156 (The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso- ...) - fso-deviced 0.12.0-5 [wheezy] - fso-deviced (Minor issue) - fso-datad 0.12.0-3 [wheezy] - fso-datad (Minor issue) - fso-frameworkd 0.9.5.9+git20110512-5 [wheezy] - fso-frameworkd (Minor issue) [squeeze] - fso-frameworkd (Minor issue) - fso-gsmd 0.12.0-4 [wheezy] - fso-gsmd (Minor issue) - fso-usaged 0.12.0-3 [wheezy] - fso-usaged (Minor issue) [squeeze] - fso-usaged (Minor issue) - phonefsod 0.1+git20121018-2 [wheezy] - phonefsod (Minor issue) [squeeze] - phonefsod (Minor issue) CVE-2014-8155 (GnuTLS before 2.9.10 does not verify the activation and expiration dat ...) {DLA-180-1} - gnutls26 2.9.10-1 - gnutls28 (Initial version 3.0.0-1 already contained the check based on 2.9.10) NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c CVE-2014-8154 (The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect b ...) - vala-0.26 0.26.1-1.1 (bug #775913) - vala-0.16 (MapInfo not yet present) - vala-0.14 (MapInfo not yet present) - vala (MapInfo not yet present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663 NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7 NOTE: Binaries with buggy bindings package that use Gst.MapInfo() function NOTE: are affected as well and need to be rebuilt, shotwell, rygel, ... CVE-2014-8153 (The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using ...) - neutron (Affects neutron 2014.2 up to 2014.2.1) CVE-2014-8152 (Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remot ...) - libxml-security-java (streaming XML Signature support introduced in 2.0.0) NOTE: http://svn.apache.org/viewvc?view=revision&revision=1634334 NOTE: http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc CVE-2014-8151 (The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in l ...) - curl (Only relevant when building with darwinssl/Mac OS X) NOTE: http://curl.haxx.se/docs/adv_20150108A.html CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...) {DSA-3122-1 DLA-134-1} - curl 7.38.0-4 NOTE: http://curl.haxx.se/docs/adv_20150108B.html CVE-2014-8149 (OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated ...) NOT-FOR-US: OpenDaylight CVE-2014-8148 (The default D-Bus access control rule in Midgard2 10.05.7.1 allows loc ...) - midgard2-core (bug #774630) CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bi ...) {DSA-3323-1} - icu 52.1-9 (bug #784773) [wheezy] - icu (Vulnerable code not present) [squeeze] - icu (Vulnerable code not present) - chromium-browser 42.0.2311.135-1 [jessie] - chromium-browser 42.0.2311.135-1~deb8u1 [wheezy] - chromium-browser (Vulnerable code not present) [squeeze] - chromium-browser (Not supported in Squeeze LTS) NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37080 CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unicode Bi ...) {DSA-3323-1} - icu 52.1-9 (bug #784773) [wheezy] - icu (Vulnerable code not present) [squeeze] - icu (Vulnerable code not present) - chromium-browser 42.0.2311.135-1 [jessie] - chromium-browser 42.0.2311.135-1~deb8u1 [wheezy] - chromium-browser (Vulnerable code not present) [squeeze] - chromium-browser (Not supported in Squeeze LTS) NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37162 CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 an ...) {DSA-3112-1 DLA-1687-1 DLA-128-1} - sox 14.4.2-2 (bug #773720) [stretch] - sox 14.4.1-5+deb9u1 NOTE: The two needed patches were added in 14.4.1-5 but not to the series file NOTE: so the patches got not applied during build. CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1 ...) NOT-FOR-US: doorkeeper OAuth provider CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc ...) - samba 2:4.1.17+dfsg-1 (bug #776993) [wheezy] - samba (Only affects 4.0 and later) [squeeze] - samba (Only affects 4.0 and later) - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: https://www.samba.org/samba/security/CVE-2014-8143 CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ex ...) {DSA-3117-1} - php5 5.6.5+dfsg-1 (unimportant) NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc NOTE: Only affects an inherently insecure use case CVE-2014-8141 (Heap-based buffer overflow in the getZip64Data function in Info-ZIP Un ...) {DSA-3113-1 DLA-124-1} - unzip 6.0-13 (bug #773722) CVE-2014-8140 (Heap-based buffer overflow in the test_compr_eb function in Info-ZIP U ...) {DSA-3113-1 DLA-124-1} - unzip 6.0-13 (bug #773722) CVE-2014-8139 (Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip ...) {DSA-3113-1 DLA-150-1 DLA-124-1} - unzip 6.0-16 (bug #773722) CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer 1.900. ...) {DSA-3106-1 DLA-121-1} - jasper 1.900.1-debian1-2.3 (bug #773463) CVE-2014-8137 (Double free vulnerability in the jas_iccattrval_destroy function in Ja ...) {DSA-3106-1 DLA-121-1} - jasper 1.900.1-debian1-2.3 (bug #773463) CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 func ...) - libvirt 1.2.9-7 (bug #773856) [wheezy] - libvirt (Vulnerable code introduced later) [squeeze] - libvirt (Vulnerable code introduced later) NOTE: Upstream commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2bdcd29c713dfedd813c89f56ae98f6f3898313d (v1.2.11-rc2) NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=abf75aea247e (v1.1.0-rc1) CVE-2014-8135 (The storageVolUpload function in storage/storage_driver.c in libvirt b ...) - libvirt 1.2.9-7 (bug #773855) [wheezy] - libvirt (Vulnerable code introduced later) [squeeze] - libvirt (Vulnerable code introduced later) NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984 (v1.2.11-rc1) NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 (v1.2.8-rc1) CVE-2014-8134 (The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux ...) {DLA-155-1} - linux 3.16.7-ckt4-1 [wheezy] - linux 3.2.65-1 - linux-2.6 NOTE: http://www.spinics.net/lists/kvm/msg111458.html CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation ...) {DSA-3128-1 DLA-155-1} - linux 3.16.7-ckt4-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=41bdc78544b8a93a9c6814b8bbbfef966272abbe CVE-2014-8132 (Double free vulnerability in the ssh_packet_kexinit function in kex.c ...) - libssh 0.6.3-4 (bug #773577) [wheezy] - libssh 0.5.4-1+deb7u3 [squeeze] - libssh (Issue only present in versions > 0.5.1, squeeze has 0.4.5) NOTE: http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ NOTE: Upstream patch: http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f CVE-2014-8131 (The qemu implementation of virConnectGetAllDomainStats in libvirt befo ...) - libvirt 1.2.9-7 (bug #773858) [wheezy] - libvirt (Vulnerable code introduced later) [squeeze] - libvirt (Vulnerable code introduced later) NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=d1bde8ed (v1.2.9-rc1) NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee (v1.2.9-rc1) NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html CVE-2014-8130 (The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not rejec ...) - tiff (unimportant; bug #776185) - tiff3 (The tiff3 source package doesn't build the TIFF tools) NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483 NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...) {DSA-3273-1 DLA-610-1 DLA-221-1} - tiff 4.0.3-12.1 (bug #776185) - tiff3 NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf) NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library CVE-2014-8128 (LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X befor ...) {DSA-3273-1 DLA-693-1 DLA-610-1 DLA-221-1} - tiff 4.0.3-12.3 (bug #776185) - tiff3 NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2491 (tiffdither) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2492 (tiffdither) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2493 (thumbnail and tiffcmp) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD] NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither) NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library CVE-2014-8127 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service (ou ...) {DSA-3273-1} - tiff 4.0.6-3 (unimportant; bug #776185) - tiff3 (The tiff3 source package doesn't build the TIFF tools) NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2484 (thumbnail) NOTE: Fix https://github.com/vadz/libtiff/commit/3996fa0f84f4a8b7e65fe4b8f0681711022034ea NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2485 (tiff2bw) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2486 (tiff2rgba) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2496 (tiff2ps and tiffdither) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2497 (tiffmedian) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2500 (tiffset) [not fixed yet in CVS HEAD] NOTE: 4.0.3-12.1 fixes all issues except 2500 NOTE: 2500 is fixed by upstream as per 2016-10-25 NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant CVE-2014-8126 (The scheduler in HTCondor before 8.2.6 allows remote authenticated use ...) {DSA-3149-1} - condor 8.2.3~dfsg.1-6 (bug #775276) NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=4764 NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=41878 NOTE: https://github.com/htcondor/htcondor/commit/e891cea9970496aac74caf72604475a2b7e6a0ca.patch NOTE: https://github.com/htcondor/htcondor/commit/aebc6b0492acdc8b21b39ba22e33661752c2c37d.patch CVE-2014-8125 (XML external entity (XXE) vulnerability in Drools and jBPM before 6.2. ...) NOT-FOR-US: jBPM CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014 ...) - horizon 2014.1.3-6 (bug #772710) [wheezy] - horizon (Minor issue) - python-django-openstack-auth 1.1.6-5 (bug #772712) NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1 CVE-2014-8122 (Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 ...) NOT-FOR-US: JBoss Weld CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...) {DSA-3480-1 DLA-316-1} - glibc 2.21-1 (low; bug #779587) [jessie] - glibc 2.19-18+deb8u2 - eglibc (low) [wheezy] - eglibc (Minor issue) [squeeze] - eglibc (Minor issue) NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=03d2730b44cc2236318fd978afa2651753666c55 CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified configura ...) NOT-FOR-US: Thermostat Hotspot instrumentation CVE-2014-8119 (The find_ifcfg_path function in netcf before 0.2.7 might allow attacke ...) - netcf (suse and redhat driver are not built on Debian) NOTE: Issue is in the way the netcf's find_ifcfg_path() function processed NOTE: certain XPath expressions according to Red Hat bugzilla. NOTE: The fix consists in augeas getting a new API aug_escape_name which NOTE: netcf needs to use. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1172176#c3 NOTE: https://www.redhat.com/archives/augeas-devel/2014-December/msg00000.html NOTE: The affected code is only in drv_redhat.c and drv_suse.c and the Debian NOTE: build not affected. CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to ex ...) {DSA-3129-1 DLA-140-1} - rpm 4.11.3-1.1 (bug #773101) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1168715 CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, whi ...) {DSA-3121-1 DSA-2868-1 DLA-145-1 DLA-131-1} - file 1:5.21+15-1 (low; bug #773148) - php5 5.6.4+dfsg-2 NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc NOTE: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c NOTE: Other commits needed as well: https://www.openwall.com/lists/oss-security/2014/12/16/2 CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...) {DSA-3121-1 DLA-131-1} - file 1:5.21+15-1 (low; bug #773148) - php5 5.6.4+dfsg-2 [wheezy] - php5 (Affected code not used in filemagic) [squeeze] - php5 (Affected code not used in filemagic) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc NOTE: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b NOTE: https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6 NOTE: Other commits needed as well: https://www.openwall.com/lists/oss-security/2014/12/16/2 CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allows rem ...) NOT-FOR-US: KIE Workbench CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which a ...) NOT-FOR-US: UberFire Framework CVE-2014-8113 RESERVED CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x bef ...) - 389-ds-base 1.3.3.5-4 (bug #779909) CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rule ...) {DSA-3278-1 DLA-240-1} - libapache-mod-jk 1:1.2.40+svn150520-1 (bug #783233) NOTE: Fix: http://svn.apache.org/r1647017 CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based a ...) - activemq (Admin console not enabled in the Debian package, see #702670) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2. ...) - apache2 2.4.10-9 [wheezy] - apache2 (mod_lua only in 2.4) [squeeze] - apache2 (mod_lua only in 2.4) CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x ...) - subversion 1.8.10-5 (bug #773315) [wheezy] - subversion (Introduced in 1.7.0) [squeeze] - subversion (Introduced in 1.7.0) NOTE: http://subversion.apache.org/security/CVE-2014-8108-advisory.txt CVE-2014-8107 REJECTED CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirr ...) {DSA-3088-1 DSA-3087-1} - qemu 2.1+dfsg-9 (bug #772025) [squeeze] - qemu (Unsupported in squeeze-lts) - qemu-kvm [squeeze] - qemu-kvm NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2014-12/msg00508.html CVE-2014-8105 (389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does n ...) - 389-ds-base 1.3.3.5-4 (bug #779909) CVE-2014-8103 (X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x befor ...) - xorg-server 2:1.16.2.901-1 [wheezy] - xorg-server (Introduced in 1.15.0) [squeeze] - xorg-server (Introduced in 1.15.0) CVE-2014-8102 (The SProcXFixesSelectSelectionInput function in the XFixes extension i ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8101 (The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 o ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8100 (The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8099 (The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8098 (The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8097 (The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8096 (The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8095 (The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8094 (Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extens ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8093 (Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8092 (Multiple integer overflows in X.Org X Window System (aka X11 or X) X11 ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8091 (X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xser ...) {DSA-3095-1 DLA-120-1} - xorg-server 2:1.16.2.901-1 CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x befo ...) {DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1} - ruby1.8 (Incomplete fix never relesed for 1.9) - ruby1.9.1 (Incomplete fix never relesed for 1.9) - ruby2.0 (Incomplete fix never relesed for 1.9) - ruby2.1 2.1.5-1 (bug #770932) NOTE: For the incomplete fix for CVE-2014-8080 NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/ CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights plugin ...) NOT-FOR-US: Wordpress plugin CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel met ...) NOT-FOR-US: OsClass CVE-2014-8084 (Directory traversal vulnerability in oc-includes/osclass/controller/aj ...) NOT-FOR-US: OsClass CVE-2014-8083 (SQL injection vulnerability in the Search::setJsonAlert method in OSCl ...) NOT-FOR-US: OsClass CVE-2014-8082 (lib/functions/database.class.php in TestLink before 1.9.13 allows remo ...) NOT-FOR-US: TestLink CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote ...) NOT-FOR-US: TestLink CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p ...) {DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1} - ruby1.8 - ruby1.9.1 - ruby2.0 - ruby2.1 2.1.4-1 NOTE: https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/ NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/?pathrev=48161 CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x bef ...) NOT-FOR-US: Drupal theme MAYO CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e- ...) NOT-FOR-US: Drupal module Print CVE-2014-8077 (Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1. ...) NOT-FOR-US: Drupal theme NewsFlash CVE-2014-8076 (Cross-site scripting (XSS) vulnerability in the Professional theme 7.x ...) NOT-FOR-US: Drupal theme Professional CVE-2014-8075 (Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x ...) NOT-FOR-US: Drupal theme Tribune CVE-2014-8766 (Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow ...) NOT-FOR-US: Allomani Weblinks CVE-2014-8765 (Multiple cross-site scripting (XSS) vulnerabilities in the Project Iss ...) NOT-FOR-US: Drupal module Project Issue File Review CVE-2014-8750 (Race condition in the VMware driver in OpenStack Compute (Nova) before ...) - nova (ESX driver not enabled in libvirt) NOTE: https://launchpad.net/bugs/1357372 CVE-2014-XXXX [rsync collision attack] - rsync 3.1.2-1 (low; bug #786423) [jessie] - rsync (Minor issue, too instrusive to backport) [wheezy] - rsync (Minor issue, too instrusive to backport) [squeeze] - rsync (Minor issue, too instrusive to backport) NOTE: CVE-2014-8242 was only specific assigned for librsync but rsync has equivalent issue NOTE: https://github.com/therealmik/rsync-collision NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869 NOTE: https://lists.samba.org/archive/rsync/2015-May/030123.html CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, w ...) [experimental] - librsync 1.0.0-1~exp1 - librsync 2.0.2-1 (low; bug #776246) [buster] - librsync (Minor issue, too instrusive to backport) [stretch] - librsync (Minor issue, too instrusive to backport) [jessie] - librsync (Minor issue, too instrusive to backport) [wheezy] - librsync (Minor issue, too instrusive to backport) [squeeze] - librsync (Minor issue, too instrusive to backport) CVE-2014-8241 (XRegion in TigerVNC allows remote VNC servers to cause a denial of ser ...) - tigervnc 1.7.0-2 (bug #849478) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312 NOTE: Patch applied in Red Hat https://bugzilla.redhat.com/attachment.cgi?id=946490 CVE-2014-8240 (Integer overflow in TigerVNC allows remote VNC servers to cause a deni ...) - tigervnc 1.7.0-1 (bug #849479) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307 NOTE: Patch https://bugzilla.redhat.com/attachment.cgi?id=947578 is not applied CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...) - linux 3.16.7-ckt2-1 [wheezy] - linux (Vulnerable code not present) - linux-2.6 (Vulnerable code not present) NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html CVE-2014-8089 (SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.9+dfsg-1 NOTE: http://framework.zend.com/security/advisory/ZF2014-06 CVE-2014-8088 (The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap compon ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.9+dfsg-1 NOTE: http://framework.zend.com/security/advisory/ZF2014-05 CVE-2014-8074 (Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 ...) NOT-FOR-US: Foxit PDF SDK CVE-2014-8073 (Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standal ...) NOT-FOR-US: OpenMRS CVE-2014-8072 (The administration module in OpenMRS 2.1 Standalone Edition allows rem ...) NOT-FOR-US: OpenMRS CVE-2014-8071 (Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Sta ...) NOT-FOR-US: OpenMRS CVE-2014-8070 (Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows remot ...) NOT-FOR-US: YOOtheme Pagekit CMS CVE-2014-8069 (Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme Pageki ...) NOT-FOR-US: YOOtheme Pagekit CMS CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...) NOT-FOR-US: Adobe Digital Editions CVE-2014-8067 REJECTED CVE-2014-8066 REJECTED CVE-2014-8065 REJECTED CVE-2014-8064 REJECTED CVE-2014-8063 REJECTED CVE-2014-8062 REJECTED CVE-2014-8061 REJECTED CVE-2014-8060 REJECTED CVE-2014-8059 REJECTED CVE-2014-8058 REJECTED CVE-2014-8057 REJECTED CVE-2014-8056 REJECTED CVE-2014-8055 REJECTED CVE-2014-8054 REJECTED CVE-2014-8053 REJECTED CVE-2014-8052 REJECTED CVE-2014-8051 REJECTED CVE-2014-8050 REJECTED CVE-2014-8049 REJECTED CVE-2014-8048 REJECTED CVE-2014-8047 REJECTED CVE-2014-8046 REJECTED CVE-2014-8045 REJECTED CVE-2014-8044 REJECTED CVE-2014-8043 REJECTED CVE-2014-8042 REJECTED CVE-2014-8041 REJECTED CVE-2014-8040 REJECTED CVE-2014-8039 REJECTED CVE-2014-8038 REJECTED CVE-2014-8037 RESERVED CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not proper ...) NOT-FOR-US: Cisco CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different re ...) NOT-FOR-US: Cisco CVE-2014-8034 (Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge fo ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows remot ...) NOT-FOR-US: Cisco CVE-2014-8032 (The OutlookAction LI in Cisco WebEx Meetings Server allows remote auth ...) NOT-FOR-US: Cisco CVE-2014-8031 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meeting ...) NOT-FOR-US: Cisco CVE-2014-8030 (Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco Web ...) NOT-FOR-US: Cisco CVE-2014-8029 (Open redirect vulnerability in the web interface in Cisco Secure Acces ...) NOT-FOR-US: Cisco CVE-2014-8028 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...) NOT-FOR-US: Cisco CVE-2014-8027 (The RBAC component in Cisco Secure Access Control System (ACS) allows ...) NOT-FOR-US: Cisco CVE-2014-8026 (Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco ...) NOT-FOR-US: Cisco CVE-2014-8025 (The API in the Guest Server in Cisco Jabber, when HTML5 is used, allow ...) NOT-FOR-US: Cisco CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS featu ...) NOT-FOR-US: Cisco CVE-2014-8023 (Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, ...) NOT-FOR-US: Cisco CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2014-8021 (Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mo ...) NOT-FOR-US: Cisco CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows re ...) NOT-FOR-US: Cisco CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...) NOT-FOR-US: Cisco CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice ...) NOT-FOR-US: Cisco CVE-2014-8017 (The periodic-backup feature in Cisco Identity Services Engine (ISE) al ...) NOT-FOR-US: Cisco CVE-2014-8016 (The Cisco IronPort Email Security Appliance (ESA) allows remote attack ...) NOT-FOR-US: Cisco CVE-2014-8015 (The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remo ...) NOT-FOR-US: Cisco CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of service (RSV ...) NOT-FOR-US: Cisco CVE-2014-8013 (The TACACS+ command-authorization implementation in Cisco NX-OS allows ...) NOT-FOR-US: Cisco CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login pa ...) NOT-FOR-US: Cisco CVE-2014-8011 RESERVED CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 all ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System 2.1(3f) and ...) NOT-FOR-US: Cisco Unified Computing System CVE-2014-8008 (Absolute path traversal vulnerability in the Real-Time Monitoring Tool ...) NOT-FOR-US: Cisco CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to read d ...) NOT-FOR-US: Cisco CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Defini ...) NOT-FOR-US: Cisco CVE-2014-8005 (Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier ...) NOT-FOR-US: Cisco CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service (LIS ...) NOT-FOR-US: Cisco CVE-2014-8003 (Cisco Integrated Management Controller in Cisco Unified Computing Syst ...) NOT-FOR-US: Cisco Unified Computing System CVE-2014-8002 (Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2 ...) NOT-FOR-US: Cisco CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier allo ...) NOT-FOR-US: Cisco CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) pr ...) NOT-FOR-US: Cisco CVE-2014-7999 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...) NOT-FOR-US: Cisco-Meraki devices CVE-2014-7998 (Cisco IOS on Aironet access points, when "dot11 aaa authenticator" deb ...) NOT-FOR-US: Cisco IOS CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...) NOT-FOR-US: Cisco IOS CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco CVE-2014-7995 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...) NOT-FOR-US: Cisco-Meraki devices CVE-2014-7994 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...) NOT-FOR-US: Cisco-Meraki devices CVE-2014-7993 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 al ...) NOT-FOR-US: Cisco-Meraki devices CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet buffer ...) NOT-FOR-US: Cisco IOS CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications Man ...) NOT-FOR-US: Cisco CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 de ...) NOT-FOR-US: Cisco CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows local ...) NOT-FOR-US: Cisco CVE-2014-7988 (The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and ...) NOT-FOR-US: Cisco CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allow ...) NOT-FOR-US: EspoCRM CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to r ...) NOT-FOR-US: EspoCRM CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows remot ...) NOT-FOR-US: EspoCRM CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote att ...) NOT-FOR-US: Joomla! CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...) NOT-FOR-US: Joomla component com_contact CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2 ...) NOT-FOR-US: Joomla! CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2. ...) NOT-FOR-US: Joomla! CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...) NOT-FOR-US: Drupal theme Zen CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1 ...) NOT-FOR-US: Drupal theme SimpleCorp CVE-2014-7978 (Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x- ...) NOT-FOR-US: Drupal theme BlueMasters CVE-2014-7977 RESERVED CVE-2014-7976 RESERVED CVE-2014-7974 RESERVED CVE-2014-7973 RESERVED CVE-2014-7972 RESERVED CVE-2014-7971 RESERVED CVE-2014-7969 REJECTED CVE-2014-7966 RESERVED CVE-2014-7965 RESERVED CVE-2014-7964 RESERVED CVE-2014-7963 RESERVED CVE-2014-7962 RESERVED CVE-2014-7961 RESERVED CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in the Bul ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.p ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods ...) NOT-FOR-US: WordPress plugin Pods CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 ...) NOT-FOR-US: WordPress plugin Pods CVE-2014-7955 RESERVED CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method in fr ...) NOT-FOR-US: MtpServer class in Android CVE-2014-7953 (Race condition in the bindBackupAgent method in the ActivityManagerSer ...) NOT-FOR-US: Android CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attackers ...) NOT-FOR-US: Android NOTE: the vulnerability is in the Android OS itself (and its backup manager) NOTE: adb is just an intermediary in the backup process CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...) NOT-FOR-US: Android CVE-2014-7950 RESERVED CVE-2014-7949 RESERVED CVE-2014-7948 (The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in conte ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7947 (OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0. ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - openjpeg2 2.1.1-1 [jessie] - openjpeg2 (Minor issue) NOTE: If backported to jessie, https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c needs to be included - openjpeg (Vulnerable code not present) CVE-2014-7946 (The RenderTable::simplifiedNormalFlowLayout function in core/rendering ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7945 (OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0. ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7944 (The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in P ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7943 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote atta ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7942 (The Fonts implementation in Google Chrome before 40.0.2214.91 does not ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7941 (The SelectionOwner::ProcessTarget function in ui/base/x/selection_owne ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International Componen ...) {DSA-3187-1 DLA-219-1} - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - icu 52.1-7.1 (bug #776265) CVE-2014-7939 (Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-7938 (The Fonts implementation in Google Chrome before 40.0.2214.91 allows r ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - ffmpeg 7:2.4.2-1 [squeeze] - ffmpeg - libav (bug #785326; can't reproduce the issue) [jessie] - libav (Can't reproduce the issue) [wheezy] - libav (Can't reproduce the issue) NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057 CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7935 (Use-after-free vulnerability in browser/speech/tts_message_filter.cc i ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7934 (Use-after-free vulnerability in the DOM implementation in Blink, as us ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function in lib ...) {DSA-3189-1} - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - ffmpeg 7:2.5.1-1 [squeeze] - ffmpeg - libav 6:11.3-1 NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682 CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in core/d ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7931 (factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-7930 (Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7929 (Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDoc ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7928 (hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, d ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-7927 (The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-l ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-7926 (The Regular Expressions package in International Components for Unicod ...) {DSA-3187-1 DLA-219-1} - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - icu 52.1-7.1 (bug #776265) CVE-2014-7925 (Use-after-free vulnerability in the WebAudio implementation in Blink, ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7924 (Use-after-free vulnerability in the IndexedDB implementation in Google ...) - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7923 (The Regular Expressions package in International Components for Unicod ...) {DSA-3187-1 DLA-219-1} - chromium-browser 40.0.2214.91-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - icu 52.1-7.1 (bug #776265) CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK bef ...) NOT-FOR-US: Google Play CVE-2014-7921 (mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers t ...) NOT-FOR-US: Android MediaServer CVE-2014-7920 (mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to ...) NOT-FOR-US: Android MediaServer CVE-2014-7919 (b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger ...) NOT-FOR-US: Android CVE-2014-7918 RESERVED CVE-2014-7917 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...) NOT-FOR-US: libstagefright in Android CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...) NOT-FOR-US: libstagefright in Android CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...) NOT-FOR-US: libstagefright in Android CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...) NOT-FOR-US: Android CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...) {DLA-506-1} - dhcpcd5 7.0.8-0.1 (unimportant; bug #846938) NOTE: https://roy.marples.name/git/dhcpcd.git/commit/?id=93f3066bb0bc0974eab1943543205312a6b512ad NOTE: Not exploitable according to upstream, possibly limited to Bionic CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in d ...) {DLA-506-1} - dhcpcd5 6.9.1-1 [jessie] - dhcpcd5 (Minor issue) NOTE: https://dev.marples.name/rDHCc204b018d1cfe740fb3179532070ae10fe34aaf3 CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the java.io.Objec ...) NOT-FOR-US: Android CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171 ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=433500 (private) CVE-2014-7909 (effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=391001 (private) CVE-2014-7908 (Multiple integer overflows in the CheckMov function in media/base/cont ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=425980 (private) CVE-2014-7907 (Multiple use-after-free vulnerabilities in modules/screen_orientation/ ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=424453 (private) CVE-2014-7906 (Use-after-free vulnerability in the Pepper plugins in Google Chrome be ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=423030 (private) CVE-2014-7905 (Google Chrome before 39.0.2171.65 on Android does not prevent navigati ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=421817 (private) CVE-2014-7904 (Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=418161 (private) CVE-2014-7903 (Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7902 (Use-after-free vulnerability in PDFium, as used in Google Chrome befor ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7901 (Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7900 (Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile func ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-7899 (Google Chrome before 38.0.2125.101 allows remote attackers to spoof th ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html NOTE: https://chromium.googlesource.com/chromium/src/+/5cfbddc9cc972f5133f26664dbf5810bb569cd04 CVE-2014-7898 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7897 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7896 (Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Com ...) NOT-FOR-US: HP CVE-2014-7895 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7894 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7893 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7892 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7891 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7890 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7889 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7888 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sa ...) NOT-FOR-US: The OLE Point of Sale (OPOS) drivers CVE-2014-7887 REJECTED CVE-2014-7886 RESERVED NOT-FOR-US: HP Network Automation CVE-2014-7885 (Multiple unspecified vulnerabilities in HP ArcSight Enterprise Securit ...) NOT-FOR-US: HP ArcSight CVE-2014-7884 (Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P ...) NOT-FOR-US: HP ArcSight CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTT ...) NOT-FOR-US: HP CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remot ...) NOT-FOR-US: HP SiteScope CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight C ...) NOT-FOR-US: HP Insight Control CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP O ...) NOT-FOR-US: HP OpenVMS TCP/IP CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration inc ...) NOT-FOR-US: HP-UX CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...) NOT-FOR-US: HP Helion Cloud Development Platform CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows loc ...) NOT-FOR-US: HP-UX CVE-2014-7876 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...) NOT-FOR-US: HP Integrated Lights-Out CVE-2014-7875 (Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Prin ...) NOT-FOR-US: HP Color LaserJet Printers CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...) NOT-FOR-US: HP-UX running System Management Homepage CVE-2014-7873 RESERVED CVE-2014-7872 (Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC s ...) NOT-FOR-US: Comodo GeekBuddy CVE-2014-7871 (SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2 ...) NOT-FOR-US: Open-Xchange CVE-2014-7870 (Cross-site scripting (XSS) vulnerability in the Custom Search module 6 ...) NOT-FOR-US: Drupal module Custom Search CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration UI in th ...) NOT-FOR-US: Drupal module Context Form Alteration CVE-2014-7868 (Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager ...) NOT-FOR-US: ZOHO CVE-2014-7867 (SQL injection vulnerability in the com.manageengine.opmanager.servlet. ...) NOT-FOR-US: ZOHO CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpMa ...) NOT-FOR-US: ZOHO CVE-2014-7865 REJECTED CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet (a ...) NOT-FOR-US: ZOHO ManageEngine OpManager CVE-2014-7863 (The FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngi ...) NOT-FOR-US: ZOHO ManageEngine CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and Deskt ...) NOT-FOR-US: ManageEngine CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly v ...) NOT-FOR-US: Apple OS X CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through 3 ...) - linux 3.16.7-1 [wheezy] - linux (User namespaces only usable in later kernels) - linux-2.6 [squeeze] - linux-2.6 (User namespaces only usable in later kernels) NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/109312 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 (v3.18-rc1) CVE-2014-7970 (The pivot_root implementation in fs/namespace.c in the Linux kernel th ...) [wheezy] - linux (User namespaces only usable in later kernels) - linux-2.6 (User namespaces only usable in later kernels) - linux 3.16.7-1 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d CVE-2014-7968 (VDSM allows remote attackers to cause a denial of service (connection ...) - vdsm (bug #668538) CVE-2014-7967 (Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, a ...) - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: libv8 not covered by security support CVE-2014-7960 (OpenStack Object Storage (Swift) before 2.2.0 allows remote authentica ...) - swift 2.2.0-1 [wheezy] - swift (Minor issue) NOTE: affected version: all up to 2.1.0 CVE-2014-7860 (The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b ...) NOT-FOR-US: D-Link CVE-2014-7859 (Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-32 ...) NOT-FOR-US: D-Link CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 allows ...) NOT-FOR-US: D-Link CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build ...) NOT-FOR-US: D-Link CVE-2014-7856 REJECTED CVE-2014-7855 REJECTED CVE-2014-7854 RESERVED CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBo ...) NOT-FOR-US: JBoss AS/WildFly Domain Management CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used i ...) NOT-FOR-US: RichFaces CVE-2014-7851 (oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session afte ...) NOT-FOR-US: ovirt-engine-webadmin CVE-2014-7850 (Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...) - freeipa 4.3.1-1 (unimportant) NOTE: https://fedorahosted.org/freeipa/ticket/4742 NOTE: Upstream commit: https://pagure.io/freeipa/c/af9fd4dfe2c18e52127480c959c35ad37b566095 CVE-2014-7849 (The Role Based Access Control (RBAC) implementation in JBoss Enterpris ...) NOT-FOR-US: JBoss AS/WildFly Domain Management CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x befor ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47287 CVE-2014-7847 (iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321 CVE-2014-7846 (tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965 CVE-2014-7845 (The generate_password function in Moodle through 2.4.11, 2.5.x before ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050 CVE-2014-7844 (BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitra ...) {DSA-3105-1 DSA-3104-1 DLA-114-1 DLA-113-1} - bsd-mailx 8.1.2-0.20141216cvs-1 - heirloom-mailx 12.5-3.1 (bug #773417) CVE-2014-7843 (The __clear_user function in arch/arm64/lib/clear_user.S in the Linux ...) - linux 3.16.7-ckt2-1 [wheezy] - linux (arm64 support introduced in 3.7) - linux-2.6 (arm64 support introduced in 3.7) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1163744 NOTE: Upstream patch proposal: https://lkml.org/lkml/2014/11/12/584 CVE-2014-7842 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 ...) - linux 3.16.7-ckt2-1 [wheezy] - linux 3.2.65-1 - linux-2.6 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1) CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCT ...) {DSA-3093-1 DLA-118-1} - linux 3.16.7-ckt2-1 - linux-2.6 NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5) CVE-2014-7840 (The host_from_stream_offset function in arch_init.c in QEMU, when load ...) - qemu 2.1+dfsg-8 (low; bug #769451) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) NOTE: http://thread.gmane.org/gmane.comp.emulators.qemu/306117 CVE-2014-7839 (DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1 ...) - resteasy 3.0.6-2 (bug #770544) NOTE: https://issues.jboss.org/browse/RESTEASY-1130 CVE-2014-7838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Foru ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924 CVE-2014-7837 (mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949 CVE-2014-7836 (Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924 CVE-2014-7835 (webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2. ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868 CVE-2014-7834 (mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x befor ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303 CVE-2014-7833 (mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697 CVE-2014-7832 (mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x b ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921 CVE-2014-7831 (lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47766 CVE-2014-7830 (Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...) - moodle 2.7.5+dfsg-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865 CVE-2014-7829 (Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...) - rails 2:4.1.8-1 (bug #770934) [wheezy] - rails (src:rails in wheezy is just a transition package) [squeeze] - rails (Only affects >= 3) - rails-3.2 - ruby-actionpack-3.2 [wheezy] - ruby-actionpack-3.2 (Minor issue) - ruby-actionpack-2.3 (Only affects >= 3) CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled ...) - freeipa 4.0.5-1 (bug #768294) NOTE: https://fedorahosted.org/freeipa/ticket/4690 CVE-2014-7827 (The org.jboss.security.plugins.mapping.JBossMappingManager implementat ...) NOT-FOR-US: JBoss Security CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...) - linux 3.16.7-ckt2-1 [wheezy] - linux (Vulnerable code introduced later) - linux-2.6 (Vulnerable code introduced later) NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3) NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1) CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...) - linux 3.16.7-ckt2-1 [wheezy] - linux (Affected feature not enabled) - linux-2.6 [squeeze] - linux-2.6 (Affected feature not enabled) NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3) CVE-2014-7824 (D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9. ...) {DSA-3099-1} - dbus 1.8.10-1 [squeeze] - dbus (dbus 1.2.x does not support FD passing) NOTE: Since this CVE is only a complement for the fix to CVE-2014-3636, versions not affected by CVE-2014-3636 do not need the patch provided for this CVE. CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote rea ...) - libvirt 1.2.9-4 (bug #769149) [wheezy] - libvirt (Introduced in v1.0.0) [squeeze] - libvirt (Introduced in v1.0.0) NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=28f8dfdcccd4c0f69063ef741545b37d8a7f7935 (v1.0.0) NOTE: Fixed by http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b CVE-2014-7822 (The implementation of certain splice_write file operations in the Linu ...) {DSA-3170-1 DLA-155-1} - linux 3.16.2-1 - linux-2.6 NOTE: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958 (v3.16-rc1) CVE-2014-7821 (OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows ...) - neutron 2014.1.3-6 (bug #770431) NOTE: Versions up to 2014.1.3 and 2014.2 NOTE: https://launchpad.net/bugs/1378450 CVE-2014-7820 REJECTED CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...) - ruby-sprockets 2.12.3-1 [wheezy] - ruby-sprockets (Minor issue) CVE-2014-7818 (Directory traversal vulnerability in actionpack/lib/action_dispatch/mi ...) - rails 2:4.1.8-1 (bug #770934) [wheezy] - rails (src:rails in wheezy is just a transition package) [squeeze] - rails (Only affects >= 3) - rails-3.2 - ruby-actionpack-3.2 [wheezy] - ruby-actionpack-3.2 (Minor issue) - ruby-actionpack-2.3 (Only affects >= 3) CVE-2014-7817 (The wordexp function in GNU C Library (aka glibc) 2.21 does not enforc ...) {DSA-3142-1 DLA-97-1} - glibc 2.19-14 (bug #775572) - eglibc [wheezy] - eglibc (Will be fixed through a point update) NOTE: https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html NOTE: Git commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c CVE-2014-7816 (Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.1 ...) - undertow (only when running on Windows) CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote attack ...) {DSA-3067-1 DSA-3066-1} - qemu 2.1+dfsg-7 [squeeze] - qemu (Unsupported in squeeze-lts) - qemu-kvm [squeeze] - qemu-kvm NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829 CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engin ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-7813 (Red Hat CloudForms 3 Management Engine (CFME) allows remote authentica ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Netw ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and R ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x befor ...) {DSA-3530-1 DSA-3447-1 DSA-3428-1 DLA-232-1} - tomcat6 6.0.41-3 (bug #787010) NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages - tomcat7 7.0.61-1 - tomcat8 8.0.21-2 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645366 (6.x) NOTE: http://svn.apache.org/viewvc?view=revision&revision=1659538 (6.x) NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019 (7.x) NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x) CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s ...) - libstruts1.2-java (Struts 2.0.0 through to Struts 2.3.16.3) CVE-2014-7808 (Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M ...) NOT-FOR-US: Apache Wicket CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows rem ...) NOT-FOR-US: Apache CloudStack CVE-2014-7806 REJECTED CVE-2014-7805 REJECTED CVE-2014-7804 (The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application ...) NOT-FOR-US: Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application for Android CVE-2014-7803 (The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) applic ...) NOT-FOR-US: Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application for Android CVE-2014-7802 (The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropea ...) NOT-FOR-US: Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application for Android CVE-2014-7801 REJECTED CVE-2014-7800 (The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dl ...) NOT-FOR-US: Daily Green (aka it.opentt.blog.dailygreen) application for Android CVE-2014-7799 (The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for ...) NOT-FOR-US: Squishy birds (aka com.tatmob.squishybirds) application for Android CVE-2014-7798 (The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) appli ...) NOT-FOR-US: Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application for Android CVE-2014-7797 (The Thai food (aka com.foods.thaifood) application 1.0 for Android doe ...) NOT-FOR-US: Thai food (aka com.foods.thaifood) application for Android CVE-2014-7796 (The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2. ...) NOT-FOR-US: House365 Radio (aka com.nobexinc.wls_27853803.rc) application for Android CVE-2014-7795 (The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 ...) NOT-FOR-US: Harpers Bazaar Art (aka com.itp.harpersart) application for Android CVE-2014-7794 (The Knights of the Void (aka me.narr8.android.serial.knights_of_the_vo ...) NOT-FOR-US: Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application for Android CVE-2014-7793 (The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 ...) NOT-FOR-US: CB - Calciatori Brutti (aka com.calciatori.brutti) application for Android CVE-2014-7792 REJECTED CVE-2014-7791 (The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 fo ...) NOT-FOR-US: Backyard Wrestling (aka com.wBackyardWrestling) application for Android CVE-2014-7790 REJECTED CVE-2014-7789 (The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for A ...) NOT-FOR-US: Zillion Muslims (aka com.zillionmuslims.src) application for Android CVE-2014-7788 (The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 fo ...) NOT-FOR-US: Best Free Giveaways (aka com.wIphone5GiveAways) application for Android CVE-2014-7787 (The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Andro ...) NOT-FOR-US: iShuttle (aka com.synapse.ishuttle_user) application for Android CVE-2014-7786 (The English Football Magazine (aka com.magzter.englishfootball) applic ...) NOT-FOR-US: English Football Magazine (aka com.magzter.englishfootball) application for Android CVE-2014-7785 (The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroi ...) NOT-FOR-US: AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application for Android CVE-2014-7784 (The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 fo ...) NOT-FOR-US: Schon! Magazine (aka com.magzter.schonmagazine) application for Android CVE-2014-7783 (The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android ...) NOT-FOR-US: Bill G. Bennett (aka com.billgbennett) application for Android CVE-2014-7782 (The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMac ...) NOT-FOR-US: Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application for Android CVE-2014-7781 (The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanaha ...) NOT-FOR-US: Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application for Android CVE-2014-7780 (The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d ...) NOT-FOR-US: Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application for Android CVE-2014-7779 (The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) a ...) NOT-FOR-US: Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application for Android CVE-2014-7778 (The Epc World (aka com.magzter.epcworld) application 3.1 for Android d ...) NOT-FOR-US: Epc World (aka com.magzter.epcworld) application for Android CVE-2014-7777 (The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) applicatio ...) NOT-FOR-US: Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application for Android CVE-2014-7776 (The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android ...) NOT-FOR-US: Kavita KS (aka com.snaplion.kavitaks) application for Android CVE-2014-7775 (The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 f ...) NOT-FOR-US: Champak - Hindi (aka com.magzter.champakhindi) application for Android CVE-2014-7774 (The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) ...) NOT-FOR-US: Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application for Android CVE-2014-7773 (The Cleveland Football STREAM (aka com.appstronautme.clevelandfootball ...) NOT-FOR-US: Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application for Android CVE-2014-7772 (The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for A ...) NOT-FOR-US: MB Tickets (aka com.xcr.android.mbtickets) application for Android CVE-2014-7771 (The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for A ...) NOT-FOR-US: World Tamil Bayan (aka com.wWorldTamilBayan) application for Android CVE-2014-7770 (The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) ...) NOT-FOR-US: Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application for Android CVE-2014-7769 (The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) ...) NOT-FOR-US: Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application for Android CVE-2014-7768 (The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 fo ...) NOT-FOR-US: Analects of Confucius (aka com.azbc88881.lunyu) application for Android CVE-2014-7767 (The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X. ...) NOT-FOR-US: A+ (aka cn.xrzcm) application for Android CVE-2014-7766 (The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheC ...) NOT-FOR-US: 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application for Android CVE-2014-7765 (The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) applic ...) NOT-FOR-US: Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application for Android CVE-2014-7764 (The Semper Invicta Fitness (aka com.semper.invicta.fitness) applicatio ...) NOT-FOR-US: Semper Invicta Fitness (aka com.semper.invicta.fitness) application for Android CVE-2014-7763 (The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1. ...) NOT-FOR-US: Listen up! mirucho (aka jp.ameba.kiiteyo.android) application for Android CVE-2014-7762 (The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android ...) NOT-FOR-US: Bite it! (aka com.ASA1Touch.Bite_it) application for Android CVE-2014-7761 (The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for An ...) NOT-FOR-US: Ink Cards (aka com.sincerely.android.ink) application for Android CVE-2014-7760 (The Health assistance service (aka net.nttcloud.ft.karada) application ...) NOT-FOR-US: Health assistance service (aka net.nttcloud.ft.karada) application for Android CVE-2014-7759 (The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3 ...) NOT-FOR-US: Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application for Android CVE-2014-7758 (The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) appli ...) NOT-FOR-US: AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application for Android CVE-2014-7757 (The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjaga ...) NOT-FOR-US: Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application for Android CVE-2014-7756 (The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) applicat ...) NOT-FOR-US: Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application for Android CVE-2014-7755 (The eTopUpOnline (aka com.moremagic.etopup.client.android) application ...) NOT-FOR-US: eTopUpOnline (aka com.moremagic.etopup.client.android) application for Android CVE-2014-7754 (The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 ...) NOT-FOR-US: Condor S.E. (aka com.app_condorsoutheast.layout) application for Android CVE-2014-7753 (The Circa News (aka cir.ca) application 2.1.3 for Android does not ver ...) NOT-FOR-US: Circa News (aka cir.ca) application for Android CVE-2014-7752 (The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application ...) NOT-FOR-US: NASIOC (aka net.endoftime.android.forumrunner.nasioc) application for Android CVE-2014-7751 (The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for A ...) NOT-FOR-US: Recetas de Tragos (aka com.wRecetasdeTragos) application for Android CVE-2014-7750 (The Taster Magazine (aka com.magazinecloner.taster) application @7F080 ...) NOT-FOR-US: Taster Magazine (aka com.magazinecloner.taster) application for Android CVE-2014-7749 (The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 ...) NOT-FOR-US: CamDictionary (aka com.intsig.camdict) application for Android CVE-2014-7748 (The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application ...) NOT-FOR-US: Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application for Android CVE-2014-7747 REJECTED CVE-2014-7746 (The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) ...) NOT-FOR-US: Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application for Android CVE-2014-7745 (The Flight Manager (aka com.flightmanager.view) application 4.0 for An ...) NOT-FOR-US: Flight Manager (aka com.flightmanager.view) application for Android CVE-2014-7744 (The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for ...) NOT-FOR-US: Musulmanin.com (aka com.wSalyafiyailimurdjiya) application for Android CVE-2014-7743 (The Humor Ironias y Realidades (aka com.wHumork) application 0.63.1337 ...) NOT-FOR-US: Humor Ironias y Realidades (aka com.wHumork) application for Android CVE-2014-7742 (The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0 ...) NOT-FOR-US: Noticias del Vaticano (aka com.wNoticiasdelVaticano) application for Android CVE-2014-7741 (The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for ...) NOT-FOR-US: Healing Bookstore (aka com.wHealingBookstore) application for Android CVE-2014-7740 (The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7 ...) NOT-FOR-US: Pony Magazine (aka com.triactivemedia.ponymagazine) application for Android CVE-2014-7739 (The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for ...) NOT-FOR-US: Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application for Android CVE-2014-7738 REJECTED CVE-2014-7737 (The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for And ...) NOT-FOR-US: FMAC : Federation Culinaire (aka com.fmac) application for Android CVE-2014-7736 REJECTED CVE-2014-7735 (The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) applicatio ...) NOT-FOR-US: Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application for Android CVE-2014-7734 (The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) ...) NOT-FOR-US: Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application for Android CVE-2014-7733 (The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for A ...) NOT-FOR-US: Karaf Magazin (aka com.magzter.karafmagazin) application for Android CVE-2014-7732 REJECTED CVE-2014-7731 (The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for An ...) NOT-FOR-US: Radio de la Cato (aka com.radio.de.la.cato) application for Android CVE-2014-7730 REJECTED CVE-2014-7729 REJECTED CVE-2014-7728 (The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) appl ...) NOT-FOR-US: Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application for Android CVE-2014-7727 (The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Androi ...) NOT-FOR-US: Dj Brad H (aka com.dreamstep.wDjBradH) application for Android CVE-2014-7726 (The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 fo ...) NOT-FOR-US: Golosinas Simpson1 (aka com.wGolosinasSimpson1) application for Android CVE-2014-7725 (The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) applicatio ...) NOT-FOR-US: Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application for Android CVE-2014-7724 (The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Androi ...) NOT-FOR-US: Chemssou Blink (aka com.chemssou.blink) application for Android CVE-2014-7723 (The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application ...) NOT-FOR-US: Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application for Android CVE-2014-7722 (The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 f ...) NOT-FOR-US: Indian Jeweller (aka com.magzter.indianjeweller) application for Android CVE-2014-7721 (The President Clicker (aka com.flexymind.pclicker) application 1.0.4 f ...) NOT-FOR-US: President Clicker (aka com.flexymind.pclicker) application for Android CVE-2014-7720 (The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomes ...) NOT-FOR-US: Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application for Android CVE-2014-7719 (The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 f ...) NOT-FOR-US: BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application for Android CVE-2014-7718 (The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for ...) NOT-FOR-US: Travel+Leisure (aka com.magzter.travelleisure) application for Android CVE-2014-7717 (The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertyma ...) NOT-FOR-US: Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application for Android CVE-2014-7716 (The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) ap ...) NOT-FOR-US: Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application for Android CVE-2014-7715 (The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 fo ...) NOT-FOR-US: GIGA HOBBY (aka com.innopage.store.gigahobby) application for Android CVE-2014-7714 (The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not ...) NOT-FOR-US: ibon (aka tw.net.pic.mobi) application for Android CVE-2014-7713 (The Skin&Ink Magazine (aka com.triactivemedia.skinandink) applicat ...) NOT-FOR-US: Skin&Ink Magazine (aka com.triactivemedia.skinandink) application for Android CVE-2014-7712 (The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1. ...) NOT-FOR-US: Tiket.com Hotel & Flight (aka com.tiket.gits) application for Android CVE-2014-7711 REJECTED CVE-2014-7710 (The India Today Telugu (aka com.magzter.indiatoday.telugu) application ...) NOT-FOR-US: India Today Telugu (aka com.magzter.indiatoday.telugu) application for Android CVE-2014-7709 REJECTED CVE-2014-7708 (The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 ...) NOT-FOR-US: Raven - The Culture Lover (aka com.booksbyraven) application for Android CVE-2014-7707 (The Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandli ...) NOT-FOR-US: Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application for Android CVE-2014-7706 REJECTED CVE-2014-7705 (The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingLis ...) NOT-FOR-US: Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application for Android CVE-2014-7704 REJECTED CVE-2014-7703 (The Terrorizer Magazine (aka com.triactivemedia.terrorizer) applicatio ...) NOT-FOR-US: Terrorizer Magazine (aka com.triactivemedia.terrorizer) application for Android CVE-2014-7702 (The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for An ...) NOT-FOR-US: ahtty (aka com.crevation.babylon.ahtty) application for Android CVE-2014-7701 (The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1. ...) NOT-FOR-US: DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application for Android CVE-2014-7700 (The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application ...) NOT-FOR-US: Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application for Android CVE-2014-7699 REJECTED CVE-2014-7698 (The Xinhua International (aka org.xinhua.xnews_international) applicat ...) NOT-FOR-US: Xinhua International (aka org.xinhua.xnews_international) application for Android CVE-2014-7697 (The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0 ...) NOT-FOR-US: Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application for Android CVE-2014-7696 (The Halftime Magazine (aka com.magzter.halftimemagazine) application 3 ...) NOT-FOR-US: Halftime Magazine (aka com.magzter.halftimemagazine) application for Android CVE-2014-7695 (The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android ...) NOT-FOR-US: easaa Baoneng (aka com.easaa.baoneng) application for Android CVE-2014-7694 (The Corvette Museum (aka com.app_corvettemuseum.layout) application 1. ...) NOT-FOR-US: Corvette Museum (aka com.app_corvettemuseum.layout) application for Android CVE-2014-7693 (The JusApp! (aka com.tapatalk.jusappcombrforum) application 3.7.5 for ...) NOT-FOR-US: JusApp! (aka com.tapatalk.jusappcombrforum) application for Android CVE-2014-7692 (The Lent Experience (aka com.wLentExperience) application 0.1 for Andr ...) NOT-FOR-US: Lent Experience (aka com.wLentExperience) application for Android CVE-2014-7691 (The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 ...) NOT-FOR-US: Life Story of Sheikh Mujib (aka com.wbongobondho) application for Android CVE-2014-7690 (The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 ...) NOT-FOR-US: myfone Shopping (aka com.twm.pt.eccart) application for Android CVE-2014-7689 (The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 for ...) NOT-FOR-US: GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application for Android CVE-2014-7688 (The Home Improvement (aka com.whomeimprovementapp) application 0.1 for ...) NOT-FOR-US: Home Improvement (aka com.whomeimprovementapp) application for Android CVE-2014-7687 REJECTED CVE-2014-7686 (The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) ap ...) NOT-FOR-US: So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application for Android CVE-2014-7685 (The Razer Comms - Gaming Messenger (aka com.razerzone.comms) applicati ...) NOT-FOR-US: Razer Comms - Gaming Messenger (aka com.razerzone.comms) application for Android CVE-2014-7684 REJECTED CVE-2014-7683 (The Free Canadian Author Previews (aka com.booksellerscanada.authorpre ...) NOT-FOR-US: Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application for Android CVE-2014-7682 (The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android do ...) NOT-FOR-US: GR8! TV (aka com.magzter.greighttv) application for Android CVE-2014-7681 (The VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforu ...) NOT-FOR-US: VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application for Android CVE-2014-7680 REJECTED CVE-2014-7679 REJECTED CVE-2014-7678 REJECTED CVE-2014-7677 (The Scudetto (aka com.scudetto) application 2.7 for Android does not v ...) NOT-FOR-US: Scudetto (aka com.scudetto) application for Android CVE-2014-7676 (The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) applicatio ...) NOT-FOR-US: Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application for Android CVE-2014-7675 REJECTED CVE-2014-7674 (The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 ...) NOT-FOR-US: TicketOne.it (aka it.ticketone.mobile.app.Android) application for Android CVE-2014-7673 REJECTED CVE-2014-7672 REJECTED CVE-2014-7671 (The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does ...) NOT-FOR-US: Tekno Apsis (aka com.teknoapsis) application for Android CVE-2014-7670 (The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) appli ...) NOT-FOR-US: Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application for Android CVE-2014-7669 REJECTED CVE-2014-7668 (The Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application 1.4 for ...) NOT-FOR-US: Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application for Android CVE-2014-7667 (The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) app ...) NOT-FOR-US: Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) application for Android CVE-2014-7666 (The American Waterfowler (aka com.magazinecloner.americanwaterfowler) ...) NOT-FOR-US: American Waterfowler (aka com.magazinecloner.americanwaterfowler) application for Android CVE-2014-7665 REJECTED CVE-2014-7664 (The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) ap ...) NOT-FOR-US: Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application for Android CVE-2014-7663 (The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 ...) NOT-FOR-US: Right to the Nitty Gritty (aka com.wGoNittyGritty) application for Android CVE-2014-7662 REJECTED CVE-2014-7661 (The Masquito Blogger (aka com.wmasquito) application 0.1 for Android d ...) NOT-FOR-US: Masquito Blogger (aka com.wmasquito) application for Android CVE-2014-7660 (The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 fo ...) NOT-FOR-US: Gent Magazine (aka com.magzter.thegentmagazine) application for Android CVE-2014-7659 (The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) ap ...) NOT-FOR-US: ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application for Android CVE-2014-7658 REJECTED CVE-2014-7657 REJECTED CVE-2014-7656 (The Indian Management (aka com.magzter.indianmanagement) application 3 ...) NOT-FOR-US: Indian Management (aka com.magzter.indianmanagement) application for Android CVE-2014-7655 (The Dresden Transport Museum (aka de.appack.project.vmd) application 2 ...) NOT-FOR-US: Dresden Transport Museum (aka de.appack.project.vmd) application for Android CVE-2014-7654 REJECTED CVE-2014-7653 REJECTED CVE-2014-7652 (The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5 ...) NOT-FOR-US: Magicam Photo Magic Editor (aka mobi.magicam.editor) application for Android CVE-2014-7651 REJECTED CVE-2014-7650 (The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 ...) NOT-FOR-US: JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application for Android CVE-2014-7649 (The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7 ...) NOT-FOR-US: Classic Car Buyer (aka com.magazinecloner.carbuyer) application for Android CVE-2014-7648 (The SMARTalk (aka jp.co.fusioncom.smartalk.android) application 1.1 fo ...) NOT-FOR-US: SMARTalk (aka jp.co.fusioncom.smartalk.android) application for Android CVE-2014-7647 (The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for An ...) NOT-FOR-US: BOOKING DISCOUNT (aka com.wmygoodhotelscom) application for Android CVE-2014-7646 (The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for ...) NOT-FOR-US: EMT-Paramedic Lite (aka com.wEMTparamedicLite) application for Android CVE-2014-7645 REJECTED CVE-2014-7644 (The Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174 ...) NOT-FOR-US: Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application for Android CVE-2014-7643 (The C.R. Group (aka com.c.r.group) application 1.0 for Android does no ...) NOT-FOR-US: C.R. Group (aka com.c.r.group) application for Android CVE-2014-7642 (The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503 ...) NOT-FOR-US: Pegasus Airlines (aka com.wPegasusAirlines) application for Android CVE-2014-7641 REJECTED CVE-2014-7640 (The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does n ...) NOT-FOR-US: Hotel Room (aka com.wHotelRoom) application for Android CVE-2014-7639 REJECTED CVE-2014-7638 (The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application ...) NOT-FOR-US: Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application for Android CVE-2014-7637 REJECTED CVE-2014-7636 (The United Hawk Nation (aka com.united12thman) application 2.1 for And ...) NOT-FOR-US: United Hawk Nation (aka com.united12thman) application for Android CVE-2014-7635 REJECTED CVE-2014-7634 (The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does n ...) NOT-FOR-US: Adopt O Pet (aka com.wFindAPet) application for Android CVE-2014-7633 (The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Andro ...) NOT-FOR-US: Dino Zoo (aka com.tappocket.dinozoostar) application for Android CVE-2014-7632 (The news revolution - bahrain (aka com.news.revolution.BH) application ...) NOT-FOR-US: news revolution - bahrain (aka com.news.revolution.BH) application for Android CVE-2014-7631 (The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Andro ...) NOT-FOR-US: Villa Antonia (aka com.appbuilder.u7p5019) application for Android CVE-2014-7630 (The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for Andr ...) NOT-FOR-US: Fling Gold (aka com.mbgames.fling.gold) application for Android CVE-2014-7629 (The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 ...) NOT-FOR-US: Yulman Stadium (aka com.dub.app.tulanestadium) application for Android CVE-2014-7628 (The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android d ...) NOT-FOR-US: Acorn Comms (aka com.acorncomms.app) application for Android CVE-2014-7627 REJECTED CVE-2014-7626 (The Atme (aka com.bedigital.atme) application 1.0.10 for Android does ...) NOT-FOR-US: Atme (aka com.bedigital.atme) application for Android CVE-2014-7625 REJECTED CVE-2014-7624 (The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) applicat ...) NOT-FOR-US: Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application for Android CVE-2014-7623 REJECTED CVE-2014-7622 (The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locato ...) NOT-FOR-US: Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application for Android CVE-2014-7621 (The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 ...) NOT-FOR-US: EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application for Android CVE-2014-7620 (The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 ...) NOT-FOR-US: Authors On Tour - Live! (aka com.appmakr.app122286) application for Android CVE-2014-7619 REJECTED CVE-2014-7618 (The Interior Design (aka com.interior.design.mcreda) application 1.0 f ...) NOT-FOR-US: Interior Design (aka com.interior.design.mcreda) application for Android CVE-2014-7617 (The www.roads365.com (aka ydx.android) application 1.0.1 for Android d ...) NOT-FOR-US: www.roads365.com (aka ydx.android) application for Android CVE-2014-7616 (The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9 ...) NOT-FOR-US: Physics Forums (aka com.tapatalk.physicsforumscom) application for Android CVE-2014-7615 REJECTED CVE-2014-7614 (The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application 0 ...) NOT-FOR-US: Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application for Android CVE-2014-7613 (The WASPS Official Programmes (aka com.triactivemedia.wasps) applicati ...) NOT-FOR-US: WASPS Official Programmes (aka com.triactivemedia.wasps) application for Android CVE-2014-7612 (The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 ...) NOT-FOR-US: e-Kiosk (aka com.ekioskreader.android.pdfviewer) application for Android CVE-2014-7611 (The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) applicat ...) NOT-FOR-US: Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application for Android CVE-2014-7610 (The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) a ...) NOT-FOR-US: Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application for Android CVE-2014-7609 (The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android ...) NOT-FOR-US: iStunt 2 (aka com.miniclip.istunt2) application for Android CVE-2014-7608 (The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for ...) NOT-FOR-US: Carrier Enterprise HVAC Assist (aka com.es.CE) application for Android CVE-2014-7607 (The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android do ...) NOT-FOR-US: Swamiji.tv (aka org.yidl.SwamijiTV) application for Android CVE-2014-7606 (The Concursive (aka com.concursive.app) application 2.1 for Android do ...) NOT-FOR-US: Concursive (aka com.concursive.app) application for Android CVE-2014-7605 (The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.a ...) NOT-FOR-US: Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application for Android CVE-2014-7604 (The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) appl ...) NOT-FOR-US: Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application for Android CVE-2014-7603 (The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.1 ...) NOT-FOR-US: Gravey Design (aka com.dreamstep.wGraveyDesign) application for Android CVE-2014-7602 (The FRONT (aka com.magazinecloner.front) application @7F08017A for And ...) NOT-FOR-US: FRONT (aka com.magazinecloner.front) application for Android CVE-2014-7601 REJECTED CVE-2014-7600 REJECTED CVE-2014-7599 REJECTED CVE-2014-7598 (The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for A ...) NOT-FOR-US: Poker Puzzle (aka com.sharpiq.pokerpuzzle) application for Android CVE-2014-7597 (The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) applicatio ...) NOT-FOR-US: Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application for Android CVE-2014-7596 (The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for And ...) NOT-FOR-US: Paramore (aka uk.co.pixelkicks.paramore) application for Android CVE-2014-7595 (The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android doe ...) NOT-FOR-US: devada.co.uk (aka com.wdevadacouk) application for Android CVE-2014-7594 REJECTED CVE-2014-7593 (The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 ...) NOT-FOR-US: Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application for Android CVE-2014-7592 (The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) app ...) NOT-FOR-US: FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application for Android CVE-2014-7591 (The Demon (aka com.ireadercity.c24) application 3.0.2 for Android does ...) NOT-FOR-US: Demon (aka com.ireadercity.c24) application for Android CVE-2014-7590 (The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for A ...) NOT-FOR-US: WebPromoExperts (aka ua.com.webpromoexperts) application for Android CVE-2014-7589 (The Industrial and Commercial Bank of China (ICBC) Banking (aka com.ic ...) NOT-FOR-US: Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application for Android CVE-2014-7588 REJECTED CVE-2014-7587 (The Blocked in Free (aka com.blueup.blocked) application 1.0 for Andro ...) NOT-FOR-US: Blocked in Free (aka com.blueup.blocked) application for Android CVE-2014-7586 REJECTED CVE-2014-7585 (The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7 ...) NOT-FOR-US: Biplane Forum (aka com.gcspublishing.biplaneforum) application for Android CVE-2014-7584 (The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for Androi ...) NOT-FOR-US: ACN2GO (aka com.dataparadigm.acnmobile) application for Android CVE-2014-7583 REJECTED CVE-2014-7582 (The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 f ...) NOT-FOR-US: Water Lateral Sizer (aka com.wWaterLateralSizer) application for Android CVE-2014-7581 (The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) ap ...) NOT-FOR-US: Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application for Android CVE-2014-7580 (The Thailand Investor News (aka nudecreative.thaistock.set) applicatio ...) NOT-FOR-US: Thailand Investor News (aka nudecreative.thaistock.set) application for Android CVE-2014-7579 REJECTED CVE-2014-7578 (The Bieber News Now (aka com.jbnews) application 12.0.5 for Android do ...) NOT-FOR-US: Bieber News Now (aka com.jbnews) application for Android CVE-2014-7577 (The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 ...) NOT-FOR-US: B&H Photo Video Pro Audio (aka com.bhphoto) application for Android CVE-2014-7576 (The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii. ...) NOT-FOR-US: Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application for Android CVE-2014-7575 (The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) appl ...) NOT-FOR-US: eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application for Android CVE-2014-7574 REJECTED CVE-2014-7573 (The droid Survey Offline Forms (aka com.contact.droidSURVEY) applicati ...) NOT-FOR-US: droid Survey Offline Forms (aka com.contact.droidSURVEY) application for Android CVE-2014-7572 (The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbook ...) NOT-FOR-US: Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application for Android CVE-2014-7571 (The Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) app ...) NOT-FOR-US: Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) application for Android CVE-2014-7570 (The Fire Equipments Screen lock (aka com.locktheworld.screen.lock.them ...) NOT-FOR-US: Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application for Android CVE-2014-7569 (The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) ...) NOT-FOR-US: Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application for Android CVE-2014-7568 (The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) applic ...) NOT-FOR-US: Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application for Android CVE-2014-7567 (The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does ...) NOT-FOR-US: iMig 2012 (aka com.webges.imig) application for Android CVE-2014-7566 (The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for ...) NOT-FOR-US: Stift Neuburg (aka de.appack.project.neuburg) application for Android CVE-2014-7565 (The Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application ...) NOT-FOR-US: Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application for Android CVE-2014-7564 (The Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a ...) NOT-FOR-US: Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application for Android CVE-2014-7563 (The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c ...) NOT-FOR-US: Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application for Android CVE-2014-7562 (The Health Advocate SmartHelp (aka com.healthadvocate.ui) application ...) NOT-FOR-US: Health Advocate SmartHelp (aka com.healthadvocate.ui) application for Android CVE-2014-7561 REJECTED CVE-2014-7560 (The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) applica ...) NOT-FOR-US: Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application for Android CVE-2014-7559 (The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for And ...) NOT-FOR-US: InstaTalks (aka com.natrobit.instatalks) application for Android CVE-2014-7558 (The Everest Poker (aka com.wEverestPoker) application 0.1 for Android ...) NOT-FOR-US: Everest Poker (aka com.wEverestPoker) application for Android CVE-2014-7557 (The zroadster.com (aka com.tapatalk.zroadstercomforum) application 2.4 ...) NOT-FOR-US: zroadster.com (aka com.tapatalk.zroadstercomforum) application for Android CVE-2014-7556 REJECTED CVE-2014-7555 (The Apparound BLEND (aka com.apparound.mobile.catalogo) application 4. ...) NOT-FOR-US: Apparound BLEND (aka com.apparound.mobile.catalogo) application for Android CVE-2014-7554 (The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1. ...) NOT-FOR-US: Bouqs - Flowers Simplified (aka com.bouqs.activity) application for Android CVE-2014-7553 (The GET NYCE Lightworks (aka com.wGETNYCE) application 0.84.13506.9895 ...) NOT-FOR-US: GET NYCE Lightworks (aka com.wGETNYCE) application for Android CVE-2014-7552 (The Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application ...) NOT-FOR-US: Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application for Android CVE-2014-7551 (The Noticias Bebes Beybies (aka com.beybies) application 1.0 for Andro ...) NOT-FOR-US: Noticias Bebes Beybies (aka com.beybies) application for Android CVE-2014-7550 (The basketball news & videos (aka com.basketbal.news.caesar) appli ...) NOT-FOR-US: basketball news & videos (aka com.basketbal.news.caesar) application for Android CVE-2014-7549 REJECTED CVE-2014-7548 REJECTED CVE-2014-7547 (The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimi ...) NOT-FOR-US: Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application for Android CVE-2014-7546 (The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application ...) NOT-FOR-US: Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application for Android CVE-2014-7545 REJECTED CVE-2014-7544 (The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret ...) NOT-FOR-US: Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application for Android CVE-2014-7543 (The Blood (aka com.sheridan.ash) application 2.1 for Android does not ...) NOT-FOR-US: Blood (aka com.sheridan.ash) application for Android CVE-2014-7542 (The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android ...) NOT-FOR-US: l'Informatiu (aka com.linformatiu.spm) application for Android CVE-2014-7541 REJECTED CVE-2014-7540 REJECTED CVE-2014-7539 (The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application ...) NOT-FOR-US: Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application for Android CVE-2014-7538 (The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) appli ...) NOT-FOR-US: Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application for Android CVE-2014-7537 REJECTED CVE-2014-7536 (The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) ...) NOT-FOR-US: Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application for Android CVE-2014-7535 (The Classic Racer (aka com.triactivemedia.classicracer) application @7 ...) NOT-FOR-US: Classic Racer (aka com.triactivemedia.classicracer) application for Android CVE-2014-7534 (The Funny & Interesting Things (aka com.wFunnyandInterestingThings ...) NOT-FOR-US: Funny & Interesting Things (aka com.wFunnyandInterestingThings) application for Android CVE-2014-7533 (The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) appli ...) NOT-FOR-US: NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application for Android CVE-2014-7532 (The GES Agri Connect (aka com.wAgriConnect) application 0.1 for Androi ...) NOT-FOR-US: GES Agri Connect (aka com.wAgriConnect) application for Android CVE-2014-7531 REJECTED CVE-2014-7530 (The PRIX IMPORT (aka com.myapphone.android.myapppriximport) applicatio ...) NOT-FOR-US: PRIX IMPORT (aka com.myapphone.android.myapppriximport) application for Android CVE-2014-7529 (The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) applicati ...) NOT-FOR-US: Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application for Android CVE-2014-7528 (The Horsepower (aka com.apptive.android.apps.horsepower) application 2 ...) NOT-FOR-US: Horsepower (aka com.apptive.android.apps.horsepower) application for Android CVE-2014-7527 (The Savage Nation Mobile Web (aka com.wSavageNation) application 0.57. ...) NOT-FOR-US: Savage Nation Mobile Web (aka com.wSavageNation) application for Android CVE-2014-7526 (The Immunize Canada (aka ca.ohri.immunizeapp) application 1.0.1 for An ...) NOT-FOR-US: Immunize Canada (aka ca.ohri.immunizeapp) application for Android CVE-2014-7525 (The Domain Name Search & Web Host (aka com.wDomainNameSearchandReg ...) NOT-FOR-US: Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application for Android CVE-2014-7524 (The Bed and Breakfast (aka com.wbedandbreakfastapp) application 0.1 fo ...) NOT-FOR-US: Bed and Breakfast (aka com.wbedandbreakfastapp) application for Android CVE-2014-7523 (The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1 ...) NOT-FOR-US: Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application for Android CVE-2014-7522 (The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 fo ...) NOT-FOR-US: Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application for Android CVE-2014-7521 (The Anderson Musaamil (aka com.app_andersonmusaamil.layout) applicatio ...) NOT-FOR-US: Anderson Musaamil (aka com.app_andersonmusaamil.layout) application for Android CVE-2014-7520 (The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does ...) NOT-FOR-US: Nova 92.1 FM (aka com.wNova921FM) application for Android CVE-2014-7519 (The Cycling Manager Game Cff (aka com.CyclingManagerGame) application ...) NOT-FOR-US: Cycling Manager Game Cff (aka com.CyclingManagerGame) application for Android CVE-2014-7518 (The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) appl ...) NOT-FOR-US: Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application for Android CVE-2014-7517 (The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for A ...) NOT-FOR-US: Myanmar Movies HD (aka com.wmyanmarmoviesHD) application for Android CVE-2014-7516 (The Central East LHIN News (aka com.wCentralEastLHINNews) application ...) NOT-FOR-US: Central East LHIN News (aka com.wCentralEastLHINNews) application for Android CVE-2014-7515 (The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) app ...) NOT-FOR-US: Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application for Android CVE-2014-7514 REJECTED CVE-2014-7513 (The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for ...) NOT-FOR-US: Top Hangover Cures (aka com.TopHangoverCures) application for Android CVE-2014-7512 REJECTED CVE-2014-7511 REJECTED CVE-2014-7510 (The Graffit It (aka com.presenttechnologies.graffitit) application 1.1 ...) NOT-FOR-US: Graffit It (aka com.presenttechnologies.graffitit) application for Android CVE-2014-7509 (The A Very Short History of Japan (aka com.ireadercity.c51) applicatio ...) NOT-FOR-US: A Very Short History of Japan (aka com.ireadercity.c51) application for Android CVE-2014-7508 (The Help For Doc (aka com.childrens.physician.relations) application 1 ...) NOT-FOR-US: Help For Doc (aka com.childrens.physician.relations) application for Android CVE-2014-7507 (The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Andr ...) NOT-FOR-US: Hector Leal (aka ad.hector.leal.com) application for Android CVE-2014-7506 (The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) applicat ...) NOT-FOR-US: Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application for Android CVE-2014-7505 (The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android ...) NOT-FOR-US: AppTalk (aka com.chatatami.apptalk) application for Android CVE-2014-7504 REJECTED CVE-2014-7503 REJECTED CVE-2014-7502 (The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) applicatio ...) NOT-FOR-US: Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application for Android CVE-2014-7501 (The Translation Widget (aka com.wTranslationGadget) application 0.1 fo ...) NOT-FOR-US: Translation Widget (aka com.wTranslationGadget) application for Android CVE-2014-7500 REJECTED CVE-2014-7499 (The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does ...) NOT-FOR-US: Sword (aka com.ireadercity.c25) application for Android CVE-2014-7498 (The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for ...) NOT-FOR-US: Space Cinema (aka it.thespacecinema.android) application for Android CVE-2014-7497 (The Portfolium (aka com.wPortfolium) application 0.1 for Android does ...) NOT-FOR-US: Portfolium (aka com.wPortfolium) application for Android CVE-2014-7496 REJECTED CVE-2014-7495 (The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for ...) NOT-FOR-US: LogosQuest - Beginnings (aka com.wLogosQuest) application for Android CVE-2014-7494 (The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) applicat ...) NOT-FOR-US: Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application for Android CVE-2014-7493 (The 100 Books (aka com.ireadercity.c20) application 3.0.2 for Android ...) NOT-FOR-US: 100 Books (aka com.ireadercity.c20) application for Android CVE-2014-7492 (The Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB ...) NOT-FOR-US: Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB8) application for Android CVE-2014-7491 (The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Andr ...) NOT-FOR-US: Short Stories (aka com.ireadercity.c48) application for Android CVE-2014-7490 (The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 f ...) NOT-FOR-US: Menaka - Marathi (aka com.magzter.menakamarathi) application for Android CVE-2014-7489 REJECTED CVE-2014-7488 (The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Andro ...) NOT-FOR-US: Vineyard All In (aka com.wVineyardAllIn) application for Android CVE-2014-7487 (The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticden ...) NOT-FOR-US: ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application for Android CVE-2014-7486 (The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 ...) NOT-FOR-US: Mitsubishi Road Assist (aka com.agero.mitsubishi) application for Android CVE-2014-7485 (The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) applic ...) NOT-FOR-US: Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application for Android CVE-2014-7484 (The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) ap ...) NOT-FOR-US: Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application for Android CVE-2014-7483 (The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) applica ...) NOT-FOR-US: Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application for Android CVE-2014-7482 REJECTED CVE-2014-7481 (The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android ...) NOT-FOR-US: ETG Hosting (aka com.etg.web.hosting) application for Android CVE-2014-7480 REJECTED CVE-2014-7479 REJECTED CVE-2014-7478 (The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for Andro ...) NOT-FOR-US: nashaplaneta.su (aka com.wNashaPlaneta) application for Android CVE-2014-7477 REJECTED CVE-2014-7476 (The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) applica ...) NOT-FOR-US: Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application for Android CVE-2014-7475 (The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android d ...) NOT-FOR-US: Ionic View (aka com.ionic.viewapp) application for Android CVE-2014-7474 REJECTED CVE-2014-7473 REJECTED CVE-2014-7472 (The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application ...) NOT-FOR-US: CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application for Android CVE-2014-7471 (The international-arbitration-attorney.com (aka com.w0f1d79a1010d819ac ...) NOT-FOR-US: international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application for Android CVE-2014-7470 (The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesa ...) NOT-FOR-US: I Know the Movie (aka com.guilardi.jesaislefilm2) application for Android CVE-2014-7469 (The Best Beginning (aka com.bbbeta) application 2.0 for Android does n ...) NOT-FOR-US: Best Beginning (aka com.bbbeta) application for Android CVE-2014-7468 (The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 ...) NOT-FOR-US: AG Klettern Odenwald (aka de.appack.project.agko) application for Android CVE-2014-7467 (The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for And ...) NOT-FOR-US: HoneyBee Mag (aka com.magzter.honeybeemag) application for Android CVE-2014-7466 (The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Andr ...) NOT-FOR-US: Live TV Browser (aka com.wHDSmartBrowser) application for Android CVE-2014-7465 (The PC Advisor (aka com.triactivemedia.pcadvisor) application @7F08017 ...) NOT-FOR-US: PC Advisor (aka com.triactivemedia.pcadvisor) application for Android CVE-2014-7464 (The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android ...) NOT-FOR-US: Magic Stamp (aka vn.avagame.apotatem) application for Android CVE-2014-7463 (The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for A ...) NOT-FOR-US: IM5 Fans Planet (aka uk.co.pixelkicks.im5) application for Android CVE-2014-7462 (The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) applica ...) NOT-FOR-US: Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application for Android CVE-2014-7461 (The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application 0.6 ...) NOT-FOR-US: A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application for Android CVE-2014-7460 (The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) a ...) NOT-FOR-US: Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application for Android CVE-2014-7459 (The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) appl ...) NOT-FOR-US: Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application for Android CVE-2014-7458 (The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) appli ...) NOT-FOR-US: BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application for Android CVE-2014-7457 (The Electronics For You (aka com.magzter.electronicsforyou) applicatio ...) NOT-FOR-US: Electronics For You (aka com.magzter.electronicsforyou) application for Android CVE-2014-7456 (The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 fo ...) NOT-FOR-US: Digit Magazine (aka com.magzter.digitmagazine) application for Android CVE-2014-7455 (The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 ...) NOT-FOR-US: Zoella Unofficial (aka com.automon.ay.zoella) application for Android CVE-2014-7454 (The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) appl ...) NOT-FOR-US: Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application for Android CVE-2014-7453 REJECTED CVE-2014-7452 (The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 ...) NOT-FOR-US: Shaklee Product Catalog (aka com.wProductCatalog) application for Android CVE-2014-7451 REJECTED CVE-2014-7450 (The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for A ...) NOT-FOR-US: allnurses (aka com.tapatalk.allnursescom) application for Android CVE-2014-7449 (The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 ...) NOT-FOR-US: My NGEMC Account (aka com.ngemc.smartapps) application for Android CVE-2014-7448 (The DealSide Institutional (aka com.magzter.dealsideinstitutional) app ...) NOT-FOR-US: DealSide Institutional (aka com.magzter.dealsideinstitutional) application for Android CVE-2014-7447 (The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0 ...) NOT-FOR-US: Dattch - The Lesbian App (aka com.dattch.dattch.app) application for Android CVE-2014-7446 (The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 ...) NOT-FOR-US: Bilingual Magic Ball (aka com.wBilingualMagicBall) application for Android CVE-2014-7445 (The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Andr ...) NOT-FOR-US: LEGEND OF TRANCE (aka com.legendoftrance) application for Android CVE-2014-7444 (The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Androi ...) NOT-FOR-US: Baidu Navigation (aka com.baidu.navi) application for Android CVE-2014-7443 (The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagema ...) NOT-FOR-US: Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application for Android CVE-2014-7442 REJECTED CVE-2014-7441 (The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does ...) NOT-FOR-US: Pakan Ken Tube (aka com.PakanKen) application for Android CVE-2014-7440 REJECTED CVE-2014-7439 (The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2 ...) NOT-FOR-US: bene+ odmeny a slevy (aka cz.gemoney.bene.android) application for Android CVE-2014-7438 REJECTED NOT-FOR-US: pbm2l2030 printer driver CVE-2014-7437 (The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) applicat ...) NOT-FOR-US: Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application for Android CVE-2014-7436 (The SOS recette (aka com.sos.recette) application 1.0 for Android does ...) NOT-FOR-US: SOS recette (aka com.sos.recette) application for Android CVE-2014-7435 (The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) appli ...) NOT-FOR-US: AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application for Android CVE-2014-7434 (The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does no ...) NOT-FOR-US: RTSinfo (aka ch.rts.rtsinfo) application for Android CVE-2014-7433 (The Student ID (aka com.computas.studentbevis) application 1.2 for And ...) NOT-FOR-US: Student ID (aka com.computas.studentbevis) application for Android CVE-2014-7432 (The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0 ...) NOT-FOR-US: CalculatorApp (aka com.intuit.alm.testandroidapp) application for Android CVE-2014-7431 (The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for An ...) NOT-FOR-US: Breeze Jersey (aka com.sc.breezeje.banking) application for Android CVE-2014-7430 (The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for Androi ...) NOT-FOR-US: Flood-It (aka com.appspot.eoltek.flood) application for Android CVE-2014-7429 REJECTED CVE-2014-7428 (The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) appli ...) NOT-FOR-US: 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application for Android CVE-2014-7427 (The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) appli ...) NOT-FOR-US: Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application for Android CVE-2014-7426 REJECTED CVE-2014-7425 (The Doodle Devil Free (aka com.joybits.doodledevil_free) application 2 ...) NOT-FOR-US: Doodle Devil Free (aka com.joybits.doodledevil_free) application for Android CVE-2014-7424 (The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) applica ...) NOT-FOR-US: Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application for Android CVE-2014-7423 (The Youth Incorporated (aka com.magzter.youthincorporated) application ...) NOT-FOR-US: Youth Incorporated (aka com.magzter.youthincorporated) application for Android CVE-2014-7422 (The HEA Mobile (aka com.homerelectric.smartapps) application 1.153.003 ...) NOT-FOR-US: HEA Mobile (aka com.homerelectric.smartapps) application for Android CVE-2014-7421 (The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) appl ...) NOT-FOR-US: Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application for Android CVE-2014-7420 (The Just Bureaucracy (aka com.magzter.justbureaucracy) application 3.0 ...) NOT-FOR-US: Just Bureaucracy (aka com.magzter.justbureaucracy) application for Android CVE-2014-7419 (The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 ...) NOT-FOR-US: PokeCreator Lite (aka com.pokecreator.builderlite) application for Android CVE-2014-7418 (The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application ...) NOT-FOR-US: BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application for Android CVE-2014-7417 (The Real Academia de Bellas Artes (aka com.adianteventures.adianteapps ...) NOT-FOR-US: Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application for Android CVE-2014-7416 (The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) appli ...) NOT-FOR-US: Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application for Android CVE-2014-7415 (The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for ...) NOT-FOR-US: Asylum! (aka com.nobexinc.wls_96362255.rc) application for Android CVE-2014-7414 (The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for ...) NOT-FOR-US: CLEO Malaysia (aka com.magzter.cleomalaysia) application for Android CVE-2014-7413 (The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) applica ...) NOT-FOR-US: Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application for Android CVE-2014-7412 REJECTED CVE-2014-7411 REJECTED CVE-2014-7410 (The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for Androi ...) NOT-FOR-US: Aptallik Testi (aka com.wAptallikTesti) application for Android CVE-2014-7409 (The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android do ...) NOT-FOR-US: Liburan Hemat (aka com.liburan.bro) application for Android CVE-2014-7408 (The Gary Johnson for President '12 (aka com.GaryJohnson2012) applicati ...) NOT-FOR-US: Gary Johnson for President '12 (aka com.GaryJohnson2012) application for Android CVE-2014-7407 (The Game Day Tix (aka com.xcr.android.mygamedaytickets) application 2. ...) NOT-FOR-US: Game Day Tix (aka com.xcr.android.mygamedaytickets) application for Android CVE-2014-7406 (The Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.d ...) NOT-FOR-US: Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application for Android CVE-2014-7405 (The Belaire Family Orthodontics (aka com.app_bf.layout) application 1. ...) NOT-FOR-US: Belaire Family Orthodontics (aka com.app_bf.layout) application for Android CVE-2014-7404 REJECTED CVE-2014-7403 (The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for ...) NOT-FOR-US: NZHondas.com (aka com.tapatalk.nzhondascom) application for Android CVE-2014-7400 REJECTED CVE-2014-7399 (The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 fo ...) NOT-FOR-US: Suzanne Glathar (aka com.app_sglathar.layout) application for Android CVE-2014-7398 (The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 ...) NOT-FOR-US: Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application for Android CVE-2014-7397 (The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application ...) NOT-FOR-US: ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application for Android CVE-2014-7396 (The PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application 0. ...) NOT-FOR-US: PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application for Android CVE-2014-7395 (The USF BCM (aka com.appmakr.app193115) application 252847 for Android ...) NOT-FOR-US: USF BCM (aka com.appmakr.app193115) application for Android CVE-2014-7394 (The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for And ...) NOT-FOR-US: www.alaaliwat.com (aka com.alaliwat.marsa) application for Android CVE-2014-7393 (The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for A ...) NOT-FOR-US: 100 Beauty Tips (aka com.ww100BeautyTipsApp) application for Android CVE-2014-7392 (The Russian Federation Traffic Rules (aka com.russia.pdd) application ...) NOT-FOR-US: Russian Federation Traffic Rules (aka com.russia.pdd) application for Android CVE-2014-7391 (The Synx addictive puzzle game (aka us.synx.mobile.play) application 1 ...) NOT-FOR-US: Synx addictive puzzle game (aka us.synx.mobile.play) application for Android CVE-2014-7390 (The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) app ...) NOT-FOR-US: Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application for Android CVE-2014-7389 (The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application 3.2. ...) NOT-FOR-US: Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application for Android CVE-2014-7388 (The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) applica ...) NOT-FOR-US: Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application for Android CVE-2014-7387 (The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 f ...) NOT-FOR-US: ACC Advocacy Action (aka com.acc.app.android.ui) application for Android CVE-2014-7386 REJECTED CVE-2014-7385 (The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) app ...) NOT-FOR-US: Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application for Android CVE-2014-7384 (The Joe's Lawn Service (aka com.appexpress.joeslawnservice) applicatio ...) NOT-FOR-US: Joe's Lawn Service (aka com.appexpress.joeslawnservice) application for Android CVE-2014-7383 REJECTED CVE-2014-7382 (The Alternative Connection (aka com.wAlternativeConnection) applicatio ...) NOT-FOR-US: Alternative Connection (aka com.wAlternativeConnection) application for Android CVE-2014-7381 REJECTED CVE-2014-7380 (The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Andr ...) NOT-FOR-US: Cedar Kiosk (aka com.apps2you.cedarkiosk) application for Android CVE-2014-7379 (The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) ...) NOT-FOR-US: Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) application for Android CVE-2014-7378 (The Jobranco (aka com.jobranco) application 1.1 for Android does not v ...) NOT-FOR-US: Jobranco (aka com.jobranco) application for Android CVE-2014-7377 REJECTED CVE-2014-7376 (The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) ...) NOT-FOR-US: Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application for Android CVE-2014-7375 (The Childcare (aka com.app_macchildcare.layout) application 1.399 for ...) NOT-FOR-US: Childcare (aka com.app_macchildcare.layout) application for Android CVE-2014-7374 (The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application ...) NOT-FOR-US: SPIN - Motion Comic (aka me.narr8.android.serial.spin) application for Android CVE-2014-7373 (The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 ...) NOT-FOR-US: Inspire Weddings (aka com.magzter.inspireweddings) application for Android CVE-2014-7372 (The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for An ...) NOT-FOR-US: Mr.Sausage (aka com.app_mrsausage.layout) application for Android CVE-2014-7371 (The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) appli ...) NOT-FOR-US: Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application for Android CVE-2014-7370 (The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android do ...) NOT-FOR-US: Job MoBleeps (aka com.wJobMoBleeps) application for Android CVE-2014-7369 (The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for ...) NOT-FOR-US: Il Brillo Parlante (aka com.wIlBrilloParlante) application for Android CVE-2014-7368 (The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPr ...) NOT-FOR-US: Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application for Android CVE-2014-7367 (The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for Android ...) NOT-FOR-US: TuS 1947 Radis (aka com.tus1947radis) application for Android CVE-2014-7366 (The Identity (aka com.magzter.identity) application 3.01 for Android d ...) NOT-FOR-US: Identity (aka com.magzter.identity) application for Android CVE-2014-7365 REJECTED CVE-2014-7364 (The Promotional Items (aka com.wPromotionalItems) application 0.1 for ...) NOT-FOR-US: Promotional Items (aka com.wPromotionalItems) application for Android CVE-2014-7363 REJECTED CVE-2014-7362 (The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application ...) NOT-FOR-US: Naranjas Con Tocados (aka com.NaranjasConTocados.com) application for Android CVE-2014-7361 (The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for An ...) NOT-FOR-US: Harry's Pub (aka com.emunching.harryspub) application for Android CVE-2014-7360 (The How To Boil Eggs (aka com.appmakr.app842173) application 251333 fo ...) NOT-FOR-US: How To Boil Eggs (aka com.appmakr.app842173) application for Android CVE-2014-7359 (The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android doe ...) NOT-FOR-US: MAPA DA MINA (aka com.wMAPADAMINA) application for Android CVE-2014-7358 (The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 ...) NOT-FOR-US: Vermont Powder (aka com.concursive.vermontpowder) application for Android CVE-2014-7357 (The Grandparenting is Great (aka com.app_gig.layout) application 1.400 ...) NOT-FOR-US: Grandparenting is Great (aka com.app_gig.layout) application for Android CVE-2014-7356 REJECTED CVE-2014-7355 REJECTED CVE-2014-7354 (The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for A ...) NOT-FOR-US: Penumbra eMag (aka com.magzter.penumbraemag) application for Android CVE-2014-7353 (The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does ...) NOT-FOR-US: JAZAN 24 (aka com.jazan24.Mcreda) application for Android CVE-2014-7352 (The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) applic ...) NOT-FOR-US: India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application for Android CVE-2014-7351 (The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) applic ...) NOT-FOR-US: GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application for Android CVE-2014-7350 REJECTED CVE-2014-7349 REJECTED CVE-2014-7348 (The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android doe ...) NOT-FOR-US: HOT CARS (aka com.magzter.hotcars) application for Android CVE-2014-7347 REJECTED CVE-2014-7346 (The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does ...) NOT-FOR-US: Bespoke (aka com.magzter.bespoke) application for Android CVE-2014-7345 (The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 fo ...) NOT-FOR-US: DIYChatroom (aka com.tapatalk.diychatroomcom) application for Android CVE-2014-7344 (The Classic Arms & Militaria (aka com.magazinecloner.classicarmsan ...) NOT-FOR-US: Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application for Android CVE-2014-7343 REJECTED CVE-2014-7342 (The Echo News (aka com.solo.report) 1.10 application (beta) for Androi ...) NOT-FOR-US: Echo News (aka com.solo.report) 1.10 application for Android CVE-2014-7341 (The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android do ...) NOT-FOR-US: SAsync (aka com.sasync.sasyncmap) application for Android CVE-2014-7340 (The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F0801 ...) NOT-FOR-US: Old Bike Mart (aka com.magazinecloner.oldbike) application for Android CVE-2014-7339 (The Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAun ...) NOT-FOR-US: Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAunAmigo) application for Android CVE-2014-7338 (The faailkhair (aka com.faailkhair.app) application 1.0 for Android do ...) NOT-FOR-US: faailkhair (aka com.faailkhair.app) application for Android CVE-2014-7337 (The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android ...) NOT-FOR-US: Acorn Estate Agents (aka com.acorn.ea) application for Android CVE-2014-7336 (The Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1 ...) NOT-FOR-US: Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application for Android CVE-2014-7335 (The Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application 2. ...) NOT-FOR-US: Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application for Android CVE-2014-7334 (The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for A ...) NOT-FOR-US: Where Dallas (aka com.magzter.wheredallas) application for Android CVE-2014-7333 (The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Andr ...) NOT-FOR-US: Aloha Guide (aka com.aloha.guide.japnese) application for Android CVE-2014-7332 REJECTED CVE-2014-7331 (The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application 0 ...) NOT-FOR-US: TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application for Android CVE-2014-7330 (The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for ...) NOT-FOR-US: XtendCU Mobile (aka com.metova.cuae.xtend) application for Android CVE-2014-7329 (The Motoring Classics (aka com.aptusi.android.motoring) application 1. ...) NOT-FOR-US: Motoring Classics (aka com.aptusi.android.motoring) application for Android CVE-2014-7328 (The brain abundance info (aka com.wbrainabundance) application 0.1 for ...) NOT-FOR-US: brain abundance info (aka com.wbrainabundance) application for Android CVE-2014-7327 (The Macau Business (aka com.magzter.macaubusiness) application 3.0 for ...) NOT-FOR-US: Macau Business (aka com.magzter.macaubusiness) application for Android CVE-2014-7326 (The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Andr ...) NOT-FOR-US: ETA Mobile (aka com.en2grate.etamobile) application for Android CVE-2014-7325 (The Business Intelligence (aka com.magzter.businessintelligence) appli ...) NOT-FOR-US: Business Intelligence (aka com.magzter.businessintelligence) application for Android CVE-2014-7324 REJECTED CVE-2014-7323 (The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 ...) NOT-FOR-US: Dignity Dialogue (aka com.magzter.dignitydialogue) application for Android CVE-2014-7322 REJECTED CVE-2014-7321 (The Firenze map (aka com.wFirenzemap) application 0.1 for Android does ...) NOT-FOR-US: Firenze map (aka com.wFirenzemap) application for Android CVE-2014-7320 (The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not ...) NOT-FOR-US: SHIRAKABA (aka com.SHIRAKABA) application for Android CVE-2014-7319 REJECTED CVE-2014-7318 REJECTED CVE-2014-7317 (The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) a ...) NOT-FOR-US: Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application for Android CVE-2014-7316 (The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for ...) NOT-FOR-US: Safe Arrival (aka com.synrevoice.safearrival) application for Android CVE-2014-7315 (The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for ...) NOT-FOR-US: Where Atlanta (aka com.magzter.whereatlanta) application for Android CVE-2014-7314 (The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 f ...) NOT-FOR-US: Intelligent SME (aka com.magzter.intelligentsme) application for Android CVE-2014-7313 (The One You Fitness (aka com.app_oneyou.layout) application 1.399 for ...) NOT-FOR-US: One You Fitness (aka com.app_oneyou.layout) application for Android CVE-2014-7312 REJECTED CVE-2014-7311 REJECTED CVE-2014-7310 (The Ali Visual (aka com.ali.visual) application 1.0 for Android does n ...) NOT-FOR-US: Ali Visual (aka com.ali.visual) application for Android CVE-2014-7309 (The Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2S ...) NOT-FOR-US: Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application for Android CVE-2014-7308 REJECTED CVE-2014-7307 (The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) appli ...) NOT-FOR-US: ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application for Android CVE-2014-7306 RESERVED CVE-2014-7305 RESERVED CVE-2014-7304 RESERVED CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) NOT-FOR-US: SGI Tempo CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) NOT-FOR-US: SGI Tempo CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) NOT-FOR-US: SGI Tempo CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS 6.3. ...) NOT-FOR-US: Aruba ArubaOS CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify ...) NOT-FOR-US: Centrify CVE-2014-7297 (Unspecified vulnerability in the folder framework in the Enfold theme ...) NOT-FOR-US: folder framework in the Enfold theme for WordPress CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...) NOT-FOR-US: Spago CVE-2014-7294 (Open redirect vulnerability in the logon page in NYU OpenSSO Integrati ...) NOT-FOR-US: Ex Libris Patron Directory Services CVE-2014-7293 (Cross-site scripting (XSS) vulnerability in the logon page in NYU Open ...) NOT-FOR-US: NYU OpenSSO Integration for Ex Libris Patron Directory Services CVE-2014-7292 (Open redirect vulnerability in the Click-Through feature in Newtellige ...) NOT-FOR-US: Newtelligence dasBlog CVE-2014-7291 (Multiple cross-site scripting (XSS) vulnerabilities in api_events.php ...) NOT-FOR-US: Springshare LibCal CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems A ...) NOT-FOR-US: Atlas Systems Aeon CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec Criti ...) NOT-FOR-US: Symantec Data Center Security CVE-2014-7288 (Symantec PGP Universal Server and Encryption Management Server before ...) NOT-FOR-US: Symantec Encryption Management Server CVE-2014-7287 (The key-management component in Symantec PGP Universal Server and Encr ...) NOT-FOR-US: Symantec CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ear ...) NOT-FOR-US: Symantec Deployment Solution CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance bef ...) NOT-FOR-US: Symantec Web Gateway CVE-2014-7282 RESERVED CVE-2014-7281 (Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Tech ...) NOT-FOR-US: Tenda A32 Router CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Bu ...) NOT-FOR-US: Nessus Web UI CVE-2014-7279 (The Konke Smart Plug K does not require authentication for TELNET sess ...) NOT-FOR-US: Konke Smart Plug K CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the Linu ...) - linux 3.16.2-1 [wheezy] - linux (Vulnerable code introduced in 3.13) - linux-2.6 (Vulnerable code introduced in 3.13) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7 (v3.15-rc7) NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a48e42920ff38bc90bbf75143fff4555723d4540 NOTE: http://secondlookforensics.com/ngro-linux-kernel-bug/ CVE-2014-7283 (The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs i ...) - linux 3.16.2-1 [wheezy] - linux (Vulnerable code introduced in 3.10 upstream) - linux-2.6 (Vulnerable code introduced in 3.10 upstream) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d (v3.15-rc1) NOTE: http://marc.info/?l=linux-xfs&m=139590613002926&w=2 NOTE: Reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e CVE-2014-7295 (The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWi ...) {DSA-3046-1} - mediawiki 1:1.19.20+dfsg-1 [squeeze] - mediawiki NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=70672 CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1. ...) NOT-FOR-US: ZyXEL CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ZyXE ...) NOT-FOR-US: ZyXEL CVE-2014-7276 RESERVED CVE-2014-7275 (The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does ...) {DSA-3091-1 DLA-106-1} - getmail4 4.46.0-1 (bug #766670) CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verify tha ...) {DSA-3091-1 DLA-106-1} - getmail4 4.46.0-1 (bug #766670) CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does ...) {DSA-3091-1 DLA-106-1} - getmail4 4.44.0-1 (bug #766670) CVE-2014-7272 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...) [experimental] - sddm 0.11.0-1 - sddm 0.11.0-2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 CVE-2014-7271 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...) [experimental] - sddm 0.11.0-1 - sddm 0.11.0-2 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788 CVE-2014-7270 (Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U ...) NOT-FOR-US: ASUS routers CVE-2014-7269 (ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and earlier ...) NOT-FOR-US: ASUS routers CVE-2014-7268 (Cross-site scripting (XSS) vulnerability in the data-export feature in ...) NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA CVE-2014-7267 (Cross-site scripting (XSS) vulnerability in the output-page generator ...) NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA CVE-2014-7266 (Algorithmic complexity vulnerability in Cybozu Remote Service Manager ...) NOT-FOR-US: Cybozu Remote Service Manager CVE-2014-7265 (Cross-site scripting (XSS) vulnerability in LinPHA allows remote attac ...) NOT-FOR-US: LinPHA CVE-2014-7264 (Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/de ...) - chyrp (bug #664739) CVE-2014-7263 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...) NOT-FOR-US: ULTRAPOP.JP i-HTTPD CVE-2014-7262 (Cross-site scripting (XSS) vulnerability in the Omake BBS component in ...) NOT-FOR-US: ULTRAPOP.JP i-HTTPD CVE-2014-7261 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...) NOT-FOR-US: ULTRAPOP.JP i-HTTPD CVE-2014-7260 (The Server Side Includes (SSI) implementation in the File Upload BBS c ...) NOT-FOR-US: ULTRAPOP.JP i-HTTPD CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Andr ...) NOT-FOR-US: SQUARE ENIX CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 a ...) NOT-FOR-US: KENT-WEB CLip Board CVE-2014-7257 (SQL injection vulnerability in DBD::PgPP 0.05 and earlier ...) NOT-FOR-US: DBD::PgPP CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking Int ...) NOT-FOR-US: SEIL Routers CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 throug ...) NOT-FOR-US: SEIL Routers CVE-2014-7254 (Unspecified vulnerability in ARROWS Me F-11D allows physically proxima ...) NOT-FOR-US: Arrows Me CVE-2014-7253 (FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phon ...) NOT-FOR-US: ARROWS CVE-2014-7252 (Multiple unspecified vulnerabilities in the Syslink driver for Texas I ...) NOT-FOR-US: ARROWS CVE-2014-7251 (XML external entity (XXE) vulnerability in the WebHMI server in Yokoga ...) NOT-FOR-US: Yokogawa CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...) - kfreebsd-8 [wheezy] - kfreebsd-8 (Not supported in wheezy LTS) - kfreebsd-9 [wheezy] - kfreebsd-9 (Not supported in wheezy LTS) - kfreebsd-10 (bug #778367) [jessie] - kfreebsd-10 (Not supported in Jessie LTS) CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, A ...) NOT-FOR-US: Allied Telesis CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...) NOT-FOR-US: IPA iLogScanner CVE-2014-7247 (Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; I ...) NOT-FOR-US: JustSystems Ichitaro CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, ...) NOT-FOR-US: OpenAM (SSO Server) NOTE: This is not the openam answering machine. CVE-2014-7245 REJECTED CVE-2014-7244 REJECTED CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not res ...) NOT-FOR-US: LG Routers CVE-2014-7242 (The SumaHo application 3.0.0 and earlier for Android and the SumaHo "d ...) NOT-FOR-US: SumaHo (applications for Android) CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote atta ...) NOT-FOR-US: TSUTAYA application for Android CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solu ...) NOT-FOR-US: Wordpress plugin CVE-2014-7239 RESERVED CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 ...) NOT-FOR-US: WordPress plugin Contact Form Integrated With Google Maps CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...) - twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237 CVE-2014-7236 (Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6 ...) - twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Rec ...) NOT-FOR-US: FreePBX CVE-2014-7234 REJECTED CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...) NOT-FOR-US: GE Healthcare Precision THUNIS-800+ CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2geti ...) NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2 CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x b ...) NOT-FOR-US: Joomla! CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...) NOT-FOR-US: Joomla! CVE-2014-7227 REJECTED CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ea ...) NOT-FOR-US: Rejetto HTTP File Server CVE-2014-7225 RESERVED CVE-2014-7224 (A Code Execution vulnerability exists in Android prior to 4.4.0 relate ...) NOT-FOR-US: Android addJavascriptInterface CVE-2014-7223 RESERVED CVE-2014-7222 (Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote a ...) - teamspeak-client [wheezy] - teamspeak-client (non-free is not supported) CVE-2014-7221 (TeamSpeak Client 3.0.14 and earlier allows remote authenticated users ...) - teamspeak-client [wheezy] - teamspeak-client (non-free is not supported) CVE-2014-7220 RESERVED CVE-2014-7219 RESERVED CVE-2014-7218 RESERVED CVE-2014-7217 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) - phpmyadmin 4:4.2.9.1-1 (low) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-11/ [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 a ...) NOT-FOR-US: Yahoo CVE-2014-7215 REJECTED CVE-2014-7214 REJECTED CVE-2014-7213 REJECTED CVE-2014-7212 REJECTED CVE-2014-7211 REJECTED CVE-2014-7210 [pdns in Debian creates too privileged MySQL user] RESERVED {DLA-492-1} - pdns 3.3.1-1 [squeeze] - pdns (Vulnerabile code not present) NOTE: Debian packaging specific. CVE-2014-7209 (run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 al ...) {DSA-3114-1 DLA-125-1} - mime-support 3.58 CVE-2014-7208 (GParted before 0.15.0 allows local users to execute arbitrary commands ...) - gparted 0.16.1-1 [wheezy] - gparted (Minor issue) [squeeze] - gparted (Minor issue) CVE-2014-7207 (A certain Debian patch to the IPv6 implementation in the Linux kernel ...) {DSA-3060-1} - linux (Issue specific to 3.2.x) NOTE: In 3.2.x introduced with https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?h=linux-3.2.y&id=64b5c251d5b2cee4a0f697bfb90d79263f6dd517 NOTE: which is a backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73f156a6e8c1074ac6327e0abd1169e95eb66463 (v3.16-rc1) NOTE: The missing commit for the 3.2.x branch was applied already earlier (before v3.16) mainline: NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=916e4cf46d0204806c062c8c6c4d1f633852c5b6 (v3.14-rc6) NOTE: http://bugs.debian.org/766195 - linux-2.6 (Issue specific to 3.2.x) CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to writ ...) {DSA-3048-1} - apt 1.0.9.2 (bug #763780) [squeeze] - apt (apt changelog command and vulnerable code not present) NOTE: mitigated by Linux kernel features in wheezy and up CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used ...) - gnome-shell 3.14.1-1 (low) [wheezy] - gnome-shell (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456 NOTE: PrtSc is an unauthenticated request that's available to untrusted NOTE: parties. A series of requests can consume a large amount of memory. NOTE: The combination of this PrtSc behavior and the existence of the NOTE: oom-killer allows authentication bypass for command execution. NOTE: Therefore, the product must limit the aggregate memory consumption of NOTE: all active requests, and the lack of this limit is a vulnerability. CVE-2014-7231 (The strutils.mask_password function in the OpenStack Oslo utility libr ...) - python-oslo.utils 0.2.0-1 NOTE: https://launchpad.net/bugs/1345233 NOTE: https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486 CVE-2014-7230 (The processutils.execute function in OpenStack oslo-incubator, Cinder, ...) - cinder 2014.1.3-4 (low; bug #765704) - nova 2014.1.3-5 (low; bug #765714) [wheezy] - nova (Minor issue) - openstack-trove 2014.1.3-1 (low) NOTE: https://launchpad.net/bugs/1343604 CVE-2014-7205 (Eval injection vulnerability in the internals.batch function in lib/ba ...) NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection NOT-FOR-US: node.js package bassmaster CVE-2014-7201 (Multiple SQL injection vulnerabilities in the search function in pi1/c ...) NOT-FOR-US: JobControl extension for TYPO3 CVE-2014-7200 (Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol ...) NOT-FOR-US: JobControl extension for TYPO3 CVE-2014-7198 (OMERO before 5.0.6 has multiple CSRF vulnerabilities because the frame ...) NOT-FOR-US: OMERO CVE-2014-7197 RESERVED CVE-2014-7196 REJECTED CVE-2014-7195 (Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6 ...) NOT-FOR-US: Spotfire Web Player CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File ...) NOT-FOR-US: TIBCO CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly restrict t ...) NOT-FOR-US: Crumb CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package b ...) - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773623) NOTE: libv8 not covered by security support CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact functi ...) - node-qs 2.2.4-1 NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8 NOTE: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion CVE-2014-7188 (The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 t ...) {DSA-3041-1} - xen 4.4.1-3 [squeeze] - xen CVE-2014-7184 RESERVED CVE-2014-7183 (Multiple cross-site scripting (XSS) vulnerabilities in the search.php ...) NOT-FOR-US: LifeCart CVE-2014-7182 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Google M ...) NOT-FOR-US: WP Google Maps plugin for WordPress CVE-2014-7181 (Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons ...) NOT-FOR-US: Max Foundry MaxButtons plugin for WordPress CVE-2014-7180 (Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 use ...) NOT-FOR-US: ElectricCommander CVE-2014-7179 RESERVED CVE-2014-7178 (Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbi ...) NOT-FOR-US: Enalean Tuleap CVE-2014-7177 (XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier al ...) NOT-FOR-US: Enalean Tuleap CVE-2014-7176 (SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows r ...) NOT-FOR-US: Enalean Tuleap CVE-2014-7175 (FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbit ...) NOT-FOR-US: FarLinX X25 Gateway CVE-2014-7174 (FarLinX X25 Gateway through 2014-09-25 allows directory traversal via ...) NOT-FOR-US: FarLinX X25 Gateway CVE-2014-7173 (FarLinX X25 Gateway through 2014-09-25 allows command injection via sh ...) NOT-FOR-US: FarLinX X25 Gateway CVE-2014-7172 RESERVED CVE-2014-7171 RESERVED CVE-2014-7170 (Race condition in Puppet Server 0.2.0 allows local users to obtain sen ...) NOT-FOR-US: Puppet Server (replacement for puppetmaster) CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a de ...) {DSA-3042-1 DLA-69-1} - exuberant-ctags 1:5.9~svn20110310-8 (bug #742605) NOTE: http://sourceforge.net/p/ctags/code/791/ CVE-2014-7203 (libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces ...) - zeromq (Vulnerable code not present, only zmq 4.x onwards) - zeromq3 4.0.5+dfsg-1 NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1191 CVE-2014-7202 (stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allow ...) - zeromq (Vulnerable code not present, only zmq 4.x onwards) - zeromq3 4.0.5+dfsg-1 NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190 CVE-2014-7190 (Multiple cross-site request forgery (CSRF) vulnerabilities in Openfile ...) NOT-FOR-US: Openfiler CVE-2014-7189 (crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enab ...) - golang 2:1.3.2-1 [wheezy] - golang (Vulnerable code not present, only Go 1.1 onwards) NOTE: https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ NOTE: https://code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3 CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU Bas ...) {DSA-3035-1 DLA-63-1} - bash 4.3-9.2 CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 bash ...) {DSA-3035-1 DLA-63-1} - bash 4.3-9.2 CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows conte ...) - python2.5 (low) [squeeze] - python2.5 (Minor issue) - python2.6 (low) [squeeze] - python2.6 (Minor issue) [wheezy] - python2.6 (Minor issue) - python2.7 2.7.8-1 (low; bug #763848) [wheezy] - python2.7 (Minor issue) NOTE: http://bugs.python.org/issue21831 NOTE: Upstream fix http://hg.python.org/cpython/rev/8d963c7db507 CVE-2014-7168 RESERVED CVE-2014-7167 RESERVED CVE-2014-7166 RESERVED CVE-2014-7165 RESERVED CVE-2014-7164 RESERVED CVE-2014-7163 RESERVED CVE-2014-7162 RESERVED CVE-2014-7161 RESERVED CVE-2014-7160 RESERVED CVE-2014-7159 RESERVED CVE-2014-7158 (Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimiza ...) NOT-FOR-US: Exinda WAN Optimization Suite CVE-2014-7157 (Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Su ...) NOT-FOR-US: Exinda WAN Optimization Suite CVE-2014-7153 (SQL injection vulnerability in the editgallery function in admin/galle ...) NOT-FOR-US: WordPress plugin Huge-IT Image Gallery CVE-2014-XXXX [cyassl: RSA Padding check vulnerability] - cyassl - wolfssl 3.4.8+dfsg-1 NOTE: wolfssl actually fixed with the initial upload to unstable after the rename NOTE: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html NOTE: http://www.intelsecurity.com/advanced-threat-research/# NOTE: similar to CVE-2014-1568 in nss CVE-2014-7199 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, ...) {DSA-3036-1} - mediawiki 1:1.19.19+dfsg-1 (bug #762754) [squeeze] - mediawiki CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after certa ...) {DSA-3035-1 DLA-63-1} - bash 4.3-9.2 (bug #762760) CVE-2014-7156 (The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen ...) {DSA-3041-1} - xen 4.4.1-3 [squeeze] - xen CVE-2014-7155 (The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen ...) {DSA-3041-1} - xen 4.4.1-3 [squeeze] - xen CVE-2014-7154 (Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x do ...) {DSA-3041-1} - xen 4.4.1-3 [squeeze] - xen CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms p ...) NOT-FOR-US: WordPress plugin Easy MailChimp Forms CVE-2014-7151 (Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms L ...) NOT-FOR-US: NEX-Forms Lite plugin for WordPress CVE-2014-7150 RESERVED CVE-2014-7149 RESERVED CVE-2014-7148 RESERVED CVE-2014-7147 RESERVED CVE-2014-7146 (The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remot ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=17725 NOTE: https://github.com/mantisbt/mantisbt/commit/bed19db9 (1.2.x branch) NOTE: https://github.com/mantisbt/mantisbt/commit/84017535 (master) CVE-2014-7140 (Unspecified vulnerability in the management interface in Citrix NetSca ...) NOT-FOR-US: Citrix NetScaler CVE-2014-7139 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact For ...) NOT-FOR-US: WordPress plugin Contact Form DB CVE-2014-7138 (Cross-site scripting (XSS) vulnerability in the Google Calendar Events ...) NOT-FOR-US: WordPress plugin Google Calendar Events CVE-2014-7137 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6. ...) - dolibarr 3.5.5+dfsg1-1 (bug #770313) CVE-2014-7136 (Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka ...) NOT-FOR-US: K7 Computing CVE-2014-7135 (The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Andro ...) NOT-FOR-US: Ayuntamiento de Coana (aka com.wInfoCoa) application for Android CVE-2014-7134 (The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 f ...) NOT-FOR-US: PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application for Android CVE-2014-7133 REJECTED CVE-2014-7132 (The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application 1 ...) NOT-FOR-US: Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application for Android CVE-2014-7131 (The Digital Content NewFronts 2014 (aka com.coreapps.android.followme. ...) NOT-FOR-US: Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application for Android CVE-2014-7130 REJECTED CVE-2014-7129 (The Argus Leader Print Edition (aka com.argusleader.android.prod) appl ...) NOT-FOR-US: Argus Leader Print Edition (aka com.argusleader.android.prod) application for Android CVE-2014-7128 (The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application ...) NOT-FOR-US: Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application for Android CVE-2014-7127 (The Football Espana magazine (aka com.triactivemedia.footballespana) a ...) NOT-FOR-US: Football Espana magazine (aka com.triactivemedia.footballespana) application for Android CVE-2014-7126 REJECTED CVE-2014-7125 (The Motor (aka com.magzter.motorhwpublishing) application 3.0 for Andr ...) NOT-FOR-US: Motor (aka com.magzter.motorhwpublishing) application for Android CVE-2014-7124 (The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android ...) NOT-FOR-US: IP Alarm (aka com.cosesy.gadget.alarm) application for Android CVE-2014-7123 (The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for And ...) NOT-FOR-US: Brevir Harian V2 (aka com.brevir.harian.v) application for Android CVE-2014-7122 (The Lansing State Journal Print (aka com.lansingjournal.android.prod) ...) NOT-FOR-US: Lansing State Journal Print (aka com.lansingjournal.android.prod) application for Android CVE-2014-7121 (The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does n ...) NOT-FOR-US: Dhanam (aka com.magzter.dhanam) application for Android CVE-2014-7120 (The Model Laboratory (aka com.magazinecloner.modellaboratory) applicat ...) NOT-FOR-US: Model Laboratory (aka com.magazinecloner.modellaboratory) application for Android CVE-2014-7119 (The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android doe ...) NOT-FOR-US: GNAM 2013 (aka com.beepeers.gndam) application for Android CVE-2014-7118 (The Itography Item Hunt (aka com.itography.application) application 3. ...) NOT-FOR-US: Itography Item Hunt (aka com.itography.application) application for Android CVE-2014-7117 (The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0 ...) NOT-FOR-US: Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application for Android CVE-2014-7116 (The NRA Journal (aka com.magazinecloner.nationalrifleassociationjourna ...) NOT-FOR-US: NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application for Android CVE-2014-7115 (The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) ap ...) NOT-FOR-US: Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application for Android CVE-2014-7114 REJECTED CVE-2014-7113 (The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 f ...) NOT-FOR-US: NASA Universe Wallpapers Xeus (aka com.xeusNASA) application for Android CVE-2014-7112 REJECTED CVE-2014-7111 (The Android Excellence (aka an.exc.ap) application 1.4.1 for Android d ...) NOT-FOR-US: Android Excellence (aka an.exc.ap) application for Android CVE-2014-7110 REJECTED CVE-2014-7109 (The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android doe ...) NOT-FOR-US: Nesvarnik (aka cz.dtest.nesvarnik) application for Android CVE-2014-7108 (The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) a ...) NOT-FOR-US: Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application for Android CVE-2014-7107 (The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for ...) NOT-FOR-US: The Human Factor (aka com.magzter.thehumanfactor) application for Android CVE-2014-7106 (The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does ...) NOT-FOR-US: Orakel-Ball (aka com.wOrakelball) application for Android CVE-2014-7105 REJECTED CVE-2014-7104 (The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for Andr ...) NOT-FOR-US: gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application for Android CVE-2014-7103 (The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) ...) NOT-FOR-US: Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application for Android CVE-2014-7102 (The Car Insurance Quote Comparison (aka com.seopa.quotezone) applicati ...) NOT-FOR-US: Car Insurance Quote Comparison (aka com.seopa.quotezone) application for Android CVE-2014-7101 (The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3 ...) NOT-FOR-US: Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application for Android CVE-2014-7100 (The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not ...) NOT-FOR-US: www.sm3ny.com (aka sm3ny.com) application for Android CVE-2014-7099 (The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application ...) NOT-FOR-US: Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application for Android CVE-2014-7098 (The Fylet Secure Large File Sender (aka com.application.fyletFileSende ...) NOT-FOR-US: Fylet Secure Large File Sender (aka com.application.fyletFileSender) application for Android CVE-2014-7097 REJECTED CVE-2014-7096 REJECTED CVE-2014-7095 REJECTED CVE-2014-7094 REJECTED CVE-2014-7093 (The Superbike Magazine (aka com.triactivemedia.superbike) application ...) NOT-FOR-US: Superbike Magazine (aka com.triactivemedia.superbike) application for Android CVE-2014-7092 (The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does ...) NOT-FOR-US: Ubooly (aka com.ubooly.ubooly) application for Android CVE-2014-7091 (The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for ...) NOT-FOR-US: Sacramento Kings (aka com.tibco.gse.sports) application for Android CVE-2014-7090 (The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android d ...) NOT-FOR-US: MyVCCCD (aka com.dub.app.ventura) application for Android CVE-2014-7089 (The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0 ...) NOT-FOR-US: COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application for Android CVE-2014-7088 (The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does ...) NOT-FOR-US: JDM Lifestyle (aka com.hondatech) application for Android CVE-2014-7087 (The Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropea ...) NOT-FOR-US: Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application for Android CVE-2014-7086 (The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for ...) NOT-FOR-US: Killer Screen lock (aka com.cc.theme.shashou) application for Android CVE-2014-7085 (The i Newspaper (aka com.independent.thei) application @7F080184 for A ...) NOT-FOR-US: i Newspaper (aka com.independent.thei) application for Android CVE-2014-7084 (The Hesheng 80 (aka com.ireadercity.c29) application 3.0.2 for Android ...) NOT-FOR-US: Hesheng 80 (aka com.ireadercity.c29) application for Android CVE-2014-7083 (The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does n ...) NOT-FOR-US: Jiu Jik (aka com.scmp.jiujik) application for Android CVE-2014-7082 (The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 fo ...) NOT-FOR-US: No Disturb (aka com.blogspot.imapp.imnodisturb) application for Android CVE-2014-7081 REJECTED CVE-2014-7080 (The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for ...) NOT-FOR-US: Sigong ebook (aka com.sigongsa.sigonggenre) application for Android CVE-2014-7079 (The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application ...) NOT-FOR-US: Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application for Android CVE-2014-7078 (The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for And ...) NOT-FOR-US: Payoneer Sign Up (aka com.wPayoneerSignUp) application for Android CVE-2014-7077 (The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application ...) NOT-FOR-US: Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application for Android CVE-2014-7076 (The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for ...) NOT-FOR-US: Sanctuary Asia (aka com.magzter.sanctuaryasia) application for Android CVE-2014-7075 (The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for A ...) NOT-FOR-US: HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application for Android CVE-2014-7074 REJECTED CVE-2014-7073 (The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) applicati ...) NOT-FOR-US: Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application for Android CVE-2014-7072 (The Venezia map (aka com.wVeneziamap) application 0.1 for Android does ...) NOT-FOR-US: Venezia map (aka com.wVeneziamap) application for Android CVE-2014-7071 (The Autocar India (aka com.magzter.autocarindia) application 3.03 for ...) NOT-FOR-US: Autocar India (aka com.magzter.autocarindia) application for Android CVE-2014-7070 (The Air War Hero (aka com.dev.airwar) application 3.0 for Android does ...) NOT-FOR-US: Air War Hero (aka com.dev.airwar) application for Android CVE-2014-7069 (The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android ...) NOT-FOR-US: Aventino Brand (aka com.AventinoBrand) application for Android CVE-2014-7068 (The Neumann Student Activities (aka com.appmakr.app153856) application ...) NOT-FOR-US: Neumann Student Activities (aka com.appmakr.app153856) application for Android CVE-2014-7067 (The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for And ...) NOT-FOR-US: BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application for Android CVE-2014-7066 (The LegalEra (aka com.magzter.legalera) application 3.0 for Android do ...) NOT-FOR-US: LegalEra (aka com.magzter.legalera) application for Android CVE-2014-7065 (The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) a ...) NOT-FOR-US: Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application for Android CVE-2014-7064 (The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) ...) NOT-FOR-US: ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application for Android CVE-2014-7063 (The Bikers Romagna (aka com.bikers.romagna) application 1.0 for Androi ...) NOT-FOR-US: Bikers Romagna (aka com.bikers.romagna) application for Android CVE-2014-7062 (The Association Min Ajlik (aka com.association.min.ajlik) application ...) NOT-FOR-US: Association Min Ajlik (aka com.association.min.ajlik) application for Android CVE-2014-7061 (The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0 ...) NOT-FOR-US: MODSIM World 2014 (aka com.concursive.modsimworld) application for Android CVE-2014-7060 (The Your Tango (aka com.your.tango) application 1.0 for Android does n ...) NOT-FOR-US: Your Tango (aka com.your.tango) application for Android CVE-2014-7059 (The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for A ...) NOT-FOR-US: TheDevildogGamer (aka com.wTheDevildogGamer) applicationfor Android CVE-2014-7058 (The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) applicatio ...) NOT-FOR-US: Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application for Android CVE-2014-7057 (The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) a ...) NOT-FOR-US: Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application for Android CVE-2014-7056 (The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for A ...) NOT-FOR-US: Yeast Infection (aka com.wyeastinfectionapp) application for Android CVE-2014-7055 (The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) applica ...) NOT-FOR-US: NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application for Android CVE-2014-7054 (The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) app ...) NOT-FOR-US: musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application for Android CVE-2014-7053 (The City Star ME (aka com.citystarme) application 1.0 for Android does ...) NOT-FOR-US: City Star ME (aka com.citystarme) application for Android CVE-2014-7052 (The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2 ...) NOT-FOR-US: sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application for Android CVE-2014-7051 REJECTED CVE-2014-7050 (The givenu give (aka com.givenu.give) application 1.5.3 for Android do ...) NOT-FOR-US: givenu give (aka com.givenu.give) application for Android CVE-2014-7049 (The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application ...) NOT-FOR-US: SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application for Android CVE-2014-7048 (The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android doe ...) NOT-FOR-US: Bear ID Lock (aka com.wBearIDLock) application for Android CVE-2014-7047 (The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2 ...) NOT-FOR-US: Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application for Android CVE-2014-7046 (The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 fo ...) NOT-FOR-US: George Wassouf (aka com.devkhr32.georgewassouf) application for Android CVE-2014-7045 (The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) applica ...) NOT-FOR-US: Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application for Android CVE-2014-7044 (The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for And ...) NOT-FOR-US: Street Walker (aka kt.road.StreetWalker) application for Android CVE-2014-7043 (The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does ...) NOT-FOR-US: Cadpage (aka net.anei.cadpage) application for Android CVE-2014-7042 (** DISPUTED ** The My nTelos (aka com.telespree.ntelospostpay) applica ...) NOT-FOR-US: My nTelos (aka com.telespree.ntelospostpay) application for Android CVE-2014-7041 (The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for ...) NOT-FOR-US: SimGene (aka com.japanbioinformatics.simgene) application for Android CVE-2014-7040 (The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) appl ...) NOT-FOR-US: UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application for Android CVE-2014-7039 (The Wild Women United (aka com.wildwomenunited) application 1.0 for An ...) NOT-FOR-US: Wild Women United (aka com.wildwomenunited) application for Android CVE-2014-7038 (The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android do ...) NOT-FOR-US: Al Jazeera (aka com.Al.Jazeera.net) application for Android CVE-2014-7037 (The Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) app ...) NOT-FOR-US: Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application for Android CVE-2014-7036 (The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application ...) NOT-FOR-US: Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application for Android CVE-2014-7035 (The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application ...) NOT-FOR-US: Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application for Android CVE-2014-7034 (The Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0 ...) NOT-FOR-US: Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application for Android CVE-2014-7033 (The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 ...) NOT-FOR-US: Cure Viewer (aka com.livedoor.android.cureviewer) application for Android CVE-2014-7032 (The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android ...) NOT-FOR-US: MYHABIT (aka com.amazon.myhabit) application for Android CVE-2014-7031 (The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 ...) NOT-FOR-US: RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application for Android CVE-2014-7030 (The Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE ...) NOT-FOR-US: Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application for Android CVE-2014-7029 (The Bultmonster Registret (aka com.bultmonster.registret) application ...) NOT-FOR-US: Bultmonster Registret (aka com.bultmonster.registret) application for Android CVE-2014-7028 (The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) app ...) NOT-FOR-US: Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application for Android CVE-2014-7027 (The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D55 ...) NOT-FOR-US: Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application for Android CVE-2014-7026 (The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application ...) NOT-FOR-US: LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application for Android CVE-2014-7025 (The Who-is-it? Lite name caller time limited free (aka de.profiler.and ...) NOT-FOR-US: Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application for Android CVE-2014-7024 (The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 f ...) NOT-FOR-US: Hardest Game Collection (aka com.lotfun.abuse) application for Android CVE-2014-7023 (The Find Color (aka com.chudong.color) application 1.1.1 for Android d ...) NOT-FOR-US: Find Color (aka com.chudong.color) application for Android CVE-2014-7022 (The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) a ...) NOT-FOR-US: Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application for Android CVE-2014-7021 (The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) applica ...) NOT-FOR-US: Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application for Android CVE-2014-7020 (The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) applic ...) NOT-FOR-US: Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application for Android CVE-2014-7019 (The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does ...) NOT-FOR-US: Clarks Inn (aka com.ClarksInn) application for Android CVE-2014-7018 (The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.062 ...) NOT-FOR-US: LOVE DANCE (aka com.efunfun.ddianle.lovedance) application for Android CVE-2014-7017 (The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) applicat ...) NOT-FOR-US: Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application for Android CVE-2014-7016 (The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android ...) NOT-FOR-US: Mahasna Batik (aka com.batik.mahasna) application for Android CVE-2014-7015 (The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD fo ...) NOT-FOR-US: JJ Texas Hold'em Poker (aka cn.jj.poker) application for Android CVE-2014-7014 REJECTED CVE-2014-7013 (The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) appli ...) NOT-FOR-US: Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application for Android CVE-2014-7012 (The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 ...) NOT-FOR-US: Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application for Android CVE-2014-7011 (The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android ...) NOT-FOR-US: NWTC Mobile (aka com.dub.app.nwtc) application for Android CVE-2014-7010 (The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android ...) NOT-FOR-US: UTSA Mobile (aka com.dub.app.utsa) application for Android CVE-2014-7009 (The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for ...) NOT-FOR-US: HKBN My Account (aka com.hkbn.myaccount) application for Android CVE-2014-7008 (The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) applicat ...) NOT-FOR-US: Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application for Android CVE-2014-7007 (The Master Mix (aka com.nobexinc.wls_24832536.rc) application 3.3.5 fo ...) NOT-FOR-US: Master Mix (aka com.nobexinc.wls_24832536.rc) application for Android CVE-2014-7006 (The HydFM (aka com.apheliontechnologies.hydfm) application 1.1.9 for A ...) NOT-FOR-US: HydFM (aka com.apheliontechnologies.hydfm) application for Android CVE-2014-7005 (The Foconet (aka suporte.com.foconet) application 1.0 for Android does ...) NOT-FOR-US: Foconet (aka suporte.com.foconet) application for Android CVE-2014-7004 (The PETA (aka com.peta.android) application 1.1 for Android does not v ...) NOT-FOR-US: PETA (aka com.peta.android) application for Android CVE-2014-7003 (The Goodwin (aka com.goodwin.Goodwin) application 1.15 for Android doe ...) NOT-FOR-US: Goodwin (aka com.goodwin.Goodwin) application for Android CVE-2014-7002 (The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) appli ...) NOT-FOR-US: Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application for Android CVE-2014-7001 (The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android ...) NOT-FOR-US: Jian Ren (aka cn.sh.scustom.janren) application for Android CVE-2014-7000 (The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8 ...) NOT-FOR-US: Paul Alexander Campaign (aka hr.apps.n51261427) application for Android CVE-2014-6999 (The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_andr ...) NOT-FOR-US: Questoes OAB (aka com.pedefeijao.questoesoab) application for Android CVE-2014-6998 (The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) ...) NOT-FOR-US: PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application for Android CVE-2014-6997 (The Dino Village (aka com.tappocket.dinovillage) application 1.6 for A ...) NOT-FOR-US: Dino Village (aka com.tappocket.dinovillage) application for Android CVE-2014-6996 (The Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application 1.0 ...) NOT-FOR-US: Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application for Android CVE-2014-6995 (The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Andr ...) NOT-FOR-US: adidas eyewear (aka com.adidasep.eyewear) application for Android CVE-2014-6994 (The Atecea (aka com.atecea) application 1.2 for Android does not verif ...) NOT-FOR-US: Atecea (aka com.atecea) application for Android CVE-2014-6993 (The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for And ...) NOT-FOR-US: Codeeta Coupons (aka com.codeeta.promos) application for Android CVE-2014-6992 (The Timeless Black (aka com.apptive.android.apps.timeless) application ...) NOT-FOR-US: Timeless Black (aka com.apptive.android.apps.timeless) application for Android CVE-2014-6991 (The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for An ...) NOT-FOR-US: LiveAuctions.tv (aka air.LiveAndroidMaxx) application for Android CVE-2014-6990 (The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit ...) NOT-FOR-US: Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application for Android CVE-2014-6989 (The Germanwings (aka com.germanwings.android) application 2.1.13 for A ...) NOT-FOR-US: Germanwings (aka com.germanwings.android) application for Android CVE-2014-6988 (The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7 ...) NOT-FOR-US: Quotes in Images (aka pt.lumberapps.imagensfrases) application for Android CVE-2014-6987 (The Mass Gaming TV (aka net.massgamers) application 1.0 for Android do ...) NOT-FOR-US: Mass Gaming TV (aka net.massgamers) application for Android CVE-2014-6986 (The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) appl ...) NOT-FOR-US: Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application for Android CVE-2014-6985 (The Georgia Packing (aka com.tapatalk.georgiapackingorg) application 3 ...) NOT-FOR-US: Georgia Packing (aka com.tapatalk.georgiapackingorg) application for Android CVE-2014-6984 (The Shots (aka com.shots.android) application 1.0.8 for Android does n ...) NOT-FOR-US: Shots (aka com.shots.android) application for Android CVE-2014-6983 (The NBE (aka com.nbe.app) application 1.1 for Android does not verify ...) NOT-FOR-US: NBE (aka com.nbe.app) application for Android CVE-2014-6982 (The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) applic ...) NOT-FOR-US: Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application for Android CVE-2014-6981 (The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for And ...) NOT-FOR-US: Taiwan Business Bank (aka com.mitake.TBB) application for Android CVE-2014-6980 (The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for ...) NOT-FOR-US: LINE PLAY (aka jp.naver.lineplay.android) application for Android CVE-2014-6979 (The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android ...) NOT-FOR-US: MiWay Insurance Ltd (aka com.MiWay.MD) application for Android CVE-2014-6978 (The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuiztee ...) NOT-FOR-US: Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application for Android CVE-2014-6977 (The eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.direc ...) NOT-FOR-US: eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application for Android CVE-2014-6976 (The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does ...) NOT-FOR-US: Aeroexpress (aka ru.lynx.aero) application for Android CVE-2014-6975 (The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not ...) NOT-FOR-US: Twin Lin (aka com.twinlin.twmo) application for Android CVE-2014-6974 (The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android ...) NOT-FOR-US: MifaShow Hairstyles (aka com.mifashow) application for Android CVE-2014-6973 (The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for And ...) NOT-FOR-US: Care4Kids (aka com.codetherapy.care4kids) application for Android CVE-2014-6972 (The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 ...) NOT-FOR-US: Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application for Android CVE-2014-6971 (The Easy Video Downloader (aka com.simon.padillar.EasyVideo) applicati ...) NOT-FOR-US: Easy Video Downloader (aka com.simon.padillar.EasyVideo) application for Android CVE-2014-6970 (The North American Ismaili Games (aka hr.apps.n166983741) application ...) NOT-FOR-US: North American Ismaili Games (aka hr.apps.n166983741) application for Android CVE-2014-6969 (The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android ...) NOT-FOR-US: Deltin Suites (aka com.DeltinSuites) application for Android CVE-2014-6968 (The Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) applicati ...) NOT-FOR-US: Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) application for Android CVE-2014-6967 (The Albion College (aka com.vivomobile.albioncollege) application 2.1. ...) NOT-FOR-US: Albion College (aka com.vivomobile.albioncollege) application for Android CVE-2014-6966 (The West Bend School District (aka net.parentlink.westbend) applicatio ...) NOT-FOR-US: West Bend School District (aka net.parentlink.westbend) application for Android CVE-2014-6965 (The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not v ...) NOT-FOR-US: FAZ.NET (aka net.faz.FAZ) application for Android CVE-2014-6964 (The Hanyang University Admissions (aka kr.ac.hanyang.planner) applicat ...) NOT-FOR-US: Hanyang University Admissions (aka kr.ac.hanyang.planner) application for Android CVE-2014-6963 (The feiron (aka es.sw.feironmobile.app) application 1.1 for Android do ...) NOT-FOR-US: feiron (aka es.sw.feironmobile.app) application for Android CVE-2014-6962 (The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 f ...) NOT-FOR-US: Elk Grove PublicStuff (aka com.wassabi.elkgrove) application for Android CVE-2014-6961 (The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 fo ...) NOT-FOR-US: SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application for Android CVE-2014-6960 (The Multitrac (aka com.multitrac) application 1.04 for Android does no ...) NOT-FOR-US: Multitrac (aka com.multitrac) application for Android CVE-2014-6959 (The QinCard (aka com.haowan.qincard) application 2.0 for Android does ...) NOT-FOR-US: QinCard (aka com.haowan.qincard) application for Android CVE-2014-6958 (The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb1 ...) NOT-FOR-US: ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application for Android CVE-2014-6957 (The scottcolibmn (aka com.bredir.boopsie.scottlib) application 4.5.110 ...) NOT-FOR-US: scottcolibmn (aka com.bredir.boopsie.scottlib) application for Android CVE-2014-6956 (The Hydrogen Water (aka com.appzone628) application 1.0 for Android do ...) NOT-FOR-US: Hydrogen Water (aka com.appzone628) application for Android CVE-2014-6955 (The Le Grand Bleu (aka com.appzone468) application 1.0 for Android doe ...) NOT-FOR-US: Le Grand Bleu (aka com.appzone468) application for Android CVE-2014-6954 (The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) ...) NOT-FOR-US: Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application for Android CVE-2014-6953 (The AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewithar ...) NOT-FOR-US: AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewitharchie) application for Android CVE-2014-6952 (The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android do ...) NOT-FOR-US: Manga Facts (aka app.mangafacts.ar) application for Android CVE-2014-6951 (The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for And ...) NOT-FOR-US: OneFile Ignite (aka uk.co.onefile.ignite) application for Android CVE-2014-6950 (The Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) app ...) NOT-FOR-US: Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) application for Android CVE-2014-6949 (The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) applic ...) NOT-FOR-US: Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application for Android CVE-2014-6948 (The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) ...) NOT-FOR-US: TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application for Android CVE-2014-6947 (The Archie Comics (aka com.iversecomics.archie.android) application 1. ...) NOT-FOR-US: Archie Comics (aka com.iversecomics.archie.android) application for Android CVE-2014-6946 (The Re:kyu (aka com.appzone619) application 1.0 for Android does not v ...) NOT-FOR-US: Re:kyu (aka com.appzone619) application for Android CVE-2014-6945 (The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for A ...) NOT-FOR-US: Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application for Android CVE-2014-6944 (The mitfahrgelegenheit.at (aka com.carpooling.android.at) application ...) NOT-FOR-US: mitfahrgelegenheit.at (aka com.carpooling.android.at) application for Android CVE-2014-6943 (The Konigsleiten (aka com.knigsleiten) application 1.0 for Android doe ...) NOT-FOR-US: Konigsleiten (aka com.knigsleiten) application for Android CVE-2014-6942 (The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) applic ...) NOT-FOR-US: Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application for Android CVE-2014-6941 (The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for An ...) NOT-FOR-US: NOS Alive (aka pt.optimus.optimusalive2011) application for Android CVE-2014-6940 (The Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D ...) NOT-FOR-US: Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application for Android CVE-2014-6939 (The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFr ...) NOT-FOR-US: Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application for Android CVE-2014-6938 (The Apostilas musicais (aka com.apostilas) application 1.0 for Android ...) NOT-FOR-US: Apostilas musicais (aka com.apostilas) application for Android CVE-2014-6937 (The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) applic ...) NOT-FOR-US: China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application for Android CVE-2014-6936 (The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for An ...) NOT-FOR-US: IDS 2013 (aka de.mobileeventguide.ids2013) application for Android CVE-2014-6935 (The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) app ...) NOT-FOR-US: ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application for Android CVE-2014-6934 (The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) ap ...) NOT-FOR-US: Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application for Android CVE-2014-6933 (The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application ...) NOT-FOR-US: Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application for Android CVE-2014-6932 (The All Navalny (aka com.all.navalny) application 1.10 for Android doe ...) NOT-FOR-US: All Navalny (aka com.all.navalny) application for Android CVE-2014-6931 (The Treves Dance Center (aka com.myapphone.android.myapptrvesdancecent ...) NOT-FOR-US: Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application for Android CVE-2014-6930 (The Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application ...) NOT-FOR-US: Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application for Android CVE-2014-6929 (The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) applicati ...) NOT-FOR-US: AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application for Android CVE-2014-6928 (The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) appli ...) NOT-FOR-US: Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application for Android CVE-2014-6927 (The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for And ...) NOT-FOR-US: Myanmar Housing : mmHome (aka com.mmhome3) application for Android CVE-2014-6926 (The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1. ...) NOT-FOR-US: Allt om Brollop (aka com.paperton.wl.alltombrollop) application for Android CVE-2014-6925 (The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 f ...) NOT-FOR-US: Steyr Forum (aka com.tapatalk.steyrclubcomvb) application for Android CVE-2014-6924 (The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android ...) NOT-FOR-US: Metro News (aka com.netpia.ha.metro) application for Android CVE-2014-6923 (The Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) ...) NOT-FOR-US: Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) application for Android CVE-2014-6922 (The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4 ...) NOT-FOR-US: KFAI Community Radio (aka com.skyblue.pra.kfai) application for Android CVE-2014-6921 (The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for ...) NOT-FOR-US: Buckhorn Grill (aka com.orderingapps.buckhorn) application for Android CVE-2014-6920 (The Canal 44 (aka com.canal.canal44) application 1.0 for Android does ...) NOT-FOR-US: Canal 44 (aka com.canal.canal44) application for Android CVE-2014-6919 (The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) applica ...) NOT-FOR-US: Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application for Android CVE-2014-6918 (The Bikers Underground (aka hr.ap.n66871172) application 4.5.10 for An ...) NOT-FOR-US: Bikers Underground (aka hr.ap.n66871172) application for Android CVE-2014-6917 (The www.knote.kr Smart (aka kr.or.knote.android) application 1.0.3 for ...) NOT-FOR-US: www.knote.kr Smart (aka kr.or.knote.android) application for Android CVE-2014-6916 (The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does ...) NOT-FOR-US: mama.cn (aka cn.ziipin.mama.ui) application for Android CVE-2014-6915 REJECTED CVE-2014-6914 (The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 ...) NOT-FOR-US: Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application for Android CVE-2014-6913 (The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 ...) NOT-FOR-US: Dive The World (aka com.paperton.wl.divetheworld) application for Android CVE-2014-6912 (The IRA's 59th Annual Conference (aka com.coreapps.android.followme.ir ...) NOT-FOR-US: IRA's 59th Annual Conference (aka com.coreapps.android.followme.ira_14) application for Android CVE-2014-6911 (The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for And ...) NOT-FOR-US: diziturky HD 2015 (aka com.adv.diziturky) application for Android CVE-2014-6910 (The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) applica ...) NOT-FOR-US: MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application for Android CVE-2014-6909 (The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) applica ...) NOT-FOR-US: Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application for Android CVE-2014-6908 (The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 fo ...) NOT-FOR-US: Forum IC (aka com.tapatalk.forumimmigrercom) application for Android CVE-2014-6907 (The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 f ...) NOT-FOR-US: Rakuten Install (aka co.jp.rakuten.installapp) application for Android CVE-2014-6906 (The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) applicatio ...) NOT-FOR-US: Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application for Android CVE-2014-6905 (The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) applicat ...) NOT-FOR-US: H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application for Android CVE-2014-6904 (The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 ...) NOT-FOR-US: Safe Browser - The Web Filter (aka com.cloudacl) application for Android CVE-2014-6903 (The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application ...) NOT-FOR-US: Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application for Android CVE-2014-6902 (The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android ...) NOT-FOR-US: Anjuke (aka com.anjuke.android.app) application for Android CVE-2014-6901 (The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application ...) NOT-FOR-US: RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application for Android CVE-2014-6900 (The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) ...) NOT-FOR-US: EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application for Android CVE-2014-6899 (The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for ...) NOT-FOR-US: Jazeera Airways (aka com.winit.jazeeraairways) application for Android CVE-2014-6898 (The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4 ...) NOT-FOR-US: Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application for Android CVE-2014-6897 (The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android do ...) NOT-FOR-US: Skyrim Map (aka com.neko.skyrimmap) application for Android CVE-2014-6896 (The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not ...) NOT-FOR-US: Yik Yak (aka com.yik.yak) application for Android CVE-2014-6895 (The Throne Rush (aka com.progrestar.bft) application 2.3.10 for Androi ...) NOT-FOR-US: Throne Rush (aka com.progrestar.bft) application for Android CVE-2014-6894 (The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Andr ...) NOT-FOR-US: Lucktastic (aka com.lucktastic.scratch) application for Android CVE-2014-6893 (The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) applicatio ...) NOT-FOR-US: Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application for Android CVE-2014-6892 (The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 ...) NOT-FOR-US: kalahari.com Shopping (aka com.kalahari.shop) application for Android CVE-2014-6891 (The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) applic ...) NOT-FOR-US: Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application for Android CVE-2014-6890 (The CouponCabin - Coupons & Deals (aka com.couponcabin) applicatio ...) NOT-FOR-US: CouponCabin - Coupons & Deals (aka com.couponcabin) application for Android CVE-2014-6889 (The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for An ...) NOT-FOR-US: GunBroker.com (aka com.gunbroker.android) application for Android CVE-2014-6888 (The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3 ...) NOT-FOR-US: PennyTalk Mobile (aka net.idt.pennytalk.android) application for Android CVE-2014-6887 (The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for ...) NOT-FOR-US: EXPRESS (aka com.gpshopper.express.android) application for Android CVE-2014-6886 (The WePhone - phone calls vs skype (aka com.wephoneapp) application 1. ...) NOT-FOR-US: WePhone - phone calls vs skype (aka com.wephoneapp) application for Android CVE-2014-6885 (The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysp ...) NOT-FOR-US: Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application for Android CVE-2014-6884 (The Ford Credit Account Manager (aka com.fordcredit.accountmanager) ap ...) NOT-FOR-US: Ford Credit Account Manager (aka com.fordcredit.accountmanager) application for Android CVE-2014-6883 (The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application ...) NOT-FOR-US: CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application for Android CVE-2014-6882 (The Western Federal Credit Union (aka com.kerrata.pulse.western) appli ...) NOT-FOR-US: Western Federal Credit Union (aka com.kerrata.pulse.western) application for Android CVE-2014-6881 (The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) appli ...) NOT-FOR-US: PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application for Android CVE-2014-6880 (The TradeHero (aka com.tradehero.th) application 2.2.5 for Android doe ...) NOT-FOR-US: TradeHero (aka com.tradehero.th) application for Android CVE-2014-6879 (The Equifax Mobile (aka com.equifax) application 1.5 for Android does ...) NOT-FOR-US: Equifax Mobile (aka com.equifax) application for Android CVE-2014-6878 (The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 ...) NOT-FOR-US: RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application for Android CVE-2014-6877 (The Santander Personal Banking (aka com.sovereign.santander) applicati ...) NOT-FOR-US: Santander Personal Banking (aka com.sovereign.santander) application for Android CVE-2014-6876 (The American Express Serve (aka com.serve.mobile) application @7F0901E ...) NOT-FOR-US: American Express Serve (aka com.serve.mobile) application for Android CVE-2014-6875 (The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for ...) NOT-FOR-US: Woodforest Mobile Banking (aka com.woodforest) application for Android CVE-2014-6874 (The ModSim Connected (aka com.concursive.modsim) application 2.0 for A ...) NOT-FOR-US: ModSim Connected (aka com.concursive.modsim) application for Android CVE-2014-6873 (The AMGC (aka com.amec.uae) application 6.0 for Android does not verif ...) NOT-FOR-US: AMGC (aka com.amec.uae) application for Android CVE-2014-6872 (The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does ...) NOT-FOR-US: TTNET Muzik (aka com.ttnet.muzik) application for Android CVE-2014-6871 (The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 ...) NOT-FOR-US: Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application for Android CVE-2014-6870 (The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for ...) NOT-FOR-US: BGEnergy (aka com.bluegrass.smartapps) application for Android CVE-2014-6869 (The barcode scanner (aka tw.com.books.android.plus) application 2.3.0 ...) NOT-FOR-US: barcode scanner (aka tw.com.books.android.plus) application for Android CVE-2014-6868 (The DS audio (aka com.synology.DSaudio) application 3.4 for Android do ...) NOT-FOR-US: DS audio (aka com.synology.DSaudio) application for Android CVE-2014-6867 (The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5 ...) NOT-FOR-US: Sortir en Alsace (aka com.axessweb.sortirenalsace) application for Android CVE-2014-6866 (The HomeAdvisor Mobile (aka com.servicemagic.consumer) application 3.0 ...) NOT-FOR-US: HomeAdvisor Mobile (aka com.servicemagic.consumer) application for Android CVE-2014-6865 (The Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33e ...) NOT-FOR-US: Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application for Android CVE-2014-6864 (The Forest River Forums (aka com.socialknowledge.forestriverforums) ap ...) NOT-FOR-US: Forest River Forums (aka com.socialknowledge.forestriverforums) application for Android CVE-2014-6863 (The Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) ...) NOT-FOR-US: Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) application for Android CVE-2014-6862 (The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for Androi ...) NOT-FOR-US: ArtAcces (aka cat.gencat.mobi.artacces) application for Android CVE-2014-6861 (The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) ...) NOT-FOR-US: Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application for Android CVE-2014-6860 (The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1 ...) NOT-FOR-US: Trial Tracker (aka com.etcweb.android.trial_tracker) application for Android CVE-2014-6859 (The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 fo ...) NOT-FOR-US: Daum Maps - Subway (aka net.daum.android.map) application for Android CVE-2014-6858 (The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 ...) NOT-FOR-US: Mostafa Shemeas (aka com.mostafa.shemeas.website) application for Android CVE-2014-6857 (The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 fo ...) NOT-FOR-US: Car Wallpapers HD (aka com.arab4x4.gallery.app) application for Android CVE-2014-6856 (The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android d ...) NOT-FOR-US: AHRAH (aka com.vet2pet.aid219426) application for Android CVE-2014-6855 (The Long (aka com.imop.longjiang.android) application 1.0.4 for Androi ...) NOT-FOR-US: Long (aka com.imop.longjiang.android) application for Android CVE-2014-6854 (The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for Andr ...) NOT-FOR-US: EyeXam (aka com.globaleyeventures.eyexam) application for Android CVE-2014-6853 (The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) appli ...) NOT-FOR-US: Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application for Android CVE-2014-6852 (The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0 ...) NOT-FOR-US: LedLine.gr Official (aka com.automon.ledline.gr) application for Android CVE-2014-6851 (The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for ...) NOT-FOR-US: New Beginnings CFC (aka com.goodbarber.nbcfc) application for Android CVE-2014-6850 (The SED Account (aka com.starkville.smartapps) application 1.153.0034 ...) NOT-FOR-US: SED Account (aka com.starkville.smartapps) application for Android CVE-2014-6849 REJECTED CVE-2014-6848 (The DS file (aka com.synology.DSfile) application 4.1.1 for Android do ...) NOT-FOR-US: DS file (aka com.synology.DSfile) application for Android CVE-2014-6847 (The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1. ...) NOT-FOR-US: Horoscopes and Dreams (aka com.horoscopesanddreams) application for Android CVE-2014-6846 (The Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.andro ...) NOT-FOR-US: Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application for Android CVE-2014-6845 (The MediaFire (aka com.mediafire.android) application 1.1.1 for Androi ...) NOT-FOR-US: MediaFire (aka com.mediafire.android) application for Android CVE-2014-6844 (The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for Andr ...) NOT-FOR-US: ABC Song (aka com.tabtale.abcsingalong) application for Android CVE-2014-6843 (The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for An ...) NOT-FOR-US: Sweatshop (aka com.orderingapps.sweatshop) application for Android CVE-2014-6842 (The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) ap ...) NOT-FOR-US: Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application for Android CVE-2014-6841 (The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for And ...) NOT-FOR-US: RTI INDIA (aka com.vbulletin.build_890) application for Android CVE-2014-6840 (The My Wedding Planner (aka app.wedding) application 1.5 for Android d ...) NOT-FOR-US: My Wedding Planner (aka app.wedding) application for Android CVE-2014-6839 (The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for An ...) NOT-FOR-US: Alma Corinthiana (aka com.alma.corinthiana) application for Android CVE-2014-6838 (The Groupama toujours la (aka com.groupama.toujoursla) application 1.3 ...) NOT-FOR-US: Groupama toujours la (aka com.groupama.toujoursla) application for Android CVE-2014-6837 (The Hillside (aka com.hillside.hermanus) application 1.1 for Android d ...) NOT-FOR-US: Hillside (aka com.hillside.hermanus) application for Android CVE-2014-6836 (The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android d ...) NOT-FOR-US: DS photo+ (aka com.synology.dsphoto) application for Android CVE-2014-6835 (The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for And ...) NOT-FOR-US: Herbal Guide (aka com.pocket.herbal.guide) application for Android CVE-2014-6834 (The Instaroid - Instagram Viewer (aka net.muik.instaroid) application ...) NOT-FOR-US: Instaroid - Instagram Viewer (aka net.muik.instaroid) application for Android CVE-2014-6833 (The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 ...) NOT-FOR-US: AuctionTrac Dealer (aka com.adesa.dealer.phone) application for Android CVE-2014-6832 (The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 ...) NOT-FOR-US: Bersa Forum (aka com.gcspublishing.bersaforum) application for Android CVE-2014-6831 (The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for An ...) NOT-FOR-US: Hippo Studio (aka com.appgreen.hippostudio) application for Android CVE-2014-6830 (The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) app ...) NOT-FOR-US: Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application for Android CVE-2014-6829 (The Hook (aka com.hook.android) application 0.9.3 for Android does not ...) NOT-FOR-US: Hook (aka com.hook.android) application for Android CVE-2014-6828 (The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android ...) NOT-FOR-US: Gulf Credit Union (aka Fi_Mobile.Gulf) application for Android CVE-2014-6827 (The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for A ...) NOT-FOR-US: DK ONLINE Beta (aka com.sgmobile.dkonline) application for Android CVE-2014-6826 (The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for And ...) NOT-FOR-US: Tic-Tac To The MAX FREE (aka com.tothemax) application for Android CVE-2014-6825 (The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) applicati ...) NOT-FOR-US: Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application for Android CVE-2014-6824 (The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android d ...) NOT-FOR-US: kamkomesan (aka com.anek.kamkomesan) application for Android CVE-2014-6823 (The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12 ...) NOT-FOR-US: kuailecaidengmi (aka com.licai.kuailecaidengmi) application for Android CVE-2014-6822 (The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for A ...) NOT-FOR-US: Nerdico (aka com.nerdico.danielepais) application for Android CVE-2014-6821 (The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for ...) NOT-FOR-US: voetbal (aka nl.jborsje.android.voetbal.az) application for Android CVE-2014-6820 (The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for And ...) NOT-FOR-US: Amebra Ameba (aka jp.honeytrap15.amebra) application for Android CVE-2014-6819 (The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 ...) NOT-FOR-US: Lapp Group Catalogue (aka com.prinovis.LappKabel) application for Android CVE-2014-6818 (The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm20 ...) NOT-FOR-US: OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application for Android CVE-2014-6817 (The Cove (aka org.covechurch.app) application 1.0.2 for Android does n ...) NOT-FOR-US: Cove (aka org.covechurch.app) application for Android CVE-2014-6816 (The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for Androi ...) NOT-FOR-US: WISDOM (aka lvtu99.com.nescmxiaoniuniu) application for Android CVE-2014-6815 (The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android ...) NOT-FOR-US: Vouch! (aka com.voucherry.voucherry) application for Android CVE-2014-6814 (The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) appli ...) NOT-FOR-US: Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) application for Android CVE-2014-6813 (The klassens (aka com.mcreda.klassens.apps) application 1.0 for Androi ...) NOT-FOR-US: klassens (aka com.mcreda.klassens.apps) application for Android CVE-2014-6812 (The Aloha Guide (aka com.aloha.guide.english) application 1.5 for Andr ...) NOT-FOR-US: Aloha Guide (aka com.aloha.guide.english) application for Android CVE-2014-6811 REJECTED CVE-2014-6810 (The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rim ...) NOT-FOR-US: RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application for Android CVE-2014-6809 REJECTED CVE-2014-6808 (The Active 24 (aka com.zentity.app.active24) application 1.0.1 for And ...) NOT-FOR-US: Active 24 (aka com.zentity.app.active24) application for Android CVE-2014-6807 (The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.a ...) NOT-FOR-US: OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application for Android CVE-2014-6806 (The Thanodi - Setswana Translator (aka com.thanodi.thanodi) applicatio ...) NOT-FOR-US: Thanodi - Setswana Translator (aka com.thanodi.thanodi) application for Android CVE-2014-6805 (The weibo (aka magic.weibo) application 1.2 for Android does not verif ...) NOT-FOR-US: weibo (aka magic.weibo) application for Android CVE-2014-6804 (The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) ...) NOT-FOR-US: Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application for Android CVE-2014-6803 (The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0. ...) NOT-FOR-US: Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application for Android CVE-2014-6802 (The First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynl ...) NOT-FOR-US: First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynlr) application for Android CVE-2014-6801 (The frank matano (aka com.frank.matano) application 1.0 for Android do ...) NOT-FOR-US: frank matano (aka com.frank.matano) application for Android CVE-2014-6800 (The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 ...) NOT-FOR-US: Bloom Township 206 (aka net.parentlink.bloom) application for Android CVE-2014-6799 (The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 fo ...) NOT-FOR-US: Investigation Tool (aka gov.ca.post.lp.itool) application for Android CVE-2014-6798 (The McMaster Marauders (aka com.weever.marauders) application 1.0.1 fo ...) NOT-FOR-US: McMaster Marauders (aka com.weever.marauders) application for Android CVE-2014-6797 (The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1. ...) NOT-FOR-US: Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application for Android CVE-2014-6796 (The LocalSense (aka com.LocalSense) application 1.2.1 for Android does ...) NOT-FOR-US: LocalSense (aka com.LocalSense) application for Android CVE-2014-6795 (The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) applic ...) NOT-FOR-US: Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application for Android CVE-2014-6794 (The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for Andro ...) NOT-FOR-US: AAPLD (aka com.bredir.boopsie.aapld) application for Android CVE-2014-6793 (The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for And ...) NOT-FOR-US: Arch Friend (aka com.xyproto.archfriend) application for Android CVE-2014-6792 (The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for ...) NOT-FOR-US: Suriname Radio (aka com.wordbox.surinameRadio) application for Android CVE-2014-6791 (The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd ...) NOT-FOR-US: Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application for Android CVE-2014-6790 (The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Andr ...) NOT-FOR-US: INVEX (aka com.mobilatolye.keyinternet) application for Android CVE-2014-6789 (The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application ...) NOT-FOR-US: Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application for Android CVE-2014-6788 (The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for ...) NOT-FOR-US: Oman News (aka com.oman.news.rmtzlnbuooordciw) application for Android CVE-2014-6787 (The Counter Intuition (aka com.counter.intuition) application 1.2 for ...) NOT-FOR-US: Counter Intuition (aka com.counter.intuition) application for Android CVE-2014-6786 (The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) applica ...) NOT-FOR-US: Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) application for Android CVE-2014-6785 (The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) ...) NOT-FOR-US: Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application for Android CVE-2014-6784 (The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) applica ...) NOT-FOR-US: Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application for Android CVE-2014-6783 (The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) applicatio ...) NOT-FOR-US: Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application for Android CVE-2014-6782 (The Abraham Tours (aka com.mytoursapp.android.app432) application 1.1. ...) NOT-FOR-US: Abraham Tours (aka com.mytoursapp.android.app432) application for Android CVE-2014-6781 (The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for ...) NOT-FOR-US: Aloha Stadium - Hawaii (aka com.stadium.aloha) application for Android CVE-2014-6780 (The MeiTalk (aka com.playjia.meitalk) application @7F060012 for Androi ...) NOT-FOR-US: MeiTalk (aka com.playjia.meitalk) application for Android CVE-2014-6779 (The Cart App (aka com.virtecha.mobilewallet) application 1.5 for Andro ...) NOT-FOR-US: Cart App (aka com.virtecha.mobilewallet) application for Android CVE-2014-6778 (The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for ...) NOT-FOR-US: Goat Forum (aka com.gcspublishing.goatspot) application for Android CVE-2014-6777 (The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does ...) NOT-FOR-US: blueeleph (aka eg.film.blueeleph) application for Android CVE-2014-6776 (The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) appli ...) NOT-FOR-US: United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application for Android CVE-2014-6775 (The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 ...) NOT-FOR-US: Light for Pets (aka com.helenwoodward.light4pets) application for Android CVE-2014-6774 (The USEK (aka com.university.usek) application 1.0.8 for Android does ...) NOT-FOR-US: USEK (aka com.university.usek) application for Android CVE-2014-6773 (The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 fo ...) NOT-FOR-US: CIH Quiz game (aka com.bowenehs.cihquizgameapp) application for Android CVE-2014-6772 (The United Educational CU (aka com.metova.cuae.uecu) application 1.0.2 ...) NOT-FOR-US: United Educational CU (aka com.metova.cuae.uecu) application for Android CVE-2014-6771 (The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for An ...) NOT-FOR-US: United Heritage Mobile (aka Fi_Mobile.UHCU) application for Android CVE-2014-6770 (The Aerospace Jobs (aka com.app_aerospacejobs.layout) application 1.39 ...) NOT-FOR-US: Aerospace Jobs (aka com.app_aerospacejobs.layout) application for Android CVE-2014-6769 (The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 ...) NOT-FOR-US: Meteo Belgique (aka com.mobilesoft.belgiumweather) application for Android CVE-2014-6768 (The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1. ...) NOT-FOR-US: Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application for Android CVE-2014-6767 (The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for A ...) NOT-FOR-US: Juggle! FREE (aka com.jakyl.juggleforfree) application for Android CVE-2014-6766 (The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for ...) NOT-FOR-US: Afro-Beat (aka com.zero.themelock.tambourine) application for Android CVE-2014-6765 (The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7 ...) NOT-FOR-US: No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application for Android CVE-2014-6764 (The Assyrian (aka com.b2.assyrian.activity) application 2.2 for Androi ...) NOT-FOR-US: Assyrian (aka com.b2.assyrian.activity) application for Android CVE-2014-6763 (The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom ...) NOT-FOR-US: Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application for Android CVE-2014-6762 (The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android ...) NOT-FOR-US: bongomovie (aka com.mbwasi.bongomovie) application for Android CVE-2014-6761 (The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) a ...) NOT-FOR-US: Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application for Android CVE-2014-6760 (The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2 ...) NOT-FOR-US: Harem Thief Dating (aka com.haremthief.haremthief) application for Android CVE-2014-6759 (The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) applic ...) NOT-FOR-US: Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application for Android CVE-2014-6758 (The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) applicat ...) NOT-FOR-US: Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application for Android CVE-2014-6757 (The Koran - AlqoranVideos (aka com.alqoran.videos.example) application ...) NOT-FOR-US: Koran - AlqoranVideos (aka com.alqoran.videos.example) application for Android CVE-2014-6756 (The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for Androi ...) NOT-FOR-US: Reddit Aww (aka org.biais.redditawww) application for Android CVE-2014-6755 (The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) applic ...) NOT-FOR-US: SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application for Android CVE-2014-6754 (The Vector Outage Manager (aka nz.co.vector.outagemanager) application ...) NOT-FOR-US: Vector Outage Manager (aka nz.co.vector.outagemanager) application for Android CVE-2014-6753 (The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 f ...) NOT-FOR-US: sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application for Android CVE-2014-6752 (The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) ap ...) NOT-FOR-US: Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application for Android CVE-2014-6751 (The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for ...) NOT-FOR-US: Grasshopper Beta (aka com.grasshopper.dialer) application for Android CVE-2014-6750 (The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 fo ...) NOT-FOR-US: $0.99 Kindle Books (aka com.kindle.books.for99) application for Android CVE-2014-6749 (The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) a ...) NOT-FOR-US: American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application for Android CVE-2014-6748 (The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for And ...) NOT-FOR-US: GEMAIRE's HVAC Assist (aka com.es.Gemaire) application for Android CVE-2014-6747 (The SeeOn (aka com.seeon) application 4.0.7 for Android does not verif ...) NOT-FOR-US: SeeOn (aka com.seeon) application for Android CVE-2014-6746 (The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) ap ...) NOT-FOR-US: Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application for Android CVE-2014-6745 (The Family Location (aka com.sosocome.family) application 3.4 2014-5-2 ...) NOT-FOR-US: Family Location (aka com.sosocome.family) application for Android CVE-2014-6744 (The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android doe ...) NOT-FOR-US: Al-Ahsa News (aka com.alahsa.news) application for Android CVE-2014-6743 (The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7 ...) NOT-FOR-US: Hearsay: A Social Party Game (aka air.com.lip.per) application for Android CVE-2014-6742 (The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for ...) NOT-FOR-US: All around Cyprus (aka com.cyprus.newspapers) application for Android CVE-2014-6741 (The John MacArthur (aka com.john.macarthur) application 1.0.26 for And ...) NOT-FOR-US: John MacArthur (aka com.john.macarthur) application for Android CVE-2014-6740 (The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for ...) NOT-FOR-US: XD Forum (aka com.tapatalk.xdforumcomforum) application for Android CVE-2014-6739 (The Well-Being Connect Mobile (aka com.healthways.wellbeinggo) applica ...) NOT-FOR-US: Well-Being Connect Mobile (aka com.healthways.wellbeinggo) application for Android CVE-2014-6738 (The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for ...) NOT-FOR-US: Maccabi Tel Aviv (aka com.monkeytech.maccabi) application for Android CVE-2014-6737 (The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) ...) NOT-FOR-US: Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application for Android CVE-2014-6736 (The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android ...) NOT-FOR-US: EPL Hat Trick (aka com.hat.trick.goal) application for Android CVE-2014-6735 (The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd2 ...) NOT-FOR-US: imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application for Android CVE-2014-6734 (The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7 ...) NOT-FOR-US: Wine Making (aka com.gcspublishing.winemakingtalk) application for Android CVE-2014-6733 (The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for ...) NOT-FOR-US: My T-Mobile (aka at.tmobile.android.myt) application for Android CVE-2014-6732 (The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for ...) NOT-FOR-US: Westpac Mobile Banking (aka org.westpac.bank) application for Android CVE-2014-6731 (The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for ...) NOT-FOR-US: Alfa-Bank (aka ru.alfabank.mobile.android) application for Android CVE-2014-6730 (The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 ...) NOT-FOR-US: Melodigram (aka com.minusdegree.melodigramandroid) application for Android CVE-2014-6729 (The Grilling with Rich (aka com.grilling.with.rich) application 1.0 fo ...) NOT-FOR-US: Grilling with Rich (aka com.grilling.with.rich) application for Android CVE-2014-6728 (The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android doe ...) NOT-FOR-US: ThinkPal (aka com.mythinkpalapp) application for Android CVE-2014-6727 (The Mikeius (Official App) (aka com.automon.mikeius) application 1.4.2 ...) NOT-FOR-US: Mikeius (Official App) (aka com.automon.mikeius) application for Android CVE-2014-6726 (The 30A (aka com.app30a) application 5.26.2 for Android does not verif ...) NOT-FOR-US: 30A (aka com.app30a) application for Android CVE-2014-6725 (The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android doe ...) NOT-FOR-US: SchoolXM (aka apprentice.schoolxm) application for Android CVE-2014-6724 (The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7. ...) NOT-FOR-US: Soap Making (aka com.tapatalk.soapmakingforumcom) application for Android CVE-2014-6723 (The Comics Plus (aka com.iversecomics.comicsplus.android) application ...) NOT-FOR-US: Comics Plus (aka com.iversecomics.comicsplus.android) application for Android CVE-2014-6722 (The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) appli ...) NOT-FOR-US: Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) application for Android CVE-2014-6721 (The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for An ...) NOT-FOR-US: Pharmaguideline (aka com.pharmaguideline) application for Android CVE-2014-6720 (The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) appli ...) NOT-FOR-US: Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application for Android CVE-2014-6719 (The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) applicat ...) NOT-FOR-US: Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application for Android CVE-2014-6718 (The My Mobile Day (aka com.mymobileday) application 1.3 for Android do ...) NOT-FOR-US: My Mobile Day (aka com.mymobileday) application for Android CVE-2014-6717 (The iTriage Health (aka com.healthagen.iTriage) application 5.29 for A ...) NOT-FOR-US: iTriage Health (aka com.healthagen.iTriage) application for Android CVE-2014-6716 (The fastin (aka moda.azyae.fastin.net) application 1.0 for Android doe ...) NOT-FOR-US: fastin (aka moda.azyae.fastin.net) application for Android CVE-2014-6715 (The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03 ...) NOT-FOR-US: SlotMachine (aka com.popoinnovation.SlotMachine) application for Android CVE-2014-6714 (The WebMD (aka com.webmd.android) application 3.5 for Android does not ...) NOT-FOR-US: WebMD (aka com.webmd.android) application for Android CVE-2014-6713 (The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application ...) NOT-FOR-US: MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application for Android CVE-2014-6712 (The Airlines International (aka org.iata.IAMagazine) application 1.0 f ...) NOT-FOR-US: Airlines International (aka org.iata.IAMagazine) application for Android CVE-2014-6711 (The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application ...) NOT-FOR-US: ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application for Android CVE-2014-6710 (The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) appl ...) NOT-FOR-US: Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application for Android CVE-2014-6709 (The TechRadar News (aka com.techradar.news) application 1.0 for Androi ...) NOT-FOR-US: TechRadar News (aka com.techradar.news) application for Android CVE-2014-6708 (The Sporting Club Uphoria (aka com.sportinginnovations.skc) applicatio ...) NOT-FOR-US: Sporting Club Uphoria (aka com.sportinginnovations.skc) application for Android CVE-2014-6707 (The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1 ...) NOT-FOR-US: 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application for Android CVE-2014-6706 (The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android ...) NOT-FOR-US: Embry-Riddle (aka com.dub.app.erau) application for Android CVE-2014-6705 (The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for An ...) NOT-FOR-US: Maher Zain (aka com.vanagas.app.maher_zain) application for Android CVE-2014-6704 (The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for ...) NOT-FOR-US: Utah Jazz (aka com.sportinginnovations.jazz) application for Android CVE-2014-6703 (The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for Andro ...) NOT-FOR-US: phonearabs4 (aka com.phonearabs4.myapps) application for Android CVE-2014-6702 (The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c ...) NOT-FOR-US: StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application for Android CVE-2014-6701 (The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for ...) NOT-FOR-US: Vendormate Mobile (aka com.vendormate.mobile) application for Android CVE-2014-6700 (The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) applicat ...) NOT-FOR-US: NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application for Android CVE-2014-6699 (The Weather Channel (aka com.weather.Weather) application 5.2.0 for An ...) NOT-FOR-US: Weather Channel (aka com.weather.Weather) application for Android CVE-2014-6698 (The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 f ...) NOT-FOR-US: Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application for Android CVE-2014-6697 (The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 fo ...) NOT-FOR-US: Morocco Weather (aka com.mobilesoft.meteomaroc) application for Android CVE-2014-6696 (The Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlp ...) NOT-FOR-US: Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlparty) application for Android CVE-2014-6695 (The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics ...) NOT-FOR-US: Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application for Android CVE-2014-6694 (The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3. ...) NOT-FOR-US: 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application for Android CVE-2014-6693 (The Juiker (aka org.itri) application 3.2.0829.1 for Android does not ...) NOT-FOR-US: Juiker (aka org.itri) application for Android CVE-2014-6692 (The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 fo ...) NOT-FOR-US: Kingsoft Clip (Office Tool) (aka cn.wps.clip) application for Android CVE-2014-6691 (The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for An ...) NOT-FOR-US: UC Browser HD (aka com.uc.browser.hd) application for Android CVE-2014-6690 (The InstaMessage - Instagram Chat (aka com.futurebits.instamessage.fre ...) NOT-FOR-US: InstaMessage - Instagram Chat (aka com.futurebits.instamessage.free) application for Android CVE-2014-6689 (The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does ...) NOT-FOR-US: JW Cards (aka com.jingwei.card) application for Android CVE-2014-6688 (The Voices.com (aka com.voices.voices) application 1.5 for Android doe ...) NOT-FOR-US: Voices.com (aka com.voices.voices) application for Android CVE-2014-6687 (The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 ...) NOT-FOR-US: wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application for Android CVE-2014-6686 (The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 ...) NOT-FOR-US: Zoho Books - Accounting App (aka com.zoho.books) application for Android CVE-2014-6685 (The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 ...) NOT-FOR-US: Tsushima Travel Guide (aka com.netjapan.ntsushima) application for Android CVE-2014-6684 (The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android ...) NOT-FOR-US: MOL bringaPONT (aka hu.mol.bringapont) application for Android CVE-2014-6683 (The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0. ...) NOT-FOR-US: Open Electrical Webser (aka com.wOpenElectricalWeb) application for Android CVE-2014-6682 (The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789 ...) NOT-FOR-US: w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application for Android CVE-2014-6681 (The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) appli ...) NOT-FOR-US: Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application for Android CVE-2014-6680 (The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for ...) NOT-FOR-US: superheroquiz (aka com.davidhey.superheroquiz) application for Android CVE-2014-6679 (The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) applicat ...) NOT-FOR-US: wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application for Android CVE-2014-6678 (The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for A ...) NOT-FOR-US: Algeria Radio (aka com.wordbox.algeriaRadio) application for Android CVE-2014-6677 (The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application ...) NOT-FOR-US: Ticket Round Up (aka com.xcr.android.ticketroundupapp) application for Android CVE-2014-6676 (The Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdo ...) NOT-FOR-US: Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdomen41E29322) application for Android CVE-2014-6675 (The Ruta Exacta (aka com.rutaexacta.m) application 1.0 for Android doe ...) NOT-FOR-US: Ruta Exacta (aka com.rutaexacta.m) application for Android CVE-2014-6674 (The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for ...) NOT-FOR-US: Amazighmusic (aka nl.appsandroo.Amazighmusic) application for Android CVE-2014-6673 (The ChallengerTX (aka com.zhtiantian.ChallengerTX) application 3.9.12. ...) NOT-FOR-US: ChallengerTX (aka com.zhtiantian.ChallengerTX) application for Android CVE-2014-6672 (The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 fo ...) NOT-FOR-US: Friendcaster (aka uk.co.senab.blueNotifyFree) application for Android CVE-2014-6671 (The World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) ...) NOT-FOR-US: World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) application for Android CVE-2014-6670 (The SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcom ...) NOT-FOR-US: SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcomforum) application for Android CVE-2014-6669 (The Inside Crochet (aka com.magazinecloner.insidecrochet) application ...) NOT-FOR-US: Inside Crochet (aka com.magazinecloner.insidecrochet) application for Android CVE-2014-6668 (The African Radios Live (aka com.nana.africanradioslive) application 1 ...) NOT-FOR-US: African Radios Live (aka com.nana.africanradioslive) application for Android CVE-2014-6667 (The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 f ...) NOT-FOR-US: racemotocross (aka com.bossappsmk.racemotocross) application for Android CVE-2014-6666 (The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Andro ...) NOT-FOR-US: Baglamukhi (aka com.wshribaglamukhiblog) application for Android CVE-2014-6665 (The Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application ...) NOT-FOR-US: Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application for Android CVE-2014-6664 (The Latin Angels Music HD (aka com.applizards.lafreetj) application 2. ...) NOT-FOR-US: Latin Angels Music HD (aka com.applizards.lafreetj) application for Android CVE-2014-6663 (The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) applica ...) NOT-FOR-US: Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) application for Android CVE-2014-6662 (The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3 ...) NOT-FOR-US: Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application for Android CVE-2014-6661 (The netease movie (aka com.netease.movie) application 4.7.2 for Androi ...) NOT-FOR-US: netease movie (aka com.netease.movie) application for Android CVE-2014-6660 (The Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application ...) NOT-FOR-US: Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application for Android CVE-2014-6659 (The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 ...) NOT-FOR-US: Defence.pk (aka com.tapatalk.defencepkforums) application for Android CVE-2014-6658 (The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for ...) NOT-FOR-US: Apploi Job Search- Find Jobs (aka com.apploi) application for Android CVE-2014-6657 (The Leadership Newspapers (aka com.LeadershipNewspapers) application 1 ...) NOT-FOR-US: Leadership Newspapers (aka com.LeadershipNewspapers) application for Android CVE-2014-6656 (The drareym (aka com.drareym) application 0.1 for Android does not ver ...) NOT-FOR-US: drareym (aka com.drareym) application for Android CVE-2014-6655 (The Tortoise Forum (aka org.tortoiseforum.android.forumrunner) applica ...) NOT-FOR-US: Tortoise Forum (aka org.tortoiseforum.android.forumrunner) application for Android CVE-2014-6654 (The wTrootrooTvIzle (aka com.wTrootrooTvIzle) application 0.1 for Andr ...) NOT-FOR-US: wTrootrooTvIzle (aka com.wTrootrooTvIzle) application for Android CVE-2014-6653 (The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for And ...) NOT-FOR-US: Afghan Radio (aka com.wordbox.afghanRadio) application for Android CVE-2014-6652 (The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for ...) NOT-FOR-US: Wizaz Forum (aka com.tapatalk.wizazplforum) application for Android CVE-2014-6651 (The Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukfo ...) NOT-FOR-US: Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukforums) application for Android CVE-2014-6650 (The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) applicatio ...) NOT-FOR-US: NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application for Android CVE-2014-6649 (The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) applicat ...) NOT-FOR-US: MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application for Android CVE-2014-6648 (The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 f ...) NOT-FOR-US: iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application for Android CVE-2014-6647 (The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for ...) NOT-FOR-US: ElForro.com (aka com.tapatalk.elforrocom) application for Android CVE-2014-6646 (The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 fo ...) NOT-FOR-US: bellyhoodcom (aka com.tapatalk.bellyhoodcom) application for Android CVE-2014-6645 (The Batch library for Android does not verify X.509 certificates from ...) NOT-FOR-US: Batch library for Android CVE-2014-6644 REJECTED CVE-2014-6643 (The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for ...) NOT-FOR-US: FIAT Forum (aka com.tapatalk.fiatforumcom) application for Android CVE-2014-6642 (The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum ...) NOT-FOR-US: Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application for Android CVE-2014-6641 (The Homesteading Today (aka com.tapatalk.homesteadingtodaycom) applica ...) NOT-FOR-US: Homesteading Today (aka com.tapatalk.homesteadingtodaycom) application for Android CVE-2014-6640 (The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does ...) NOT-FOR-US: DNB Trade (aka lt.dnb.mobiletrade) application for Android CVE-2014-6639 (The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android. ...) NOT-FOR-US: TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application for Android CVE-2014-6638 (The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not ...) NOT-FOR-US: wTMDesktop (aka com.wTMDesktop) application for Android CVE-2014-6637 (The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Androi ...) NOT-FOR-US: Facebook Facts (aka com.wFacebookFacts) application for Android CVE-2014-6636 (The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Buil ...) NOT-FOR-US: LG Telepresence (aka com.rsupport.rtc.lge) application for Android CVE-2014-6635 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows ...) NOT-FOR-US: Exponent CMS CVE-2014-6634 RESERVED CVE-2014-6633 (The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x befor ...) {DSA-3043-1 DLA-70-1} - tryton-server 3.2.3-1 NOTE: https://bugs.tryton.org/issue4155 CVE-2014-6632 (Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 ...) NOT-FOR-US: Joomla! CVE-2014-6631 (Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x ...) NOT-FOR-US: Joomla! CVE-2014-6630 RESERVED CVE-2014-6629 RESERVED CVE-2014-6628 (Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows rem ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6627 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows re ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6626 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6625 (The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6624 (The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight module ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6622 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows re ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6621 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass b ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in register-exec.p ...) NOT-FOR-US: PizzaInn_Project Restaurant Script CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop allows re ...) NOT-FOR-US: Your Online Shop CVE-2014-6617 (Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 conta ...) NOT-FOR-US: Softing FG-100 CVE-2014-6616 (Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS Si ...) NOT-FOR-US: Softing FG-100 CVE-2014-6615 RESERVED CVE-2014-6614 RESERVED CVE-2014-6613 RESERVED CVE-2014-6612 RESERVED CVE-2014-6611 (The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, ...) NOT-FOR-US: BlackBerry CVE-2014-6609 (The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 ...) - asterisk (only affects 12.x series) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html CVE-2014-6608 RESERVED CVE-2014-6606 RESERVED CVE-2014-6605 RESERVED CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in ...) NOT-FOR-US: Subscribe2 plugin for WordPress CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricat ...) [squeeze] - suricata (Vulnerable code not yet present) [wheezy] - suricata (Vulnerable code not yet present) - suricata 2.0.4-1 (bug #762828) CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 ...) NOT-FOR-US: Microsoft Asha OS CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x befo ...) - python-keystonemiddleware 1.0.0-3 (bug #762748) - python-keystoneclient 1:0.10.1-2 (bug #762749) [wheezy] - python-keystoneclient (Minor issue) CVE-2014-7143 (Python Twisted 14.0 trustRoot is not respected in HTTP client ...) - twisted 14.0.2-1 (bug #761983) [wheezy] - twisted (Only affects 14.0 series) [squeeze] - twisted (Only affects 14.0 series) CVE-2014-6610 (Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Ce ...) {DLA-455-1} - asterisk 1:11.12.1~dfsg-1 (medium; bug #762164) [squeeze] - asterisk (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff applies on 1:1.8.13.1~dfsg1-3+deb7u3 NOTE: Squeeze version doesn't have res/res_fax_spandsp.c with the problem. CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...) NOT-FOR-US: M/Monit CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...) {DSA-3147-1 DSA-3144-1 DLA-157-1} - openjdk-6 6b34-1.13.6-1 - openjdk-7 7u75-2.5.4-1 - openjdk-8 8u40~b22-1 CVE-2014-6600 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2014-6599 (Unspecified vulnerability in the Siebel Core - Common Components compo ...) NOT-FOR-US: Oracle CVE-2014-6598 (Unspecified vulnerability in the Oracle Communications Diameter Signal ...) NOT-FOR-US: Oracle CVE-2014-6597 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle CVE-2014-6596 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle CVE-2014-6595 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.3.18-dfsg-2 (bug #775888) [wheezy] - virtualbox (Introduced in 4.3) - virtualbox-ose (Introduced in 4.3) CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...) NOT-FOR-US: Oracle iLearning CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...) {DSA-3147-1 DSA-3144-1 DLA-157-1} - openjdk-6 6b34-1.13.6-1 - openjdk-7 7u75-2.5.4-1 - openjdk-8 8u40~b22-1 CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...) NOT-FOR-US: Oracle CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE 5 ...) {DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1} - openjdk-6 6b34-1.13.6-1 - openjdk-7 7u75-2.5.4-1 - openjdk-8 8u40~b22-1 - icu 52.1-7 (bug #775884) CVE-2014-6590 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.3.18-dfsg-2 (bug #775888) [wheezy] - virtualbox (Introduced in 4.3) - virtualbox-ose (Introduced in 4.3) CVE-2014-6589 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.3.18-dfsg-2 (bug #775888) [wheezy] - virtualbox (Introduced in 4.3) - virtualbox-ose (Introduced in 4.3) CVE-2014-6588 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.3.18-dfsg-2 (bug #775888) [wheezy] - virtualbox (Introduced in 4.3) - virtualbox-ose (Introduced in 4.3) CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allow ...) {DSA-3147-1 DSA-3144-1 DLA-157-1} - openjdk-6 6b34-1.13.6-1 - openjdk-7 7u75-2.5.4-1 - openjdk-8 8u40~b22-1 CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u ...) {DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1} - openjdk-6 6b34-1.13.6-1 - openjdk-7 7u75-2.5.4-1 - openjdk-8 8u40~b22-1 - icu 52.1-7.1 (bug #776264) CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...) NOT-FOR-US: Oracle Sun Systems Products Suite ILOM CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-6582 (Unspecified vulnerability in the Oracle HCM Configuration Workbench co ...) NOT-FOR-US: Oracle CVE-2014-6581 (Unspecified vulnerability in the Oracle Customer Intelligence componen ...) NOT-FOR-US: Oracle CVE-2014-6580 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle CVE-2014-6579 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle CVE-2014-6578 (Unspecified vulnerability in the Workspace Manager component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-6577 (Unspecified vulnerability in the XML Developer's Kit for C component i ...) NOT-FOR-US: Oracle CVE-2014-6576 (Unspecified vulnerability in the Oracle Adaptive Access Manager compon ...) NOT-FOR-US: Oracle CVE-2014-6575 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...) NOT-FOR-US: Oracle Sun Solaris CVE-2014-6574 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...) NOT-FOR-US: Oracle CVE-2014-6573 (Unspecified vulnerability in the Enterprise Manager Ops Center compone ...) NOT-FOR-US: Oracle CVE-2014-6572 (Unspecified vulnerability in the Oracle Customer Interaction History c ...) NOT-FOR-US: Oracle CVE-2014-6571 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle CVE-2014-6570 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2014-6569 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, a ...) {DSA-3135-1} - mysql-5.5 5.5.42-1 (bug #775881) - mariadb-10.0 10.0.16-1 (bug #775882) - percona-xtradb-cluster-5.5 NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL CVE-2014-6567 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2014-6566 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle CVE-2014-6565 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...) NOT-FOR-US: Oracle CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier al ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) - mariadb-10.0 (Fixed before initial upload) CVE-2014-6563 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6562 (Unspecified vulnerability in Oracle Java SE 8u20 allows remote attacke ...) - openjdk-8 8u40~b09-1 CVE-2014-6561 (Unspecified vulnerability in the Oracle Payments component in Oracle E ...) NOT-FOR-US: Oracle CVE-2014-6560 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6559 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6557 (Unspecified vulnerability in the Application Performance Management co ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2014-6556 (Unspecified vulnerability in the Oracle Applications DBA component in ...) NOT-FOR-US: Oracle CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 CVE-2014-6554 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6553 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6552 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6551 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-6550 (Unspecified vulnerability in the Oracle Applications Object Library co ...) NOT-FOR-US: Oracle CVE-2014-6549 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote attacke ...) - openjdk-8 8u40~b22-1 CVE-2014-6548 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-6545 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6544 (Unspecified vulnerability in the JDBC component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-6543 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Database ...) NOT-FOR-US: Oracle CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox-guest-additions [squeeze] - virtualbox-guest-additions (Non-free not supported) - virtualbox-guest-additions-iso 4.3.14-1 [wheezy] - virtualbox-guest-additions-iso (Non-free not supported) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-6538 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6537 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6536 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-6535 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-6534 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6533 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-6532 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6531 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6530 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-6528 (Unspecified vulnerability in the Siebel Core - System Management compo ...) NOT-FOR-US: Oracle CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remot ...) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6526 (Unspecified vulnerability in the Oracle Directory Server Enterprise Ed ...) NOT-FOR-US: Oracle CVE-2014-6525 (Unspecified vulnerability in the Oracle Web Applications Desktop Integ ...) NOT-FOR-US: Oracle CVE-2014-6524 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6521 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier al ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mysql-5.1 (Only affects 5.5 series) - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-6519 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6518 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local use ...) NOT-FOR-US: Oracle Solaris CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6516 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2014-6515 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6514 (Unspecified vulnerability in the PL/SQL component in Oracle Database S ...) NOT-FOR-US: Oracle CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and ...) - openjdk-6 (Windows-specific) - openjdk-7 (Windows-specific) - openjdk-8 (Windows-specific) CVE-2014-6512 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 NOTE: Upstream OpenJDK commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0798607dd425 CVE-2014-6511 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6510 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2014-6509 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remot ...) NOT-FOR-US: Oracle Sun Solaris 10 and 11 CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 CVE-2014-6506 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6505 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-6504 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, an ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6503 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6502 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6501 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-6500 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 - cyassl (bug #770229) - wolfssl (WolfSSL not affected) CVE-2014-6499 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6498 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-6497 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-6496 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 - cyassl (bug #770229) - wolfssl (WolfSSL not affected) CVE-2014-6495 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 - cyassl (bug #770229) - wolfssl (WolfSSL not affected) CVE-2014-6494 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 - cyassl (bug #770229) - wolfssl (WolfSSL not affected) CVE-2014-6493 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6492 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6491 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 - cyassl (bug #770229) - wolfssl (WolfSSL not affected) CVE-2014-6490 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-6489 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier al ...) - mysql-5.5 (Only MySQL 5.6) - mysql-5.1 (Only MySQL 5.6) - mariadb-10.0 (Fixed before initial upload) CVE-2014-6488 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control EM Base Plattform CVE-2014-6487 (Unspecified vulnerability in the Oracle Identity Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6486 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-6485 (Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 all ...) - openjdk-8 8u40~b09-1 CVE-2014-6484 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-6483 (Unspecified vulnerability in the Application Express component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-6481 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote at ...) NOT-FOR-US: Oracle Solaris CVE-2014-6480 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...) NOT-FOR-US: Oracle CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology compon ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, a ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 - cyassl - wolfssl (WolfSSL not affected) CVE-2014-6477 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database CVE-2014-6476 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6475 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-6474 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier al ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) - mariadb-10.0 (Fixed before initial upload) CVE-2014-6473 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris 10 and 11 CVE-2014-6472 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-6471 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-6470 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-6469 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 CVE-2014-6468 (Unspecified vulnerability in Oracle Java SE 8u20 allows local users to ...) - openjdk-8 8u40~b09-1 CVE-2014-6467 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6466 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6465 (Unspecified vulnerability in the Oracle Communications Session Border ...) NOT-FOR-US: Oracle Communications Applications CVE-2014-6464 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.40-1 - mariadb-5.5 - mariadb-10.0 10.0.15-1 - percona-xtradb-cluster-5.5 CVE-2014-6463 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-6462 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-6461 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-6460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-6459 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Virtualization CVE-2014-6458 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6457 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u ...) {DSA-3080-1 DSA-3077-1 DLA-96-1} - openjdk-6 6b33-1.13.5-1 - openjdk-7 7u71-2.5.3-1 - openjdk-8 8u40~b09-1 CVE-2014-6456 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remot ...) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-6455 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-6454 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-6453 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-6451 (J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D ...) NOT-FOR-US: Juniper CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X4 ...) NOT-FOR-US: Juniper Junos OS CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X ...) NOT-FOR-US: Juniper Junos OS CVE-2014-6448 (Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before ...) NOT-FOR-US: Juniper CVE-2014-6447 (Multiple vulnerabilities exist in Juniper Junos J-Web error handling t ...) NOT-FOR-US: Juniper CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPre ...) NOT-FOR-US: WordPress plugin Infusionsoft Gravity Forms CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmi ...) NOT-FOR-US: WordPress plugin Contact Form 7 Integrations CVE-2014-6444 (Multiple cross-site scripting (XSS) vulnerabilities in the Titan Frame ...) NOT-FOR-US: Titan Framework plugin for WordPress CVE-2014-6443 RESERVED CVE-2014-6442 RESERVED CVE-2014-6441 RESERVED CVE-2014-6440 (VideoLAN VLC media player before 2.1.5 allows remote attackers to exec ...) - vlc 2.1.5-1 (low) [wheezy] - vlc (Introduced in 2.1) [squeeze] - vlc (Unsupported in squeeze-lts) CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in ...) - elasticsearch 1.0.3+dfsg-4 (bug #763958; low) CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before 1.9.2-p330 all ...) {DLA-275-1} - ruby1.9.1 1.9.3.0-1 - ruby1.8 (Vulnerable code not present) NOTE: https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/ NOTE: https://github.com/ruby/www.ruby-lang.org/issues/817 NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943 NOTE: CVE assignment is specific to ruby 1.9.x series? CVE-2014-6437 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remo ...) NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices CVE-2014-6436 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly ...) NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices CVE-2014-6435 (cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and D ...) NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary c ...) NOT-FOR-US: GoPro CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary f ...) NOT-FOR-US: GoPro CVE-2014-6420 (Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 ...) NOT-FOR-US: Livefyre LiveComments CVE-2014-6419 RESERVED CVE-2014-6415 RESERVED CVE-2014-6413 (A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11 ...) NOT-FOR-US: WatchGuard CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict p ...) - wordpress (Affects only Wordpress on Windows systems) CVE-2014-6411 RESERVED CVE-2014-6409 (Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and e ...) NOT-FOR-US: M/Monit CVE-2014-6408 (Docker 1.3.0 through 1.3.1 allows remote attackers to modify the defau ...) - docker.io 1.3.2~dfsg1-1 CVE-2014-6407 (Docker before 1.3.2 allows remote attackers to write to arbitrary file ...) - docker.io 1.3.2~dfsg1-1 CVE-2014-6406 RESERVED CVE-2014-6405 RESERVED CVE-2014-6404 RESERVED CVE-2014-6403 RESERVED CVE-2014-6402 RESERVED CVE-2014-6401 RESERVED CVE-2014-6400 RESERVED CVE-2014-6399 RESERVED CVE-2014-6398 RESERVED CVE-2014-6397 RESERVED CVE-2014-6396 (The dissector_postgresql function in dissectors/ec_postgresql.c in Ett ...) - ettercap 1:0.8.1-3 (bug #773416) [squeeze] - ettercap (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20) CVE-2014-6395 (Heap-based buffer overflow in the dissector_postgresql function in dis ...) - ettercap 1:0.8.1-3 (bug #773416) [squeeze] - ettercap (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20) CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison fo ...) - node-send 0.9.4-1 NOTE: https://nodesecurity.io/advisories/send-directory-traversal CVE-2014-6393 (The Express web framework before 3.11 and 4.x before 4.5 for Node.js d ...) - node-express 4.16.4-1 (unimportant) NOTE: libv8 is not covered by security support CVE-2014-6392 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the Faceboo ...) NOT-FOR-US: Facebook app and Facebook Messenger app for iOS CVE-2014-6391 RESERVED CVE-2014-6390 RESERVED CVE-2014-6389 (backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers t ...) NOT-FOR-US: PhpCompta CVE-2014-6388 REJECTED CVE-2014-7145 (The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before ...) - linux 3.16.3-1 [wheezy] - linux (Introduced in 3.7) - linux-2.6 (Introduced in 3.7) NOTE: upstream fix: https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce (v3.17-rc2) CVE-2014-6432 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniff ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html CVE-2014-6431 (Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html CVE-2014-6430 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniff ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html CVE-2014-6429 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniff ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html CVE-2014-6428 (The dissect_spdu function in epan/dissectors/packet-ses.c in the SES d ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-18.html CVE-2014-6427 (Off-by-one error in the is_rtsp_request_or_reply function in epan/diss ...) {DSA-3049-1} - wireshark 1.12.1+g01b65bf-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-17.html CVE-2014-6426 (The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HI ...) - wireshark 1.12.1+g01b65bf-1 [wheezy] - wireshark (Only applies to 1.12.x) [squeeze] - wireshark (Only applies to 1.12.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-16.html CVE-2014-6425 (The (1) get_quoted_string and (2) get_unquoted_string functions in epa ...) - wireshark 1.12.1+g01b65bf-1 [wheezy] - wireshark (Only applies to 1.12.x) [squeeze] - wireshark (Only applies to 1.12.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-15.html CVE-2014-6424 (The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow ...) {DSA-3049-1} - wireshark 1.12.1+g01b65bf-1 [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-14.html CVE-2014-6423 (The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in th ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.1+g01b65bf-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-13.html CVE-2014-6422 (The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate ...) {DSA-3049-1 DLA-198-1} - wireshark 1.12.0+git+4fab41a1-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984 (v1.11.3) CVE-2014-6421 (Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x ...) - wireshark 1.12.0~rc1-1 [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=81c4eee84b6ee19fd27929856fa1465b1af148c6 (v1.10.10) CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...) - linux 3.16.3-1 [wheezy] - linux 3.2.63-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.34) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5) NOTE: http://tracker.ceph.com/issues/8979 CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...) - linux 3.16.3-1 [wheezy] - linux 3.2.63-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.34) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5) NOTE: http://tracker.ceph.com/issues/8979 CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux ker ...) - linux 3.16.3-1 [wheezy] - linux 3.2.63-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.34) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5) NOTE: http://tracker.ceph.com/issues/8979 CVE-2014-6414 (OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows re ...) - neutron 2014.1.3-1 NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to 2014.1.2 CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel th ...) {DLA-118-1} - linux 3.16.5-1 [wheezy] - linux 3.2.63-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65 (v3.17-rc5) CVE-2014-6386 (Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 ...) NOT-FOR-US: Juniper CVE-2014-6385 (Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 ...) NOT-FOR-US: Juniper CVE-2014-6384 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, ...) NOT-FOR-US: Juniper CVE-2014-6383 (The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, wh ...) NOT-FOR-US: Juniper CVE-2014-6382 (The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before ...) NOT-FOR-US: Juniper CVE-2014-6381 (Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, 9. ...) NOT-FOR-US: Juniper CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12. ...) NOT-FOR-US: Juniper Junos CVE-2014-6379 (Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12 ...) NOT-FOR-US: Juniper Junos CVE-2014-6378 (Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before D ...) NOT-FOR-US: Juniper Junos CVE-2014-6377 (Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before ...) NOT-FOR-US: Juniper Junos CVE-2014-6376 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6375 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6374 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6373 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6372 REJECTED CVE-2014-6371 REJECTED CVE-2014-6370 REJECTED CVE-2014-6369 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6368 (Microsoft Internet Explorer 11 allows remote attackers to bypass the A ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6367 REJECTED CVE-2014-6366 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6365 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6364 (Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; 2 ...) NOT-FOR-US: Microsoft Office CVE-2014-6363 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Inter ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6362 (Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, a ...) NOT-FOR-US: Microsoft Office CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Exc ...) NOT-FOR-US: Microsoft Excel CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pac ...) NOT-FOR-US: Microsoft Excel CVE-2014-6359 REJECTED CVE-2014-6358 REJECTED CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 ...) NOT-FOR-US: Microsoft Office CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Offic ...) NOT-FOR-US: Microsoft Word CVE-2014-6355 (The Graphics Component in Microsoft Windows Server 2003 SP2, Windows V ...) NOT-FOR-US: Microsft Windows CVE-2014-6354 (Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Interne ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...) NOT-FOR-US: Microsoft CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...) NOT-FOR-US: Microsoft CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...) NOT-FOR-US: Microsoft CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to re ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6345 (Microsoft Internet Explorer 9 and 10 allows remote attackers to read c ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6344 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6343 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6342 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6341 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers to re ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6338 REJECTED CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6336 (Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumula ...) NOT-FOR-US: Microsoft Exchange Server CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP ...) NOT-FOR-US: Microsoft Office CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP ...) NOT-FOR-US: Microsoft CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP ...) NOT-FOR-US: Microsoft CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vist ...) NOT-FOR-US: Microsoft CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3 ...) NOT-FOR-US: Microsoft CVE-2014-6330 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6329 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6328 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6327 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6326 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft Exchange Server CVE-2014-6325 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...) NOT-FOR-US: Microsoft Exchange Server CVE-2014-6324 (The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ob ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows Serv ...) NOT-FOR-US: Microsoft CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Wind ...) NOT-FOR-US: Microsoft CVE-2014-6320 REJECTED CVE-2014-6319 (Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, ...) NOT-FOR-US: Microsoft Exchange Server CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...) NOT-FOR-US: Microsoft CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...) NOT-FOR-US: Microsoft CVE-2014-6316 (core/string_api.php in MantisBT before 1.2.18 does not properly catego ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://github.com/mantisbt/mantisbt/commit/e66ecc9f NOTE: https://www.mantisbt.org/bugs/view.php?id=17648 NOTE: https://www.mantisbt.org/bugs/view.php?id=17362 NOTE: https://www.mantisbt.org/bugs/view.php?id=17698 NOTE: https://www.mantisbt.org/bugs/view.php?id=17811 CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado ...) NOT-FOR-US: WordPress plugin Photo Gallery CVE-2014-6314 RESERVED CVE-2014-6313 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...) NOT-FOR-US: WordPress plugin WooCommerce CVE-2014-6312 (Cross-site request forgery (CSRF) vulnerability in the Login Widget Wi ...) NOT-FOR-US: Login Widget With Shortcode (login-sidebar-widget) plugin for WordPress CVE-2014-6309 (The HTTP and WebSocket engine components in the server in Kaazing Gate ...) NOT-FOR-US: Kaazing Gateway CVE-2014-6308 (Directory traversal vulnerability in OSClass before 3.4.2 allows remot ...) NOT-FOR-US: OsClass CVE-2014-6307 RESERVED CVE-2014-6306 RESERVED CVE-2014-6305 RESERVED CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 all ...) NOT-FOR-US: PNMsoft CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence Kinetics befor ...) NOT-FOR-US: PNMsoft CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence Kinetics befor ...) NOT-FOR-US: PNMsoft CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the tables-mana ...) NOT-FOR-US: PNMsoft CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history implemen ...) - phpmyadmin 4:4.2.8.1-1 NOTE: https://www.phpmyadmin.net/security/PMASA-2014-10/ [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) CVE-2014-6299 (Cross-site request forgery (CSRF) vulnerability in the mm_forum extens ...) NOT-FOR-US: TYPO3 extension CVE-2014-6298 (Unrestricted file upload vulnerability in the mm_forum extension befor ...) NOT-FOR-US: TYPO3 extension CVE-2014-6297 (Cross-site scripting (XSS) vulnerability in the mm_forum extension bef ...) NOT-FOR-US: TYPO3 extension CVE-2014-6296 (Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) exte ...) NOT-FOR-US: TYPO3 extension CVE-2014-6295 (SQL injection vulnerability in the WEC Map (wec_map) extension before ...) NOT-FOR-US: TYPO3 extension CVE-2014-6294 (Cross-site scripting (XSS) vulnerability in the External links click s ...) NOT-FOR-US: TYPO3 extension CVE-2014-6293 (SQL injection vulnerability in the Statistics (ke_stats) extension bef ...) NOT-FOR-US: TYPO3 extension CVE-2014-6292 (The femanager extension before 1.0.9 for TYPO3 allows remote frontend ...) NOT-FOR-US: TYPO3 extension CVE-2014-6291 (Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (al ...) NOT-FOR-US: TYPO3 extension CVE-2014-6290 (The News (tt_news) extension before 3.5.2 for TYPO3 allows remote atta ...) NOT-FOR-US: TYPO3 extension CVE-2014-6289 (The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) exten ...) NOT-FOR-US: TYPO3 extension CVE-2014-6288 (The powermail extension 2.x before 2.0.11 for TYPO3 allows remote atta ...) NOT-FOR-US: TYPO3 extension CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File Ser ...) NOT-FOR-US: Rejetto HTTP File Server CVE-2014-6286 RESERVED CVE-2014-6285 RESERVED CVE-2014-6284 (SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before ...) NOT-FOR-US: SAP Adaptive Server Enterprise CVE-2014-6283 (SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 b ...) NOT-FOR-US: SAP Adaptive Server Enterprise CVE-2014-6282 RESERVED CVE-2014-6281 RESERVED CVE-2014-6280 (Multiple cross-site scripting (XSS) vulnerabilities in OSClass before ...) NOT-FOR-US: OsClass CVE-2014-6279 RESERVED CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function defin ...) - bash 4.3-9.2 (high) [wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high) [squeeze] - bash 4.1-3+deb6u2 (high) NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents NOTE: exploitation of this issue by making bash only use environment variables NOTE: with specific names (BASH_FUNC_*()) to define functions from its NOTE: environment. CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function defin ...) - bash 4.3-9.2 [wheezy] - bash 4.2+dfsg-0.1+deb7u3 [squeeze] - bash 4.1-3+deb6u2 NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents NOTE: exploitation of this issue by making bash only use environment variables NOTE: with specific names (BASH_FUNC_*()) to define functions from its NOTE: environment. CVE-2014-6276 (schema.py in Roundup before 1.5.1 does not properly limit attributes i ...) {DSA-3502-1} - roundup (bug #816780) NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9 CVE-2014-6275 (FusionForge before 5.3.2 use scripts that run under the shared Apache ...) - fusionforge 5.3.2-1 [squeeze] - fusionforge (Not supported in Squeeze LTS) NOTE: https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not encrypted] RESERVED - git-annex 5.20140919 [wheezy] - git-annex (Vulnerable code introduced in 3.20121126) NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/ CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and ...) {DSA-3031-1 DLA-58-1} - apt 1.0.3 CVE-2014-6272 (Multiple integer overflows in the evbuffer API in Libevent 1.4.x befor ...) {DSA-3119-1 DLA-137-1} - libevent 2.0.21-stable-2 (bug #774645) CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function definit ...) {DSA-3032-1 DLA-59-1} - bash 4.3-9.1 CVE-2014-6267 RESERVED CVE-2014-6266 RESERVED CVE-2014-6265 RESERVED CVE-2014-6264 RESERVED CVE-2014-6263 RESERVED CVE-2014-6262 (Multiple format string vulnerabilities in the python module in RRDtool ...) {DLA-2131-1} - rrdtool 1.5.4-1 NOTE: https://github.com/oetiker/rrdtool-1.x/pull/532 NOTE: https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec (v1.5.0-rc1) NOTE: https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 (v1.4.9) CVE-2014-6261 (Zenoss Core through 5 Beta 3 does not properly implement the Check For ...) - zenoss (bug #361253) CVE-2014-6260 (Zenoss Core through 5 Beta 3 does not require a password for modifying ...) - zenoss (bug #361253) CVE-2014-6259 (Zenoss Core through 5 Beta 3 does not properly detect recursion during ...) - zenoss (bug #361253) CVE-2014-6258 (An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote ...) - zenoss (bug #361253) CVE-2014-6257 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass intende ...) - zenoss (bug #361253) CVE-2014-6256 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass intende ...) - zenoss (bug #361253) CVE-2014-6255 (Open redirect vulnerability in the login form in Zenoss Core before 4. ...) - zenoss (bug #361253) CVE-2014-6254 (Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core thr ...) - zenoss (bug #361253) CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss C ...) - zenoss (bug #361253) CVE-2014-6387 (gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to ...) {DSA-3120-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=17640 NOTE: http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch) NOTE: http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch) CVE-2014-XXXX [install-sh: insecure use of /tmp] - automake1.11 1:1.11.6-4 (unimportant; bug #827346) - automake-1.14 (unimportant; bug #827347) [jessie] - automake-1.14 1:1.14.1-4+deb8u1 - automake-1.15 1:1.15-3 (unimportant; bug #760455) NOTE: http://seclists.org/oss-sec/2014/q3/588 NOTE: Neutralised by kernel hardening CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.5029 ...) NOT-FOR-US: SAP NetWeaver CVE-2014-6311 (generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file ...) - ace 6.2.7+dfsg-2 (unimportant; bug #760709) NOTE: Not installed into the binary packages CVE-2014-6310 (Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attacker ...) - chicken (Affects only CHICKEN Scheme on the Android platform) CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...) - squid 4.1-1 (unimportant) NOTE: SNMP was not built in squid 2.x - squid3 3.4.8-1 (low; bug #761002) [wheezy] - squid3 (Minor issue) [squeeze] - squid3 (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=895773 NOTE: Upstream commits: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13574 NOTE: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13582 NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_3.txt CVE-2014-7142 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...) - squid 4.1-1 [squeeze] - squid (Minor issue) [wheezy] - squid (Minor issue) - squid3 3.4.8-1 (bug #760999) [squeeze] - squid3 (Minor issue) [wheezy] - squid3 (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=891268 NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt CVE-2014-7141 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...) - squid 4.1-1 [squeeze] - squid (Minor issue) [wheezy] - squid (Minor issue) - squid3 3.4.8-1 (bug #760999) [squeeze] - squid3 (Minor issue) [wheezy] - squid3 (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=891268 NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt CVE-2014-6268 (The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest u ...) - xen 4.4.1-3 [wheezy] - xen (Affects only Xen 4.4 onwards) [squeeze] - xen (Affects only Xen 4.4 onwards) CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote att ...) NOT-FOR-US: CPUMiner, related to cgminer according to #773624 CVE-2014-6250 RESERVED CVE-2014-6249 RESERVED CVE-2014-6248 RESERVED CVE-2014-6247 RESERVED CVE-2014-6246 RESERVED CVE-2014-6245 RESERVED CVE-2014-6244 RESERVED CVE-2014-6243 (Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer p ...) NOT-FOR-US: WordPress plugin EWWW Image Optimizer CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security & ...) NOT-FOR-US: WordPress plugin All In One WP Security CVE-2014-6230 (WP-Ban plugin before 1.6.4 for WordPress, when running in certain conf ...) NOT-FOR-US: WordPress plugin WP-Ban CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook Hip ...) NOT-FOR-US: Facebook HipHop Virtual Machine CVE-2014-6228 (Integer overflow in the string_chunk_split function in hphp/runtime/ba ...) NOT-FOR-US: Facebook HipHop Virtual Machine CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 al ...) {DSA-3019-1 DLA-46-1} - procmail 3.22-22 (bug #760443) NOTE: https://www.openwall.com/lists/oss-security/2014/09/03/8 CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...) NOT-FOR-US: TYPO3 extension wt_directory CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar ...) NOT-FOR-US: TYPO3 extension weeaar_googlesitemap CVE-2014-6239 (SQL injection vulnerability in the Address visualization with Google M ...) NOT-FOR-US: TYPO3 extension st_address_map CVE-2014-6238 (Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB ...) NOT-FOR-US: TYPO3 extension Akronymmanager CVE-2014-6237 (Cross-site scripting (XSS) vulnerability in the News Pack extension 0. ...) NOT-FOR-US: TYPO3 extension News Pack CVE-2014-6236 (Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) ...) NOT-FOR-US: TYPO3 extension lumophpinclude CVE-2014-6235 (Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for ...) NOT-FOR-US: TYPO3 extension DomPDF CVE-2014-6234 (Cross-site scripting (XSS) vulnerability in the Open Graph protocol (j ...) NOT-FOR-US: TYPO3 extension jh_opengraphprotocol CVE-2014-6233 (SQL injection vulnerability in the Flat Manager (flatmgr) extension be ...) NOT-FOR-US: TYPO3 extension flatmgr CVE-2014-6232 (Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.1 ...) NOT-FOR-US: TYPO3 extension eu_ldap CVE-2014-6231 (Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extens ...) NOT-FOR-US: TYPO3 extension cwt_feedit NOTE: This is different from the feedit extension in typo3-src. CVE-2014-6227 RESERVED CVE-2014-6226 RESERVED CVE-2014-6225 RESERVED CVE-2014-6224 RESERVED CVE-2014-6223 RESERVED CVE-2014-6222 (Directory traversal vulnerability in IBM Marketing Operations 7.x and ...) NOT-FOR-US: IBM Marketing Operations CVE-2014-6221 (The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational Cle ...) NOT-FOR-US: IBM Rational ClearCase CVE-2014-6220 RESERVED CVE-2014-6219 RESERVED CVE-2014-6218 RESERVED CVE-2014-6217 RESERVED CVE-2014-6216 RESERVED CVE-2014-6215 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...) NOT-FOR-US: IBM CVE-2014-6214 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Porta ...) NOT-FOR-US: IBM CVE-2014-6213 RESERVED CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...) NOT-FOR-US: IBM CVE-2014-6211 (The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.1 ...) NOT-FOR-US: IBM CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...) NOT-FOR-US: IBM CVE-2014-6209 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 thro ...) NOT-FOR-US: IBM CVE-2014-6208 RESERVED CVE-2014-6207 RESERVED CVE-2014-6206 RESERVED CVE-2014-6205 RESERVED CVE-2014-6204 RESERVED CVE-2014-6203 RESERVED CVE-2014-6202 RESERVED CVE-2014-6201 RESERVED CVE-2014-6200 RESERVED CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x a ...) NOT-FOR-US: IBM CVE-2014-6198 (Cross-site request forgery (CSRF) vulnerability in IBM Security Networ ...) NOT-FOR-US: IBM CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and ...) NOT-FOR-US: IBM CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory ...) NOT-FOR-US: IBM WEF CVE-2014-6195 (The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage ...) NOT-FOR-US: IBM Tivoli CVE-2014-6194 (Directory traversal vulnerability in an unspecified web form in IBM Ma ...) NOT-FOR-US: IBM Maximo CVE-2014-6193 (IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, ...) NOT-FOR-US: IBM CVE-2014-6192 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...) NOT-FOR-US: IBM CVE-2014-6191 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...) NOT-FOR-US: IBM CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remo ...) NOT-FOR-US: IBM CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security Network Prote ...) NOT-FOR-US: IBM CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere S ...) NOT-FOR-US: IBM CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM WebS ...) NOT-FOR-US: IBM CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3. ...) NOT-FOR-US: IBM CVE-2014-6185 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6. ...) NOT-FOR-US: IBM NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715 CVE-2014-6184 (Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Stor ...) NOT-FOR-US: IBM Tivoli CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before ...) NOT-FOR-US: IBM Security Network Protection CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...) NOT-FOR-US: IBM CVE-2014-6181 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0. ...) NOT-FOR-US: IBM CVE-2014-6180 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...) NOT-FOR-US: IBM CVE-2014-6179 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...) NOT-FOR-US: IBM CVE-2014-6178 (Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphe ...) NOT-FOR-US: IBM CVE-2014-6177 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0. ...) NOT-FOR-US: IBM CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0 ...) NOT-FOR-US: IBM CVE-2014-6175 (Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7 ...) NOT-FOR-US: IBM Marketing Operations CVE-2014-6174 (IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0 ...) NOT-FOR-US: IBM CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in I ...) NOT-FOR-US: IBM CVE-2014-6172 (IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to o ...) NOT-FOR-US: IBM CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...) NOT-FOR-US: IBM CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...) NOT-FOR-US: IBM CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience Build ...) NOT-FOR-US: IBM Forms Experience Builder CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security Identi ...) NOT-FOR-US: IBM CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...) NOT-FOR-US: IBM CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM WebSphere ...) NOT-FOR-US: IBM CVE-2014-6165 RESERVED CVE-2014-6164 (IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x befor ...) NOT-FOR-US: IBM CVE-2014-6163 (Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPowe ...) NOT-FOR-US: IBM CVE-2014-6162 RESERVED CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...) NOT-FOR-US: IBM CVE-2014-6160 (IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0. ...) NOT-FOR-US: IBM CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 t ...) NOT-FOR-US: IBM CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload featur ...) NOT-FOR-US: IBM CVE-2014-6157 RESERVED CVE-2014-6156 RESERVED CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...) NOT-FOR-US: IBM CVE-2014-6154 (Directory traversal vulnerability in IBM Optim Performance Manager for ...) NOT-FOR-US: IBM Optim CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 ...) NOT-FOR-US: IBM CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Inte ...) NOT-FOR-US: IBM Tivoli CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2 ...) NOT-FOR-US: IBM Tivoli CVE-2014-6150 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dep ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2014-6149 (Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Applica ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 th ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2014-6147 (IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3. ...) NOT-FOR-US: IBM FSM CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Dire ...) NOT-FOR-US: IBM CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...) NOT-FOR-US: IBM CVE-2014-6144 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...) NOT-FOR-US: IBM CVE-2014-6143 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allo ...) NOT-FOR-US: IBM CVE-2014-6142 RESERVED CVE-2014-6141 (IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6. ...) NOT-FOR-US: IBM CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0. ...) NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components CVE-2014-6139 (The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, ...) NOT-FOR-US: IBM BPM CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allo ...) NOT-FOR-US: IBM CVE-2014-6137 (Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page ...) NOT-FOR-US: IBM Endpoint Manager CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports ...) NOT-FOR-US: IBM CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8. ...) NOT-FOR-US: IBM CVE-2014-6134 (IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, ...) NOT-FOR-US: IBM CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain sen ...) NOT-FOR-US: IBM API Management CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...) NOT-FOR-US: IBM CVE-2014-6131 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...) NOT-FOR-US: IBM CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...) NOT-FOR-US: IBM Notes Traveler application for Android CVE-2014-6129 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...) NOT-FOR-US: IBM CVE-2014-6128 RESERVED CVE-2014-6127 RESERVED CVE-2014-6126 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-6125 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Porta ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-6124 RESERVED CVE-2014-6123 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0. ...) NOT-FOR-US: IBM CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8. ...) NOT-FOR-US: IBM CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enter ...) NOT-FOR-US: IBM CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0. ...) NOT-FOR-US: IBM Rational AppScan Source CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8. ...) NOT-FOR-US: IBM CVE-2014-6118 RESERVED CVE-2014-6117 RESERVED CVE-2014-6116 (The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L14091 ...) NOT-FOR-US: IBM WebSphere CVE-2014-6115 (IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authent ...) NOT-FOR-US: IBM Rational Insight CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Server i ...) NOT-FOR-US: IBM WebSphere CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports component ...) NOT-FOR-US: IBM Tivoli CVE-2014-6112 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...) NOT-FOR-US: IBM CVE-2014-6111 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...) NOT-FOR-US: IBM CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properl ...) NOT-FOR-US: IBM CVE-2014-6109 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...) NOT-FOR-US: IBM CVE-2014-6108 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and S ...) NOT-FOR-US: IBM CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote at ...) NOT-FOR-US: IBM CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security Identi ...) NOT-FOR-US: IBM CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote at ...) NOT-FOR-US: IBM CVE-2014-6104 RESERVED CVE-2014-6103 RESERVED CVE-2014-6102 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5. ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-6101 (Cross-site scripting (XSS) vulnerability in the redirect-login feature ...) NOT-FOR-US: IBM Business Process Manager CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x throu ...) NOT-FOR-US: IBM Sterling CVE-2014-6098 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote at ...) NOT-FOR-US: IBM CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Window ...) NOT-FOR-US: IBM CVE-2014-6096 (Cross-site scripting (XSS) vulnerability in IBM Security Identity Mana ...) NOT-FOR-US: IBM CVE-2014-6095 (Directory traversal vulnerability in IBM Security Identity Manager 6.x ...) NOT-FOR-US: IBM CVE-2014-6094 RESERVED CVE-2014-6093 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x ...) NOT-FOR-US: IBM WebSphere CVE-2014-6092 (IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-6091 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-6090 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-6089 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6088 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6087 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6086 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6085 RESERVED CVE-2014-6084 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6083 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6082 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6081 RESERVED CVE-2014-6080 (SQL injection vulnerability in IBM Security Access Manager for Mobile ...) NOT-FOR-US: IBM CVE-2014-6079 (Cross-site scripting (XSS) vulnerability in the Local Management Inter ...) NOT-FOR-US: IBM Security Access Manager CVE-2014-6078 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6077 (Cross-site request forgery (CSRF) vulnerability in IBM Security Access ...) NOT-FOR-US: IBM CVE-2014-6076 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security A ...) NOT-FOR-US: IBM CVE-2014-6075 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-6074 (IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated us ...) NOT-FOR-US: IBM UrbanCode Deploy CVE-2014-6073 RESERVED CVE-2014-6072 RESERVED CVE-2014-6071 (jQuery 1.4.2 allows remote attackers to conduct cross-site scripting ( ...) - jquery 1.6.1-1 [squeeze] - jquery (Only exploitable when following anti-patterns) NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=1136683#c2 CVE-2014-6069 RESERVED CVE-2014-6068 RESERVED CVE-2014-6067 RESERVED CVE-2014-6066 RESERVED CVE-2014-6065 RESERVED CVE-2014-6064 (The Accounts tab in the administrative user interface in McAfee Web Ga ...) NOT-FOR-US: McAfee Web Gateway CVE-2014-6063 RESERVED CVE-2014-6062 RESERVED CVE-2014-6061 RESERVED CVE-2014-6059 (WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary ...) NOT-FOR-US: WordPress Advanced Access Manager Plugin CVE-2014-6058 RESERVED CVE-2014-6057 RESERVED CVE-2014-6056 RESERVED CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...) {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc 1:3.0.1+dfsg1-1 NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677 NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement) NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2 CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...) {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc 1:3.0.1+dfsg1-1 NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446 NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening) NOTE: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548 (required for sparc) NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening) NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening) CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...) {DSA-3081-1 DLA-2045-1 DLA-2014-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc 1:3.0.1+dfsg1-1 - tightvnc 1:1.3.9-9.1 [buster] - tightvnc 1:1.3.9-9deb10u1 [stretch] - tightvnc 1:1.3.9-9+deb9u1 - vino 3.22.0-6 (bug #945784) [buster] - vino (Minor issue) [stretch] - vino (Minor issue) NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28 CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibV ...) {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc 1:3.0.1+dfsg1-1 - veyon 4.1.4+repack1-1 NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812 CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in L ...) {DSA-3081-1 DLA-1979-1 DLA-197-1} - libvncserver 0.9.9+dfsg-6.1 (bug #762745) - italc 1:3.0.1+dfsg1-1 - veyon 4.1.4+repack1-1 NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273 CVE-2014-6050 (phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA p ...) NOT-FOR-US: phpMyFAQ CVE-2014-6049 (phpMyFAQ before 2.8.13 allows remote authenticated users with admin pr ...) NOT-FOR-US: phpMyFAQ CVE-2014-6048 (phpMyFAQ before 2.8.13 allows remote attackers to read arbitrary attac ...) NOT-FOR-US: phpMyFAQ CVE-2014-6047 (phpMyFAQ before 2.8.13 allows remote authenticated users with certain ...) NOT-FOR-US: phpMyFAQ CVE-2014-6046 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ ...) NOT-FOR-US: phpMyFAQ CVE-2014-6045 (SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote au ...) NOT-FOR-US: phpMyFAQ CVE-2014-6044 RESERVED CVE-2014-6043 (ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 ...) NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer CVE-2014-6042 RESERVED CVE-2014-6041 (The Android WebView in Android before 4.4 allows remote attackers to b ...) NOT-FOR-US: Android Browser application CVE-2014-6039 (ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2014-6038 (Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO M ...) NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer CVE-2014-6036 (Directory traversal vulnerability in the multipartRequest servlet in Z ...) NOT-FOR-US: ZOHO CVE-2014-6035 (Directory traversal vulnerability in the FileCollector servlet in ZOHO ...) NOT-FOR-US: ZOHO CVE-2014-6034 (Directory traversal vulnerability in the com.me.opmanager.extranet.rem ...) NOT-FOR-US: ZOHO CVE-2014-6033 REJECTED CVE-2014-6032 (Multiple XML External Entity (XXE) vulnerabilities in the Configuratio ...) NOT-FOR-US: F5 Networks Big-IP CVE-2014-6031 (Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10 ...) NOT-FOR-US: F5 BIG-IP systems CVE-2014-6030 (Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET b ...) NOT-FOR-US: ClassApps SelectSurvey.NET CVE-2014-6026 RESERVED CVE-2014-6025 (The Chartboost library before 2.0.2 for Android does not verify X.509 ...) NOT-FOR-US: Chartboost library for Android CVE-2014-6024 (The Flurry library before 3.4.0 for Android does not verify X.509 cert ...) NOT-FOR-US: Flurry library for Android CVE-2014-6023 (The s-peek credit rating report (aka com.rhomobile.speek) application ...) NOT-FOR-US: s-peek credit rating report (aka com.rhomobile.speek) application for Android CVE-2014-6022 (The Versent Books (aka com.versentbooks) application 1.1.99 for Androi ...) NOT-FOR-US: Versent Books (aka com.versentbooks) application for Android CVE-2014-6021 (The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) app ...) NOT-FOR-US: Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application for Android CVE-2014-6020 (The Fuel Rewards Network (aka com.excentus.frn) application 1 for Andr ...) NOT-FOR-US: Fuel Rewards Network (aka com.excentus.frn) application for Android CVE-2014-6019 (The psychology (aka com.alek.psychology) application 1.0.2 for Android ...) NOT-FOR-US: psychology (aka com.alek.psychology) application for Android CVE-2014-6018 (The global beauty research (aka com.appems.topgirl) application 1.6 fo ...) NOT-FOR-US: global beauty research (aka com.appems.topgirl) application for Android CVE-2014-6017 (The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android ...) NOT-FOR-US: Doodle Drop (aka net.lazyer.DoodleDrop) application for Android CVE-2014-6016 (The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android ...) NOT-FOR-US: Celluloid (aka com.eurisko.celluloid) application for Android CVE-2014-6015 (The TuCarro (aka com.tucarro) application 2.0.5 for Android does not v ...) NOT-FOR-US: TuCarro (aka com.tucarro) application for Android CVE-2014-6014 (The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) applicatio ...) NOT-FOR-US: Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application for Android CVE-2014-6013 (The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for Andr ...) NOT-FOR-US: nuSquare (aka tw.com.nuphoto.nusquare) application for Android CVE-2014-6012 (The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does ...) NOT-FOR-US: Gravity Bounce (aka net.toddm.gb) application for Android CVE-2014-6011 (The cutprice (aka kr.co.wedoit.cutprice) application 1.0.4 for Android ...) NOT-FOR-US: cutprice (aka kr.co.wedoit.cutprice) application for Android CVE-2014-6010 (The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) applicatio ...) NOT-FOR-US: Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application for Android CVE-2014-6009 (The Zombie Detector (aka com.jimmybolstad.zombiedetector) application ...) NOT-FOR-US: Zombie Detector (aka com.jimmybolstad.zombiedetector) application for Android CVE-2014-6008 (The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for Andr ...) NOT-FOR-US: Blitz Bingo (aka com.appMobi.sbbingo.app) application for Android CVE-2014-6007 (The LikeHero Get Instagram Likes (aka com.fraoula.likehero) applicatio ...) NOT-FOR-US: LikeHero Get Instagram Likes (aka com.fraoula.likehero) application for Android CVE-2014-6006 (The Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application ...) NOT-FOR-US: Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application for Android CVE-2014-6005 (The Survey.com Mobile (aka com.survey.android) application 3.2.16 for ...) NOT-FOR-US: Survey.com Mobile (aka com.survey.android) application for Android CVE-2014-6004 (The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 ...) NOT-FOR-US: Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application for Android CVE-2014-6003 (The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application ...) NOT-FOR-US: Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application for Android CVE-2014-6002 (The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android ...) NOT-FOR-US: DTE Energy (aka com.dteenergy.mydte) application for Android CVE-2014-6001 (The gewara (aka com.gewara) application 5.2.3 for Android does not ver ...) NOT-FOR-US: gewara (aka com.gewara) application for Android CVE-2014-6000 (The FreshDirect (aka com.freshdirect.android) application 2.7.1 for An ...) NOT-FOR-US: FreshDirect (aka com.freshdirect.android) application for Android CVE-2014-5999 (The autonavi (aka com.telenav.doudouyou.android.autonavi) application ...) NOT-FOR-US: autonavi (aka com.telenav.doudouyou.android.autonavi) application for Android CVE-2014-5998 (The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android d ...) NOT-FOR-US: SkyDrive Assistant (aka com.dhh.sky) application for Android CVE-2014-5997 (The Auto Trader (aka za.co.autotrader.android.app) application 2 for A ...) NOT-FOR-US: Auto Trader (aka za.co.autotrader.android.app) application for Android CVE-2014-5996 (The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3. ...) NOT-FOR-US: DEKRA Used Car Report (aka com.dekra.maengelreport) application for Android CVE-2014-5995 (The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android ...) NOT-FOR-US: eWUS mobile (aka pl.dreryk.ewustest) application for Android CVE-2014-5994 (The ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application ...) NOT-FOR-US: ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application for Android CVE-2014-5993 (The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for An ...) NOT-FOR-US: MLB Preplay (aka com.preplay.android.mlb) application for Android CVE-2014-5992 (The successsecrets (aka com.alek.successsecrets) application 1.2.3 for ...) NOT-FOR-US: successsecrets (aka com.alek.successsecrets) application for Android CVE-2014-5991 (The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) ...) NOT-FOR-US: Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application for Android CVE-2014-5990 (The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Androi ...) NOT-FOR-US: cookbible (aka net.bookjam.cookbible) application for Android CVE-2014-5989 (The baby days (aka jp.co.cyberagent.babydays) application 1.5.8 for An ...) NOT-FOR-US: baby days (aka jp.co.cyberagent.babydays) application for Android CVE-2014-5988 (The Azkend Gold (aka com.the10tons.azkend.gold) application 1.2.6 for ...) NOT-FOR-US: Azkend Gold (aka com.the10tons.azkend.gold) application for Android CVE-2014-5987 (The My3 - by 3HK (aka com.my3) application @7F0A0001 for Android does ...) NOT-FOR-US: My3 - by 3HK (aka com.my3) application for Android CVE-2014-5986 (The Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) ...) NOT-FOR-US: Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) application for Android CVE-2014-5985 (The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application ...) NOT-FOR-US: Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application for Android CVE-2014-5984 (The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 f ...) NOT-FOR-US: Little Dragons (aka com.playcomo.dragongame) application for Android CVE-2014-5983 (The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) applic ...) NOT-FOR-US: Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application for Android CVE-2014-5982 (The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pr ...) NOT-FOR-US: RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application for Android CVE-2014-5981 (The MoWeather (aka com.moji.moweather) application 1.40.05 for Android ...) NOT-FOR-US: MoWeather (aka com.moji.moweather) application for Android CVE-2014-5980 (The Genertel (aka com.genertel) application 2.6.0 for Android does not ...) NOT-FOR-US: Genertel (aka com.genertel) application for Android CVE-2014-5979 (The TV Bengali Open Directory (aka com.TVBengali) application 1.4 for ...) NOT-FOR-US: TV Bengali Open Directory (aka com.TVBengali) application for Android CVE-2014-5978 (The memetan (aka memetan.android.com.activity) application 1.1.0 for A ...) NOT-FOR-US: memetan (aka memetan.android.com.activity) application for Android CVE-2014-5977 (The Mobile Face (aka com.wFacemobile) application 0.74.13432.91159 for ...) NOT-FOR-US: Mobile Face (aka com.wFacemobile) application for Android CVE-2014-5976 (The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android ...) NOT-FOR-US: alibaba (aka com.alibaba.wireless) application for Android CVE-2014-5975 (The eponyms (aka com.anddeveloper.eponyms) application 3.2 for Android ...) NOT-FOR-US: eponyms (aka com.anddeveloper.eponyms) application for Android CVE-2014-5974 (The PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application 2.2 ...) NOT-FOR-US: PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application for Android CVE-2014-5973 (The Aquarium Advice (aka com.socialknowledge.aquariumadvice) applicati ...) NOT-FOR-US: Aquarium Advice (aka com.socialknowledge.aquariumadvice) application for Android CVE-2014-5972 (The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 ...) NOT-FOR-US: Loving - Couple Essential (aka com.xiaoenai.app) application for Android CVE-2014-5971 (The Fiksu library for Android does not verify X.509 certificates from ...) NOT-FOR-US: Fiksu library for Android CVE-2014-5970 (The BabyBus (aka com.sinyee.babybus.concert.ru) application 3.91 for A ...) NOT-FOR-US: BabyBus (aka com.sinyee.babybus.concert.ru) application for Android CVE-2014-5969 (The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 ...) NOT-FOR-US: healthylifestyle (aka com.alek.healthylifestyle) application for Android CVE-2014-5968 (The iGolf - Golf GPS (aka com.igolf) application 20 for Android does n ...) NOT-FOR-US: iGolf - Golf GPS (aka com.igolf) application for Android CVE-2014-5967 (The Designs Nail Arts (aka com.decoracionesnailart.flickr) application ...) NOT-FOR-US: Designs Nail Arts (aka com.decoracionesnailart.flickr) application for Android CVE-2014-5966 (The Dreamland Super Theme GO Gold (aka com.gau.go.launcherex.viptheme. ...) NOT-FOR-US: Designs Nail Arts (aka com.decoracionesnailart.flickr) application for Android CVE-2014-5965 (The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 ...) NOT-FOR-US: GrooveMusic (aka com.mobincube.android.sc_2HKFF) application for Android CVE-2014-5964 (The MegaBank (aka com.megabank.mobilebank) application 2.0 for Android ...) NOT-FOR-US: MegaBank (aka com.megabank.mobilebank) application for Android CVE-2014-5963 (The Halieutics (aka com.corn.Halieutics) application 21.40.5 for Andro ...) NOT-FOR-US: Halieutics (aka com.corn.Halieutics) application for Android CVE-2014-5962 (The Guess The Actor (aka com.gamelikeinc.actors) application 1.1 for A ...) NOT-FOR-US: Guess The Actor (aka com.gamelikeinc.actors) application for Android CVE-2014-5961 (The russiananime (aka com.rareartifact.russiananime68A5CCFE) applicati ...) NOT-FOR-US: russiananime (aka com.rareartifact.russiananime68A5CCFE) application for Android CVE-2014-5960 (The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android doe ...) NOT-FOR-US: BundesArztsuche (aka de.kbv.bas) application for Android CVE-2014-5959 (The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android do ...) NOT-FOR-US: tx Smart (aka com.wooriwm.txsmart) application for Android CVE-2014-5958 (The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) applicat ...) NOT-FOR-US: ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application for Android CVE-2014-5957 (The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Andr ...) NOT-FOR-US: Alien War Survivors (aka com.ly.a13.gp) application for Android CVE-2014-5956 (The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 f ...) NOT-FOR-US: VPlayer Video Player (aka me.abitno.vplayer.t) application for Android CVE-2014-5955 (The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Andro ...) NOT-FOR-US: Atomic Fusion (aka com.bytesized.fusion) application for Android CVE-2014-5954 (The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 ...) NOT-FOR-US: State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application for Android CVE-2014-5953 (The KASKUS (aka com.kaskus.android) application 2.13.0 for Android doe ...) NOT-FOR-US: KASKUS (aka com.kaskus.android) application for Android CVE-2014-5952 (The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android ...) NOT-FOR-US: E-Dziennik (aka com.librus.dziennik) application for Android CVE-2014-5951 (The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Androi ...) NOT-FOR-US: SinoPac (aka com.sionpac.app.SinoPac) application for Android CVE-2014-5950 (The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for An ...) NOT-FOR-US: NOW (aka com.smtown.smtownnow.androidapp) application for Android CVE-2014-5949 (The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) ...) NOT-FOR-US: TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application for Android CVE-2014-5948 (The Obama for America (aka com.barackobama.ofa) application 1.02 for A ...) NOT-FOR-US: Obama for America (aka com.barackobama.ofa) application for Android CVE-2014-5947 (The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for ...) NOT-FOR-US: psicofxp (aka com.tapatalk.psicofxpcom) application for Android CVE-2014-5946 (The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) applicati ...) NOT-FOR-US: forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application for Android CVE-2014-5945 (The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 f ...) NOT-FOR-US: Edline Mobile (aka com.wEdlineFree) application for Android CVE-2014-5944 (The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does ...) NOT-FOR-US: Soccer Blitz (aka soccer.blitz) application for Android CVE-2014-5943 (The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta ...) NOT-FOR-US: LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application for Android CVE-2014-5942 (The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) applica ...) NOT-FOR-US: Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application for Android CVE-2014-5941 (The Armpit Spa & Girl Games (aka com.freegames.spamakeover) applic ...) NOT-FOR-US: Armpit Spa & Girl Games (aka com.freegames.spamakeover) application for Android CVE-2014-5940 (The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for A ...) NOT-FOR-US: PocketPC.ch (aka com.tapatalk.pocketpcch) application for Android CVE-2014-5939 (The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.1 ...) NOT-FOR-US: travelzadcomvb (aka com.tapatalk.travelzadcomvb) application for Android CVE-2014-5938 (The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2 ...) NOT-FOR-US: AllDealsAsia All Deals ADA app (aka com.ada.deals) application for Android CVE-2014-5937 (The Social Networking (aka com.wSocialNetworkingSites) application 0.3 ...) NOT-FOR-US: Social Networking (aka com.wSocialNetworkingSites) application for Android CVE-2014-5936 (The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4 ...) NOT-FOR-US: INCOgnito Private Browser (aka com.SL.InCoBrowser) application for Android CVE-2014-5935 (The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) applicati ...) NOT-FOR-US: Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application for Android CVE-2014-5934 (The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android d ...) NOT-FOR-US: Flurv Chat (aka com.flurv.android) application for Android CVE-2014-5933 (The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Andro ...) NOT-FOR-US: Coke Studio 7 (aka com.cokeshare.pakistan) application for Android CVE-2014-5932 (The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) applic ...) NOT-FOR-US: Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application for Android CVE-2014-5931 (The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) appl ...) NOT-FOR-US: Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application for Android CVE-2014-5930 (The Store and Share (aka sg.com.singnet.mystorage.android) application ...) NOT-FOR-US: Store and Share (aka sg.com.singnet.mystorage.android) application for Android CVE-2014-5929 (The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Androi ...) NOT-FOR-US: emartmall (aka kr.co.emart.emartmall) application for Android CVE-2014-5928 (The Steganos Online Shield VPN (aka com.steganos.onlineshield) applica ...) NOT-FOR-US: Steganos Online Shield VPN (aka com.steganos.onlineshield) application for Android CVE-2014-5927 (The FastCustomer -- Fast Customer (aka www.fastcustomer.com) applicati ...) NOT-FOR-US: FastCustomer -- Fast Customer (aka www.fastcustomer.com) application for Android CVE-2014-5926 (The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application ...) NOT-FOR-US: DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application for Android CVE-2014-5925 (The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBes ...) NOT-FOR-US: 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application for Android CVE-2014-5924 (The Monster Makeup (aka com.bearhugmedia.android_monster) application ...) NOT-FOR-US: Monster Makeup (aka com.bearhugmedia.android_monster) application for Android CVE-2014-5923 (The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 fo ...) NOT-FOR-US: Facebook Status Via (aka com.StatusViaAdvanced) application for Android CVE-2014-5922 (The ga6748 (aka com.g.ga6748) application 1 for Android does not verif ...) NOT-FOR-US: ga6748 (aka com.g.ga6748) application for Android CVE-2014-5921 (The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0. ...) NOT-FOR-US: Need for Speed Network (aka com.ea.nfsautolog.bv) application for Android CVE-2014-5920 (The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Androi ...) NOT-FOR-US: VK Amberfog (aka com.amberfog.vkfree) application for Android CVE-2014-5919 (The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4 ...) NOT-FOR-US: SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application for Android CVE-2014-5918 (The Secret Circle - talk freely (aka com.easyxapp.secret) application ...) NOT-FOR-US: Secret Circle - talk freely (aka com.easyxapp.secret) application for Android CVE-2014-5917 (The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does ...) NOT-FOR-US: Slideshow 365 (aka com.Slideshow) application for Android CVE-2014-5916 (The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Andr ...) NOT-FOR-US: Minha Oi (aka br.com.mobicare.minhaoi) application for Android CVE-2014-5915 (The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) applica ...) NOT-FOR-US: Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application for Android CVE-2014-5914 (The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) applicat ...) NOT-FOR-US: Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application for Android CVE-2014-5913 (The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android ...) NOT-FOR-US: Allies in War (aka com.gamelion.aiw) application for Android CVE-2014-5912 (The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Andro ...) NOT-FOR-US: InNote (aka com.intsig.notes) application for Android CVE-2014-5911 (The Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) ...) NOT-FOR-US: Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application for Android CVE-2014-5910 (The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application ...) NOT-FOR-US: Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application for Android CVE-2014-5909 (The watcha (aka com.frograms.watcha) application 2.0.2 for Android doe ...) NOT-FOR-US: watcha (aka com.frograms.watcha) application for Android CVE-2014-5908 (The Kmart (aka com.kmart.android) application @7F0C00EF for Android do ...) NOT-FOR-US: Kmart (aka com.kmart.android) application for Android CVE-2014-5907 (The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for Andro ...) NOT-FOR-US: Pet Salon (aka com.libiitech.petsalon) application for Android CVE-2014-5906 (The Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) ...) NOT-FOR-US: Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) application for Android CVE-2014-5905 (The Grocery List - Tomatoes (aka com.meucarrinho) application 5.1.4 fo ...) NOT-FOR-US: Grocery List - Tomatoes (aka com.meucarrinho) application for Android CVE-2014-5904 (The MiniInTheBox Online Shopping (aka com.miniinthebox.android) applic ...) NOT-FOR-US: MiniInTheBox Online Shopping (aka com.miniinthebox.android) application for Android CVE-2014-5903 (The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for Andro ...) NOT-FOR-US: Mobile@Work (aka com.mobileiron) application for Android CVE-2014-5902 (The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) applicat ...) NOT-FOR-US: UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application for Android CVE-2014-5901 (The Beauty Bible - App for Girls (aka com.my.beauty.bible) application ...) NOT-FOR-US: Beauty Bible - App for Girls (aka com.my.beauty.bible) application for Android CVE-2014-5900 (The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 ...) NOT-FOR-US: myHomework Student Planner (aka com.myhomeowork) application for Android CVE-2014-5899 (The Nespresso (aka com.nespresso.activities) application 2.4.1 for And ...) NOT-FOR-US: Nespresso (aka com.nespresso.activities) application for Android CVE-2014-5898 (The Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck ...) NOT-FOR-US: Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck.driver.simulator3d) application for Android CVE-2014-5897 (The Parallel Mafia MMORPG (aka com.perblue.pm.client) application @7F0 ...) NOT-FOR-US: Parallel Mafia MMORPG (aka com.perblue.pm.client) application for Android CVE-2014-5896 (The GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) appl ...) NOT-FOR-US: GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) application for Android CVE-2014-5895 (The ShopYourWay (aka com.sears.shopyourway) application 1.9 for Androi ...) NOT-FOR-US: ShopYourWay (aka com.sears.shopyourway) application for Android CVE-2014-5894 (The AireTalk: Text, Call, & More! (aka com.pingshow.amper) applica ...) NOT-FOR-US: AireTalk: Text, Call, & More! (aka com.pingshow.amper) application for Android CVE-2014-5893 (The froyo (aka com.shinsegae.mobile.froyo) application 5.1.3 for Andro ...) NOT-FOR-US: froyo (aka com.shinsegae.mobile.froyo) application for Android CVE-2014-5892 (The greenbill (aka com.show.greenbill_G) application 2.0.3 for Android ...) NOT-FOR-US: greenbill (aka com.show.greenbill_G) application for Android CVE-2014-5891 (The SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application 1.1 ...) NOT-FOR-US: SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application for Android CVE-2014-5890 (The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Androi ...) NOT-FOR-US: KBO sports2i 2014 (aka com.sports2i) application for Android CVE-2014-5889 (The Android Forums (aka com.tapatalk.androidforumscom) application 2.4 ...) NOT-FOR-US: Android Forums (aka com.tapatalk.androidforumscom) application for Android CVE-2014-5888 (The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) appli ...) NOT-FOR-US: SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application for Android CVE-2014-5887 (The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for ...) NOT-FOR-US: Yell Local Search (aka com.yell.launcher2) application for Android CVE-2014-5886 (The iVysilani ceske televize (aka cz.motion.ivysilani) application 1.6 ...) NOT-FOR-US: iVysilani ceske televize (aka cz.motion.ivysilani) application for Android CVE-2014-5885 (The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android ...) NOT-FOR-US: Disaster Alert (aka disasterAlert.PDC) application for Android CVE-2014-5884 (The 1&1 Online Storage (aka de.einsundeins.smartdrive) application ...) NOT-FOR-US: 1&1 Online Storage (aka de.einsundeins.smartdrive) application for Android CVE-2014-5883 (The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does ...) NOT-FOR-US: 7-ELEVEN (aka ecowork.seven) application for Android CVE-2014-5882 (The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does n ...) NOT-FOR-US: Homoo Ijiri (aka jp.co.applica) application for Android CVE-2014-5881 (The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 ...) NOT-FOR-US: Yahoo! ybox application for android CVE-2014-5879 (The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does ...) NOT-FOR-US: tvguide application for Android CVE-2014-5878 (The ium (aka net.ium.mobile.android) application 3.3.4 for Android doe ...) NOT-FOR-US: ium application for Android CVE-2014-5877 (The TV Guide (aka net.micene.minigroup.palimpsests.lite) application 5 ...) NOT-FOR-US: TV Guide application for Android CVE-2014-5876 (The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does ...) NOT-FOR-US: WD My Cloud application for Android CVE-2014-5875 (The Sylphone (aka com.sylpheo.prospectosyl) application 5.3.8 for Andr ...) NOT-FOR-US: Sylphone application for Android CVE-2014-5874 (The SplashID (aka com.splashidandroid) application 7.2.2 for Android d ...) NOT-FOR-US: SplashID application for Android CVE-2014-5873 (The Sears (aka com.sears.android) application 6.2.8 for Android does n ...) NOT-FOR-US: Sears application for Android CVE-2014-5872 (The SafeNetMobile Pass (aka securecomputing.devices.android.controller ...) NOT-FOR-US: SafeNetMobile Pass application for Android CVE-2014-5871 (The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Andro ...) NOT-FOR-US: Piwik Mobile 2 application for Android CVE-2014-5870 (The Kmart (aka com.kmart.android) application 6.2.8 for Android does n ...) NOT-FOR-US: Kmart application for Android CVE-2014-5869 (The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for And ...) NOT-FOR-US: CNNMoney Portfolio application for Android CVE-2014-5868 (The Cisco Technical Support (aka com.cisco.swtg_android) application 3 ...) NOT-FOR-US: Cisco Technical Support application for Android CVE-2014-5867 (The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0. ...) NOT-FOR-US: Capital One Spark Pay application for Android CVE-2014-5866 (The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify ...) NOT-FOR-US: CA DMV application for Android CVE-2014-5865 (The Ask.com (aka com.ask.android) application 2.2.5 for Android does n ...) NOT-FOR-US: Ask.com application for Android CVE-2014-5864 (The Swish payments (aka se.bankgirot.swish) application 2 for Android ...) NOT-FOR-US: Swish payments application for Android CVE-2014-5863 (The mpang.gp (aka air.com.cjenm.mpang.gp) application 4.0.0 for Androi ...) NOT-FOR-US: mpang.gp application for Android CVE-2014-5862 (The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Androi ...) NOT-FOR-US: ecalendar2 application for Android CVE-2014-5861 (The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for ...) NOT-FOR-US: BoyAhoy application for Android CVE-2014-5860 (The Slide Show Creator (aka com.amem) application 4.4.3 for Android do ...) NOT-FOR-US: Slide Show Creator application for Android CVE-2014-5859 (The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring ...) NOT-FOR-US: Star Girl application for Android CVE-2014-5858 (The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for ...) NOT-FOR-US: Candy Blast application for Android CVE-2014-5857 (The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 f ...) NOT-FOR-US: White & Yellow Pages application for Android CVE-2014-5856 (The Selfie Camera -Facial Beauty- (aka com.cfinc.cunpic) application 1 ...) NOT-FOR-US: Selfie Camera application for Android CVE-2014-5855 (The CJmall (aka com.cjoshppingphone) application 4.1.8 for Android doe ...) NOT-FOR-US: CJmall application for Android CVE-2014-5854 (The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1 ...) NOT-FOR-US: Windows Live Hotmail PUSH mail application for Android CVE-2014-5853 (The Knights N Squires (aka com.com2us.imhero.normal.freefull.google.gl ...) NOT-FOR-US: Knights N Squires application for Android CVE-2014-5852 (The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.andro ...) NOT-FOR-US: Kakao application for Android CVE-2014-5851 (The Dark Summoner (aka com.darksummoner) application 1.03.39 for Andro ...) NOT-FOR-US: Dark Summoner application for Android CVE-2014-5850 (The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for Andr ...) NOT-FOR-US: Kaave Fali application for Android CVE-2014-5849 (The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1 ...) NOT-FOR-US: Maleficent Free Fall application for Android CVE-2014-5848 (The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 f ...) NOT-FOR-US: Dubstep Hero application for Android CVE-2014-5847 (The Big Win Slots - Slot Machines (aka com.gosub60.BigWinSlots) applic ...) NOT-FOR-US: Big Win Slot application for Android CVE-2014-5846 (The Fairy Princess Makeover Salon (aka com.mobgams.dressup.fairy.princ ...) NOT-FOR-US: Fairy Princess Makeover Salon application for Android CVE-2014-5845 (The Strike Fighters Israel (aka com.thirdwire.strikefighters.mideast.a ...) NOT-FOR-US: Strike Fighers Israel application for Android CVE-2014-5844 (The Alsunna (aka com.wAlsunna) application 0.1 for Android does not ve ...) NOT-FOR-US: Alsunna application for Android CVE-2014-5843 (The ADP AGENCY Immobiliare (aka com.wAdpagencyAndroid) application 0.1 ...) NOT-FOR-US: ADP AGENCY Immobiliare application for Android CVE-2014-5842 (The 2G Live Tv (aka com.ww2GLiveTv) application 0.9 for Android does n ...) NOT-FOR-US: 2G Live TV application for Android CVE-2014-5841 (The Girls Calendar Period&Weight (aka jp.co.cybird.apps.lifestyle. ...) NOT-FOR-US: Girls Calendar Period&Weight application for Android CVE-2014-5840 (The forfone: Free Calls & Messages (aka com.forfone.sip) forfone a ...) NOT-FOR-US: forfone application for Android CVE-2014-5839 (The Acces Compte (aka com.fullsix.android.labanquepostale.accountacces ...) NOT-FOR-US: Acces Compte application for Android CVE-2014-5838 (The Girls Games - Shoes Maker (aka com.g6677.android.shoemaker) applic ...) NOT-FOR-US: Girls Games application for Android CVE-2014-5837 (The My Railway (aka com.gameinsight.myrailway) application 1.1.33 for ...) NOT-FOR-US: My Railway application for Android CVE-2014-5836 (The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for And ...) NOT-FOR-US: GittiGidiyor application for Android CVE-2014-5835 (The Club Personal (aka com.globant.clubpersonal) application 2.6 for A ...) NOT-FOR-US: Club Personal application for Android CVE-2014-5834 (The Solitaire Deluxe (aka com.gosub60.solfree2) application 2.8.5 for ...) NOT-FOR-US: Solitaire Deluxe application for Android CVE-2014-5833 (The FriendCaster Chat (aka com.handmark.friendcaster.chat) application ...) NOT-FOR-US: Friendaster Chat application for Android CVE-2014-5832 (The hananbank (aka com.hanabank.ebk.channel.android.hananbank) applica ...) NOT-FOR-US: hananbank application for Android CVE-2014-5831 (The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) appl ...) NOT-FOR-US: Hotel Story application for Android CVE-2014-5830 (The Farm Frenzy Gold (aka com.herocraft.game.farmfrenzy.gold) applicat ...) NOT-FOR-US: Farm Frenzy Gold application for Android CVE-2014-5829 (The Hobby Lobby Stores (aka com.hobbylobbystores.android) application ...) NOT-FOR-US: Hobby Lobby Stores application for Android CVE-2014-5828 (The 3Kundenzone (aka com.hutchison3g.at.android.selfcare) application ...) NOT-FOR-US: 3Kundenzone application for Android CVE-2014-5827 (The Ibotta - Better than Coupons. (aka com.ibotta.android) application ...) NOT-FOR-US: Ibotta application for Android CVE-2014-5826 (The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar ...) NOT-FOR-US: Rix GO Locker Theme application for Android CVE-2014-5825 (The Guess The Movie (aka com.june.guessthemovie) application 2.982 for ...) NOT-FOR-US: Guess The Movie application for Android CVE-2014-5824 (The longjiang (aka com.longjiang.kr) application 2.0.6 for Android doe ...) NOT-FOR-US: longjiang application for Android CVE-2014-5823 (The The Cleaner - Speed up & Clean (aka com.liquidum.thecleaner) a ...) NOT-FOR-US: The Cleaner application for Android CVE-2014-5822 (The VK Kate Mobile (aka com.perm.kate) application 9.6.1 for Android d ...) NOT-FOR-US: VK Kate Mobile application for Android CVE-2014-5821 (The Guitar Tuner Free - GuitarTuna (aka com.ovelin.guitartuna) applica ...) NOT-FOR-US: Guitar Tuner Free application for Android CVE-2014-5820 (The OkCupid Dating (com.okcupid.okcupid) application 3.4.6 for Android ...) NOT-FOR-US: OkCupid Dating application for Android CVE-2014-5819 (The PHONE for Google Voice & GTalk (aka com.moplus.gvphone) applic ...) NOT-FOR-US: PHONE for Google Voice & GTalk application for Android CVE-2014-5818 (The Tiny Tower (aka com.mobage.ww.a560.tinytower_android) application ...) NOT-FOR-US: Tiny Tower application for Android CVE-2014-5817 (The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for A ...) NOT-FOR-US: Mini Pets application for Android CVE-2014-5816 (The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does ...) NOT-FOR-US: MeiPai application for Android CVE-2014-5815 (The Solitaire Arena (aka com.mavenhut.solitaire) application 1.0.15 fo ...) NOT-FOR-US: Solitaire Arena application for Android CVE-2014-5814 REJECTED CVE-2014-5813 (The lostword (aka zozo.android.lostword) application 5.9 for Android d ...) NOT-FOR-US: lostword application for Android CVE-2014-5812 (The VDM Officiel (aka vdm.activities) application 5 for Android does n ...) NOT-FOR-US: VDM Officiel application for Android CVE-2014-5811 (The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060 ...) NOT-FOR-US: ZOOM cloud Meetings application for Android CVE-2014-5810 (The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1 ...) NOT-FOR-US: SGK Hizmet Dokumu 4a application for Android CVE-2014-5809 (The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for A ...) NOT-FOR-US: Smart Browser (aka smartbrowser.geniuscloud) application for Android CVE-2014-5808 (The Whisper (aka sh.whisper) application 4.0.6 for Android does not ve ...) NOT-FOR-US: Whisper application for Android CVE-2014-5807 (The Safari Browser (aka safari.safaribrowser.internetexplorer) applica ...) NOT-FOR-US: Safari Browser application for Android CVE-2014-5806 (The World of Tanks Assistant (aka ru.worldoftanks.mobile) application ...) NOT-FOR-US: World of Tanks Assistant application for Android CVE-2014-5805 (The Dating for everyone - Mamba! (aka ru.mamba.client) application 3.5 ...) NOT-FOR-US: Dating for everyone - Mamba! application for Android CVE-2014-5804 (The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does n ...) NOT-FOR-US: Mail.Ru Dating application for Android CVE-2014-5803 (The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 fo ...) NOT-FOR-US: Towers N' Trolls application for Android CVE-2014-5802 (The PlayScape (aka playscape.mominis.gameconsole.com) application 9.3. ...) NOT-FOR-US: PlayScape application for Android CVE-2014-5801 (The DataGard VPN + AV (aka ocshield.com) application @7F050013 for And ...) NOT-FOR-US: DataGard VPN + AV application for Android CVE-2014-5800 (The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for ...) NOT-FOR-US: smart.nhibzbanking application for Android CVE-2014-5799 (The smart.card (aka nh.smart.card) application 3.2 for Android does no ...) NOT-FOR-US: smart.card application for Android CVE-2014-5798 (The smart.calculator (aka nh.smart.calculator) application 2 for Andro ...) NOT-FOR-US: smart.calculator application for Android CVE-2014-5797 (The smart (aka nh.smart) application 3.0.5 for Android does not verify ...) NOT-FOR-US: smart application for Android CVE-2014-5796 (The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android do ...) NOT-FOR-US: Chest workout application for Android CVE-2014-5794 (The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for An ...) NOT-FOR-US: 8 Minutes Abs Workout application for Android CVE-2014-5793 (The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for ...) NOT-FOR-US: Bilgi Yarisi application for Android CVE-2014-5792 (The Reign of Dragons: Build-Battle (aka net.gree.android.pf.greeapp575 ...) NOT-FOR-US: Reign of Dragons application for Android CVE-2014-5791 (The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for And ...) NOT-FOR-US: Daum cloud application for Android CVE-2014-5790 (The Pets Fun House (aka mominis.Generic_Android.Pets_Fun_House) applic ...) NOT-FOR-US: Pets Fun House application for Android CVE-2014-5789 (The Ninja Chicken Ooga Booga (aka mominis.Generic_Android.Ninja_Chicke ...) NOT-FOR-US: Nija Chicken Ooga Booga application for Android CVE-2014-5788 (The Ninja Chicken Adventure Island (aka mominis.Generic_Android.Ninja_ ...) NOT-FOR-US: Ninja Chicken Adventure Island application for Android CVE-2014-5787 (The Ninja Chicken (aka mominis.Generic_Android.Ninja_Chicken) applicat ...) NOT-FOR-US: Ninja Chicken application for Android CVE-2014-5786 (The Jewels & Diamonds (aka mominis.Generic_Android.Jewels_and_Diam ...) NOT-FOR-US: Jewels & Diamonds application for Android CVE-2014-5785 (The Bouncy Bill World-Cup (aka mominis.Generic_Android.Bouncy_Bill_Wor ...) NOT-FOR-US: Bouncy Bill World-Cup application for Android CVE-2014-5784 (The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seaso ...) NOT-FOR-US: Bouncy Bill Seasons application for Android CVE-2014-5783 (The Bouncy Bill Monster Smasher ed (aka mominis.Generic_Android.Bouncy ...) NOT-FOR-US: Bouncy Bill Monster Smasher ed application for Android CVE-2014-5782 (The Bouncy Bill Halloween (aka mominis.Generic_Android.Bouncy_Bill_Hal ...) NOT-FOR-US: Bouncy Bill Halloween application for Android CVE-2014-5781 (The Bouncy Bill Easter Tales (aka mominis.Generic_Android.Bouncy_Bill_ ...) NOT-FOR-US: Bouncy Bill Easter Tales application for Android CVE-2014-5780 (The Bouncy Bill (aka mominis.Generic_Android.Bouncy_Bill) application ...) NOT-FOR-US: Bouncy Bill application for Android CVE-2014-5779 (The Jack'd - Gay Chat & Dating (aka mobi.jackd.android) applicatio ...) NOT-FOR-US: Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application for Android CVE-2014-5778 (The Pou (aka me.pou.app) application 1.4.53 for Android does not verif ...) NOT-FOR-US: Pou (aka me.pou.app) application for Android CVE-2014-5777 (The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) applica ...) NOT-FOR-US: icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application for Android CVE-2014-5776 (The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) applicat ...) NOT-FOR-US: PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application for Android CVE-2014-5775 (The Super Fast Browser (aka iron.web.jalepano.browser) application 2.0 ...) NOT-FOR-US: Super Fast Browser (aka iron.web.jalepano.browser) application for Android CVE-2014-5774 (The Web Browser & Explorer (aka internetexplorer.browser.webexplor ...) NOT-FOR-US: Web Browser & Explorer (aka internetexplorer.browser.webexplorer) application for Android CVE-2014-5773 (The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2. ...) NOT-FOR-US: RegisteredAssistant (aka Icr.RegisteredAssistant) application for Android CVE-2014-5772 (The Government Bookstore (aka hksarg.isd.sop.govbookstore) application ...) NOT-FOR-US: Government Bookstore (aka hksarg.isd.sop.govbookstore) application for Android CVE-2014-5771 (The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 ...) NOT-FOR-US: Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application for Android CVE-2014-5770 (The Web Browser for Android (aka explore.web.browser) application 1.2 ...) NOT-FOR-US: Web Browser for Android (aka explore.web.browser) application for Android CVE-2014-5769 (The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for An ...) NOT-FOR-US: Mobiscope Local (aka ehs.mobiscope.kernel) application for Android CVE-2014-5768 (The Food Planner (aka dk.boggie.madplan.android) application 4.8.4.3-g ...) NOT-FOR-US: Food Planner (aka dk.boggie.madplan.android) application for Android CVE-2014-5767 (The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for Androi ...) NOT-FOR-US: IM+ (aka de.shapeservices.impluslite) application for Android CVE-2014-5766 (The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for And ...) NOT-FOR-US: Uber B2B (aka de.mobileeventguide.uberb2b) application for Android CVE-2014-5765 (The Paint for Friends (aka de.lotumlabs.buddypainting) application 1.5 ...) NOT-FOR-US: Paint for Friends (aka de.lotumlabs.buddypainting) application for Android CVE-2014-5764 (The Antivirus Free (aka com.zrgiu.antivirus) application 7.2.16.02 for ...) NOT-FOR-US: Antivirus Free (aka com.zrgiu.antivirus) application for Android CVE-2014-5763 (The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application ...) NOT-FOR-US: Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application for Android CVE-2014-5762 (The Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google ...) NOT-FOR-US: Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application for Android CVE-2014-5761 (The Zipcar (aka com.zc.android) application 3.4.2 for Android does not ...) NOT-FOR-US: Zipcar (aka com.zc.android) application for Android CVE-2014-5760 (The Pizza Hut (aka com.yum.pizzahut) application 2.0.5 for Android doe ...) NOT-FOR-US: Pizza Hut (aka com.yum.pizzahut) application for Android CVE-2014-5759 (The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) applic ...) NOT-FOR-US: Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application for Android CVE-2014-5758 (The Yellow Pages Local Search (aka com.yellowbook.android2) applicatio ...) NOT-FOR-US: Yellow Pages Local Search (aka com.yellowbook.android2) application for Android CVE-2014-5757 (The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for A ...) NOT-FOR-US: Buy Tickets (aka com.xcr.android.buytickets) application for Android CVE-2014-5756 (The Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) applicati ...) NOT-FOR-US: Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) application for Android CVE-2014-5755 (The verizon (aka com.wverizonwirelessbill) application 0.1 for Android ...) NOT-FOR-US: verizon (aka com.wverizonwirelessbill) application for Android CVE-2014-5754 (The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) ap ...) NOT-FOR-US: Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application for Android CVE-2014-5753 (The Twitter No Background (aka com.wTwitternobackground) application 0 ...) NOT-FOR-US: Twitter No Background (aka com.wTwitternobackground) application for Android CVE-2014-5752 (The wTradersActivity (aka com.wTradersActivity) application 0.1 for An ...) NOT-FOR-US: wTradersActivity (aka com.wTradersActivity) application for Android CVE-2014-5751 (The Tor Browser the Short Guide (aka com.wTorShortUserManual) applicat ...) NOT-FOR-US: Tor Browser the Short Guide (aka com.wTorShortUserManual) application for Android CVE-2014-5750 (The Pro Bet Tips (aka com.wProBetTips) application 0.2 for Android doe ...) NOT-FOR-US: Pro Bet Tips (aka com.wProBetTips) application for Android CVE-2014-5749 (The Jelly Splash (aka com.wooga.jelly_splash) application 1.11.3 for A ...) NOT-FOR-US: Jelly Splash (aka com.wooga.jelly_splash) application for Android CVE-2014-5748 (The wK12olslogin (aka com.wK12olslogin) application 0.1 for Android do ...) NOT-FOR-US: wK12olslogin (aka com.wK12olslogin) application for Android CVE-2014-5747 (The XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) ap ...) NOT-FOR-US: XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) application for Android CVE-2014-5746 (The Government Best Jobs (aka com.wGovernmentBestJobs) application 0.1 ...) NOT-FOR-US: Government Best Jobs (aka com.wGovernmentBestJobs) application for Android CVE-2014-5745 (The FREE Pageplus Activation (aka com.wFREEPageplusActivations) applic ...) NOT-FOR-US: FREE Pageplus Activation (aka com.wFREEPageplusActivations) application for Android CVE-2014-5744 (The RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) applica ...) NOT-FOR-US: RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) application for Android CVE-2014-5743 (The RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) applic ...) NOT-FOR-US: RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) application for Android CVE-2014-5742 (The Eversnap Private Photo Album (aka com.weddingsnap.android) applica ...) NOT-FOR-US: Eversnap Private Photo Album (aka com.weddingsnap.android) application for Android CVE-2014-5741 (The Security - Complete (aka com.webroot.security.complete) applicatio ...) NOT-FOR-US: Security - Complete (aka com.webroot.security.complete) application for Android CVE-2014-5740 (The Security - Free (aka com.webroot.security) application 3.6.0.6610 ...) NOT-FOR-US: Security - Free (aka com.webroot.security) application for Android CVE-2014-5739 (The Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) applic ...) NOT-FOR-US: Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) application for Android CVE-2014-5738 (The Garfield's Defense (aka com.webprancer.google.garfieldDefense) app ...) NOT-FOR-US: Garfield's Defense (aka com.webprancer.google.garfieldDefense) application for Android CVE-2014-5737 (The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not veri ...) NOT-FOR-US: CDsoft (aka com.wCDSOFT) application for Android CVE-2014-5736 (The Buy Coins (aka com.wBuyCoins) application 0.62.13364.24150 for And ...) NOT-FOR-US: Buy Coins (aka com.wBuyCoins) application for Android CVE-2014-5735 (The Buy A Gift (aka com.wBuyAGift) application 13529.90084 for Android ...) NOT-FOR-US: Buy A Gift (aka com.wBuyAGift) application for Android CVE-2014-5734 (The Buy Books (aka com.wBooksForSale) application 0.1 for Android does ...) NOT-FOR-US: Buy Books (aka com.wBooksForSale) application for Android CVE-2014-5733 (The Shop Love (aka com.waterwish.shoplove) application 1.05 for Androi ...) NOT-FOR-US: Shop Love (aka com.waterwish.shoplove) application for Android CVE-2014-5732 (The Wamba - meet women and men (aka com.wamba.client) application 3 fo ...) NOT-FOR-US: Wamba - meet women and men (aka com.wamba.client) application for Android CVE-2014-5731 (The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for ...) NOT-FOR-US: Word Search (aka com.virtuesoft.wordsearch) application for Android CVE-2014-5730 (The russkoe TB HD (aka com.videotelecom.russkoeHD) application 3.6 for ...) NOT-FOR-US: russkoe TB HD (aka com.videotelecom.russkoeHD) application for Android CVE-2014-5729 (The Viddy (aka com.viddy.Viddy) application 1.3.9 for Android does not ...) NOT-FOR-US: Viddy (aka com.viddy.Viddy) application for Android CVE-2014-5728 (The Vevo - Watch HD Music Videos (aka com.vevo) application 2.0.27 for ...) NOT-FOR-US: Vevo - Watch HD Music Videos (aka com.vevo) application for Android CVE-2014-5727 (The uTorrent Remote (aka com.utorrent.web) application 1.0.20110929 fo ...) NOT-FOR-US: uTorrent Remote (aka com.utorrent.web) application for Android CVE-2014-5726 (The Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) appl ...) NOT-FOR-US: Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) application for Android CVE-2014-5725 (The Truecaller - Caller ID & Block (aka com.truecaller) applicatio ...) NOT-FOR-US: Truecaller - Caller ID & Block (aka com.truecaller) application for Android CVE-2014-5724 (The Gambling Insider Magazine (aka com.triactivemedia.gambling) applic ...) NOT-FOR-US: Gambling Insider Magazine (aka com.triactivemedia.gambling) application for Android CVE-2014-5723 (The Trapster (aka com.trapster.android) application 4.3.2 for Android ...) NOT-FOR-US: Trapster (aka com.trapster.android) application for Android CVE-2014-5722 (The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application ...) NOT-FOR-US: SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application for Android CVE-2014-5721 (The Touchnote Postcards (aka com.touchnote.android) application 4.2.7 ...) NOT-FOR-US: Touchnote Postcards (aka com.touchnote.android) application for Android CVE-2014-5720 (The Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreew ...) NOT-FOR-US: Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreeworld) application for Android CVE-2014-5719 (The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) applicati ...) NOT-FOR-US: BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application for Android CVE-2014-5718 REJECTED CVE-2014-5717 (The Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) ...) NOT-FOR-US: Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) application for Android CVE-2014-5716 (The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) ...) NOT-FOR-US: GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application for Android CVE-2014-5715 (The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 ...) NOT-FOR-US: Street Racing (aka com.tgb.streetracing.lite5pp) application for Android CVE-2014-5714 (The Text Me! Free Texting & Call (aka com.textmeinc.textme) applic ...) NOT-FOR-US: Text Me! Free Texting & Call (aka com.textmeinc.textme) application for Android CVE-2014-5713 (The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for ...) NOT-FOR-US: Telly - Watch the good stuff (aka com.telly) application for Android CVE-2014-5712 (The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) app ...) NOT-FOR-US: Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application for Android CVE-2014-5711 (The Microsoft Tech Companion (aka com.technet) application 1.0.6 for A ...) NOT-FOR-US: Microsoft Tech Companion (aka com.technet) application for Android CVE-2014-5710 (The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastl ...) NOT-FOR-US: Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android CVE-2014-5709 (The Donut Maker (aka com.sunstorm.android.donut) application 1.27 for ...) NOT-FOR-US: Donut Maker (aka com.sunstorm.android.donut) application for Android CVE-2014-5708 (The Best Racing/moto Games Ranking (aka com.subapp.android.racing) app ...) NOT-FOR-US: Best Racing/moto Games Ranking (aka com.subapp.android.racing) application for Android CVE-2014-5707 (The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1. ...) NOT-FOR-US: Bunny Run (aka com.stargirlgames.google.bunnyrun) application for Android CVE-2014-5706 (The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1. ...) NOT-FOR-US: SomNote - Journal/Memo (aka com.somcloud.somnote) application for Android CVE-2014-5705 (The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for ...) NOT-FOR-US: Sonic CD Lite (aka com.soa.sega.soniccdlite) application for Android CVE-2014-5704 (The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for ...) NOT-FOR-US: DISH Anywhere (aka com.sm.SlingGuide.Dish) application for Android CVE-2014-5703 (The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) a ...) NOT-FOR-US: Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application for Android CVE-2014-5702 (The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 f ...) NOT-FOR-US: Penguin Run (aka com.skyboard.google.penguinRun) application for Android CVE-2014-5701 (The Skout: Chats. Friends. Fun. (aka com.skout.android) application 4. ...) NOT-FOR-US: Skout: Chats. Friends. Fun. (aka com.skout.android) application for Android CVE-2014-5700 (The Brain lab - brain age games IQ (aka com.sixdead.brainlab) applicat ...) NOT-FOR-US: Brain lab - brain age games IQ (aka com.sixdead.brainlab) application for Android CVE-2014-5699 (The Parallel Kingdom MMO (aka com.silvermoon.client) application @7F07 ...) NOT-FOR-US: Parallel Kingdom MMO (aka com.silvermoon.client) application for Android CVE-2014-5698 (The Furdiburb (aka com.sheado.lite.pet) application 1.1.2 for Android ...) NOT-FOR-US: Furdiburb (aka com.sheado.lite.pet) application for Android CVE-2014-5697 (The Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application 2 ...) NOT-FOR-US: Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application for Android CVE-2014-5696 (The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application 2 ...) NOT-FOR-US: Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application for Android CVE-2014-5695 (The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application 1. ...) NOT-FOR-US: Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application for Android CVE-2014-5694 (The Scoutmob local deals & events (aka com.scoutmob.ile) applicati ...) NOT-FOR-US: Scoutmob local deals & events (aka com.scoutmob.ile) application for Android CVE-2014-5693 (The Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) applic ...) NOT-FOR-US: Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) application for Android CVE-2014-5692 (The Safeway (aka com.safeway.client.android.safeway) application 4.1.0 ...) NOT-FOR-US: Safeway (aka com.safeway.client.android.safeway) application for Android CVE-2014-5691 (The Best Phone Security (aka com.rvappstudios.phonesecurity) applicati ...) NOT-FOR-US: Best Phone Security (aka com.rvappstudios.phonesecurity) application for Android CVE-2014-5690 (The Runtastic Timer (aka com.runtastic.android.timer) application 1.0. ...) NOT-FOR-US: Runtastic Timer (aka com.runtastic.android.timer) application for Android CVE-2014-5689 (The Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) appl ...) NOT-FOR-US: Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) application for Android CVE-2014-5688 (The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) app ...) NOT-FOR-US: Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application for Android CVE-2014-5687 (The Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.li ...) NOT-FOR-US: Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.lite) application for Android CVE-2014-5686 (The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 ...) NOT-FOR-US: Runtastic Me (aka com.runtastic.android.me.lite) application for Android CVE-2014-5685 (The Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) ap ...) NOT-FOR-US: Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) application for Android CVE-2014-5684 (The Runtastic Running & Fitness (aka com.runtastic.android) applic ...) NOT-FOR-US: Runtastic Running & Fitness (aka com.runtastic.android) application for Android CVE-2014-5683 (The Piano Teacher (aka com.rubycell.pianisthd) application 20140730 fo ...) NOT-FOR-US: Piano Teacher (aka com.rubycell.pianisthd) application for Android CVE-2014-5682 (The Retale - Weekly Ads & Deals (aka com.retale.android) applicati ...) NOT-FOR-US: Retale - Weekly Ads & Deals (aka com.retale.android) application for Android CVE-2014-5681 (The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3 ...) NOT-FOR-US: XDA-Developers (aka com.quoord.tapatalkxda.activity) application for Android CVE-2014-5680 (The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 f ...) NOT-FOR-US: Tapatalk (aka com.quoord.tapatalkpro.activity) application for Android CVE-2014-5679 (The PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application ...) NOT-FOR-US: PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application for Android CVE-2014-5678 (The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for An ...) NOT-FOR-US: IQ Test (aka com.pophub.androidiqtest.free) application for Android CVE-2014-5677 (The Point Inside Shopping & Travel (aka com.pointinside.android.ap ...) NOT-FOR-US: Point Inside Shopping & Travel (aka com.pointinside.android.app) application for Android CVE-2014-5676 (The Township (aka com.playrix.township) application 1.5.1 for Android ...) NOT-FOR-US: Township (aka com.playrix.township) application for Android CVE-2014-5675 (The Phonegram - Instagram Download (aka com.pinssible.padgram) applica ...) NOT-FOR-US: Phonegram - Instagram Download (aka com.pinssible.padgram) application for Android CVE-2014-5674 (The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5 ...) NOT-FOR-US: PicsArt - Photo Studio (aka com.picsart.studio) application for Android CVE-2014-5673 (The Easy Finder & Anti-Theft (aka com.nqmobile.easyfinder) applica ...) NOT-FOR-US: Easy Finder & Anti-Theft (aka com.nqmobile.easyfinder) application for Android CVE-2014-5672 (The NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) ...) NOT-FOR-US: NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) application for Android CVE-2014-5671 (The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for A ...) NOT-FOR-US: Super Stickman Golf (aka com.noodlecake.ssg) application for Android CVE-2014-5670 (The SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) applic ...) NOT-FOR-US: SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) application for Android CVE-2014-5669 (The 9GAG - Funny pics and videos (aka com.ninegag.android.app) applica ...) NOT-FOR-US: 9GAG - Funny pics and videos (aka com.ninegag.android.app) application for Android CVE-2014-5668 (The BAND -Group sharing & planning (aka com.nhn.android.band) appl ...) NOT-FOR-US: BAND -Group sharing & planning (aka com.nhn.android.band) application for Android CVE-2014-5667 (The Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application ...) NOT-FOR-US: Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application for Android CVE-2014-5666 (The AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) ...) NOT-FOR-US: AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) application for Android CVE-2014-5665 (The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Andro ...) NOT-FOR-US: Mzone Login (aka com.mr384.MzoneLogin) application for Android CVE-2014-5664 (The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 f ...) NOT-FOR-US: Spider Solitaire (aka com.mobilityware.spider) application for Android CVE-2014-5663 (The FreeCell Solitaire (aka com.mobilityware.freecell) application 2.1 ...) NOT-FOR-US: FreeCell Solitaire (aka com.mobilityware.freecell) application for Android CVE-2014-5662 (The Rail Rush (aka com.miniclip.railrush) application 1.9.0 for Androi ...) NOT-FOR-US: Rail Rush (aka com.miniclip.railrush) application for Android CVE-2014-5661 (The Anger of Stick 3 (aka com.miniclip.angerofstick3) application 1.0. ...) NOT-FOR-US: Anger of Stick 3 (aka com.miniclip.angerofstick3) application for Android CVE-2014-5660 (The TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application 1. ...) NOT-FOR-US: TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application for Android CVE-2014-5659 (The ASTRO File Manager with Cloud (aka com.metago.astro) application A ...) NOT-FOR-US: ASTRO File Manager with Cloud (aka com.metago.astro) application for Android CVE-2014-5658 (The MercadoLibre (aka com.mercadolibre) application 3.8.7 for Android ...) NOT-FOR-US: MercadoLibre (aka com.mercadolibre) application for Android CVE-2014-5657 (The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for A ...) NOT-FOR-US: CA Lottery Results (aka com.matcho0.calotto) application for Android CVE-2014-5656 (The TRA Auctions for Buyers (aka com.manheim.tra) application 2.6 for ...) NOT-FOR-US: TRA Auctions for Buyers (aka com.manheim.tra) application for Android CVE-2014-5655 (The CM Browser - Fast & Secure (aka com.ksmobile.cb) application 5 ...) NOT-FOR-US: CM Browser - Fast & Secure (aka com.ksmobile.cb) application for Android CVE-2014-5654 (The Kaspersky Internet Security (aka com.kms.free) application 11.4.4. ...) NOT-FOR-US: Kaspersky Internet Security (aka com.kms.free) application for Android CVE-2014-5653 (The Unblock Me FREE (aka com.kiragames.unblockmefree) application 1.4. ...) NOT-FOR-US: Unblock Me FREE (aka com.kiragames.unblockmefree) application for Android CVE-2014-5652 (The Kicksend Photo Prints (aka com.kicksend.android.print) application ...) NOT-FOR-US: Kicksend Photo Prints (aka com.kicksend.android.print) application for Android CVE-2014-5651 (The Kicksend: Share & Print Photos (aka com.kicksend.android) appl ...) NOT-FOR-US: Kicksend: Share & Print Photos (aka com.kicksend.android) application for Android CVE-2014-5650 (The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 ...) NOT-FOR-US: Traffic Jam Free (aka com.jiuzhangtech.rushhour) application for Android CVE-2014-5649 (The iLove - Free Dating & Chat App (aka com.jestadigital.android.i ...) NOT-FOR-US: iLove - Free Dating & Chat App (aka com.jestadigital.android.ilove) application for Android CVE-2014-5648 (The Chat, Flirt & Dating Heart JAUMO (aka com.jaumo) application 2 ...) NOT-FOR-US: Chat, Flirt & Dating Heart JAUMO (aka com.jaumo) application for Android CVE-2014-5647 (The ISL Light Remote Desktop (aka com.islonline.isllight.mobile.androi ...) NOT-FOR-US: ISL Light Remote Desktop (aka com.islonline.isllight.mobile.android) application for Android CVE-2014-5646 (The AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) applicat ...) NOT-FOR-US: AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) application for Android CVE-2014-5645 (The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) applicat ...) NOT-FOR-US: CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application for Android CVE-2014-5644 (The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight. ...) NOT-FOR-US: Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application for Android CVE-2014-5643 (The Instachat -Instagram Messenger (aka com.instachat.android) applica ...) NOT-FOR-US: Instachat -Instagram Messenger (aka com.instachat.android) application for Android CVE-2014-5642 (The IMPI Mobile Security (aka com.impi) application 2.1.0 for Android ...) NOT-FOR-US: IMPI Mobile Security (aka com.impi) application for Android CVE-2014-5641 (The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for An ...) NOT-FOR-US: Cloud Manager (aka com.ileaf.cloud_manager) application for Android CVE-2014-5640 (The CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) applicat ...) NOT-FOR-US: CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) application for Android CVE-2014-5639 (The ADT Taxis (aka com.icabbi.adttaxisApp) application 6 for Android d ...) NOT-FOR-US: ADT Taxis (aka com.icabbi.adttaxisApp) application for Android CVE-2014-5638 (The Huntington Mobile (aka com.huntington.m) application 2.1.222 for A ...) NOT-FOR-US: Huntington Mobile (aka com.huntington.m) application for Android CVE-2014-5637 (The Eu Sei (aka com.guilardi.eusei) application eusei_android_5.5 for ...) NOT-FOR-US: Eu Sei (aka com.guilardi.eusei) application for Android CVE-2014-5636 (The Cloud Browser (aka com.granitamalta.cloudbrowser) application 2.2. ...) NOT-FOR-US: Cloud Browser (aka com.granitamalta.cloudbrowser) application for Android CVE-2014-5635 (The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) applicati ...) NOT-FOR-US: Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application for Android CVE-2014-5634 (The Madipass Martinique (aka com.goodbarber.madipassmartinique) applic ...) NOT-FOR-US: Madipass Martinique (aka com.goodbarber.madipassmartinique) application for Android CVE-2014-5633 (The Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) applicatio ...) NOT-FOR-US: Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) application for Android CVE-2014-5632 (The Mega Jump (aka com.getsetgames.megajump) application @7F080002 for ...) NOT-FOR-US: Mega Jump (aka com.getsetgames.megajump) application for Android CVE-2014-5631 (The Video Poker Casino (aka com.geaxgame.videopoker) application 1.0.5 ...) NOT-FOR-US: Video Poker Casino (aka com.geaxgame.videopoker) application for Android CVE-2014-5630 (The Home Repair (aka com.gcspublishing.houserepairtalk) application 3. ...) NOT-FOR-US: Home Repair (aka com.gcspublishing.houserepairtalk) application for Android CVE-2014-5629 (The Stupid Zombies (aka com.gameresort.stupidzombies) application 1.12 ...) NOT-FOR-US: Stupid Zombies (aka com.gameresort.stupidzombies) application for Android CVE-2014-5628 (The Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZ ...) NOT-FOR-US: Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZRHM) application for Android CVE-2014-5627 (The Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) applicat ...) NOT-FOR-US: Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) application for Android CVE-2014-5626 (The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) ...) NOT-FOR-US: Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application for Android CVE-2014-5625 (The Perfect Kick (aka com.gamegou.PerfectKick.google) application 1.3. ...) NOT-FOR-US: Perfect Kick (aka com.gamegou.PerfectKick.google) application for Android CVE-2014-5624 (The Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershoo ...) NOT-FOR-US: Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershooter.free) application for Android CVE-2014-5623 (The penguinchefshop (aka com.freegames.penguinchefshop) application 1. ...) NOT-FOR-US: penguinchefshop (aka com.freegames.penguinchefshop) application for Android CVE-2014-5622 (The Follow Mania for Instagram (aka com.followmania) application 1.2.1 ...) NOT-FOR-US: Follow Mania for Instagram (aka com.followmania) application for Android CVE-2014-5621 (The Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application 1 ...) NOT-FOR-US: Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application for Android CVE-2014-5620 (The Office Jerk Free (aka com.fluik.OfficeJerkFree) application 1.7.13 ...) NOT-FOR-US: Office Jerk Free (aka com.fluik.OfficeJerkFree) application for Android CVE-2014-5619 REJECTED CVE-2014-5618 (The Cartoon Camera (aka com.fingersoft.cartooncamera) application 1.2. ...) NOT-FOR-US: Cartoon Camera (aka com.fingersoft.cartooncamera) application for Android CVE-2014-5617 (The Exsoul Web Browser (aka com.exsoul) application 3.3.3 for Android ...) NOT-FOR-US: Exsoul Web Browser (aka com.exsoul) application for Android CVE-2014-5616 (The Web Browser & Explorer (aka com.explore.web.browser) applicati ...) NOT-FOR-US: Web Browser & Explorer (aka com.explore.web.browser) application for Android CVE-2014-5615 (The Snap Secure (aka com.exclaim.snapsecure.app) application 9.5 for A ...) NOT-FOR-US: Snap Secure (aka com.exclaim.snapsecure.app) application for Android CVE-2014-5614 (The Love Collage - Photo Editor (aka com.etoolkit.lovecollage) applica ...) NOT-FOR-US: Love Collage - Photo Editor (aka com.etoolkit.lovecollage) application for Android CVE-2014-5613 (The Able Remote (aka com.entertailion.android.remote) application 2.3. ...) NOT-FOR-US: Able Remote (aka com.entertailion.android.remote) application for Android CVE-2014-5612 (The Gmarket (aka com.ebay.kr.gmarket) application 5.1.3 for Android do ...) NOT-FOR-US: Gmarket (aka com.ebay.kr.gmarket) application for Android CVE-2014-5611 (The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) applic ...) NOT-FOR-US: eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application for Android CVE-2014-5610 (The ce4arab market (aka com.dreamstep.wce4arabmarket) application 0.12 ...) NOT-FOR-US: ce4arab market (aka com.dreamstep.wce4arabmarket) application for Android CVE-2014-5609 (The Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) appl ...) NOT-FOR-US: Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) application for Android CVE-2014-5608 (The Line Runner (Free) (aka com.djinnworks.linerunnerfree) application ...) NOT-FOR-US: Line Runner (Free) (aka com.djinnworks.linerunnerfree) application for Android CVE-2014-5607 (The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 ...) NOT-FOR-US: Where's My Water? Free (aka com.disney.WMWLite) application for Android CVE-2014-5606 (The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1 ...) NOT-FOR-US: Where's My Perry? Free (aka com.disney.WMPLite) application for Android CVE-2014-5605 (The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android ...) NOT-FOR-US: QQ Copy (aka com.digimobistudio.qqcopy) application for Android CVE-2014-5604 (The Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemi ...) NOT-FOR-US: Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application for Android CVE-2014-5603 (The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 ...) NOT-FOR-US: DeskRoll Remote Desktop (aka com.deskroll.client1) application for Android CVE-2014-5602 (The Magzter -Magazine & Book Store (aka com.dci.magzter) applicati ...) NOT-FOR-US: Magzter -Magazine & Book Store (aka com.dci.magzter) application for Android CVE-2014-5601 (The 1800CONTACTS App (aka com.contacts1800.ecomapp) application 2.7.0 ...) NOT-FOR-US: 1800CONTACTS App (aka com.contacts1800.ecomapp) application for Android CVE-2014-5600 (The familyconnect (aka com.comcast.plaxo.familyconnect.app) applicatio ...) NOT-FOR-US: familyconnect (aka com.comcast.plaxo.familyconnect.app) application for Android CVE-2014-5599 (The Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.a ...) NOT-FOR-US: Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.android.common) application for Android CVE-2014-5598 (The Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.glob ...) NOT-FOR-US: Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.global.android.common) application for Android CVE-2014-5597 (The 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freef ...) NOT-FOR-US: 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freefull.google.global.android.common) application for Android CVE-2014-5596 (The Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.go ...) NOT-FOR-US: Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.google.global.android.common) application for Android CVE-2014-5595 (The actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.ka ...) NOT-FOR-US: actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.kakao.freefull.google.global.android.common) application for Android CVE-2014-5594 (The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 fo ...) NOT-FOR-US: CIBC Mobile Banking (aka com.cibc.android.mobi) application for Android CVE-2014-5593 (The Christian Dating Cafe (aka com.christiancafe.mobile.android) appli ...) NOT-FOR-US: Christian Dating Cafe (aka com.christiancafe.mobile.android) application for Android CVE-2014-5592 (The Free Dating Heart COL (aka com.choiceoflove.dating) application 2. ...) NOT-FOR-US: Free Dating Heart COL (aka com.choiceoflove.dating) application for Android CVE-2014-5591 (The Frankly Chat (aka com.chatfrankly.android) application 3.0.1 for A ...) NOT-FOR-US: Frankly Chat (aka com.chatfrankly.android) application for Android CVE-2014-5590 (The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for And ...) NOT-FOR-US: Snake Evolution (aka com.btwgames.snake) application for Android CVE-2014-5589 (The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 applicatio ...) NOT-FOR-US: Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application for Android CVE-2014-5588 (The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for A ...) NOT-FOR-US: Free eBooks (aka com.bmfapps.freekindlebooks) application for Android CVE-2014-5587 (The brokenscreencrank (aka com.biggame.brokenscreencrank) application ...) NOT-FOR-US: brokenscreencrank (aka com.biggame.brokenscreencrank) application for Android CVE-2014-5586 (The BIATNET (aka com.biatnet.mobile) application 1.1 for Android does ...) NOT-FOR-US: BIATNET (aka com.biatnet.mobile) application for Android CVE-2014-5585 (The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2 ...) NOT-FOR-US: Like4Like: Get Instagram Likes (aka com.bepop.bepop) application for Android CVE-2014-5584 (The Background Check BeenVerified (aka com.beenverified.android) appli ...) NOT-FOR-US: Background Check BeenVerified (aka com.beenverified.android) application for Android CVE-2014-5583 (The Most Popular Ringtones (aka com.bbs.mostpopularringtones) applicat ...) NOT-FOR-US: Most Popular Ringtones (aka com.bbs.mostpopularringtones) application for Android CVE-2014-5582 (The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for ...) NOT-FOR-US: Ingress Intel Helper (aka com.bb.ingressintel) application for Android CVE-2014-5581 (The mirror photo shape (aka com.baiwang.styleinstamirror) application ...) NOT-FOR-US: mirror photo shape (aka com.baiwang.styleinstamirror) application for Android CVE-2014-5580 (The BackgroundCheckProTool (aka com.BackgroundCheckProTool) applicatio ...) NOT-FOR-US: BackgroundCheckProTool (aka com.BackgroundCheckProTool) application for Android CVE-2014-5579 (The Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) applica ...) NOT-FOR-US: Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) application for Android CVE-2014-5578 (The Trading 212 FOREX (aka com.avuscapital.trading212) application bef ...) NOT-FOR-US: Trading 212 FOREX (aka com.avuscapital.trading212) application for Android CVE-2014-5577 (The AVON Buy & Sell (aka com.AVONBeautyntheRep) application 0.3 fo ...) NOT-FOR-US: AVON Buy & Sell (aka com.AVONBeautyntheRep) application for Android CVE-2014-5576 (The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 ...) NOT-FOR-US: Avira Secure Backup (aka com.avira.avirabackup) application for Android CVE-2014-5575 REJECTED CVE-2014-5574 (The Ask.fm - Social Q&A Network (aka com.askfm) application 1.2.4 ...) NOT-FOR-US: Ask.fm - Social Q&A Network (aka com.askfm) application for Android CVE-2014-5573 (The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1. ...) NOT-FOR-US: Appstros - FREE Gift Cards! (aka com.appstros.main) application for Android CVE-2014-5572 (The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 f ...) NOT-FOR-US: Jazzpodium De Tor (aka com.appmakr.app273713) application for Android CVE-2014-5571 (The Appeak Poker (aka com.appeak.poker) application 2.4.5 for Android ...) NOT-FOR-US: Appeak Poker (aka com.appeak.poker) application for Android CVE-2014-5570 (The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) ...) NOT-FOR-US: DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application for Android CVE-2014-5569 (The Star Girl (aka com.animoca.google.starGirl) application 3.4.1 for ...) NOT-FOR-US: Star Girl (aka com.animoca.google.starGirl) application for Android CVE-2014-5568 (The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) applicat ...) NOT-FOR-US: Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application for Android CVE-2014-5567 (The hasb_e_haal (aka com.anawaz.hasb_e_haal) application 1.0.9 for And ...) NOT-FOR-US: hasb_e_haal (aka com.anawaz.hasb_e_haal) application for Android CVE-2014-5566 (The Selfshot - Front Flash Camera (aka com.americos.selfshot) applicat ...) NOT-FOR-US: Selfshot - Front Flash Camera (aka com.americos.selfshot) application for Android CVE-2014-5565 (The GadgetTrak Mobile Security (aka com.activetrak.android.app) applic ...) NOT-FOR-US: GadgetTrak Mobile Security (aka com.activetrak.android.app) application for Android CVE-2014-5564 (The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 ...) NOT-FOR-US: Angry Gran Toss (aka com.aceviral.angrygrantoss) application for Android CVE-2014-5563 (The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 f ...) NOT-FOR-US: Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application for Android CVE-2014-5562 (The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) a ...) NOT-FOR-US: Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application for Android CVE-2014-5561 (The Word Search Free (aka air.wordSearchFree) application 4.9 for Andr ...) NOT-FOR-US: Word Search Free (aka air.wordSearchFree) application for Android CVE-2014-5560 (The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04 ...) NOT-FOR-US: Popscene (Music Industry Sim) (aka air.Popscene) application for Android CVE-2014-5559 (The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) a ...) NOT-FOR-US: Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application for Android CVE-2014-5558 (The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for An ...) NOT-FOR-US: Hard Time (Prison Sim) (aka air.HardTime) application for Android CVE-2014-5557 (The America's Economy for Phone (aka air.gov.census.mobile.phone.ameri ...) NOT-FOR-US: America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application for Android CVE-2014-5556 (The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) ap ...) NOT-FOR-US: Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application for Android CVE-2014-5555 (The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnw ...) NOT-FOR-US: Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application for Android CVE-2014-5554 (The Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.i ...) NOT-FOR-US: Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application for Android CVE-2014-5553 (The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.i ...) NOT-FOR-US: Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application for Android CVE-2014-5552 (The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnw ...) NOT-FOR-US: Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application for Android CVE-2014-5551 (The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnw ...) NOT-FOR-US: Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application for Android CVE-2014-5550 (The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) app ...) NOT-FOR-US: Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application for Android CVE-2014-5549 (The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) applicatio ...) NOT-FOR-US: Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application for Android CVE-2014-5548 (The Christmas Words (aka air.com.sevenBulls.summerWords) application 1 ...) NOT-FOR-US: Christmas Words (aka air.com.sevenBulls.summerWords) application for Android CVE-2014-5547 (The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) applic ...) NOT-FOR-US: Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application for Android CVE-2014-5546 (The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application ...) NOT-FOR-US: Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application for Android CVE-2014-5545 (The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android d ...) NOT-FOR-US: Sprint jump (aka air.com.ilaz.appilas) application for Android CVE-2014-5544 (The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for ...) NOT-FOR-US: SongPop (aka air.com.freshplanet.games.WaM) application for Android CVE-2014-5543 (The Hidden Object - Alice Free (aka air.com.differencegames.hovisionso ...) NOT-FOR-US: Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application for Android CVE-2014-5542 (The Hidden Object Mystery (aka air.com.differencegames.hodetectivemyst ...) NOT-FOR-US: Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application for Android CVE-2014-5541 (The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladd ...) NOT-FOR-US: Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application for Android CVE-2014-5540 (The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Andr ...) NOT-FOR-US: Flick a Trade (aka air.com.cygnecode.fat) application for Android CVE-2014-5539 (The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) appli ...) NOT-FOR-US: Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application for Android CVE-2014-5538 (The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) ...) NOT-FOR-US: Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application for Android CVE-2014-5537 (The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) ...) NOT-FOR-US: Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application for Android CVE-2014-5536 (The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) appli ...) NOT-FOR-US: Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application for Android CVE-2014-5535 (The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application ...) NOT-FOR-US: Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application for Android CVE-2014-5534 (The Princess Shopping (aka air.android.PrincessShopping) application 2 ...) NOT-FOR-US: Princess Shopping (aka air.android.PrincessShopping) application for Android CVE-2014-5533 REJECTED CVE-2014-5532 (The Honolulu (aka adidas.jp.android.running.honolulu) application 2 fo ...) NOT-FOR-US: Honolulu (aka adidas.jp.android.running.honolulu) application for Android CVE-2014-5531 (The Abode (aka abode.webview) application 1.7 for Android does not ver ...) NOT-FOR-US: Abode (aka abode.webview) application for Android CVE-2014-5530 REJECTED CVE-2014-5529 (The Gameloft library for Android does not verify X.509 certificates fr ...) NOT-FOR-US: Gameloft library for Android CVE-2014-5528 (The Appsflyer library for Android does not verify X.509 certificates f ...) NOT-FOR-US: Appsflyer library for Android CVE-2014-5527 (The Tapjoy library for Android does not verify X.509 certificates from ...) NOT-FOR-US: Tapjoy library for Android CVE-2014-5526 (The Inmobi library for Android does not verify X.509 certificates from ...) NOT-FOR-US: Inmobi library for Android CVE-2014-5525 (The MoMinis library for Android does not verify X.509 certificates fro ...) NOT-FOR-US: MoMinis library for Android CVE-2014-5524 (The Adcolony library for Android does not verify X.509 certificates fr ...) NOT-FOR-US: Adcolony library for Android CVE-2014-5523 REJECTED CVE-2014-5522 REJECTED CVE-2014-5521 (plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows ...) NOT-FOR-US: XRMS CRM CVE-2014-5520 (SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remot ...) NOT-FOR-US: XRMS CRM CVE-2014-5518 RESERVED CVE-2014-5517 RESERVED CVE-2014-5516 (Cross-site request forgery (CSRF) vulnerability in the Storefront Appl ...) NOT-FOR-US: KonaKart CVE-2014-5515 RESERVED - ntopng 1.2.1+dfsg1-1 (bug #760990) CVE-2014-5514 RESERVED - ntopng 1.2.1+dfsg1-1 (bug #760990) CVE-2014-5513 RESERVED - ntopng 1.2.1+dfsg1-1 (bug #760990) CVE-2014-5512 RESERVED - ntopng 1.2.1+dfsg1-1 (bug #760990) CVE-2014-5511 RESERVED - ntopng 1.2.1+dfsg1-1 (bug #760990) CVE-2014-5510 RESERVED CVE-2014-5508 (Multiple integer overflows in the HelpServ module (mod-helpserv.c) in ...) NOT-FOR-US: srvx (irc services) CVE-2014-5507 (iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Co ...) NOT-FOR-US: iBackup CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote attacke ...) NOT-FOR-US: SAP Crystal Reports CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows remote attac ...) NOT-FOR-US: SAP Crystal Reports CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses "static" credentials, ...) NOT-FOR-US: SolarWinds CVE-2014-5503 (SQL injection vulnerability in the Guest Login Portal in the Sophos Cy ...) NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows ...) NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos Cybe ...) NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5500 (Synacor Zimbra Collaboration before 8.0.8 has XSS. ...) NOT-FOR-US: Synacor Zimbra Collaboration CVE-2014-5499 RESERVED CVE-2014-5498 RESERVED CVE-2014-5497 RESERVED CVE-2014-5496 RESERVED CVE-2014-5495 RESERVED CVE-2014-5494 RESERVED CVE-2014-5493 RESERVED CVE-2014-5492 RESERVED CVE-2014-5491 RESERVED CVE-2014-5490 RESERVED CVE-2014-5489 RESERVED CVE-2014-5488 RESERVED CVE-2014-5487 RESERVED CVE-2014-5486 RESERVED CVE-2014-5485 RESERVED CVE-2014-5484 RESERVED CVE-2014-5483 RESERVED CVE-2014-5482 RESERVED CVE-2014-5481 RESERVED CVE-2014-5480 RESERVED CVE-2014-5479 RESERVED CVE-2014-5478 RESERVED CVE-2014-5477 RESERVED CVE-2014-5476 RESERVED CVE-2014-5475 RESERVED CVE-2014-5474 RESERVED CVE-2014-5473 RESERVED CVE-2014-5470 RESERVED CVE-2014-5469 RESERVED CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...) NOT-FOR-US: Railo CVE-2014-5467 RESERVED CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk We ...) NOT-FOR-US: Splunk CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the Downloa ...) NOT-FOR-US: WordPress plugin Download Shortcode CVE-2014-5463 RESERVED CVE-2014-5462 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and ...) NOT-FOR-US: OpenEMR CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow Gall ...) NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress CVE-2014-6269 (Multiple integer overflows in the http_request_forward_body function i ...) - haproxy 1.5.4-1 [squeeze] - haproxy (Vulnerable code not present) NOTE: http://article.gmane.org/gmane.comp.web.haproxy/17726 NOTE: http://article.gmane.org/gmane.comp.web.haproxy/18097 NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c CVE-2014-5256 (Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider th ...) - nodejs 0.10.38~dfsg-1 (unimportant; bug #760385) CVE-2014-7402 (The SK encar (aka com.encardirect.app) application @7F050000 for Andro ...) NOT-FOR-US: SK encar (aka com.encardirect.app) application for Android CVE-2014-6070 (Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnal ...) - loganalyzer 3.6.6+dfsg-1 (bug #760372) CVE-2014-6029 (TorrentFlux 2.4 allows remote authenticated users to delete or modify ...) - torrentflux (bug #759573) [wheezy] - torrentflux (Minor issue) [squeeze] - torrentflux (Minor issue) CVE-2014-6028 (TorrentFlux 2.4 allows remote authenticated users to obtain other user ...) - torrentflux (bug #759573) [wheezy] - torrentflux (Minor issue) [squeeze] - torrentflux (Minor issue) CVE-2014-6027 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 ...) - torrentflux (bug #759574) [wheezy] - torrentflux (Minor issue) [squeeze] - torrentflux (Minor issue) CVE-2014-6040 (GNU C Library (aka glibc) before 2.20 allows context-dependent attacke ...) {DSA-3142-1 DLA-97-1} - glibc 2.19-12 - eglibc [wheezy] - eglibc (Will be fixed in a point update) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17325 NOTE: https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html CVE-2014-5519 (The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execut ...) - phpwiki CVE-2014-5509 (clipedit in the Clipboard module for Perl allows local users to delete ...) - libclipboard-perl (Fixed with initial upload to Debian) CVE-2014-5458 (SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remo ...) NOT-FOR-US: php-sqrl CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-R ...) NOT-FOR-US: QNAP CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module be ...) NOT-FOR-US: Drupal Social Stats module CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service pr ...) NOT-FOR-US: PrivateTunnel as bundled in OpenVPN CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in S ...) NOT-FOR-US: SAS Visual Analytics CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Ful ...) NOT-FOR-US: Ubisoft Uplay PC CVE-2014-5452 (CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibili ...) NOT-FOR-US: HL7 C-CDA CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in manager/templates/default/ ...) NOT-FOR-US: MODX Revolution CVE-2014-5446 (Directory traversal vulnerability in the DisplayChartPDF servlet in ZO ...) NOT-FOR-US: ZOHO CVE-2014-5445 (Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine ...) NOT-FOR-US: ZOHO CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning when a TLS ...) - geary 0.6.3-1 NOTE: Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=713247 NOTE: Upstream fix: https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e CVE-2014-5442 RESERVED CVE-2014-5441 (Multiple cross-site scripting (XSS) vulnerabilities in app/views/layou ...) NOT-FOR-US: Fat Free CRM CVE-2014-5440 (SQL injection vulnerability in Login.aspx in MPEX Business Solutions M ...) NOT-FOR-US: MX-SmartTimer CVE-2014-5439 (Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit ...) {DLA-713-1} - sniffit 0.3.7.beta-20 (bug #845122) [jessie] - sniffit 0.3.7.beta-17+deb8u1 NOTE: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT ...) NOT-FOR-US: Arris Touchstone CVE-2014-5437 (Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS To ...) NOT-FOR-US: Arris Touchstone CVE-2014-5436 (A directory traversal vulnerability exists in the confd.exe module in ...) NOT-FOR-US: Honeywell CVE-2014-5435 (An arbitrary memory write vulnerability exists in the dual_onsrv.exe m ...) NOT-FOR-US: Honeywell CVE-2014-5434 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...) NOT-FOR-US: Baxter SIGMA Spectrum Infusion System CVE-2014-5433 (An unauthenticated remote attacker may be able to execute commands to ...) NOT-FOR-US: Baxter SIGMA Spectrum Infusion System CVE-2014-5432 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...) NOT-FOR-US: Baxter SIGMA Spectrum Infusion System CVE-2014-5431 (Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) wi ...) NOT-FOR-US: Baxter SIGMA Spectrum Infusion System CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before 5.6 ...) NOT-FOR-US: ABB RobotStudio CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and ...) NOT-FOR-US: Elipse SCADA CVE-2014-5428 (Unrestricted file upload vulnerability in unspecified web services in ...) NOT-FOR-US: Johnson Controls Metasys CVE-2014-5427 (Johnson Controls Metasys 4.1 through 6.5, as used in Application and D ...) NOT-FOR-US: Johnson Controls Metasys CVE-2014-5426 (MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attack ...) NOT-FOR-US: MatrikonOPC CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...) NOT-FOR-US: IOServer CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before 7.00.0 ...) NOT-FOR-US: Rockwell Automation Connected Components Workbench CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0. ...) NOT-FOR-US: CareFusion CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0. ...) NOT-FOR-US: CareFusion CVE-2014-5421 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and ...) NOT-FOR-US: CareFusion CVE-2014-5420 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0. ...) NOT-FOR-US: CareFusion CVE-2014-5419 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...) NOT-FOR-US: GE Multilink CVE-2014-5418 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...) NOT-FOR-US: GE Multilink CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmwa ...) NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices CVE-2014-5416 REJECTED CVE-2014-5415 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device Sp ...) NOT-FOR-US: Beckhoff Embedded PC image CVE-2014-5414 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device Sp ...) NOT-FOR-US: Beckhoff Embedded PC image CVE-2014-5413 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 throug ...) NOT-FOR-US: Schneider Electric CVE-2014-5412 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 throug ...) NOT-FOR-US: Schneider Electric CVE-2014-5411 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider Elect ...) NOT-FOR-US: Schneider Electric CVE-2014-5410 (The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 ...) NOT-FOR-US: MicroLogix controller CVE-2014-5409 (The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE D ...) NOT-FOR-US: GE Digital Energy Hydran CVE-2014-5408 (Cross-site scripting (XSS) vulnerability in the login script in the Wi ...) NOT-FOR-US: Nordex Control 2 CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2. ...) NOT-FOR-US: Schneider Electric CVE-2014-5406 (The Hospira LifeCare PCA Infusion System before 7.0 does not validate ...) NOT-FOR-US: Hospira LifeCare CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to contr ...) NOT-FOR-US: Hospira MedNet CVE-2014-5404 REJECTED CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protec ...) NOT-FOR-US: Hospira MedNet CVE-2014-5402 REJECTED CVE-2014-5401 (Hospira MedNet software version 5.8 and prior uses vulnerable versions ...) NOT-FOR-US: Hospira CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places clearte ...) NOT-FOR-US: Hospira MedNet CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware Informati ...) NOT-FOR-US: Schneider Electric CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...) NOT-FOR-US: Schneider Electric CVE-2014-5397 (Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderw ...) NOT-FOR-US: Schneider Electric CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...) NOT-FOR-US: Schrack Technik microControl CVE-2014-5395 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei H ...) NOT-FOR-US: Huawei Routers CVE-2014-5394 (Multiple Huawei Campus switches allow remote attackers to enumerate us ...) NOT-FOR-US: Huawei CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations Cente ...) NOT-FOR-US: JobScheduler CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before 1.6.424 ...) NOT-FOR-US: JobScheduler CVE-2014-5391 (Cross-site scripting (XSS) vulnerability in the JobScheduler Operation ...) NOT-FOR-US: JobScheduler CVE-2014-5390 RESERVED CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the Conte ...) NOT-FOR-US: WordPress plugin Content Audit CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine be ...) NOT-FOR-US: EllisLab ExpressionEngine Core CVE-2014-5386 (The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cp ...) NOT-FOR-US: Facebook HipHop Virtual Machine CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 ...) NOT-FOR-US: Shopizer CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...) NOT-FOR-US: iconv system library of FreeBSD and NetBSD CVE-2014-5383 (SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...) {DLA-103-1} - linux 3.16.2-1 [wheezy] - linux 3.2.63-1 - linux-2.6 NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88 NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 NOTE: commit contained first in v3.17-rc2 CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal ...) {DLA-103-1} - linux 3.16.2-1 [wheezy] - linux 3.2.63-1 - linux-2.6 NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88 NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 NOTE: commit contained first in v3.17-rc2 CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic classific ...) - ntopng 1.2.1+dfsg1-1 (bug #760990) NOTE: http://seclists.org/fulldisclosure/2014/Aug/65 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ...) - php5 (unimportant; bug #682157; bug #759282) NOTE: Although #682157 and #759282 got closed the issues with unsafe use of NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36 NOTE: Neutralised by kernel hardening CVE-2014-5450 (Zarafa Collaboration Platform 4.1 uses world-readable permissions for ...) - zarafa (bug #658433) CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for th ...) - zarafa (bug #658433) CVE-2014-5448 (Zarafa 5.00 uses world-readable permissions for the files in the log d ...) - zarafa (bug #658433) CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644 ...) - zarafa (bug #658433) CVE-2014-5443 (Seafile Server before 3.1.2 and Server Professional Edition before 3.1 ...) - seafile (Fixed before initial upload to the archive) CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug inte ...) - qemu 2.1+dfsg-5 [squeeze] - qemu (Introduced in 1.7) [wheezy] - qemu (Introduced in 1.7) - qemu-kvm [squeeze] - qemu-kvm (Introduced in 1.7) [wheezy] - qemu-kvm (Introduced in 1.7) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091 CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Schrack Technik microControl CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...) NOT-FOR-US: Grand MA 300 CVE-2014-5380 (Grand MA 300 allows retrieval of the access PIN from sniffed data. ...) NOT-FOR-US: Grand MA 300 CVE-2014-5379 RESERVED CVE-2014-5378 RESERVED CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 bui ...) NOT-FOR-US: ManageEngine DeviceExpert CVE-2014-5376 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-ge ...) NOT-FOR-US: Adaptive Computing Moab CVE-2014-5375 (The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 ...) NOT-FOR-US: Adaptive Computing Moab CVE-2014-5374 RESERVED CVE-2014-5373 RESERVED CVE-2014-5372 RESERVED CVE-2014-5371 RESERVED CVE-2014-5370 (Directory traversal vulnerability in the CFChart servlet (com.naryx.ta ...) NOT-FOR-US: New Atlanta BlueDragon CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption ...) - enigmail 2:1.7.2-1 [wheezy] - enigmail (Introduced in 1.7) [squeeze] - enigmail (Introduced in 1.7) NOTE: http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#b315 NOTE: and http://sourceforge.net/p/enigmail/bugs/294/ NOTE: fixed in 1.7.1 and 1.8.0 upstream (not yet released) CVE-2014-5367 REJECTED CVE-2014-5366 RESERVED CVE-2014-5365 RESERVED CVE-2014-5364 RESERVED CVE-2014-5363 RESERVED CVE-2014-5362 (The admin interface in Landesk Management Suite 9.6 and earlier allows ...) NOT-FOR-US: LANDesk Management Suite CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk ...) NOT-FOR-US: LANDesk Management Suite CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in LAN ...) NOT-FOR-US: LANDESK Management Suite CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service (S ...) NOT-FOR-US: SafeNet Authentication Service CVE-2014-5358 RESERVED CVE-2014-5357 RESERVED CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a kr ...) {DLA-1265-1} - krb5 1.12.1+dfsg-18 (bug #778647) [squeeze] - krb5 (Minor issue) NOTE: Upstream commit: https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec CVE-2014-5354 (plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka ...) - krb5 1.12.1+dfsg-16 (bug #773228) [wheezy] - krb5 (do not expose a way for principal entries to have no long-term key material) [squeeze] - krb5 (do not expose a way for principal entries to have no long-term key material) NOTE: Upstream commit: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16 CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap ...) {DLA-1265-1} - krb5 1.12.1+dfsg-16 (bug #773226) [squeeze] - krb5 (Minor issue, needs elevated privileges to trigger crash) NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3 CVE-2014-5352 (The krb5_gss_process_context_token function in lib/gssapi/krb5/process ...) {DSA-3153-1 DLA-146-1} - krb5 1.12.1+dfsg-17 CVE-2014-5351 (The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal. ...) {DLA-1265-1} - krb5 1.12.1+dfsg-10 (bug #762479) [squeeze] - krb5 (Minor issue) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018 NOTE: Upstream commit: https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca CVE-2014-5350 (Multiple directory traversal vulnerabilities in Bitdefender GravityZon ...) NOT-FOR-US: Bitdefender GravityZone CVE-2014-5349 (Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allo ...) NOT-FOR-US: Baidu Spark Browser CVE-2014-5348 (Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in ...) NOT-FOR-US: Riverbed Stingray Traffic Manager Virtual Appliance CVE-2014-5347 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Disq ...) NOT-FOR-US: Disqus Comment System plugin for WordPress CVE-2014-5346 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Disq ...) NOT-FOR-US: Disqus Comment System plugin for WordPress CVE-2014-5345 (Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus ...) NOT-FOR-US: Disqus Comment System plugin for WordPress CVE-2014-5344 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud (m ...) NOT-FOR-US: Mobiloud (mobiloud-mobile-app-plugin) plugin for WordPress CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...) NOT-FOR-US: Feng Office CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows re ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-5341 (The SFTP external storage driver (files_external) in ownCloud Server b ...) - owncloud 7~20140504+dfsg-1 NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019 CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...) - check-mk 1.2.6p4-1 (bug #758883) [wheezy] - check-mk (does not use pickle, vulnerable code not present) NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=192d41525502dc8de10ac99f57bd988450c17566 NOTE: introduces incompatible changes to older versions, see https://bugzilla.redhat.com/show_bug.cgi?id=1132337#c2 CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authent ...) - check-mk 1.2.6p4-1 (bug #758883) [wheezy] - check-mk (Vulnerable code not present) NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18 CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite c ...) - check-mk 1.2.6p4-1 (bug #758883) [wheezy] - check-mk (Minor issue) NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=076468b10e660abdeaaaa6c459a4aa3ce8e07 CVE-2014-5337 (The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not p ...) NOT-FOR-US: WordPress plugin Mobile Pack CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in innovaph ...) NOT-FOR-US: innovaphone PBX CVE-2014-5334 (FreeNAS before 9.3-M3 has a blank admin password, which allows remote ...) NOT-FOR-US: FreeNAS CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local ...) - linux (drivers/video/tegra not present) NOTE: http://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote attack ...) NOT-FOR-US: Aflax CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows remote att ...) NOT-FOR-US: BirdBlog CVE-2014-5329 RESERVED CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 router ...) NOT-FOR-US: Huawei router CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332 router ...) NOT-FOR-US: Huawei router CVE-2014-5326 (Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) ...) - dwr (bug #601517) CVE-2014-5325 (The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) X ...) - dwr (bug #601517) CVE-2014-5324 (Unrestricted file upload vulnerability in the N-Media file uploader pl ...) NOT-FOR-US: N-Media file uploader plugin for WordPress CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) applicatio ...) NOT-FOR-US: Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application for Android CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish fu ...) NOT-FOR-US: FileMaker Pro CVE-2014-5321 (FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.5 ...) NOT-FOR-US: FileMaker Pro CVE-2014-5320 (The Bump application for Android does not properly handle implicit int ...) NOT-FOR-US: Bump application for Android CVE-2014-5319 (Directory traversal vulnerability in the S-Link SLFileManager applicat ...) NOT-FOR-US: S-Link SLFileManager application for Android CVE-2014-5318 (The jigbrowser+ application 1.8.1 and earlier for iOS allows remote at ...) NOT-FOR-US: jigbrowser+ application for iOS CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 ...) NOT-FOR-US: php365.com components CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allo ...) - dotclear 2.6.4+dfsg-1 CVE-2014-5315 (Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acr ...) NOT-FOR-US: Adobe CVE-2014-5314 (Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 an ...) NOT-FOR-US: Cybozu Office CVE-2014-5313 (Cross-site scripting (XSS) vulnerability in the management page in Six ...) - movabletype-opensource [wheezy] - movabletype-opensource (Not supported in Wheezy) CVE-2014-5461 (Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5. ...) {DSA-3016-1 DSA-3015-1 DLA-47-1} - lua5.1 5.1.5-7 - lua5.2 5.2.3-1 NOTE: http://www.lua.org/bugs.html#5.2.2-1 NOTE: fixed in 5.2.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1132304#c7 CVE-2014-5368 (Directory traversal vulnerability in the file_get_contents function in ...) NOT-FOR-US: WordPress plugin wp-source-control CVE-2014-5333 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player NOTE: assignment not from Adobe, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-5333 CVE-2014-5356 (OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4 ...) - glance 2014.1.3-1 [wheezy] - glance (Vulnerable code not present) NOTE: Versions: up to 2013.2.3 and 2014.1 to 2014.1.2 CVE-2014-5336 (Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) ...) - monkey (low) [squeeze] - monkey (Minor issue) CVE-2014-5312 RESERVED CVE-2014-5311 RESERVED CVE-2014-5310 RESERVED CVE-2014-5309 RESERVED CVE-2014-5308 (Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote ...) NOT-FOR-US: TestLink CVE-2014-5307 (Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Pan ...) NOT-FOR-US: Panda Security CVE-2014-5306 RESERVED CVE-2014-5305 RESERVED CVE-2014-5304 RESERVED CVE-2014-5303 RESERVED CVE-2014-5302 (Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 ...) NOT-FOR-US: ManageEngine components CVE-2014-5301 (Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v ...) NOT-FOR-US: ManageEngine components CVE-2014-5300 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote ...) NOT-FOR-US: Adaptive Computing Moab CVE-2014-5299 RESERVED CVE-2014-5298 (FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on c ...) NOT-FOR-US: X2Engine CVE-2014-5297 (The actionSendErrorReport method in protected/controllers/SiteControll ...) NOT-FOR-US: X2Engine CVE-2014-5296 RESERVED CVE-2014-5295 RESERVED CVE-2014-5294 RESERVED CVE-2014-5293 RESERVED CVE-2014-5292 RESERVED CVE-2014-5291 RESERVED CVE-2014-5290 RESERVED CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...) NOT-FOR-US: Senkas Kolibri CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via uns ...) NOT-FOR-US: Kemp Load Master CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...) NOT-FOR-US: Kemp Load Master CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...) NOT-FOR-US: TIBCO CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO Spotfi ...) NOT-FOR-US: TIBCO Spotfire Server CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with pred ...) - ossec-hids (bug #361954) CVE-2014-5283 RESERVED CVE-2014-5282 (Docker before 1.3 does not properly validate image IDs, which allows r ...) - docker.io 1.3.0~dfsg1-1 CVE-2014-5281 RESERVED CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct cross-site req ...) NOT-FOR-US: boot2docker CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier improperly en ...) NOT-FOR-US: boot2docker CVE-2014-5278 (A vulnerability exists in Docker before 1.2 via container names, which ...) - docker.io 1.2.0~dfsg1-1 CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when ...) - docker.io 1.3.1~dfsg1-1 NOTE: https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion CVE-2014-5276 (Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms ...) NOT-FOR-US: Pro Chat Rooms CVE-2014-5275 (Multiple SQL injection vulnerabilities in includes/functions.php in Pr ...) NOT-FOR-US: Pro Chat Rooms CVE-2014-5264 RESERVED CVE-2014-5259 (Cross-site scripting (XSS) vulnerability in cattranslate.php in the Ca ...) NOT-FOR-US: BlackCat CMS CVE-2014-5258 (Directory traversal vulnerability in showTempFile.php in webEdition CM ...) NOT-FOR-US: webEdition CMS CVE-2014-5257 (Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms befor ...) NOT-FOR-US: Forma Lms CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows ...) NOT-FOR-US: MyBB CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_C ...) NOT-FOR-US: Shenzhen Tenda Technology Tenda A5s router CVE-2014-5245 RESERVED CVE-2014-5244 RESERVED CVE-2014-5239 (The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Andr ...) NOT-FOR-US: Microsoft CVE-2014-5238 (XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite ...) NOT-FOR-US: Open-Xchange CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the documentconver ...) NOT-FOR-US: Open-Xchange CVE-2014-5236 (Multiple absolute path traversal vulnerabilities in documentconverter ...) NOT-FOR-US: Open-Xchange CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...) NOT-FOR-US: Open-Xchange CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) NOT-FOR-US: Open-Xchange CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page i ...) - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) [wheezy] - phpmyadmin (vulnerable code not present) [squeeze] - phpmyadmin (vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-9/ NOTE: Version 3.x uses the browser-provided confirmation window and not custom HTML. CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) [wheezy] - phpmyadmin (vulnerable code not present) [squeeze] - phpmyadmin (vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-8/ NOTE: Most of the affected Javascript files do not exist on version 3.3 and 3.4. NOTE: Those that do do not contain the problematic code. CVE-2014-5268 (The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote att ...) NOT-FOR-US: Drupal addon CVE-2014-5250 (Unspecified vulnerability in the AJAX autocompletion callback in the B ...) NOT-FOR-US: Drupal addon CVE-2014-5249 (SQL injection vulnerability in the "Biblio self autocomplete" submodul ...) NOT-FOR-US: Drupal addon CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x be ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770 NOTE: Does not apply to Libav at all. CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in libavcodec/ ...) - ffmpeg (Vulnerable code not present) - libav 6:11-1 [wheezy] - libav (Vulnerable code not present) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803 NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1 NOTE: https://git.libav.org/?p=libav.git;a=commitdiff;h=45ce880a9b3e50cfa088f111dffaf8685bd7bc6b CVE-2014-5262 (SQL injection vulnerability in the graph settings script (graph_settin ...) {DSA-3007-1 DLA-40-1} - cacti 0.8.8b+dfsg-8 NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454 CVE-2014-5261 (The graph settings script (graph_settings.php) in Cacti 0.8.8b and ear ...) {DSA-3007-1 DLA-40-1} - cacti 0.8.8b+dfsg-8 NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454 CVE-2014-4274 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...) {DSA-3054-1 DLA-75-1} - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.39-1 - mysql-5.1 - percona-xtradb-cluster-5.5 NOTE: Fix MySQL: https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638 NOTE: Fix MariaDB: https://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/4261?sort=date#storage/myisam/ha_myisam.cc CVE-2014-5270 (Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...) {DSA-3073-1 DSA-3024-1 DLA-93-1 DLA-54-1} - gnupg 1.4.16-1 NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496 - libgcrypt11 1.5.4-1 - libgcrypt20 1.6.0-2 NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html CVE-2014-5267 (modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 ...) {DSA-2999-1} - drupal7 7.31-1 CVE-2014-5266 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...) {DSA-3001-1 DSA-2999-1 DLA-56-1} - wordpress 3.9.2+dfsg-1 (bug #757312) NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9 - drupal7 7.31-1 - drupal6 [squeeze] - drupal6 NOTE: https://www.drupal.org/SA-CORE-2014-004 CVE-2014-5265 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 a ...) {DSA-3001-1 DSA-2999-1 DLA-56-1} - wordpress 3.9.2+dfsg-1 (bug #757312) NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9 - drupal7 7.31-1 - drupal6 [squeeze] - drupal6 NOTE: https://www.drupal.org/SA-CORE-2014-004 CVE-2014-5253 (OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno befo ...) - keystone 2014.1.2.1-1 [wheezy] - keystone (Affects 2014.1 versions up to 2014.1.1) NOTE: https://launchpad.net/bugs/1349597 NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=317f9d34b4da20c21edd5b851889298b67c843e1 CVE-2014-5252 (The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 ...) - keystone 2014.1.2.1-1 [wheezy] - keystone (Affects 2014.1 versions up to 2014.1.1) NOTE: https://launchpad.net/bugs/1348820 NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae CVE-2014-5251 (The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x befor ...) - keystone 2014.1.2.1-1 [wheezy] - keystone (Affects 2014.1 versions up to 2014.1.1) NOTE: https://launchpad.net/bugs/1347961 NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6cbf835542d62e6e5db4b4aef7141b1731cad9dc CVE-2014-5263 (vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not termina ...) - qemu 2.1+dfsg-1 [wheezy] - qemu (Vulnerable code introduced in v1.6.0) [squeeze] - qemu (Vulnerable code introduced in v1.6.0) - qemu-kvm (Vulnerable code not present) NOTE: patch http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56 CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash charact ...) {DLA-61-1} - libplack-perl 1.0031-1 [wheezy] - libplack-perl 0.9989-1+deb7u1 NOTE: https://github.com/plack/Plack/issues/405 CVE-2014-5255 (xcfa before 5.0.1 creates temporary files insecurely which could allow ...) - xcfa 5.0.1-1 (unimportant; bug #756600) NOTE: Neutralised by kernel temp hardening CVE-2014-5254 (xcfa before 5.0.1 creates temporary files insecurely which could allow ...) - xcfa 5.0.1-1 (unimportant; bug #756600) NOTE: Not exploitable with kernel hardening since wheezy CVE-2014-XXXX [Enforce use of HTTPS for MathJax in IPython] - ipython 0.12-1 [wheezy] - ipython (Minor issue) [squeeze] - ipython (Affects versions <= 2.1 and >= 0.12) NOTE: https://github.com/ipython/ipython/issues/6246 NOTE: patch: https://github.com/ipython/ipython/commit/f58dabb277d0cdfb603d46cd01fcf29819ae7613 NOTE: in Debian patch to use mathjax from system was added right away in version 0.12 CVE-2014-5260 (The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow ...) - libxml-dt-perl 0.66-1 (bug #756566) [wheezy] - libxml-dt-perl (Minor issue) [squeeze] - libxml-dt-perl (Vulnerable code introduced later) CVE-2014-6060 (The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allow ...) - dhcpcd5 6.0.5-2 (low; bug #770043) [wheezy] - dhcpcd5 5.5.6-1+deb7u1 - dhcpcd (Affects dhcpcd 4.0.0 to 6.4.2) NOTE: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0 CVE-2014-5243 (MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.2 ...) {DSA-3011-1} - mediawiki 1:1.19.18+dfsg-0.1 (bug #758510) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65778 CVE-2014-5242 (Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagin ...) - mediawiki (Vulnerable code not present) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=66608 NOTE: Introduced in 1.22wmf14, https://bugzilla.wikimedia.org/show_bug.cgi?id=66608#c18 CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki befo ...) {DSA-3011-1} - mediawiki 1:1.19.18+dfsg-0.1 (bug #758510) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=68187 CVE-2014-5233 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient CVE-2014-5232 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient CVE-2014-5231 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...) NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient CVE-2014-5230 REJECTED CVE-2014-5229 REJECTED CVE-2014-5228 REJECTED CVE-2014-5227 REJECTED CVE-2014-5226 REJECTED CVE-2014-5225 REJECTED CVE-2014-5224 REJECTED CVE-2014-5223 REJECTED CVE-2014-5222 REJECTED CVE-2014-5221 REJECTED CVE-2014-5220 (The mdcheck script of the mdadm package for openSUSE 13.2 prior to ver ...) - mdadm 3.3.4-1 (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=910500 NOTE: https://github.com/mapcollab/mdadm/commit/979b1feb093b1c2e0f8b58716329f2da092741d4 NOTE: misc/mdcheck not installed into binary packages CVE-2014-5219 RESERVED CVE-2014-5218 RESERVED CVE-2014-5217 (Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc ...) NOT-FOR-US: NetIQ Access Manager CVE-2014-5216 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Ma ...) NOT-FOR-US: NetIQ Access Manager CVE-2014-5215 (NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenti ...) NOT-FOR-US: NetIQ Access Manager CVE-2014-5214 (nps/servlet/webacc in iManager in the Administration Console server in ...) NOT-FOR-US: NetIQ Access Manager CVE-2014-5213 (nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonito ...) NOT-FOR-US: Novell eDirectory CVE-2014-5212 (Cross-site scripting (XSS) vulnerability in nds/search/data in iMonito ...) NOT-FOR-US: Novell eDirectory CVE-2014-5211 (Stack-based buffer overflow in the Attachmate Reflection FTP Client be ...) NOT-FOR-US: Attachmate Reflection FTP Client CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-5209 (An Information Disclosure vulnerability exists in NTP 4.2.7p25 private ...) - ntp 1:4.2.8p3+dfsg-1 [jessie] - ntp (can be worked around by disabling mode in configuration) NOTE: Starting with 4.2.8, mode 7 is marked as deprecated and disabled by default, NOTE: treat this as the fixed version here. NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=4eae26a46gF81Tr6RRrYnf6jWhVo0g NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=4eb4b512O-jx-s-epS2A75g9mitvfQ CVE-2014-5208 (BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 30 ...) NOT-FOR-US: Batch Management Packages in Yokogawa and Exaopc CVE-2014-5202 (Cross-site scripting (XSS) vulnerability in compfight-search.php in th ...) NOT-FOR-US: WordPress plugin compfight CVE-2014-5201 (SQL injection vulnerability in the Gallery Objects plugin 0.4 for Word ...) NOT-FOR-US: WordPress plugin gallery-objects CVE-2014-5200 (SQL injection vulnerability in game_play.php in the FB Gorilla plugin ...) NOT-FOR-US: WordPress plugin fbgorilla CVE-2014-5199 (Cross-site request forgery (CSRF) vulnerability in the WordPress File ...) NOT-FOR-US: WordPress plugin wp-file-upload CVE-2014-5198 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enter ...) NOT-FOR-US: Splunk CVE-2014-5197 (Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd ...) NOT-FOR-US: Splunk CVE-2014-5196 (Cross-site request forgery (CSRF) vulnerability in improved-user-searc ...) NOT-FOR-US: WordPress plugin improved-user-search-in-backend CVE-2014-5195 (Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not ...) - unity (bug #609278) CVE-2014-5194 (Static code injection vulnerability in admin/admin.php in Sphider 1.3. ...) NOT-FOR-US: Sphider CVE-2014-5193 (Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider ...) NOT-FOR-US: Sphider CVE-2014-5192 (SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows ...) NOT-FOR-US: Sphider CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin before ...) - ckeditor 4.4.4+dfsg1-1 (bug #760736) [wheezy] - ckeditor (Preview plugin not yet present) [squeeze] - ckeditor (Preview plugin not yet present) CVE-2014-5190 (Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/i ...) NOT-FOR-US: WordPress plugin SI CAPTCHA Anti-Spam CVE-2014-5189 (SQL injection vulnerability in lib/optin/optin_page.php in the Lead Oc ...) NOT-FOR-US: WordPress plugin Lead-Octopus-Power CVE-2014-5188 (Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyr ...) NOT-FOR-US: Lyris ListManager CVE-2014-5187 (Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1. ...) NOT-FOR-US: WordPress plugin tom-m8te CVE-2014-5186 (SQL injection vulnerability in the All Video Gallery (all-video-galler ...) NOT-FOR-US: WordPress plugin all-video-gallery CVE-2014-5185 (SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress ...) NOT-FOR-US: WordPress plugin quartz CVE-2014-5184 (SQL injection vulnerability in the stripshow-storylines page in the st ...) NOT-FOR-US: WordPress plugin stripshow CVE-2014-5183 (SQL injection vulnerability in includes/mode-edit.php in the Simple Re ...) NOT-FOR-US: WordPress plugin simple-retail-menus CVE-2014-5182 (Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for Wor ...) NOT-FOR-US: WordPress plugin yawpp CVE-2014-5181 (Directory traversal vulnerability in lastfm-proxy.php in the Last.fm R ...) NOT-FOR-US: WordPress plugin lastfm-rotation CVE-2014-5180 (SQL injection vulnerability in the videos page in the HDW Player Plugi ...) NOT-FOR-US: WordPress plugin hdw-player-video-player-video-gallery CVE-2014-5178 (Multiple cross-site scripting (XSS) vulnerabilities in Easy File Shari ...) NOT-FOR-US: Easy File Sharing CVE-2014-5176 (SAP FI Manager Self-Service has a hard-coded user name, which makes it ...) NOT-FOR-US: SAP CVE-2014-5175 (The License Measurement servlet in SAP Solution Manager 7.1 allows rem ...) NOT-FOR-US: SAP CVE-2014-5174 (The SAP Netweaver Business Warehouse component does not properly restr ...) NOT-FOR-US: SAP CVE-2014-5173 (SAP HANA Extend Application Services (XS) allows remote attackers to b ...) NOT-FOR-US: SAP CVE-2014-5172 (Multiple cross-site scripting (XSS) vulnerabilities in the XS Administ ...) NOT-FOR-US: SAP CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt transmissio ...) NOT-FOR-US: SAP CVE-2014-5207 (fs/namespace.c in the Linux kernel through 3.16.1 does not properly re ...) - linux 3.16.2-1 [wheezy] - linux (User namespaces only usable in later kernels) - linux-2.6 (User namespaces only usable in later kernels) NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705 (v3.17-rc1) NOTE: and: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e (v3.17-rc1) NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c55cfc4166d9a0f38de779bd4d75a90afbe7734 (v3.8) NOTE: Thread starting at https://www.openwall.com/lists/oss-security/2014/08/12/6 CVE-2014-5206 (The do_remount function in fs/namespace.c in the Linux kernel through ...) - linux 3.16.2-1 [wheezy] - linux (User namespaces only usable in later kernels) - linux-2.6 (User namespaces only usable in later kernels) NOTE: https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130 NOTE: Thread starting at https://www.openwall.com/lists/oss-security/2014/08/12/6 CVE-2014-5247 (The _UpgradeBeforeConfigurationChange function in lib/client/gnt_clust ...) - ganeti 2.11.5-1 [wheezy] - ganeti (Vulnerable code not present) [squeeze] - ganeti (Vulnerable code not present) NOTE: http://www.ocert.org/advisories/ocert-2014-006.html CVE-2014-5240 (Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ...) {DSA-3001-1 DLA-56-1} - wordpress 3.9.2+dfsg-1 (bug #757312) NOTE: https://core.trac.wordpress.org/changeset/29398 CVE-2014-5205 (wp-includes/pluggable.php in WordPress before 3.9.2 does not use delim ...) {DSA-3001-1 DLA-56-1} - wordpress 3.9.2+dfsg-1 (bug #757312) NOTE: https://core.trac.wordpress.org/changeset/29408 CVE-2014-5204 (wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CS ...) {DSA-3001-1 DLA-56-1} - wordpress 3.9.2+dfsg-1 (bug #757312) NOTE: https://core.trac.wordpress.org/changeset/29384 CVE-2014-5203 (wp-includes/class-wp-customize-widgets.php in the widget implementatio ...) - wordpress 3.9.2+dfsg-1 (bug #757312) [wheezy] - wordpress (Vulnerable code not present) [squeeze] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/29389 CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1 ...) - subversion 1.8.10-1 (low) [squeeze] - subversion (Minor issue) [wheezy] - subversion (Minor issue) NOTE: http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E CVE-2014-5179 (The freelinking module for Drupal, as used in the Freelinking for Case ...) NOT-FOR-US: drupal6-freelinking module CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access con ...) - libvirt 1.2.4-1 (low) [wheezy] - libvirt (Not exploitable in that version) [squeeze] - libvirt (Not exploitable in that version) NOTE: http://security.libvirt.org/2014/0003.html CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might allow remot ...) NOT-FOR-US: Storage API module for Drupal CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module before 7.x ...) NOT-FOR-US: Drupal module Date CVE-2014-5168 RESERVED CVE-2014-5167 RESERVED CVE-2014-5166 RESERVED CVE-2014-5165 (The dissect_ber_constrained_bitstring function in epan/dissectors/pack ...) {DSA-3002-1} - wireshark 1.12.0+git+4fab41a1-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: http://www.wireshark.org/security/wnpa-sec-2014-11.html CVE-2014-5164 (The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC ...) {DSA-3002-1} - wireshark 1.12.0+git+4fab41a1-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: http://www.wireshark.org/security/wnpa-sec-2014-10.html CVE-2014-5163 (The APN decode functionality in (1) epan/dissectors/packet-gtp.c and ( ...) {DSA-3002-1 DLA-38-1} - wireshark 1.12.0+git+4fab41a1-1 [squeeze] - wireshark 1.2.11-6+squeeze15 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-09.html CVE-2014-5162 (The read_new_line function in wiretap/catapult_dct2000.c in the Catapu ...) {DSA-3002-1 DLA-38-1} - wireshark 1.12.0+git+4fab41a1-1 [squeeze] - wireshark 1.2.11-6+squeeze15 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html CVE-2014-5161 (The dissect_log function in plugins/irda/packet-irda.c in the IrDA dis ...) {DSA-3002-1 DLA-38-1} - wireshark 1.12.0+git+4fab41a1-1 [squeeze] - wireshark 1.2.11-6+squeeze15 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...) NOT-FOR-US: HP Data Protector CVE-2014-5159 (SQL injection vulnerability in the ossim-framework service in AlienVau ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-5158 (The (1) av-centerd SOAP service and (2) backup command in the ossim-fr ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-5157 REJECTED CVE-2014-5156 RESERVED CVE-2014-5155 RESERVED CVE-2014-5154 RESERVED CVE-2014-5153 RESERVED CVE-2014-5152 RESERVED CVE-2014-5151 RESERVED CVE-2014-5150 RESERVED CVE-2014-5149 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when ...) - xen 4.4.1-4 (low; bug #770230) [wheezy] - xen (Minor issue, too intrusive to backport) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-5148 (Xen 4.4.x, when running on an ARM system and "handling an unknown syst ...) - xen 4.4.1-1 [wheezy] - xen (Vulnerable code not present) [squeeze] - xen (Vulnerable code not present) CVE-2014-5147 (Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not pro ...) - xen 4.4.1-1 [wheezy] - xen (Vulnerable code not present) [squeeze] - xen (Vulnerable code not present) CVE-2014-5146 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x befor ...) - xen 4.4.1-4 (low; bug #770230) [wheezy] - xen (Minor issue, too intrusive to backport) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-5145 RESERVED CVE-2014-5144 (Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 all ...) NOT-FOR-US: Qualcomm driver for Android CVE-2014-5143 RESERVED CVE-2014-5142 RESERVED CVE-2014-5141 RESERVED CVE-2014-5140 (The bindReplace function in the query factory in includes/classes/data ...) NOT-FOR-US: Loaded Commerce CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 befo ...) {DSA-2998-1} - openssl 1.0.1i-1 [squeeze] - openssl (vulnerable code not present) CVE-2014-5138 (Innovative Interfaces Sierra Library Services Platform 1.2_3 does not ...) NOT-FOR-US: Sierra Library Services Platform CVE-2014-5137 (Innovative Interfaces Sierra Library Services Platform 1.2_3 provides ...) NOT-FOR-US: Sierra Library Services Platform CVE-2014-5136 (Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sier ...) NOT-FOR-US: Sierra Library Services Platform CVE-2014-5135 RESERVED CVE-2014-5134 RESERVED CVE-2014-5133 RESERVED CVE-2014-5132 (Avolve Software ProjectDox 8.1 allows remote attackers to enumerate us ...) NOT-FOR-US: ProjectDox CVE-2014-5131 (Avolve Software ProjectDox 8.1 makes it easier for remote authenticate ...) NOT-FOR-US: ProjectDox CVE-2014-5130 (Avolve Software ProjectDox 8.1 allows remote authenticated users to ob ...) NOT-FOR-US: ProjectDox CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox ...) NOT-FOR-US: ProjectDox CVE-2014-5128 (Innovative Interfaces Encore Discovery Solution 4.3 places a session t ...) NOT-FOR-US: Innovative Interfaces Encore Discovery Solution CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore Discovery ...) NOT-FOR-US: Innovative Interfaces Encore Discovery Solution CVE-2014-5126 RESERVED CVE-2014-5125 RESERVED CVE-2014-5124 RESERVED CVE-2014-5123 RESERVED CVE-2014-5122 (Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows re ...) NOT-FOR-US: ArcGIS CVE-2014-5121 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...) NOT-FOR-US: ArcGIS CVE-2014-5120 (gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x befo ...) - php5 5.4.0-1 [squeeze] - php5 (Introduced in 5.4) - libgd2 (Specific to integration of gd in PHP) NOTE: https://bugs.php.net/bug.php?id=67730 NOTE: https://bugs.php.net/patch-display.php?bug_id=67730&patch=gd-null-injection&revision=latest NOTE: For the PHP5 5.4 branch this issue is fixed in version 5.4.32 NOTE: fixed in Debian with the gdIOCtx.patch patch CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote atta ...) NOT-FOR-US: DirPHP CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attac ...) NOT-FOR-US: WeBid Auction Script CVE-2014-5113 (Multiple cross-site scripting (XSS) vulnerabilities in test.php in Vis ...) NOT-FOR-US: Visualwave MyConnection Server CVE-2014-5112 (maint/modules/home/index.php in Fonality trixbox allows remote attacke ...) NOT-FOR-US: Fonality trixbox CVE-2014-5111 (Multiple directory traversal vulnerabilities in Fonality trixbox allow ...) NOT-FOR-US: Fonality trixbox CVE-2014-5110 (Cross-site scripting (XSS) vulnerability in user/help/html/index.php i ...) NOT-FOR-US: Fonality trixbox CVE-2014-5109 (SQL injection vulnerability in maint/modules/endpointcfg/endpoint_gene ...) NOT-FOR-US: Fonality trixbox CVE-2014-5108 (Cross-site scripting (XSS) vulnerability in single_pages\download_file ...) NOT-FOR-US: concrete5 CVE-2014-5107 (concrete5 before 5.6.3 allows remote attackers to obtain the installat ...) NOT-FOR-US: concrete5 CVE-2014-5106 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (a ...) NOT-FOR-US: Invision Power IP.Board CVE-2014-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1 ...) NOT-FOR-US: ol-commerce CVE-2014-5104 (Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remo ...) NOT-FOR-US: ol-commerce CVE-2014-5103 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog ...) NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer CVE-2014-5102 (SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 a ...) NOT-FOR-US: vBulletin CVE-2014-5101 (Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 all ...) NOT-FOR-US: WeBid Auction Script CVE-2014-5100 (Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka be ...) NOT-FOR-US: Omeka CVE-2014-5099 RESERVED CVE-2014-5098 (Cross-site scripting (XSS) vulnerability in the Search module before 1 ...) NOT-FOR-US: Jamroom Search module CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR ...) NOT-FOR-US: ArticleFR CVE-2014-5096 RESERVED CVE-2014-5095 RESERVED CVE-2014-5094 (Status2k allows remote attackers to obtain configuration information v ...) NOT-FOR-US: Status2k CVE-2014-5093 (Status2k does not remove the install directory allowing credential res ...) NOT-FOR-US: Status2k CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...) NOT-FOR-US: Status2k CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring Software via t ...) NOT-FOR-US: Status2K Server Monitoring Software CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...) NOT-FOR-US: Status2k CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k allo ...) NOT-FOR-US: Status2k CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote att ...) NOT-FOR-US: Status2k CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to ...) NOT-FOR-US: Sphider Search Engine CVE-2014-5086 (A Command Execution vulnerability exists in Sphider Pro, and Sphider P ...) NOT-FOR-US: Sphider CVE-2014-5085 (A Command Execution vulnerability exists in Sphider Plus 3.2 due to in ...) NOT-FOR-US: Sphider CVE-2014-5084 (A Command Execution vulnerability exists in Sphider Pro 3.2 due to ins ...) NOT-FOR-US: Sphider CVE-2014-5083 (A Command Execution vulnerability exists in Sphider before 1.3.6 due t ...) NOT-FOR-US: Sphider CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1 ...) NOT-FOR-US: Sphider CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus pri ...) NOT-FOR-US: sphider CVE-2014-5080 RESERVED CVE-2014-5079 RESERVED CVE-2014-5078 RESERVED CVE-2014-5076 (The La Banque Postale application before 3.2.6 for Android does not pr ...) NOT-FOR-US: La Banque Postale application CVE-2014-5075 (The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x w ...) - libsmack-java (bug #640873) CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow rem ...) NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allo ...) NOT-FOR-US: VMTurbo Operations Manager CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security Audit L ...) NOT-FOR-US: WP Security Audit Log plugin for WordPress CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in Symmetric ...) NOT-FOR-US: Symmetricom CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain pr ...) NOT-FOR-US: Symmetricom CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 ...) NOT-FOR-US: Symmetricom CVE-2014-5068 (Directory traversal vulnerability in the web application in Symmetrico ...) NOT-FOR-US: Symmetricom CVE-2014-5067 RESERVED CVE-2014-5066 RESERVED CVE-2014-5065 RESERVED CVE-2014-5064 RESERVED CVE-2014-5063 RESERVED CVE-2014-5062 RESERVED CVE-2014-5061 RESERVED CVE-2014-5060 RESERVED CVE-2014-5059 RESERVED CVE-2014-5058 RESERVED CVE-2014-5057 RESERVED CVE-2014-5056 RESERVED CVE-2014-5055 RESERVED CVE-2014-5054 RESERVED CVE-2014-5053 RESERVED CVE-2014-5052 RESERVED CVE-2014-5051 RESERVED CVE-2014-5050 RESERVED CVE-2014-5049 RESERVED CVE-2014-5048 RESERVED CVE-2014-5047 RESERVED CVE-2014-5046 RESERVED CVE-2014-5118 (Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vul ...) NOT-FOR-US: tboot CVE-2014-5117 (Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...) {DSA-2993-1 DLA-17-1} - tor 0.2.4.23-1 [squeeze] - tor 0.2.4.23-1~deb6u1 CVE-2014-5116 (The cairo_image_surface_get_data function in Cairo 1.10.2, as used in ...) NOTE: This is non-security bug in Wireshark, not in Cairo CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ke ...) {DLA-103-1} - linux 3.14.15-1 [wheezy] - linux 3.2.63-1 - linux-2.6 NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/ CVE-2014-5043 REJECTED CVE-2014-5042 RESERVED CVE-2014-5041 RESERVED CVE-2014-5040 (HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2. ...) - eucalyptus CVE-2014-5039 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...) NOT-FOR-US: Eucalyptus Management Console (relates to src:eucalyptus) CVE-2014-5038 (Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or ...) - eucalyptus CVE-2014-5037 (Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, log ...) - eucalyptus CVE-2014-5036 (The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0. ...) - eucalyptus CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers ...) NOT-FOR-US: Opendaylight CVE-2014-5034 (Cross-site request forgery (CSRF) vulnerability in the Brute Force Log ...) NOT-FOR-US: Brute Force Login Protection module for WordPress CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers ...) - gitlist (bug #750368) CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in commo ...) - limesurvey (bug #472802) CVE-2014-5017 (SQL injection vulnerability in CPDB in application/controllers/admin/p ...) - limesurvey (bug #472802) CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05 ...) - limesurvey (bug #472802) CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows ...) NOT-FOR-US: WordPress Flash Uploader plugin for WordPress CVE-2014-5013 (DOMPDF before 0.6.2 allows remote code execution, a related issue to C ...) - php-dompdf 0.6.2+dfsg-1 (bug #813849) [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1 NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 CVE-2014-5012 (DOMPDF before 0.6.2 allows denial of service. ...) - php-dompdf 0.6.2+dfsg-1 (bug #813849) [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1 NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 CVE-2014-5011 (DOMPDF before 0.6.2 allows Information Disclosure. ...) - php-dompdf 0.6.2+dfsg-1 (bug #813849) [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1 NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 CVE-2014-5010 RESERVED CVE-2014-5007 (Directory traversal vulnerability in the agentLogUploader servlet in Z ...) NOT-FOR-US: ZOHO ManageEngine CVE-2014-5006 (Directory traversal vulnerability in ZOHO ManageEngine Desktop Central ...) NOT-FOR-US: ZOHO ManageEngine CVE-2014-5005 (Directory traversal vulnerability in ZOHO ManageEngine Desktop Central ...) NOT-FOR-US: ZOHO ManageEngine CVE-2014-5045 (The mountpoint_last function in fs/namei.c in the Linux kernel before ...) - linux 3.14.15-1 [wheezy] - linux (Introduced in 3.12) - linux-2.6 (Introduced in 3.12) NOTE: https://lkml.org/lkml/2014/7/21/98 CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote attackers ...) - gcc-4.9 4.9.1-4 (bug #756325) - gcc-4.8 4.8.3-7 (bug #756325) - gcc-4.7 (bug #756325) [wheezy] - gcc-4.7 (Minor issue, too intrusive to backport) - gcc-4.6 (bug #756325) [wheezy] - gcc-4.6 (Minor issue, too intrusive to backport) - gcc-4.4 (bug #756325) [wheezy] - gcc-4.4 (Minor issue, too intrusive to backport) [squeeze] - gcc-4.4 (Minor issue, too intrusive to backport) - gcc-4.3 [squeeze] - gcc-4.3 (Minor issue, too intrusive to backport) NOTE: https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721 CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-B ...) {DSA-3004-1 DLA-76-1} - kde4libs 4:4.13.3-2 (bug #755814) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=864716 NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23 CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost informati ...) - glpi (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2014/07/22/6 NOTE: Only supported behind an authenticated HTTP zone CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have wo ...) {DSA-2990-1 DLA-0022-1} - cups 1.7.4-2 [squeeze] - cups 1.4.4-7+squeeze6 NOTE: https://cups.org/str.php?L4455 CVE-2014-5030 (CUPS before 2.0 allows local users to read arbitrary files via a symli ...) {DSA-2990-1 DLA-0022-1} - cups 1.7.4-2 [squeeze] - cups 1.4.4-7+squeeze6 NOTE: https://cups.org/str.php?L4455 CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp group to ...) {DSA-2990-1 DLA-0022-1} - cups 1.7.4-2 [squeeze] - cups 1.4.4-7+squeeze6 NOTE: https://cups.org/str.php?L4455 CVE-2014-5028 (The Original File and Patched File resources in Review Board 1.7.x bef ...) - reviewboard (bug #653113) CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before ...) - reviewboard (bug #653113) CVE-2014-5026 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ...) {DSA-3007-1 DLA-40-1} - cacti 0.8.8b+dfsg-7 NOTE: http://bugs.cacti.net/view.php?id=2456 CVE-2014-5025 (Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti ...) {DSA-3007-1 DLA-40-1} - cacti 0.8.8b+dfsg-7 NOTE: http://bugs.cacti.net/view.php?id=2456 CVE-2014-5024 (Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell ...) NOT-FOR-US: DELL SonicWALL GMS CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD ...) {DLA-490-1} - bozohttpd (bug #755197) [squeeze] - bozohttpd (Minor issue) NOTE: Fixed by: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52&r2=1.53&only_with_tag=MAIN CVE-2014-5009 (Snoopy allows remote attackers to execute arbitrary commands. NOTE: t ...) - libphp-snoopy (Incorrect fix not applied) NOTE: This issue exists because of an incorrect fix for CVE-2014-5008. NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706 CVE-2014-5008 (Snoopy allows remote attackers to execute arbitrary commands. ...) {DSA-3248-1 DLA-357-1} - libphp-snoopy 2.0.0-1 (bug #778634) NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/ NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required). CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database ...) NOT-FOR-US: Ruby Gem brbackup CVE-2014-5003 (chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in th ...) NOT-FOR-US: Ruby Gem ciborg CVE-2014-5002 (The lynx gem before 1.0.0 for Ruby places the configured password on c ...) NOT-FOR-US: Ruby Gem lynx CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database u ...) NOT-FOR-US: Ruby Gem kcapifony CVE-2014-5000 (The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby ...) NOT-FOR-US: Ruby Gem lawn-login CVE-2014-4999 (vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem ...) NOT-FOR-US: Ruby Gem kajam CVE-2014-4998 (test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the m ...) NOT-FOR-US: Ruby Gem lean-ruport CVE-2014-4997 (lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places crede ...) NOT-FOR-US: Ruby Gem point-cli CVE-2014-4996 (lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allo ...) NOT-FOR-US: Ruby Gem VladTheEnterprising CVE-2014-4995 (Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem ...) NOT-FOR-US: Ruby Gem VladTheEnterprising CVE-2014-4994 (lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users ...) NOT-FOR-US: Ruby Gem gyazo CVE-2014-4993 ((1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2 ...) NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum CVE-2014-4992 (lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places cr ...) NOT-FOR-US: Ruby Gem cap-strap CVE-2014-4991 ((1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgre ...) NOT-FOR-US: Ruby Gem codders-dataset CVE-2014-4990 RESERVED CVE-2014-4989 RESERVED CVE-2014-4988 RESERVED CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x b ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-7/ CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) NOTE: https://www.phpmyadmin.net/security/PMASA-2014-6/ CVE-2014-4985 RESERVED CVE-2014-4984 (Déjà Vu Crescendo Sales CRM has remote SQL Injection ...) NOT-FOR-US: Deja Vu Crescendo Sales CRM CVE-2014-4983 RESERVED CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection ...) NOT-FOR-US: LPAR2RRD CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...) NOT-FOR-US: LPAR2RRD CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...) NOT-FOR-US: Tenable Web UI for Nessus CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...) NOT-FOR-US: Apple QuickTime CVE-2014-4977 (Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 1 ...) NOT-FOR-US: SonicWall CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...) NOT-FOR-US: SonicWall CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...) {DSA-2983-1} - drupal6 (Only affects Drupal 7 core) - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...) {DSA-2983-1} - drupal6 [squeeze] - drupal6 - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly check perm ...) {DSA-2983-1} - drupal6 (Only affects Drupal 7 core) - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 al ...) {DSA-2983-1} - drupal6 [squeeze] - drupal6 - drupal7 7.29-1 (bug #755038) NOTE: https://www.drupal.org/SA-CORE-2014-003 CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and e ...) {DSA-3157-1 DLA-200-1} - ruby1.8 (Vulnerable code not present in 1.8) - ruby1.9.1 (low) [wheezy] - ruby1.9.1 (Minor issue) - ruby2.0 (low) - ruby2.1 2.1.3-1 (low) NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778 CVE-2014-4974 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driv ...) NOT-FOR-US: ESET CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Fi ...) NOT-FOR-US: ESET Personal Firewall CVE-2014-4972 (Unrestricted file upload vulnerability in the Gravity Upload Ajax plug ...) NOT-FOR-US: Gravity Upload Ajax plugin for WordPress CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ha ...) NOT-FOR-US: Microsoft Windows XP CVE-2014-4970 RESERVED CVE-2014-4969 RESERVED CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...) NOT-FOR-US: Boat Browser application for Android CVE-2014-4967 (Multiple argument injection vulnerabilities in Ansible before 1.6.7 al ...) - ansible 1.6.8+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 CVE-2014-4966 (Ansible before 1.6.7 does not prevent inventory data with "{{" and "lo ...) - ansible 1.6.8+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 ...) NOT-FOR-US: Shopizer CVE-2014-4964 (Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer ...) NOT-FOR-US: Shopizer CVE-2014-4963 (Shopizer 1.1.5 and earlier allows remote attackers to modify the accou ...) NOT-FOR-US: Shopizer CVE-2014-4962 (Shopizer 1.1.5 and earlier allows remote attackers to reduce the total ...) NOT-FOR-US: Shopizer CVE-2014-4961 RESERVED CVE-2014-4960 (Multiple SQL injection vulnerabilities in models\gallery.php in Youtub ...) NOT-FOR-US: Joomla! component CVE-2014-4959 (**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the ...) NOT-FOR-US: Disputed Android issue CVE-2014-4958 (Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJA ...) NOT-FOR-US: Telerik UI for ASP.NET AJAX RadEditor Control CVE-2014-4957 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-4956 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLi ...) - phpmyadmin 4:4.2.6-1 [squeeze] - phpmyadmin (libraries/structure.lib.php not present) [wheezy] - phpmyadmin (libraries/structure.lib.php not present) CVE-2014-4953 REJECTED CVE-2014-4952 REJECTED CVE-2014-4951 REJECTED CVE-2014-4950 REJECTED CVE-2014-4949 REJECTED CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and e ...) NOT-FOR-US: Citrix XenServer CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix XenServe ...) NOT-FOR-US: Citrix XenServer CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...) - php-horde-imp 6.2.0-1 - horde3 [squeeze] - horde3 NOTE: Upstream patches: NOTE: https://github.com/horde/horde/commit/578ff073724d9c179663098d8ff0076e8b361cfb NOTE: https://github.com/horde/horde/commit/2f1f4b10dec90fb67797ea80be0e029ead90f168 NOTE: The bugs are in javascript files that do not exist in the version in Squeeze. CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...) - php-horde-imp 6.2.0-1 - horde3 [squeeze] - horde3 NOTE: Upstream patch: https://github.com/horde/horde/commit/71633e649afc0704b72098a6e2530377dd67eb0c NOTE: The bug is in PHP template file that does not exist in the version in Squeeze. CVE-2014-4944 (Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in ...) NOT-FOR-US: WordPress plugin CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel throug ...) {DSA-2992-1 DLA-103-1} - linux 3.14.13-1 - linux-2.6 NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf CVE-2014-4942 (The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows re ...) NOT-FOR-US: WordPress plugin CVE-2014-4941 (Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plug ...) NOT-FOR-US: WordPress plugin CVE-2014-4940 (Multiple directory traversal vulnerabilities in Tera Charts (tera-char ...) NOT-FOR-US: WordPress plugin CVE-2014-4939 (SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plu ...) NOT-FOR-US: WordPress plugin CVE-2014-4938 (SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugi ...) NOT-FOR-US: WordPress plugin CVE-2014-4937 (Directory traversal vulnerability in includes/bookx_export.php BookX p ...) NOT-FOR-US: WordPress plugin CVE-2014-4936 (The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer ...) NOT-FOR-US: Malwarebytes CVE-2014-4935 RESERVED CVE-2014-4934 RESERVED CVE-2014-4933 RESERVED CVE-2014-4932 (Cross-site scripting (XSS) vulnerability in the Wordfence Security plu ...) NOT-FOR-US: Wordfence Security plugin for WordPress CVE-2014-4931 RESERVED CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...) - owncloud 6.0.4~beta1+dfsg-1 NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or IP.Boa ...) NOT-FOR-US: Invision Power Board CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DS ...) NOT-FOR-US: ACME micro_httpd CVE-2014-4926 RESERVED CVE-2014-4925 (Cross-site scripting (XSS) vulnerability in Good for Enterprise for An ...) NOT-FOR-US: Good for Enterprise for Android CVE-2014-4924 RESERVED CVE-2014-4923 RESERVED CVE-2014-4922 RESERVED CVE-2014-4921 RESERVED CVE-2014-4920 RESERVED CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, ...) NOT-FOR-US: OXID eShop CVE-2014-4918 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-4917 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-4916 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-4915 RESERVED CVE-2014-4912 (An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to ...) NOT-FOR-US: Frog CMS CVE-2014-4906 (The Brisbane & Queensland Alert (aka com.queensland.alert) applica ...) NOT-FOR-US: Brisbane & Queensland Alert (aka com.queensland.alert) application for Android CVE-2014-4905 (The Clean Internet Browser (aka com.cleantab.browsesecure) application ...) NOT-FOR-US: Clean Internet Browser (aka com.cleantab.browsesecure) application for Android CVE-2014-4904 (The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for ...) NOT-FOR-US: Crossmo Calendar (aka com.crossmo.calendar) application for Android CVE-2014-4903 (The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 ...) NOT-FOR-US: Kakao Bingo Garden (aka com.mocoga.bingogarden) application for Android CVE-2014-4902 RESERVED CVE-2014-4901 (The Bond Trading (aka com.appmakr.app613309) application 197705 for An ...) NOT-FOR-US: Bond Trading (aka com.appmakr.app613309) application for Android CVE-2014-4900 (The migme (aka com.projectgoth) application 4.03.002 for Android does ...) NOT-FOR-US: migme (aka com.projectgoth) application for Android CVE-2014-4899 (The Indian Cement Review (aka com.magzter.indiancementreview) applicat ...) NOT-FOR-US: Indian Cement Review (aka com.magzter.indiancementreview) application for Android CVE-2014-4898 (The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 fo ...) NOT-FOR-US: Harivijay (aka com.upasanhar.marathi.harivijay) application for Android CVE-2014-4897 (The Touriosity Travelmag (aka com.magzter.touriositytravelmag) applica ...) NOT-FOR-US: Touriosity Travelmag (aka com.magzter.touriositytravelmag) application for Android CVE-2014-4896 (The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) app ...) NOT-FOR-US: Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application for Android CVE-2014-4895 (The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for ...) NOT-FOR-US: Herpin Time Radio (aka com.herpin.time.radio) application for Android CVE-2014-4894 (The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Andro ...) NOT-FOR-US: MyMetro (aka com.myrippleapps.mymetro) application for Android CVE-2014-4893 RESERVED CVE-2014-4892 (The uControl Smart Home Automation (aka de.ucontrol) application 1.2 f ...) NOT-FOR-US: uControl Smart Home Automation (aka de.ucontrol) application for Android CVE-2014-4891 (The CT iHub (aka com.concursive.ctihub) application 1 for Android does ...) NOT-FOR-US: CT iHub (aka com.concursive.ctihub) application for Android CVE-2014-4890 (The Nano Digest (aka com.magzter.nanodigest) application 3.0 for Andro ...) NOT-FOR-US: Nano Digest (aka com.magzter.nanodigest) application for Android CVE-2014-4889 (The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 f ...) NOT-FOR-US: Diabetic Diet Guide (aka com.wDiabeticDietGuide) application for Android CVE-2014-4888 (The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) ...) NOT-FOR-US: BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application for Android CVE-2014-4887 (The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3 ...) NOT-FOR-US: Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application for Android CVE-2014-4886 RESERVED CVE-2014-4885 (The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionwo ...) NOT-FOR-US: CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application for Android CVE-2014-4884 (The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android do ...) NOT-FOR-US: Conrad Hotel (aka com.wConradHotel) application for Android CVE-2014-4883 (resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in ...) - xen (LWIP DNS code not present in Xen Debian packages) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169008 CVE-2014-4882 (Aptexx Resident Anywhere does not require authentication, which allows ...) NOT-FOR-US: Aptexx Resident Anywhere CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates ...) NOT-FOR-US: PartyTrack library for Android CVE-2014-4880 (Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, ...) NOT-FOR-US: Hikvision DVR CVE-2014-4879 RESERVED CVE-2014-4878 RESERVED CVE-2014-4877 (Absolute path traversal vulnerability in GNU Wget before 1.16, when re ...) {DSA-3062-1 DLA-82-1} - wget 1.16-1 (bug #766981) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 CVE-2014-4876 (Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical n ...) NOT-FOR-US: Toshiba CVE-2014-4875 (CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6. ...) NOT-FOR-US: CreateBossCredentials.jar in Toshiba CHEC CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read arb ...) NOT-FOR-US: BMC Track-It! CVE-2014-4873 (SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It ...) NOT-FOR-US: BMC Track-It! CVE-2014-4872 (BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9 ...) NOT-FOR-US: BMC Track-It! CVE-2014-4871 (Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetComm ...) NOT-FOR-US: NetCommWireless NB604N routers CVE-2014-4870 (/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade V ...) NOT-FOR-US: Brocade Vyatta CVE-2014-4869 (The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows att ...) NOT-FOR-US: Brocade Vyatta CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6 ...) NOT-FOR-US: Brocade Vyatta CVE-2014-4867 (Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/ini ...) NOT-FOR-US: Cryoserver CVE-2014-4866 RESERVED CVE-2014-4865 (Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin ...) NOT-FOR-US: CacheGuard-OS CVE-2014-4864 (The NETGEAR ProSafe Plus Configuration Utility creates configuration b ...) NOT-FOR-US: NETGEAR ProSafe Plus Configuration Utility CVE-2014-4863 (The Arris Touchstone DG950A cable modem with software 7.10.131 has an ...) NOT-FOR-US: Arris Touchstone DG950A cable modem CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729.024 ...) NOT-FOR-US: Netmaster CBW700N cable modem CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before 8.6.00001 ...) NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server CVE-2014-4860 (Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...) - edk2 (No support for updates of hypervisor-supplied firmware from guests) NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf CVE-2014-4859 (Integer overflow in the Drive Execution Environment (DXE) phase in the ...) - edk2 (No support for updates of hypervisor-supplied firmware from guests) NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCe ...) NOT-FOR-US: Sabre AirCenter Crew CVE-2014-4857 (Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1 ...) NOT-FOR-US: Gurock TestRail CVE-2014-4856 (Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & ...) NOT-FOR-US: WordPress plugin CVE-2014-4855 (Cross-site scripting (XSS) vulnerability in the Polylang plugin before ...) NOT-FOR-US: WordPress plugin CVE-2014-4854 (Cross-site scripting (XSS) vulnerability in the WP Construction Mode p ...) NOT-FOR-US: WordPress plugin CVE-2014-4853 (Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan ...) NOT-FOR-US: OpenDocMan CVE-2014-4852 (SQL injection vulnerability in admin/uploads.php in The Digital Craft ...) NOT-FOR-US: AtomCMS CVE-2014-4851 (Open redirect vulnerability in msg.php in FoeCMS allows remote attacke ...) NOT-FOR-US: FoeCMS CVE-2014-4850 (SQL injection vulnerability in index.php in FoeCMS allows remote attac ...) NOT-FOR-US: FoeCMS CVE-2014-4849 (Multiple cross-site scripting (XSS) vulnerabilities in msg.php in FoeC ...) NOT-FOR-US: FoeCMS CVE-2014-4848 (Cross-site scripting (XSS) vulnerability in the Blogstand Banner (blog ...) NOT-FOR-US: WordPress plugin CVE-2014-4847 (Cross-site scripting (XSS) vulnerability in the Random Banner plugin 1 ...) NOT-FOR-US: WordPress plugin CVE-2014-4846 (Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider ...) NOT-FOR-US: WordPress plugin CVE-2014-4845 (Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 ...) NOT-FOR-US: WordPress plugin CVE-2014-4844 (The import/export functionality in IBM Business Process Manager (BPM) ...) NOT-FOR-US: IBM CVE-2014-4843 (Curam Universal Access in IBM Curam Social Program Management (SPM) 6. ...) NOT-FOR-US: IBM CVE-2014-4842 RESERVED CVE-2014-4841 RESERVED CVE-2014-4840 (IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 bef ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4839 (Cross-site request forgery (CSRF) vulnerability in birtviewer.query in ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4838 (Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM TRI ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4836 (Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IB ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2014-4835 (IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSP ...) NOT-FOR-US: IBM CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 do ...) NOT-FOR-US: IBM CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4832 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4831 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4830 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not incl ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4829 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...) NOT-FOR-US: IBM Security QRadar CVE-2014-4828 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4827 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM Q ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4826 (IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly ha ...) NOT-FOR-US: IBM Security QRadar CVE-2014-4825 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not prop ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-4824 (SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2 ...) NOT-FOR-US: IBM Security QRadar CVE-2014-4823 (The administration console in IBM Security Access Manager for Web 7.x ...) NOT-FOR-US: IBM Security Access Manager CVE-2014-4822 (IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Web ...) NOT-FOR-US: IBM WebSphere MQ CVE-2014-4821 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-4820 (Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufa ...) NOT-FOR-US: IBM CVE-2014-4819 (The web user interface in IBM WebSphere Message Broker 8.0 before 8.0. ...) NOT-FOR-US: IBM CVE-2014-4818 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, ...) NOT-FOR-US: IBM CVE-2014-4817 (The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3. ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2014-4816 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4815 (Session fixation vulnerability in IBM Rational Lifecycle Integration A ...) NOT-FOR-US: IBM CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-4813 (Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0 ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...) NOT-FOR-US: IBM Security AppScan Source CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Control ...) NOT-FOR-US: IBM CVE-2014-4810 (IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10 ...) NOT-FOR-US: IBM CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x befor ...) NOT-FOR-US: IBM Security Access Manager CVE-2014-4808 (Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0. ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-4807 (Sterling Order Management in IBM Sterling Selling and Fulfillment Suit ...) NOT-FOR-US: IBM Sterling Selling CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x before ...) NOT-FOR-US: IBM CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files durin ...) NOT-FOR-US: IBM DB2 CVE-2014-4804 (Curam Universal Access in IBM Curam Social Program Management 5.2 befo ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-4803 (CRLF injection vulnerability in the Universal Access implementation in ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM B ...) NOT-FOR-US: IBM Business Process Manager CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manag ...) NOT-FOR-US: IBM CVE-2014-4800 RESERVED CVE-2014-4799 RESERVED CVE-2014-4798 RESERVED CVE-2014-4797 RESERVED CVE-2014-4796 RESERVED CVE-2014-4795 RESERVED CVE-2014-4794 RESERVED CVE-2014-4793 (IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH ...) NOT-FOR-US: IBM WebSphere CVE-2014-4792 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM CVE-2014-4791 RESERVED CVE-2014-4790 (IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before ...) NOT-FOR-US: IBM Emptoris Sourcing Portfolio CVE-2014-4789 (Session fixation vulnerability in IBM Initiate Master Data Service 9.5 ...) NOT-FOR-US: IBM CVE-2014-4788 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7 ...) NOT-FOR-US: IBM CVE-2014-4787 (Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data S ...) NOT-FOR-US: IBM CVE-2014-4786 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7 ...) NOT-FOR-US: IBM CVE-2014-4785 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...) NOT-FOR-US: IBM CVE-2014-4784 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7 ...) NOT-FOR-US: IBM CVE-2014-4783 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...) NOT-FOR-US: IBM CVE-2014-4782 (IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to ...) NOT-FOR-US: IBM CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3. ...) NOT-FOR-US: IBM InfoSphere BigInsights CVE-2014-4780 RESERVED CVE-2014-4779 RESERVED CVE-2014-4778 (IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Soft ...) NOT-FOR-US: IBM CVE-2014-4777 RESERVED CVE-2014-4776 (IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomp ...) NOT-FOR-US: IBM CVE-2014-4775 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x bef ...) NOT-FOR-US: IBM CVE-2014-4774 (Cross-site request forgery (CSRF) vulnerability in the login page in I ...) NOT-FOR-US: IBM CVE-2014-4773 RESERVED CVE-2014-4772 RESERVED CVE-2014-4771 (IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before ...) NOT-FOR-US: IBM WebSphere MQ CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 al ...) NOT-FOR-US: IBM CVE-2014-4768 (IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X ...) NOT-FOR-US: IBM CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4766 (IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote atta ...) NOT-FOR-US: IBM Sametime Classic Meeting Server CVE-2014-4765 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-4764 (IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-4763 (Cross-site scripting (XSS) vulnerability in Content Navigator in Conte ...) NOT-FOR-US: IBM CVE-2014-4762 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...) NOT-FOR-US: IBM CVE-2014-4761 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through 6. ...) NOT-FOR-US: IBM WebSphere CVE-2014-4759 (An unspecified Ajax service in the Content Management toolkit in IBM B ...) NOT-FOR-US: IBM CVE-2014-4758 (IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere L ...) NOT-FOR-US: IBM CVE-2014-4757 (The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0- ...) NOT-FOR-US: IBM Content Collector CVE-2014-4756 (The Administration and Reporting Tool in IBM Rational License Key Serv ...) NOT-FOR-US: IBM CVE-2014-4755 RESERVED CVE-2014-4754 RESERVED CVE-2014-4753 RESERVED CVE-2014-4752 (IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, a ...) NOT-FOR-US: IBM CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access Manage ...) NOT-FOR-US: IBM Security Access Manager CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP s ...) NOT-FOR-US: IBM CVE-2014-4749 (IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_host ...) NOT-FOR-US: IBM CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...) NOT-FOR-US: IBM Sametime CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...) NOT-FOR-US: IBM Sametime CVE-2014-4746 (IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 ...) NOT-FOR-US: IBM WebSphere CVE-2014-4745 RESERVED CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket before ...) NOT-FOR-US: osTicket CVE-2014-4743 (Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax ...) NOT-FOR-US: Kajona module CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in system/class_link.php in t ...) NOT-FOR-US: Kajona module CVE-2014-4741 (SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1 ...) NOT-FOR-US: Artifectx xClassified CVE-2014-4740 REJECTED CVE-2014-4739 RESERVED CVE-2014-4738 (Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard Fort ...) NOT-FOR-US: FortiGuard FortiWeb CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5 ...) - textpattern [squeeze] - textpattern (Vulnerability is in setup.php, which becomes inaccessible after installation) NOTE: https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6 NOTE: is likely the commit fixing the issue. But it does more than the NOTE: strict minimum. CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote atta ...) NOT-FOR-US: E2 CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier a ...) NOT-FOR-US: MyWebSQL CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 ...) NOT-FOR-US: e107 CVE-2014-4733 RESERVED CVE-2014-4732 RESERVED CVE-2014-4731 RESERVED CVE-2014-4730 RESERVED CVE-2014-4729 RESERVED CVE-2014-4728 (The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router ( ...) NOT-FOR-US: TP-Link CVE-2014-4727 (Cross-site scripting (XSS) vulnerability in the DHCP clients page in t ...) NOT-FOR-US: TP-Link CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters (wysija-newslett ...) NOT-FOR-US: wysija-newsletters CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for ...) NOT-FOR-US: wysija-newsletters CVE-2014-4978 (The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio ...) - rawstudio (low; bug #754899) [wheezy] - rawstudio (Minor issue) [squeeze] - rawstudio (Vulnerable code not present) CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in gconv_trans. ...) {DSA-3012-1 DLA-43-1} - glibc 2.19-10 (medium) - eglibc (medium) NOTE: https://www.openwall.com/lists/oss-security/2014/07/14/2 NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bit ...) {DSA-2988-1} - transmission 2.84-0.1 (bug #755985) [squeeze] - transmission (Vulnerable code not present) NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84 NOTE: PoC: http://web.archive.org/web/20140815000641/http://inertiawar.com:80/submission.go CVE-2014-4723 (Cross-site scripting (XSS) vulnerability in the Easy Banners plugin 1. ...) NOT-FOR-US: WordPress plugin Easy Banners CVE-2014-4724 (Cross-site scripting (XSS) vulnerability in the Custom Banners plugin ...) NOT-FOR-US: WordPress plugin Custom Banners CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...) - ocsinventory-server (unimportant) NOTE: Authentication is needed, only supported in trusted environments, see debtags CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 1.12.7 doe ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.7-0.1 (bug #754201) NOTE: http://framework.zend.com/security/advisory/ZF2014-04 NOTE: https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d CVE-2014-4913 (ZF2014-03 has a potential cross site scripting vector in multiple view ...) - zendframework (Vulnerable code not present, only affects ZF2) NOTE: http://framework.zend.com/security/advisory/ZF2014-03 CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1 ...) {DSA-2981-1 DLA-36-1} - polarssl 1.3.7-2.1 (bug #754655) [squeeze] - polarssl 1.2.9-1~deb6u2 NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02 NOTE: commit for 1.3.x branch: https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c NOTE: commit for 1.2.x branch: https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a CVE-2014-4910 (Directory traversal vulnerability in tools/backlight_helper.c in X.Org ...) - xserver-xorg-video-intel (Vulnerable code not present) NOTE: http://lists.x.org/archives/xorg-commit/2014-July/036840.html NOTE: only experimental, and xf86-video-intel-backlight-helper not installed setuid in Debian CVE-2014-4720 (Email::Address module before 1.904 for Perl uses an inefficient regula ...) {DSA-2969-1} - libemail-address-perl 1.905-1 [squeeze] - libemail-address-perl 1.889-2+deb6u1 CVE-2014-4719 (Cross-site scripting (XSS) vulnerability in the login panel (svn/login ...) NOT-FOR-US: User-Friendly SVN CVE-2014-4718 (Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CM ...) NOT-FOR-US: Lunar CMS CVE-2014-4717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...) NOT-FOR-US: WordPress plugin simple-share-buttons-adder CVE-2014-4716 (Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR a ...) NOT-FOR-US: Thomson TWG87OUIR CVE-2014-4714 REJECTED CVE-2014-4713 RESERVED CVE-2014-4712 RESERVED CVE-2014-4711 RESERVED CVE-2014-4710 (Cross-site scripting (XSS) vulnerability in zero_user_account.php in Z ...) NOT-FOR-US: ZeroCMS CVE-2014-4709 RESERVED CVE-2014-4708 RESERVED CVE-2014-4707 (Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100 ...) NOT-FOR-US: Huawei CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 wi ...) NOT-FOR-US: Huawei CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software platform in ...) NOT-FOR-US: eSap CVE-2014-4704 RESERVED CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable] - quassel 0.10.0-2 (low) [wheezy] - quassel 0.8.0-1+deb7u2 [squeeze] - quassel (Minor issue) CVE-2014-4908 (Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios thro ...) - pnp4nagios 0.6.24+dfsg1-1 (low) [wheezy] - pnp4nagios (Minor issue) NOTE: https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516078 NOTE: https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516140 CVE-2014-4907 (Cross-site scripting (XSS) vulnerability in share/pnp/application/view ...) - pnp4nagios 0.6.24+dfsg1-1 (low) [wheezy] - pnp4nagios (Minor issue) NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607 NOTE: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/ CVE-2014-4715 (Yann Collet LZ4 before r119, when used on certain 32-bit platforms tha ...) - lz4 0.0~r119-1 NOTE: https://code.google.com/p/lz4/issues/detail?id=134 NOTE: https://code.google.com/p/lz4/source/detail?r=119 CVE-2014-4700 (Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups ...) NOT-FOR-US: Citrix XenDesktop CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not properly r ...) {DSA-2972-1 DLA-0015-1} - linux 3.14.10-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a CVE-2014-4698 (Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...) - php5 5.6.0~rc3+dfsg-1 (unimportant) NOTE: https://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd NOTE: https://bugs.php.net/bug.php?id=67539 NOTE: exploitable by malicious scripts only CVE-2014-4697 RESERVED CVE-2014-4696 (Multiple open redirect vulnerabilities in the Suricata package before ...) NOT-FOR-US: pfSense CVE-2014-4695 (Multiple open redirect vulnerabilities in the Snort package before 3.0 ...) NOT-FOR-US: pfSense CVE-2014-4694 (Multiple cross-site scripting (XSS) vulnerabilities in suricata_select ...) NOT-FOR-US: pfSense CVE-2014-4693 (Multiple cross-site scripting (XSS) vulnerabilities in the Snort packa ...) NOT-FOR-US: pfSense CVE-2014-4692 (pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly ...) NOT-FOR-US: pfSense CVE-2014-4691 (Session fixation vulnerability in pfSense before 2.1.4 allows remote a ...) NOT-FOR-US: pfSense CVE-2014-4690 (Multiple directory traversal vulnerabilities in pfSense before 2.1.4 a ...) NOT-FOR-US: pfSense CVE-2014-4689 (Absolute path traversal vulnerability in pkg_edit.php in pfSense befor ...) NOT-FOR-US: pfSense CVE-2014-4688 (pfSense before 2.1.4 allows remote authenticated users to execute arbi ...) NOT-FOR-US: pfSense CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...) NOT-FOR-US: pfSense CVE-2014-4686 (The Project administration application in Siemens SIMATIC WinCC before ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2014-4685 (Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2014-4684 (The database server in Siemens SIMATIC WinCC before 7.3, as used in PC ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2014-4683 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used i ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2014-4682 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used i ...) NOT-FOR-US: Siemens SIMATIC WinCC CVE-2014-4681 RESERVED CVE-2014-4680 RESERVED CVE-2014-4679 RESERVED CVE-2014-4677 (The installPackage function in the installerHelper subcomponent in Lib ...) NOT-FOR-US: Libmacgpg CVE-2014-4676 RESERVED CVE-2014-4675 RESERVED CVE-2014-4674 RESERVED CVE-2014-4673 RESERVED CVE-2014-4672 (The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attac ...) - yii-framework-php (bug #683810) CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-4670 (Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ...) {DSA-3008-1} - php5 5.6.0~rc3+dfsg-1 (unimportant) NOTE: exploitable by malicious scripts only NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb NOTE: https://bugs.php.net/bug.php?id=67538 CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read arbi ...) NOT-FOR-US: HP Enterprise Maps CVE-2014-4666 RESERVED CVE-2014-4665 RESERVED CVE-2014-4664 (Cross-site scripting (XSS) vulnerability in the Wordfence Security plu ...) NOT-FOR-US: Wordfence Security plugin for WordPress CVE-2014-4663 (TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is ena ...) NOT-FOR-US: WordPress timthumb CVE-2014-4662 RESERVED CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before ...) NOT-FOR-US: HP Records Manager CVE-2014-4651 (It was found that the jclouds scriptbuilder Statements class wrote a t ...) NOT-FOR-US: JClouds CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the ...) NOT-FOR-US: Embarcadero ER/Studio Data Architect CVE-2014-4646 (Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK D ...) NOT-FOR-US: Foxit PDF SDK CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DS ...) NOT-FOR-US: D-Link hardware CVE-2014-4644 (SQL injection vulnerability in superlinks.php in the superlinks plugin ...) NOT-FOR-US: Cacti plugin superlinks CVE-2014-4643 (Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 ...) NOT-FOR-US: Core FTP client CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...) {DSA-2974-1 DLA-0018-1} - php5 5.6.0~rc1+dfsg-2 (low) [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67498 NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in Cher ...) - cherokee (low) [squeeze] - cherokee (Minor issue) CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the Linu ...) {DSA-2992-1 DLA-0015-1} - linux 3.14.9-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee (v3.16-rc1) CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control ...) {DLA-0015-1} - linux 3.14.9-1 [wheezy] - linux 3.2.60-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA cont ...) {DLA-103-1} - linux 3.14.9-1 [wheezy] - linux 3.2.60-1 - linux-2.6 CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA cont ...) {DLA-103-1} - linux 3.14.9-1 [wheezy] - linux 3.2.60-1 - linux-2.6 CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux k ...) {DLA-103-1} - linux 3.14.9-1 [wheezy] - linux 3.2.60-1 - linux-2.6 CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_elem_us ...) {DLA-0015-1} - linux 3.14.9-1 (low) [wheezy] - linux 3.2.60-1 - linux-2.6 (low) [squeeze] - linux-2.6 2.6.32-48squeeze8 CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...) - ansible 1.6.6+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 NOTE: See https://www.openwall.com/lists/oss-security/2014/06/26/30 CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08 CVE-2014-4659 (Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08 CVE-2014-4658 (The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69 CVE-2014-4657 (The safe_eval function in Ansible before 1.5.4 does not properly restr ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c CVE-2014-4650 (The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...) - python2.6 (low) [squeeze] - python2.6 (Minor issue) [wheezy] - python2.6 (Minor issue) - python2.7 2.7.8-1 (low) [wheezy] - python2.7 (Minor issue) - python3.1 (low) [squeeze] - python3.1 (Minor issue) - python3.2 (low) [wheezy] - python3.2 (Minor issue) - python3.3 (low) - python3.4 3.4.1-8 (low) NOTE: http://bugs.python.org/issue21766 CVE-2014-4649 (SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6. ...) - piwigo (low) [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-4648 (Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact an ...) - piwigo (low) [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-4642 REJECTED CVE-2014-4641 REJECTED CVE-2014-4640 REJECTED CVE-2014-4639 (EMC Documentum Web Development Kit (WDK) before 6.8 does not properly ...) NOT-FOR-US: EMC Documentum Web Development CVE-2014-4638 (EMC Documentum Web Development Kit (WDK) before 6.8 allows remote atta ...) NOT-FOR-US: EMC Documentum Web Development CVE-2014-4637 (Open redirect vulnerability in EMC Documentum Web Development Kit (WDK ...) NOT-FOR-US: EMC Documentum Web Development CVE-2014-4636 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web ...) NOT-FOR-US: EMC Documentum Web Development CVE-2014-4635 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...) NOT-FOR-US: EMC Documentum Web Development CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager ...) NOT-FOR-US: EMC Replication Manager and EMC AppSync CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platfor ...) NOT-FOR-US: EMC RSA Archer GRC Platform CVE-2014-4632 (VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 be ...) NOT-FOR-US: EMC Avamar CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when ...) NOT-FOR-US: RSA Adaptive Authentication CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSA ...) NOT-FOR-US: RSA BSAFE CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4628 (Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x a ...) NOT-FOR-US: EMC Isilon InsightIQ CVE-2014-4627 (SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before ...) NOT-FOR-US: EMC RSA Web Threat Detection CVE-2014-4626 (EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4625 RESERVED CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7 ...) NOT-FOR-US: EMC Avamar CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) ...) NOT-FOR-US: EMC Avamar CVE-2014-4622 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4621 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4620 (The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 throug ...) NOT-FOR-US: EMC NetWorker CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P1 ...) NOT-FOR-US: EMC RSA Identity Management and Governance CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P0 ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-4612 (Cross-site scripting (XSS) vulnerability in the keywords manager (keyw ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in Yann ...) - linux 3.14.9-1 (unimportant) [wheezy] - linux (LZ4 support introduced in 3.11) - linux-2.6 (LZ4 support introduced in 3.11) NOTE: possible fix in https://lkml.org/lkml/2014/7/4/288 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=883949#c12 - lz4 0.0~r119-1 NOTE: Not exploitable for lz* compressed kernel images: http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html NOTE: for lz4: https://code.google.com/p/lz4/issues/detail?id=52 and https://code.google.com/p/lz4/source/detail?r=118 CVE-2014-4610 (Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee CVE-2014-4609 (Integer overflow in the get_len function in libavutil/lzo.c in Libav b ...) {DSA-2977-1} - libav 6:10.2-1 NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996 CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe ...) - linux 3.14.9-1 (unimportant) [wheezy] - linux 3.2.63-1 - linux-2.6 (unimportant) [squeeze] - linux-2.6 2.6.32-48squeeze9 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce NOTE: Not exploitable with the block sizes used in kernel images CVE-2014-4607 (Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ...) {DSA-2995-1 DLA-35-1} - lzo - lzo2 2.08-1 (bug #752861) - busybox 1:1.22.0-10 (bug #768945) [jessie] - busybox 1:1.22.0-9+deb8u1 [wheezy] - busybox (Minor issue) [squeeze] - busybox (Minor issue) CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php ...) NOT-FOR-US: WordPress plugin ZeenShare CVE-2014-4605 (Cross-site scripting (XSS) vulnerability in cal/test.php in the ZdStat ...) NOT-FOR-US: WordPress plugin ZdStatistics CVE-2014-4604 (Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in ...) NOT-FOR-US: WordPress plugin Your Text Manager CVE-2014-4603 (Multiple cross-site scripting (XSS) vulnerabilities in yupdates_applic ...) NOT-FOR-US: WordPress plugin Yahoo Updates CVE-2014-4602 (Multiple cross-site scripting (XSS) vulnerabilities in xencarousel-adm ...) NOT-FOR-US: WordPress plugin XEN Carousel CVE-2014-4601 (Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the Wu- ...) NOT-FOR-US: WordPress plugin Wu-Rating CVE-2014-4600 (Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.ph ...) NOT-FOR-US: WordPress plugin WP Ultimate Email Marketer CVE-2014-4599 (Multiple cross-site scripting (XSS) vulnerabilities in forms/search.ph ...) NOT-FOR-US: WordPress plugin WP-Business Directory CVE-2014-4598 (Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php ...) NOT-FOR-US: WordPress plugin wp-tmkm-amazon CVE-2014-4597 (Cross-site scripting (XSS) vulnerability in test.php in the WP Social ...) NOT-FOR-US: WordPress plugin WP Social Invitations CVE-2014-4596 (Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapa ...) NOT-FOR-US: WordPress plugin SnapApp CVE-2014-4595 (Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful ...) NOT-FOR-US: WordPress plugin WP RESTful CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...) NOT-FOR-US: WordPress plugin Responsive Preview CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php i ...) NOT-FOR-US: WordPress plugin WP Plugin Manager CVE-2014-4592 (Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_d ...) NOT-FOR-US: WP-Planet plugin for WordPress CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the W ...) NOT-FOR-US: WordPress plugin WP-Picasa-Image CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP Microblo ...) NOT-FOR-US: WordPress plugin WP Microblogs CVE-2014-4589 (Cross-site scripting (XSS) vulnerability in uploader.php in the WP Sil ...) NOT-FOR-US: WordPress plugin wp-media-player CVE-2014-4588 (Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the ...) NOT-FOR-US: WordPress plugin wphotfiles CVE-2014-4587 (Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap ...) NOT-FOR-US: WordPress plugin WP GuestMap CVE-2014-4586 (Multiple cross-site scripting (XSS) vulnerabilities in the wp-football ...) NOT-FOR-US: WordPress plugin wp-football CVE-2014-4585 (Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin po ...) NOT-FOR-US: WordPress plugin WP-FaceThumb CVE-2014-4584 (Cross-site scripting (XSS) vulnerability in admin/editFacility.php in ...) NOT-FOR-US: WordPress plugin wp-easybooking CVE-2014-4583 (Multiple cross-site scripting (XSS) vulnerabilities in forms/messages. ...) NOT-FOR-US: WordPress plugin WP-Contact CVE-2014-4582 (Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.p ...) NOT-FOR-US: WordPress plugin WP Consultant CVE-2014-4581 (Cross-site scripting (XSS) vulnerability in facture.php in the WPCB pl ...) NOT-FOR-US: WordPress plugin WPCB CVE-2014-4580 (Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP ...) NOT-FOR-US: WordPress plugin WP BlipBot CVE-2014-4579 (Cross-site scripting (XSS) vulnerability in js/test.php in the Appoint ...) NOT-FOR-US: WordPress plugin Appointments Scheduler CVE-2014-4578 (Cross-site scripting (XSS) vulnerability in asset-studio/icons-launche ...) NOT-FOR-US: WordPress plugin WP App Maker CVE-2014-4577 (Absolute path traversal vulnerability in reviews.php in the WP AmASIN ...) NOT-FOR-US: WordPress plugin WP AmASIN - The Amazon Affiliate Shop CVE-2014-4576 (Cross-site scripting (XSS) vulnerability in services/diagnostics.php i ...) NOT-FOR-US: WordPress plugin WordPress Social Login CVE-2014-4575 (Cross-site scripting (XSS) vulnerability in js/window.php in the Wikip ...) NOT-FOR-US: WordPress plugin Wikipop CVE-2014-4574 (Cross-site scripting (XSS) vulnerability in resize.php in the WebEngag ...) NOT-FOR-US: WordPress plugin WebEngage CVE-2014-4573 (Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php ...) NOT-FOR-US: WordPress plugin Walk Score CVE-2014-4572 (Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount f ...) NOT-FOR-US: WordPress plugin Votecount for Balatarin CVE-2014-4571 (Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in ...) NOT-FOR-US: WordPress plugin VN-Calendar CVE-2014-4570 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhispe ...) NOT-FOR-US: WordPress plugin VideoWhisper Video Presentation CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the Vid ...) NOT-FOR-US: WordPress plugin VideoWhisper Live Streaming Integration CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in posts/videowhisper/r_logou ...) NOT-FOR-US: WordPress plugin CVE-2014-4567 (Cross-site scripting (XSS) vulnerability in comments/videowhisper2/r_l ...) NOT-FOR-US: Video Comments Webcam Recorder plugin for WordPress CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...) NOT-FOR-US: WordPress plugin CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in t ...) NOT-FOR-US: WordPress plugin CVE-2014-4564 (Cross-site scripting (XSS) vulnerability in check.php in the Validated ...) NOT-FOR-US: WordPress plugin CVE-2014-4563 (Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak &a ...) NOT-FOR-US: WordPress plugin CVE-2014-4562 RESERVED CVE-2014-4561 (The ultimate-weather plugin 1.0 for WordPress has XSS ...) NOT-FOR-US: ultimate-weather plugin for WordPress CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in th ...) NOT-FOR-US: WordPress plugin ToolPage CVE-2014-4559 (Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php ...) NOT-FOR-US: WordPress plugin CVE-2014-4558 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...) NOT-FOR-US: WordPress plugin CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...) NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swi ...) NOT-FOR-US: WordPress plugin Switch Checkout for eShop CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the ...) NOT-FOR-US: WordPress plugin Style It CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in templates/download.php in ...) NOT-FOR-US: WordPress plugin SS Downloads CVE-2014-4553 (Cross-site Scripting (XSS) in the spreadshirt-rss-3d-cube-flash-galler ...) NOT-FOR-US: spreadshirt-rss-3d-cube-flash- gallery plugin for WordPress CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in library/includes/payment/p ...) NOT-FOR-US: WordPress plugin Spotlight CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in th ...) NOT-FOR-US: WordPress plugin Social Connect CVE-2014-4550 (Cross-site scripting (XSS) vulnerability in preview-shortcode-external ...) NOT-FOR-US: Shortcode Ninja plugin for WordPress CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplet ...) NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway CVE-2014-4548 (Cross-site scripting (XSS) vulnerability in tinymce/popup.php in the R ...) NOT-FOR-US: WordPress plugin CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in templates/defau ...) NOT-FOR-US: WordPress plugin Rezgo Online Booking CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...) NOT-FOR-US: WordPress plugin Rezgo CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php i ...) NOT-FOR-US: WordPress plugin Pro Quoter CVE-2014-4544 (Cross-site scripting (XSS) vulnerability in the Podcast Channels plugi ...) NOT-FOR-US: WordPress plugin CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.p ...) NOT-FOR-US: WordPress plugin Pay Per Media Player CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl ...) NOT-FOR-US: WordPress plugin Ooorl CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in shortcode-generator/previe ...) NOT-FOR-US: WordPress plugin OMFG Mobile Pro CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in oleggo-twitter/twitter_log ...) NOT-FOR-US: WordPress plugin Oleggo LiveStream CVE-2014-4539 (Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and ...) NOT-FOR-US: WordPress plugin CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...) NOT-FOR-US: WordPress plugin Malware Finder CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyw ...) NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links CVE-2014-4536 (Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_t ...) NOT-FOR-US: Infusionsoft Gravity Forms plugin for WordPress CVE-2014-4535 (Cross-site scripting (XSS) vulnerability in the Import Legacy Media pl ...) NOT-FOR-US: Import Legacy Media plugin for WordPress CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in videoplayer/aut ...) NOT-FOR-US: WordPress plugin HTML5 Video Player with Playlist CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php in the ...) NOT-FOR-US: WordPress plugin GEO Redirector CVE-2014-4532 (Cross-site scripting (XSS) vulnerability in templates/printAdminUsersL ...) NOT-FOR-US: WordPress plugin GarageSale CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in the Game ...) NOT-FOR-US: WordPress plugin Game tabs CVE-2014-4530 (flog plugin 0.1 for WordPress has XSS ...) NOT-FOR-US: flog plugin for WordPress CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in the Fla ...) NOT-FOR-US: WordPress plugin Flash Photo Gallery CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in admin/swarm-set ...) NOT-FOR-US: WordPress plugin fbpromotions CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-p ...) NOT-FOR-US: WordPress plugin envialosimple-email-marketing-y-newsletters-gratis CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...) NOT-FOR-US: WordPress plugin efence CVE-2014-4525 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...) NOT-FOR-US: WordPress plugin CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in classes/custom-image/media ...) NOT-FOR-US: WordPress plugin WP Easy Post Types CVE-2014-4523 (Cross-site scripting (XSS) vulnerability in the Easy Career Openings p ...) NOT-FOR-US: WordPress plugin CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...) NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the d ...) NOT-FOR-US: WordPress plugin dsIDXpress IDX CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA Wa ...) NOT-FOR-US: WordPress plugin DMCA WaterMarker CVE-2014-4519 (Cross-site scripting (XSS) vulnerability in the Conversador plugin 2.6 ...) NOT-FOR-US: WordPress plugin CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the Conta ...) NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the ...) NOT-FOR-US: WordPress plugin CBI Referral Manager CVE-2014-4516 (Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php ...) NOT-FOR-US: WordPress plugin BIC Media Widget CVE-2014-4515 (Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in ...) NOT-FOR-US: WordPress plugin AnyFont CVE-2014-4514 (Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.te ...) NOT-FOR-US: WordPress plugin Alipay plugin CVE-2014-4513 (Multiple cross-site scripting (XSS) vulnerabilities in server/offline. ...) NOT-FOR-US: WordPress plugin ActiveHelper LiveHelp Live Chat CVE-2014-4512 RESERVED CVE-2014-4511 (Gitlist before 0.5.0 allows remote attackers to execute arbitrary comm ...) - gitlist (bug #750368) CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Pla ...) NOT-FOR-US: Novell Identity Manager CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4 ...) - foreman (bug #663101) CVE-2014-4506 (Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x ...) NOT-FOR-US: Drupal module Custom Meta CVE-2014-4505 (Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module ...) NOT-FOR-US: Drupal module Easy Breadcrumb CVE-2014-4617 (The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.1 ...) {DSA-2968-1 DSA-2967-1 DLA-51-1 DLA-0012-1} - gnupg 1.4.16-1.2 (bug #752497) [squeeze] - gnupg 1.4.10-4+squeeze5 - gnupg2 2.0.24-1 (bug #752498) NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8 CVE-2014-4616 (Array index error in the scanstring function in the _json module in Py ...) - python2.5 [squeeze] - python2.5 (minor issue) - python2.6 [squeeze] - python2.6 (minor issue) [wheezy] - python2.6 (minor issue) - python2.7 2.7.7-1 (bug #752395) [wheezy] - python2.7 (minor issue) - python3.2 [wheezy] - python3.2 (minor issue) - python3.3 - python3.4 3.4.0+20140417-1 NOTE: http://bugs.python.org/issue21529 CVE-2014-4615 (The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemet ...) - neutron 2014.1.2-1 NOTE: upstream patch: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0324965a0c2987e5cad6276f011682dec184205f (neutron) - ceilometer 2014.1.2-1 NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=2b6454f9f4e0585949ab68a91ed405755438d76e (ceilometer) NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=264f3b0d9640edeac743f339786e0a3b22c0f6c2 (ceilometer) - python-pycadf 0.5.1-1 NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/pycadf/commit/?id=966d4410a1a69e0a3af678442a1a965dae80d720 (pycadf) CVE-2014-4614 (Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo b ...) - piwigo (low) [squeeze] - piwigo (Minor issue) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-4613 (Cross-site request forgery (CSRF) vulnerability in the administration ...) - piwigo (low) [squeeze] - piwigo (Minor issue) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-4510 (Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0. ...) - apt-cacher-ng 0.7.26-2 [wheezy] - apt-cacher-ng (Minor issue) [squeeze] - apt-cacher-ng (Minor issue) CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bi ...) {DLA-103-1} - linux 3.14.9-1 [wheezy] - linux 3.2.60-1 - linux-2.6 NOTE: http://article.gmane.org/gmane.linux.kernel/1726110 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=554086d85e71f30abe46fc014fea31929a7c6a8a CVE-2014-4504 RESERVED CVE-2014-4503 (The parse_notify function in util.c in sgminer before 4.2.2 and cgmine ...) - cgminer 4.2.3-1 CVE-2014-4502 (Multiple heap-based buffer overflows in the parse_notify function in s ...) - cgminer 4.4.2-1 CVE-2014-4501 (Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer ...) - cgminer 4.4.2-1 CVE-2014-4500 RESERVED CVE-2014-4499 (The App Store process in CommerceKit Framework in Apple OS X before 10 ...) NOT-FOR-US: Apple CVE-2014-4498 (The CPU Software in Apple OS X before 10.10.2 allows physically proxim ...) NOT-FOR-US: Apple CVE-2014-4497 (Integer signedness error in IOBluetoothFamily in the Bluetooth impleme ...) NOT-FOR-US: Apple CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before 8.1. ...) NOT-FOR-US: Apple CVE-2014-4495 (The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and A ...) NOT-FOR-US: Apple CVE-2014-4494 (Springboard in Apple iOS before 8.1.3 does not properly validate signa ...) NOT-FOR-US: Apple CVE-2014-4493 (The app-installation functionality in MobileInstallation in Apple iOS ...) NOT-FOR-US: Apple CVE-2014-4492 (libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and A ...) NOT-FOR-US: Apple CVE-2014-4491 (The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X ...) NOT-FOR-US: Apple CVE-2014-4490 REJECTED CVE-2014-4489 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...) NOT-FOR-US: Apple CVE-2014-4488 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...) NOT-FOR-US: Apple CVE-2014-4487 (Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X b ...) NOT-FOR-US: Apple CVE-2014-4486 (IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10 ...) NOT-FOR-US: Apple CVE-2014-4485 (Buffer overflow in the XML parser in Foundation in Apple iOS before 8. ...) NOT-FOR-US: Apple CVE-2014-4484 (FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and A ...) NOT-FOR-US: Apple CVE-2014-4483 (Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X be ...) NOT-FOR-US: Apple CVE-2014-4482 REJECTED CVE-2014-4481 (Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X ...) NOT-FOR-US: Apple CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in Apple ...) NOT-FOR-US: Apple CVE-2014-4479 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...) NOT-FOR-US: Apple CVE-2014-4478 REJECTED CVE-2014-4477 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...) NOT-FOR-US: Apple CVE-2014-4476 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...) NOT-FOR-US: Apple CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4473 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4472 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4471 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4470 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4469 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4467 (WebKit, as used in Apple iOS before 8.1.3, does not properly determine ...) NOT-FOR-US: Apple CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8. ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4464 REJECTED CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...) NOT-FOR-US: Apple CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, a ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does no ...) NOT-FOR-US: Apple CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not p ...) NOT-FOR-US: Apple CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X before 1 ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4458 (The "System Profiler About This Mac" component in Apple OS X before 10 ...) NOT-FOR-US: Apple CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not prop ...) NOT-FOR-US: Apple CVE-2014-4456 REJECTED CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not prop ...) NOT-FOR-US: Apple CVE-2014-4454 REJECTED CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data d ...) NOT-FOR-US: Apple CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, a ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the failed-passcode l ...) NOT-FOR-US: Apple CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before 8 ...) NOT-FOR-US: Apple iOS CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certi ...) NOT-FOR-US: Apple iOS CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for it ...) NOT-FOR-US: Apple iOS CVE-2014-4447 (Profile Manager in Apple OS X Server before 4.0 allows local users to ...) NOT-FOR-US: Apple OS X CVE-2014-4446 (Mail Service in Apple OS X Server before 4.0 does not enforce SACL cha ...) NOT-FOR-US: Apple OS X CVE-2014-4445 REJECTED CVE-2014-4444 (SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerber ...) NOT-FOR-US: Apple OS X CVE-2014-4443 (Apple OS X before 10.10 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Apple OS X CVE-2014-4442 (The kernel in Apple OS X before 10.10 allows local users to cause a de ...) NOT-FOR-US: Apple OS X CVE-2014-4441 (NetFS Client Framework in Apple OS X before 10.10 does not ensure that ...) NOT-FOR-US: Apple OS X CVE-2014-4440 (The MCX Desktop Config Profiles implementation in Apple OS X before 10 ...) NOT-FOR-US: Apple OS X CVE-2014-4439 (Mail in Apple OS X before 10.10 does not properly recognize the remova ...) NOT-FOR-US: Apple OS X CVE-2014-4438 (Race condition in LoginWindow in Apple OS X before 10.10 allows physic ...) NOT-FOR-US: Apple OS X CVE-2014-4437 (LaunchServices in Apple OS X before 10.10 allows attackers to bypass i ...) NOT-FOR-US: Apple OS X CVE-2014-4436 (IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denia ...) NOT-FOR-US: Apple OS X CVE-2014-4435 (The "iCloud Find My Mac" feature in Apple OS X before 10.10 does not p ...) NOT-FOR-US: Apple OS X CVE-2014-4434 (The kernel in Apple OS X before 10.10 allows physically proximate atta ...) NOT-FOR-US: Apple OS X CVE-2014-4433 (Heap-based buffer overflow in the kernel in Apple OS X before 10.10 al ...) NOT-FOR-US: Apple OS X CVE-2014-4432 (fdesetup in Apple OS X before 10.10 does not properly display the encr ...) NOT-FOR-US: Apple OS X CVE-2014-4431 (Dock in Apple OS X before 10.10 does not properly manage the screen-lo ...) NOT-FOR-US: Apple OS X CVE-2014-4430 (CoreStorage in Apple OS X before 10.10 retains a volume's encryption k ...) NOT-FOR-US: Apple OS X CVE-2014-4429 REJECTED CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for H ...) NOT-FOR-US: Apple OS X CVE-2014-4427 (App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sa ...) NOT-FOR-US: Apple OS X CVE-2014-4426 (AFP File Server in Apple OS X before 10.10 allows remote attackers to ...) NOT-FOR-US: Apple OS X CVE-2014-4425 (CFPreferences in Apple OS X before 10.10 does not properly enforce the ...) NOT-FOR-US: Apple OS X CVE-2014-4424 (SQL injection vulnerability in Wiki Server in CoreCollaboration in App ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4423 (The Accounts subsystem in Apple iOS before 8 allows attackers to bypas ...) NOT-FOR-US: Accounts subsystem in Apple iOS CVE-2014-4422 (The kernel in Apple iOS before 8 and Apple TV before 7 uses a predicta ...) NOT-FOR-US: Apple CVE-2014-4421 (The network-statistics interface in the kernel in Apple iOS before 8 a ...) NOT-FOR-US: Apple CVE-2014-4420 (The network-statistics interface in the kernel in Apple iOS before 8 a ...) NOT-FOR-US: Apple CVE-2014-4419 (The network-statistics interface in the kernel in Apple iOS before 8 a ...) NOT-FOR-US: Apple CVE-2014-4418 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly va ...) NOT-FOR-US: Apple CVE-2014-4417 (Safari in Apple OS X before 10.10 allows remote attackers to cause a d ...) NOT-FOR-US: Apple Safari CVE-2014-4416 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apples Mac OS X CVE-2014-4415 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4414 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4413 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4412 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4411 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4410 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows re ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4409 (WebKit in Apple iOS before 8 makes it easier for remote attackers to t ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-4408 (The rt_setgate function in the kernel in Apple iOS before 8 and Apple ...) NOT-FOR-US: Apple CVE-2014-4407 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly in ...) NOT-FOR-US: Apple CVE-2014-4406 (Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollab ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4405 (IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attacke ...) NOT-FOR-US: Apple CVE-2014-4404 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Ap ...) NOT-FOR-US: Apple CVE-2014-4403 (The kernel in Apple OS X before 10.9.5 allows local users to obtain se ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4402 (An unspecified IOAcceleratorFamily function in Apple OS X before 10.9. ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4401 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4400 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4399 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4398 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4397 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4396 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4395 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4394 (An unspecified integrated graphics driver routine in the Intel Graphic ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4393 (Buffer overflow in the shader compiler in the Intel Graphics Driver su ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4392 REJECTED CVE-2014-4391 (The Code Signing feature in Apple OS X before 10.10 does not properly ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4390 (Bluetooth in Apple OS X before 10.9.5 does not properly validate API c ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4389 (Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 ...) NOT-FOR-US: Apple CVE-2014-4388 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly va ...) NOT-FOR-US: Apple CVE-2014-4387 REJECTED CVE-2014-4386 (Race condition in the App Installation feature in Apple iOS before 8 a ...) NOT-FOR-US: Apple CVE-2014-4385 REJECTED CVE-2014-4384 (Directory traversal vulnerability in the App Installation feature in A ...) NOT-FOR-US: Apple CVE-2014-4383 (The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allow ...) NOT-FOR-US: Apple CVE-2014-4382 REJECTED CVE-2014-4381 (Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bou ...) NOT-FOR-US: Apple CVE-2014-4380 (The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV be ...) NOT-FOR-US: Apple CVE-2014-4379 (An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV ...) NOT-FOR-US: Apple CVE-2014-4378 (CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote ...) NOT-FOR-US: Apple CVE-2014-4377 (Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV be ...) NOT-FOR-US: Apple CVE-2014-4376 (IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attack ...) NOT-FOR-US: Apple Mac OS X CVE-2014-4375 (Double free vulnerability in Apple iOS before 8 and Apple TV before 7 ...) NOT-FOR-US: Apple CVE-2014-4374 (NSXMLParser in Foundation in Apple iOS before 8 allows attackers to re ...) NOT-FOR-US: Apple CVE-2014-4373 (The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Ap ...) NOT-FOR-US: Apple CVE-2014-4372 (syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV bef ...) NOT-FOR-US: Apple CVE-2014-4371 (The network-statistics interface in the kernel in Apple iOS before 8 a ...) NOT-FOR-US: Apple CVE-2014-4370 REJECTED CVE-2014-4369 (The IOAcceleratorFamily API implementation in Apple iOS before 8 and A ...) NOT-FOR-US: Apple CVE-2014-4368 (The Accessibility subsystem in Apple iOS before 8 allows attackers to ...) NOT-FOR-US: Apple CVE-2014-4367 (Apple iOS before 8 enables Voice Dial during all upgrade actions, whic ...) NOT-FOR-US: Apple CVE-2014-4366 (Mail in Apple iOS before 8 does not prevent sending a LOGIN command to ...) NOT-FOR-US: Apple CVE-2014-4365 REJECTED CVE-2014-4364 (The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does ...) NOT-FOR-US: Apple CVE-2014-4363 (Safari in Apple iOS before 8 does not properly restrict the autofillin ...) NOT-FOR-US: Safari in Apple iOS CVE-2014-4362 (The Sandbox Profiles implementation in Apple iOS before 8 does not pro ...) NOT-FOR-US: Apple CVE-2014-4361 (The Home & Lock Screen subsystem in Apple iOS before 8 does not pr ...) NOT-FOR-US: Apple CVE-2014-4360 REJECTED CVE-2014-4359 REJECTED CVE-2014-4358 REJECTED CVE-2014-4357 (Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows ...) NOT-FOR-US: Apple CVE-2014-4356 (Apple iOS before 8 does not follow the intended configuration setting ...) NOT-FOR-US: Apple CVE-2014-4355 REJECTED CVE-2014-4354 (Apple iOS before 8 enables Bluetooth during all upgrade actions, which ...) NOT-FOR-US: Apple CVE-2014-4353 (Race condition in iMessage in Apple iOS before 8 allows attackers to o ...) NOT-FOR-US: Apple CVE-2014-4352 (Address Book in Apple iOS before 8 relies on the hardware UID for its ...) NOT-FOR-US: Apple CVE-2014-4351 (Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2014-4350 (Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 all ...) NOT-FOR-US: QT Media Foundation in Apple OS X CVE-2014-4349 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1. ...) - phpmyadmin 4:4.2.5-1 (low) [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) CVE-2014-4348 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2. ...) - phpmyadmin 4:4.2.5-1 (low) [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) CVE-2014-4347 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler G ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2014-4346 (Cross-site scripting (XSS) vulnerability in administration user interf ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2014-4345 (Off-by-one error in the krb5_encode_krbsecretkey function in plugins/k ...) {DSA-3000-1 DLA-37-1} - krb5 1.12.1+dfsg-7 (bug #757416) [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/81c332e29f10887c6b9deb065f81ba259f4c7e03 NOTE: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt CVE-2014-4344 (The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/ ...) {DSA-3000-1 DLA-37-1} - krb5 1.12.1+dfsg-5 (bug #755521) [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b CVE-2014-4343 (Double free vulnerability in the init_ctx_reselect function in the SPN ...) {DSA-3000-1 DLA-37-1} - krb5 1.12.1+dfsg-5 (bug #755520) [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows re ...) {DSA-3000-1 DLA-37-1} - krb5 1.12.1+dfsg-4 (bug #753625) [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cau ...) {DSA-3000-1 DLA-37-1} - krb5 1.12.1+dfsg-4 (bug #753624) [squeeze] - krb5 1.8.3+dfsg-4squeeze8 NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d CVE-2014-4340 RESERVED CVE-2014-4339 RESERVED CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) NOT-FOR-US: BarracudaDrive CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.14038 ...) NOT-FOR-US: Ubisoft Rayman Legends CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in administration/prof ...) NOT-FOR-US: Dolphin (php thing) CVE-2014-4332 RESERVED CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in Octavo ...) NOT-FOR-US: OctavoCMS CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 ...) - perl 5.20.1-1 (bug #762256) [wheezy] - perl 5.14.2-21+deb7u2 [squeeze] - perl (Minor issue) NOTE: upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304 CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in nt ...) - ntopng 1.2.0+dfsg1-1 (bug #760990) NOTE: https://svn.ntop.org/bugzilla/show_bug.cgi?id=379 CVE-2014-4328 RESERVED CVE-2014-4327 RESERVED CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote ...) - logstash (bug #664841) CVE-2014-4325 (The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) b ...) NOT-FOR-US: Little Kernel (bootloader) CVE-2014-4324 RESERVED CVE-2014-4323 (The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP d ...) - linux (Vulnerable code drivers/video/msm not present) CVE-2014-4322 (drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, ...) - linux (Vulnerable code drivers/misc/qseecom.c not present) CVE-2014-4321 RESERVED CVE-2014-4320 RESERVED CVE-2014-4319 RESERVED CVE-2014-4318 RESERVED CVE-2014-4317 RESERVED CVE-2014-4316 RESERVED CVE-2014-4315 REJECTED CVE-2014-4314 REJECTED CVE-2014-4313 (SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allow ...) NOT-FOR-US: Epicor CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterpri ...) NOT-FOR-US: Epicor CVE-2014-4311 (Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers t ...) NOT-FOR-US: Epicor CVE-2014-4310 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...) NOT-FOR-US: Openfiler CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording ...) NOT-FOR-US: NICE Recording eXpress CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan before 4.0 ...) NOT-FOR-US: WebTitan CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan before 4.0 ...) NOT-FOR-US: WebTitan CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka ...) NOT-FOR-US: NICE Recording eXpress CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1. ...) NOT-FOR-US: SQL Buddy CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme ...) NOT-FOR-US: Drupal Touch theme CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D ...) NOT-FOR-US: HAM3D Shop Engine CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the respond_err ...) NOT-FOR-US: Ajenti CVE-2014-4300 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-4299 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-4298 (Unspecified vulnerability in the SQLJ component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-4297 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4296 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4295 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-4294 (Unspecified vulnerability in the Java VM component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-4293 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4292 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4291 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4290 (Unspecified vulnerability in the JPublisher component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4289 (Unspecified vulnerability in the JDBC component in Oracle Database Ser ...) NOT-FOR-US: Oracle Database Server CVE-2014-4288 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allow ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4287 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier an ...) {DSA-3054-1} - mysql-5.5 5.5.39-1 - mariadb-5.5 5.5.39-1 - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 CVE-2014-4286 REJECTED CVE-2014-4285 (Unspecified vulnerability in the Oracle Applications Technology compon ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-4284 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4283 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4282 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4281 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4279 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4276 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4275 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2014-4273 REJECTED CVE-2014-4272 REJECTED CVE-2014-4271 (Unspecified vulnerability in the Hyperion Essbase component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-4270 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...) NOT-FOR-US: Oracle CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...) NOT-FOR-US: Oracle CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 NOTE: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/de40a32a44f5 - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c58a25d48388 CVE-2014-4265 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4264 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) {DSA-2987-1} - openjdk-6 (Vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d CVE-2014-4263 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4262 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4261 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox (Only applies if VBox is running on Windows) - virtualbox-ose (Only applies if VBox is running on Windows) CVE-2014-4260 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2985-1} - mysql-5.5 5.5.39-1 (bug #754941) - mysql-5.1 (Only affects 5.5 and later) - mariadb-5.5 5.5.38-1 (bug #754940) - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1 CVE-2014-4259 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...) NOT-FOR-US: Oracle CVE-2014-4258 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2985-1} - mysql-5.5 5.5.39-1 (bug #754941) - mysql-5.1 (Only affects 5.5 and later) - mariadb-5.5 5.5.38-1 (bug #754940) - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1 CVE-2014-4257 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...) NOT-FOR-US: Oracle WebCenter Portal CVE-2014-4256 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4255 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4254 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-4250 (Unspecified vulnerability in the Siebel Core - Server OM Frwks compone ...) NOT-FOR-US: Oracle Siebel CRM CVE-2014-4249 (Unspecified vulnerability in the BI Publisher component in Oracle Fusi ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-4248 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle CVE-2014-4247 (Unspecified vulnerability in Oracle Java SE 8u5 allows remote attacker ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2014-4246 (Unspecified vulnerability in the Hyperion Analytic Provider Services c ...) NOT-FOR-US: Oracle CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4243 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.37-1 [wheezy] - mysql-5.5 5.5.37-0+wheezy1 - mysql-5.1 (Only affects 5.5 and later) - mariadb-5.5 5.5.36-1 (bug #754940) - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 NOTE: Unspecified, but according to Oracle only for 5.5.35 and earlier CVE-2014-4242 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4241 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2014-4240 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects 5.6) - mysql-5.1 (Only affects 5.6) - mariadb-5.5 (Only affects 5.6) - percona-xtradb-cluster-5.5 (Only affects 5.6) CVE-2014-4239 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 all ...) NOT-FOR-US: Oracle Sun Solaris CVE-2014-4238 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects 5.6) - mysql-5.1 (Only affects 5.6) - mariadb-5.5 (Only affects 5.6) - percona-xtradb-cluster-5.5 (Only affects 5.6) CVE-2014-4237 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2014-4236 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...) NOT-FOR-US: Oracle CVE-2014-4235 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle CVE-2014-4234 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle CVE-2014-4233 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects 5.6) - mysql-5.1 (Only affects 5.6) - mariadb-5.5 (Only affects 5.6) - percona-xtradb-cluster-5.5 (Only affects 5.6) CVE-2014-4232 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...) NOT-FOR-US: Oracle CVE-2014-4231 (Unspecified vulnerability in the Siebel Travel & Transportation co ...) NOT-FOR-US: Oracle CVE-2014-4230 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle CVE-2014-4229 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle CVE-2014-4228 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.3.12-dfsg-1 (bug #754939) [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 - virtualbox-ose (Only affects 4.1 and later) CVE-2014-4227 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4226 (Unspecified vulnerability in the PeopleSoft Enterprise FIN Install com ...) NOT-FOR-US: Oracle CVE-2014-4225 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 all ...) NOT-FOR-US: Oracle Sun Solaris CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote attacke ...) {DSA-2987-1} - openjdk-6 (Vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) {DSA-2987-1} - openjdk-6 (Vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a CVE-2014-4220 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4219 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4218 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...) NOT-FOR-US: Oracle Solaris CVE-2014-4214 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects 5.6) - mysql-5.1 (Only affects 5.6) - mariadb-5.5 (Only affects 5.6) - percona-xtradb-cluster-5.5 (Only affects 5.6) CVE-2014-4213 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle CVE-2014-4212 (Unspecified vulnerability in the Oracle Fusion Middleware component in ...) NOT-FOR-US: Oracle CVE-2014-4211 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...) NOT-FOR-US: Oracle CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 - openjdk-7 7u65-2.5.1-1 CVE-2014-4208 (Unspecified vulnerability in the Java SE component in Oracle Java SE 7 ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-4207 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2985-1} - mysql-5.5 5.5.39-1 (bug #754941) - mysql-5.1 (Only affects 5.5 and later) - mariadb-5.5 5.5.38-1 (bug #754940) - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1 CVE-2014-4206 (Unspecified vulnerability in the Hyperion Enterprise Performance Manag ...) NOT-FOR-US: Oracle CVE-2014-4205 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle CVE-2014-4204 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle CVE-2014-4203 (Unspecified vulnerability in the Hyperion Enterprise Performance Manag ...) NOT-FOR-US: Oracle CVE-2014-4202 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-4201 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-4200 (vm-support 0.88 in VMware Tools, as distributed with VMware Workstatio ...) - open-vm-tools 2:9.4.6-1770165-1 (low; bug #770809) [squeeze] - open-vm-tools (Minor issue) [wheezy] - open-vm-tools (Minor issue) NOTE: http://seclists.org/fulldisclosure/2014/Aug/71 CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware Workstatio ...) - open-vm-tools 2:9.4.6-1770165-7 (low; bug #770809) [squeeze] - open-vm-tools (Minor issue) [wheezy] - open-vm-tools (Minor issue) NOTE: http://seclists.org/fulldisclosure/2014/Aug/71 CVE-2014-4198 (A Two-Factor Authentication Bypass Vulnerability exists in BS-Client P ...) NOT-FOR-US: BS-Client Private Client CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...) NOT-FOR-US: Bank Soft Systems CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...) NOT-FOR-US: Bank Soft Systems (BSS) RBS BS-Client CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in Z ...) NOT-FOR-US: ZeroCMS CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1. ...) NOT-FOR-US: ZeroCMS CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable] - softhsm 1.3.7-2 (low; bug #752092) [squeeze] - softhsm (Minor issue) [wheezy] - softhsm (Minor issue) NOTE: Upstream fix: https://github.com/bellgrim/SoftHSMv2/commit/492447cd4a2be449e99fb9ad2519ea3277aaad28 CVE-2014-XXXX [docker VMM breakout] - docker.io 1.0.0~dfsg1-1 CVE-2014-4193 (The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for J ...) NOT-FOR-US: EMC RSA BSAFE-Java Toolkits CVE-2014-4192 (The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share ...) NOT-FOR-US: EMC RSA BSAFE-Java Toolkits CVE-2014-4191 (The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C an ...) NOT-FOR-US: EMC RSA BSAFE-Java Toolkits CVE-2014-4190 (Multiple heap-based buffer overflows in Huawei Campus Series Switches ...) NOT-FOR-US: Huawei Campus Series Switches CVE-2014-4189 (Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager bef ...) NOT-FOR-US: Hitachi Tuning Manager CVE-2014-4188 (Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Mana ...) NOT-FOR-US: Hitachi Tuning Manager CVE-2014-4187 (Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket a ...) NOT-FOR-US: ClipBucket CVE-2014-4186 RESERVED CVE-2014-4185 RESERVED CVE-2014-4184 RESERVED CVE-2014-4183 RESERVED CVE-2014-4182 RESERVED CVE-2014-4181 RESERVED CVE-2014-4180 RESERVED CVE-2014-4179 RESERVED CVE-2014-4178 RESERVED CVE-2014-4177 RESERVED CVE-2014-4176 RESERVED CVE-2014-4175 RESERVED CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x befor ...) - wireshark 1.10.4-1 [squeeze] - wireshark (Only affects 1.10.x) [wheezy] - wireshark (Only affects 1.10.x) CVE-2014-4173 RESERVED CVE-2014-4172 (A URL parameter injection vulnerability was found in the back-channel ...) {DSA-3017-1} - php-cas 1.3.3-1 (bug #759718) NOTE: https://github.com/Jasig/phpCAS/pull/125 - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766 CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly implem ...) - linux 3.14.15-1 [wheezy] - linux 3.2.63-1 - linux-2.6 (Vulnerable code introduced later) NOTE: https://lkml.org/lkml/2014/7/2/518 CVE-2014-4170 (A Privilege Escalation Vulnerability exists in Free Reprintables Artic ...) NOT-FOR-US: Free Reprintables ArticleFR CVE-2014-4169 RESERVED CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in SHOUTc ...) NOT-FOR-US: SHOUTcast DNAS CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote attacke ...) - ntop (bug #751946) [jessie] - ntop (Minor issue) [wheezy] - ntop (Minor issue) CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 ...) NOT-FOR-US: AlogoSec FireFlow CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Feat ...) NOT-FOR-US: WordPress plugin Featured Comments CVE-2014-4162 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxe ...) NOT-FOR-US: Zyxel P-660HW-T1 wireless CVE-2014-4161 (Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Su ...) NOT-FOR-US: SAP Supplier Relationship Management CVE-2014-4160 (Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas ...) NOT-FOR-US: SAP NetWeaver Business Client CVE-2014-4159 (Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Re ...) NOT-FOR-US: SAP Supplier Relationship Management CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...) NOT-FOR-US: Kolibri CVE-2014-4156 (Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerabi ...) NOT-FOR-US: Proxmox VE CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...) NOT-FOR-US: ZTE router CVE-2014-4154 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...) NOT-FOR-US: ZTE router CVE-2014-4153 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-4152 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...) NOT-FOR-US: Microsoft CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-4147 REJECTED CVE-2014-4146 REJECTED CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4144 REJECTED CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4142 REJECTED CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2014-4140 (Microsoft Internet Explorer 8 through 11 allows remote attackers to by ...) NOT-FOR-US: Microsoft CVE-2014-4139 REJECTED CVE-2014-4138 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft CVE-2014-4137 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2014-4136 REJECTED CVE-2014-4135 REJECTED CVE-2014-4134 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2014-4132 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4131 REJECTED CVE-2014-4130 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4129 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4128 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4127 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4126 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4125 REJECTED CVE-2014-4124 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4123 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protec ...) NOT-FOR-US: Microsoft CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...) NOT-FOR-US: Microsoft CVE-2014-4120 REJECTED CVE-2014-4119 REJECTED CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2 ...) NOT-FOR-US: Microsoft CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Wor ...) NOT-FOR-US: Microsoft CVE-2014-4116 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Found ...) NOT-FOR-US: Microsoft CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Mic ...) NOT-FOR-US: Microsoft CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...) NOT-FOR-US: Microsoft CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4109 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4108 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4107 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4106 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4105 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4104 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4103 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4102 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4101 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4100 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4099 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4098 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4097 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4096 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4095 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4094 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4093 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4092 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4091 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4090 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4089 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4088 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4087 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4086 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4085 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4084 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4083 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4082 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4081 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4080 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4079 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4078 (The IP Security feature in Microsoft Internet Information Services (II ...) NOT-FOR-US: Microsoft CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain privilege ...) NOT-FOR-US: Microsoft CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Micr ...) NOT-FOR-US: Microsoft CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...) NOT-FOR-US: Microsoft CVE-2014-4073 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...) NOT-FOR-US: Microsoft CVE-2014-4072 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5 ...) NOT-FOR-US: Microsoft CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers to ca ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-4070 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-4069 REJECTED CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013 and ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft CVE-2014-4063 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4062 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 doe ...) NOT-FOR-US: Microsoft CVE-2014-4061 (Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not prop ...) NOT-FOR-US: Microsoft CVE-2014-4060 (Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Medi ...) NOT-FOR-US: Microsoft CVE-2014-4059 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4058 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4057 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4056 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4054 REJECTED CVE-2014-4053 REJECTED CVE-2014-4052 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4051 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4050 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-4042 RESERVED CVE-2014-4041 RESERVED CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot ...) - powerpc-utils 1.3.1-2 (unimportant) NOTE: SuSE decided to put/display a warning about the possibility to of NOTE: containing cleartext passwords in the produced archive containing fstab NOTE: and yaboot.conf NOTE: 1.3.1-2 upload removed /usr/sbin/snap from the installed binary package CVE-2014-4039 (ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does no ...) - ppc64-diag 2.7.1-5 NOTE: SuSE Patch: https://bugzilla.suse.com/attachment.cgi?id=599147 CVE-2014-4038 (ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a ...) - ppc64-diag 2.7.1-5 NOTE: Issue partially fixed in 2.7.1-1, but not all parts fixed NOTE: SuSE Patch: https://bugzilla.suse.com/attachment.cgi?id=599147 CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerp ...) - fckeditor (low; bug #752873) [wheezy] - fckeditor (Minor issue) [squeeze] - fckeditor (Minor issue) - docvert [wheezy] - docvert (Minor issue) [squeeze] - docvert (Minor issue) - moin (unused emebdded copy) - knowledgeroot (unused embedded copy) CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php i ...) NOT-FOR-US: ImpressCMS CVE-2014-4035 (Cross-site scripting (XSS) vulnerability in booking_details.php in Bes ...) NOT-FOR-US: Advance Hotel Booking System CVE-2014-4034 (SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 al ...) NOT-FOR-US: ZeroCMS CVE-2014-4033 (Cross-site scripting (XSS) vulnerability in libraries/includes/persona ...) NOT-FOR-US: Epignosis eFront CVE-2014-4032 (Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comm ...) NOT-FOR-US: Fiyo CMS CVE-2014-4031 (The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x throu ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-4030 (Cross-site request forgery (CSRF) vulnerability in the JW Player plugi ...) NOT-FOR-US: WordPress plugin JW Player CVE-2014-4029 RESERVED CVE-2014-4028 RESERVED CVE-2014-4026 RESERVED CVE-2014-4025 RESERVED CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x ...) NOT-FOR-US: F5 BIG-IP CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...) NOT-FOR-US: F5 BIG-IP CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...) - xen (Only 32- and 64-bit ARM systems from Xen 4.4 onwards) CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...) NOT-FOR-US: ZTE CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...) NOT-FOR-US: ZTE router CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote atta ...) {DSA-2964-1} - iodine 0.6.0~rc1-19 (bug #751834) [squeeze] - iodine 0.6.0~rc1-2+deb6u1 NOTE: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850 CVE-2014-4167 (The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014. ...) - neutron 2014.1.1-1 (bug #752021) NOTE: https://launchpad.net/bugs/1309195 CVE-2014-4157 (arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 ...) {DLA-103-1} - linux 3.14.7-1 (bug #751417) [wheezy] - linux 3.2.60-1 - linux-2.6 (squeeze-lts only covers x86) CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ext/standard ...) {DSA-2961-1 DLA-0010-1} - php5 5.6.0~beta4+dfsg-3 (bug #751364) [squeeze] - php5 5.3.3-7+squeeze20 NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468 CVE-2014-4048 (The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows ...) - asterisk (Only affects Asterisk 12.x) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-008.html CVE-2014-4047 (Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 1 ...) - asterisk 1:11.10.2~dfsg-1 (low) [wheezy] - asterisk 1:1.8.13.1~dfsg1-3+deb7u4 [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-007.html CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Ce ...) {DLA-455-1} - asterisk 1:11.10.2~dfsg-1 (low) [squeeze] - asterisk (Vulnerable code not present) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-006.html CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in Asteris ...) - asterisk (Only affects Asterisk 12.x) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-005.html CVE-2014-4044 (OpenAFS 1.6.8 does not properly clear the fields in the host structure ...) - openafs 1.6.9-1 [wheezy] - openafs (Vulnerable code introduced in 1.6.8) [squeeze] - openafs (Vulnerable code introduced in 1.6.8) CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 doe ...) {DSA-3169-1 DLA-165-1} - eglibc - glibc 2.19-2 (low; bug #751774) CVE-2014-4021 (Xen 3.2.x through 4.4.x does not properly clean memory pages recovered ...) {DSA-3006-1} - xen 4.4.1-1 (bug #751894) [squeeze] - xen (Unsupported in squeeze-lts) CVE-2014-4020 (The dissect_frame function in epan/dissectors/packet-frame.c in the fr ...) - wireshark 1.10.8-1 [wheezy] - wireshark (Only affects 1.10.0 to 1.10.7) [squeeze] - wireshark (Only affects 1.10.0 to 1.10.7) NOTE: http://www.wireshark.org/security/wnpa-sec-2014-07.html CVE-2014-4017 (Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugi ...) NOT-FOR-US: WordPress plugin conversionninja CVE-2014-4016 RESERVED CVE-2014-4015 RESERVED CVE-2014-4013 (SQL injection vulnerability in the Policy Manager in Aruba Networks Cl ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2014-4012 (SAP Open Hub Service has hardcoded credentials, which makes it easier ...) NOT-FOR-US: SAP CVE-2014-4011 (SAP Capacity Leveling has hardcoded credentials, which makes it easier ...) NOT-FOR-US: SAP CVE-2014-4010 (SAP Transaction Data Pool has hardcoded credentials, which makes it ea ...) NOT-FOR-US: SAP CVE-2014-4009 (SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which make ...) NOT-FOR-US: SAP CVE-2014-4008 (SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which ma ...) NOT-FOR-US: SAP CVE-2014-4007 (The SAP Upgrade tools for ABAP has hardcoded credentials, which makes ...) NOT-FOR-US: SAP CVE-2014-4006 (The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas ...) NOT-FOR-US: SAP CVE-2014-4005 (SAP Brazil add-on has hardcoded credentials, which makes it easier for ...) NOT-FOR-US: SAP CVE-2014-4004 (The (1) Structures and (2) Project-Oriented Procurement components in ...) NOT-FOR-US: SAP CVE-2014-4003 (The System Landscape Directory (SLD) in SAP NetWeaver allows remote at ...) NOT-FOR-US: SAP CVE-2014-4002 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ...) {DSA-2970-1} - cacti 0.8.8b+dfsg-6 (bug #752573) [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573) CVE-2014-4001 RESERVED CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct PHP ob ...) - cacti 0.8.8e+ds1-1 (low) [jessie] - cacti 0.8.8b+dfsg-8+deb8u2 [wheezy] - cacti 0.8.8a+dfsg-5+deb7u6 NOTE: http://www.cacti.net/release_notes_1_0_0.php NOTE: http://bugs.cacti.net/view.php?id=2452 (not accessible: marked as security issue) NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731 NOTE: This CVE was fixed by introduction of the function sanitize_unserialize_selected_items NOTE: in version 0.8.8e and calling it instead of unserialize(stripslashes()). NOTE: Affected files require authenticated users. CVE-2014-3999 (The Horde_Ldap library before 2.0.6 for Horde allows remote attackers ...) - php-horde-ldap 2.0.6-1 CVE-2014-3998 RESERVED CVE-2014-3997 (SQL injection vulnerability in the MetadataServlet servlet in ManageEn ...) NOT-FOR-US: Password Manager Pro CVE-2014-3996 (SQL injection vulnerability in the LinkViewFetchServlet servlet in Man ...) NOT-FOR-US: Password Manager Pro CVE-2014-3993 RESERVED CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow ...) - dolibarr 3.5.4+dfsg2-1 (bug #755531) CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...) - dolibarr 3.5.5+dfsg1-1 CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in OpenCart 1. ...) NOT-FOR-US: OpenCart CVE-2014-3989 RESERVED CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFi ...) NOT-FOR-US: SunHater KCFinder CVE-2014-3987 RESERVED CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remo ...) - libav 6:0.8.12-1 NOTE: Fairly pointless CVE assignment... CVE-2014-4150 (The scheme48-send-definition function in cmuscheme48.el in Scheme 48 a ...) {DLA-0006-1} - scheme48 1.9-4 (bug #748766) [wheezy] - scheme48 1.8+dfsg-1+deb7u1 [squeeze] - scheme48 1.8+dfsg-1+deb6u1 CVE-2014-4027 (The rd_build_device_space function in drivers/target/target_core_rd.c ...) - linux 3.14.2-1 [wheezy] - linux 3.2.60-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.38) NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc CVE-2014-4014 (The capabilities implementation in the Linux kernel before 3.14.8 does ...) - linux 3.14.7-1 [wheezy] - linux (User namespaces only usable in later kernels) - linux-2.6 (User namespaces only usable in later kernels) NOTE: fixing commit https://git.kernel.org/linus/23adbe12ef7d3d4195e80800ab36b37bee28cd03 CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to o ...) - lynis 1.5.5-1 (bug #751083) [squeeze] - lynis (Minor issue) [wheezy] - lynis (Minor issue) CVE-2014-3995 (Cross-site scripting (XSS) vulnerability in gravatars/templatetags/gra ...) NOT-FOR-US: Djblets CVE-2014-3994 (Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_ ...) NOT-FOR-US: Djblets CVE-2014-3983 RESERVED CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local use ...) - lynis (Specific to AIX) CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlie ...) - php5 5.6.0~rc1+dfsg-1 (unimportant) NOTE: Only exploitable during package build CVE-2014-3979 (Bytemark Symbiosis allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Bytemark Symbiosis CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote auth ...) NOT-FOR-US: TomatoCart CVE-2014-3977 (libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to ...) NOT-FOR-US: IBM AIX CVE-2014-3976 (Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) ...) NOT-FOR-US: A10 Networks Advanced Core Operating System CVE-2014-3975 (Absolute path traversal vulnerability in filemanager.php in AuraCMS 3. ...) NOT-FOR-US: AuraCMS CVE-2014-3974 (Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS ...) NOT-FOR-US: AuraCMS CVE-2014-3973 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...) - frontaccounting 2.3.21-1 (bug #751867) [squeeze] - frontaccounting (Minor issue) [wheezy] - frontaccounting (Minor issue) CVE-2014-3972 (Directory traversal vulnerability in Apexis APM-J601-WS cameras with f ...) NOT-FOR-US: Apexis cameras CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in db/commands/authent ...) - mongodb (X.509 certifictate authentication introduced in 2.6.x) NOTE: https://jira.mongodb.org/browse/SERVER-13753 NOTE: https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b CVE-2014-3965 RESERVED CVE-2014-3964 RESERVED CVE-2014-3963 (ownCloud Server before 6.0.1 does not properly check permissions, whic ...) - owncloud 6.0.1+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-009/ CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote ...) NOT-FOR-US: Videos Tube CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...) NOT-FOR-US: WordPress plugin Participants Database CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...) NOT-FOR-US: OpenNMS CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...) - libfep (bug #658575) CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the Configurat ...) NOT-FOR-US: F5 CVE-2014-3958 RESERVED CVE-2014-3957 RESERVED CVE-2014-3955 (routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to caus ...) NOT-FOR-US: FreeBSD routed CVE-2014-3954 (Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 ...) NOT-FOR-US: FreeBSD rtsold CVE-2014-3953 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 befor ...) {DSA-3070-1} - kfreebsd-8 [wheezy] - kfreebsd-8 (kfreebsd-8 only a test kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) - kfreebsd-9 (bug #754237) - kfreebsd-10 10.1~svn272463-1 CVE-2014-3952 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 befor ...) {DSA-3070-1} - kfreebsd-8 [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) [wheezy] - kfreebsd-8 (kfreebsd-8 only a test kernel, will be fixed in a point update) - kfreebsd-9 (bug #754236) - kfreebsd-10 10.1~svn272463-1 CVE-2014-3951 (The HZ module in the iconv implementation in FreeBSD 10.0 before p6 an ...) NOT-FOR-US: iconv system library of FreeBSD and NetBSD CVE-2014-3950 RESERVED CVE-2014-3949 (Cross-site scripting (XSS) vulnerability in the layout wizard in the G ...) NOT-FOR-US: TYPO3 extension gridelements CVE-2014-3948 (Cross-site scripting (XSS) vulnerability in the HTML export wizard in ...) NOT-FOR-US: TYPO3 extension powermail CVE-2014-3947 (Unrestricted file upload vulnerability in the powermail extension befo ...) NOT-FOR-US: TYPO3 extension powermail CVE-2014-3939 (Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 all ...) NOT-FOR-US: Autodesk SketchBook Pro CVE-2014-3938 (Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote ...) NOT-FOR-US: Autodesk Sketchbook Pro CVE-2014-3937 (SQL injection vulnerability in the Contextual Related Posts plugin bef ...) NOT-FOR-US: WordPress plugin contextual-related-posts CVE-2014-3936 (Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi ...) NOT-FOR-US: D-Link CVE-2014-3935 (SQL injection vulnerability in glossaire-aff.php in the Glossaire modu ...) NOT-FOR-US: XOOPS module Glossaire CVE-2014-3934 (SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 ...) NOT-FOR-US: PHP-Nuke CVE-2014-3933 (Cross-site scripting (XSS) vulnerability in the address components fie ...) NOT-FOR-US: Drupal module AddressField Tokens CVE-2014-3932 (SQL injection vulnerability in the device registration component in ws ...) NOT-FOR-US: CoSoSys Endpoint Protector CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 allow ...) NOT-FOR-US: Multi-Router Looking Glass CVE-2014-3930 (lg.pl in Cistron-LG 1.01 stores sensitive information under the web ro ...) NOT-FOR-US: Cistron-LG CVE-2014-3929 (The default configuration for Cougar-LG stores sensitive information u ...) NOT-FOR-US: Cougar-LG CVE-2014-3928 (Cougar-LG stores sensitive information under the web root with insuffi ...) NOT-FOR-US: Cougar-LG CVE-2014-3927 (mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execu ...) NOT-FOR-US: mrlg4php CVE-2014-3926 (Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 al ...) NOT-FOR-US: Cougar LG CVE-2014-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1 ...) - webmin CVE-2014-3923 (Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoo ...) NOT-FOR-US: WordPress plugin Digital Zoom Studio Video Gallery CVE-2014-3922 (Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Mess ...) NOT-FOR-US: Trend Micro InterScan CVE-2014-3921 (Cross-site scripting (XSS) vulnerability in popup.php in the Simple Po ...) NOT-FOR-US: WordPress plugin Simple Popup Images CVE-2014-3969 (Xen 4.4.x, when running on an ARM system, does not properly check writ ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) CVE-2014-3970 (The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv m ...) - pulseaudio 5.0-3 (low) [squeeze] - pulseaudio (Minor issue) [wheezy] - pulseaudio (Minor issue) NOTE: http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html CVE-2014-3968 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows lo ...) - xen 4.4.1-1 (bug #757724) [wheezy] - xen (Xen versions from 4.2 onwards are vulnerable) [squeeze] - xen (Xen versions from 4.2 onwards are vulnerable) CVE-2014-3967 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not ...) - xen 4.4.1-1 (bug #757724) [wheezy] - xen (Xen versions from 4.2 onwards are vulnerable) [squeeze] - xen (Xen versions from 4.2 onwards are vulnerable) CVE-2014-3966 (Cross-site scripting (XSS) vulnerability in Special:PasswordReset in M ...) {DSA-2957-1} - mediawiki 1:1.19.16+dfsg-1 (low; bug #750527) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501 CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...) - sendmail 8.14.4-6 (low; bug #750562) [wheezy] - sendmail 8.14.4-4+deb7u1 [squeeze] - sendmail (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2014/06/03/1 CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the presenc ...) - linux 3.14.7-1 (low) [wheezy] - linux 3.2.60-1 - linux-2.6 (Only exploitable in 3.12 and later) CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux ( ...) - sosreport (RedHat-specific issue) CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0 ...) - kanboard (bug #790814) CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp ...) NOT-FOR-US: Netgear CVE-2014-3918 RESERVED CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...) - ruby2.1 (unimportant) - ruby2.0 (unimportant) - ruby1.9.1 (unimportant) - ruby1.8 (unimportant) NOTE: Only exploitable on Windows CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...) NOT-FOR-US: Rocket Servergraph CVE-2014-3914 (Directory traversal vulnerability in the Admin Center for Tivoli Stora ...) NOT-FOR-US: Rocket ServerGraph CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow ...) NOT-FOR-US: Ericom AccessNow Server CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList method in t ...) NOT-FOR-US: Samsung iPOLiS Device Manager CVE-2014-3911 (Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to e ...) NOT-FOR-US: Samsung iPOLiS Device Manager CVE-2014-3910 (Emurasoft EmFTP allows local users to gain privileges via a Trojan hor ...) NOT-FOR-US: Emurasoft EmFTP CVE-2014-3909 (Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and earlie ...) NOT-FOR-US: Falcon WisePoint CVE-2014-3908 (The Amazon.com Kindle application before 4.5.0 for Android does not ve ...) NOT-FOR-US: Amazon.com Kindle application CVE-2014-3907 (Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsle ...) NOT-FOR-US: MailPoet Newsletters (wysija-newsletters) plugin for WordPress CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and A ...) NOT-FOR-US: OSK Advance-Flow CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 ...) NOT-FOR-US: tenfourzero Shutter CVE-2014-3904 (SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0. ...) NOT-FOR-US: tenfourzero Shutter CVE-2014-3903 (Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x befor ...) NOT-FOR-US: Cakifo theme for WordPress CVE-2014-3902 (The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android ...) NOT-FOR-US: CyberAgent Ameba application CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote attacker ...) NOT-FOR-US: Raritan Japan Dominion KX2-101 switches CVE-2014-3900 (Cross-site scripting (XSS) vulnerability in admin/picture_modify.php i ...) - piwigo [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to ...) NOT-FOR-US: Gretech GOM Player CVE-2014-3898 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView Operati ...) NOT-FOR-US: Fujitsu ServerView Operations Manager CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMai ...) NOT-FOR-US: Homepage Decorator PerlMailer CVE-2014-3896 (Multiple cross-site request forgery (CSRF) vulnerabilities in CGI prog ...) NOT-FOR-US: Seeds acmailer CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/ ...) NOT-FOR-US: I-O DATA camera firmware CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional M ...) NOT-FOR-US: PHP Kobo Multifunctional MailForm CVE-2014-3893 REJECTED CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...) NOT-FOR-US: Nexa Meridian CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows rem ...) NOT-FOR-US: RimArts Becky! Internet Mail CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote attack ...) NOT-FOR-US: silex device CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote attack ...) NOT-FOR-US: silex device CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1 ...) NOT-FOR-US: Yokogawa CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...) NOT-FOR-US: I-O DATA DEVICE CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...) - webmin CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...) - webmin CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allow ...) NOT-FOR-US: Usermin CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary oper ...) NOT-FOR-US: Usermin CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...) NOT-FOR-US: WordPress plugin login-rebuilder CVE-2014-3881 (Cross-site request forgery (CSRF) vulnerability in Intercom Web Kyukin ...) NOT-FOR-US: Intercom Web Kyukincho CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...) {DSA-2952-1} - kfreebsd-8 [wheezy] - kfreebsd-8 (Will be fixed in a point update) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) - kfreebsd-9 - kfreebsd-10 10.0-6 CVE-2014-3879 (OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error ...) NOT-FOR-US: OpenPAM CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...) NOT-FOR-US: IPSwitch IMail CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...) {DLA-68-1} - fex 20140530-1 [wheezy] - fex (non-free not supported) NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast Fil ...) {DLA-68-1} - fex 20140530-1 [wheezy] - fex (non-free not supported) NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt CVE-2014-3875 (The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex ...) {DLA-68-1} - fex 20140530-1 [wheezy] - fex (non-free not supported) NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt CVE-2014-3874 RESERVED CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before p1 ...) - kfreebsd-8 [wheezy] - kfreebsd-8 (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) - kfreebsd-9 (bug #750493) [wheezy] - kfreebsd-9 (introduced by the merge of r237663) CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login pag ...) NOT-FOR-US: D-Link firmware CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic Sol ...) NOT-FOR-US: GeodesicSolutions CVE-2014-3869 RESERVED CVE-2014-3868 (Multiple SQL injection vulnerabilities in ZeusCart 4.x. ...) NOT-FOR-US: ZeusCart CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component ...) NOT-FOR-US: Joomla! component JChatSocial CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discov ...) NOT-FOR-US: HL7 C-CDA CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 a ...) NOT-FOR-US: HL7 C-CDA CVE-2014-3860 (Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijac ...) NOT-FOR-US: Xilisoft Video Converter Ultimate CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...) - bind9 (Only affects 9.10.0, 9.10.0-P1) NOTE: https://kb.isc.org/article/AA-01166 CVE-2014-3858 RESERVED CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control Statistics in ...) NOT-FOR-US: Kerio Control CVE-2014-3856 (The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does ...) - fish 2.1.1-1 (low; bug #746259) [squeeze] - fish (Minor issue) [wheezy] - fish (Minor issue) NOTE: https://github.com/fish-shell/fish-shell/issues/1437 CVE-2014-3855 (Directory traversal vulnerability in download.py in Pyplate 0.08 allow ...) NOT-FOR-US: Pyplate CVE-2014-3854 (Cross-site request forgery (CSRF) vulnerability in admin/addScript.py ...) NOT-FOR-US: Pyplate CVE-2014-3853 (Pyplate 0.08 does not set the secure flag for the id cookie in an http ...) NOT-FOR-US: Pyplate CVE-2014-3852 (Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header ...) NOT-FOR-US: Pyplate CVE-2014-3851 (usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-reada ...) NOT-FOR-US: Pyplate CVE-2014-3850 (Cross-site request forgery (CSRF) vulnerability in the Member Approval ...) NOT-FOR-US: WordPress plugin Member Approval 131109 CVE-2014-3849 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not p ...) NOT-FOR-US: WordPress plugin iMember360 CVE-2014-3848 (The iMember360 plugin before 3.9.001 for WordPress does not properly r ...) NOT-FOR-US: WordPress plugin iMember360 CVE-2014-3847 RESERVED CVE-2014-3845 (Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color P ...) NOT-FOR-US: WordPress plugin TinyMCE Color Picker CVE-2014-3844 (The TinyMCE Color Picker plugin before 1.2 for WordPress does not prop ...) NOT-FOR-US: WordPress plugin TinyMCE Color Picker CVE-2014-3843 (Cross-site request forgery (CSRF) vulnerability in the Search Everythi ...) NOT-FOR-US: WordPress plugin Search Everything CVE-2014-3842 (Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 ...) NOT-FOR-US: WordPress plugin iMember360 CVE-2014-3841 (Cross-site scripting (XSS) vulnerability in the Contact Bank plugin be ...) NOT-FOR-US: WordPress plugin Contact Bank CVE-2014-3946 (The query caching functionality in the Extbase Framework component in ...) {DSA-2942-1} - typo3-src 4.5.34+dfsg1-1 (bug #749215) [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2014-3945 (The Authentication component in TYPO3 before 6.2, when salting for pas ...) {DSA-2942-1} - typo3-src 4.5.34+dfsg1-1 (bug #749215) [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2014-3944 (The Authentication component in TYPO3 6.2.0 before 6.2.3 does not prop ...) {DSA-2942-1} - typo3-src 4.5.34+dfsg1-1 (bug #749215) [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2014-3943 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified bac ...) {DSA-2942-1} - typo3-src 4.5.34+dfsg1-1 (bug #749215) [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2014-3942 (The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 ...) {DSA-2942-1} - typo3-src 4.5.34+dfsg1-1 (bug #749215) [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2014-3941 (TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6 ...) {DSA-2942-1} - typo3-src 4.5.34+dfsg1-1 (bug #749215) [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDIT ...) {DLA-0015-1} - linux 3.14.7-1 [wheezy] - linux 3.2.60-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: http://article.gmane.org/gmane.linux.kernel/1713179 CVE-2014-3865 (Multiple directory traversal vulnerabilities in dpkg-source in dpkg-de ...) {DSA-2953-1} - dpkg 1.17.10 (bug #749183) CVE-2014-3864 (Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 all ...) {DSA-2953-1} - dpkg 1.17.10 (bug #746498) CVE-2014-3870 (Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 ...) NOT-FOR-US: WordPress plugin bib2html CVE-2014-3866 (Multiple cross-site request forgery (CSRF) vulnerabilities in user_set ...) NOT-FOR-US: userCake CVE-2014-3846 (Cross-site scripting (XSS) vulnerability in Flying Cart allows remote ...) NOT-FOR-US: Flying Cart CVE-2014-3839 [owncloud: Deserialization of Untrusted Data in core] RESERVED - owncloud 6.0.3+dfsg-1 CVE-2014-3838 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly ...) - owncloud 6.0.3+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-016/ CVE-2014-3837 (The document application in ownCloud Server before 6.0.3 uses sequenti ...) - owncloud 6.0.3+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-015/ CVE-2014-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) - owncloud 6.0.3+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-014/ CVE-2014-3835 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check pe ...) - owncloud 6.0.3+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-012/ CVE-2014-3834 (ownCloud Server before 6.0.3 does not properly check permissions, whic ...) - owncloud 6.0.3+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-011/ NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-013/ CVE-2014-3833 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery ...) - owncloud 6.0.3+dfsg-2 CVE-2014-3832 (Cross-site scripting (XSS) vulnerability in the Documents component in ...) - owncloud 6.0.3+dfsg-2 CVE-2014-3831 REJECTED CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1 ...) NOT-FOR-US: TomatoCart CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Ser ...) - centreon-web (bug #913903) CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...) - centreon-web (bug #913903) CVE-2014-3827 (Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka M ...) NOT-FOR-US: MyBB CVE-2014-3826 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows ...) NOT-FOR-US: MyBB CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1 ...) NOT-FOR-US: Juniper Junos CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the Juni ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2014-3823 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with I ...) NOT-FOR-US: The Juniper Junos Pulse Secure Access Service CVE-2014-3822 (Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 1 ...) NOT-FOR-US: Juniper Junos CVE-2014-3821 (Cross-site scripting (XSS) vulnerability in SRX Web Authentication (we ...) NOT-FOR-US: Juniper Junos CVE-2014-3820 (Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before ...) NOT-FOR-US: Juniper Junos CVE-2014-3818 (Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12. ...) NOT-FOR-US: Juniper Junos CVE-2014-3817 (Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 ...) NOT-FOR-US: Juniper Junos CVE-2014-3816 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before ...) NOT-FOR-US: Juniper Junos CVE-2014-3815 (Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D1 ...) NOT-FOR-US: Juniper Junos CVE-2014-3814 (The Juniper Networks NetScreen Firewall devices with ScreenOS before 6 ...) NOT-FOR-US: Juniper Networks NetScreen Firewall CVE-2014-3813 (Unspecified vulnerability in the Juniper Networks NetScreen Firewall p ...) NOT-FOR-US: Juniper Networks NetScreen Firewall CVE-2014-3812 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with I ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2014-3811 (Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows an ...) NOT-FOR-US: Junos Pulse Client CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx D ...) NOT-FOR-US: Dolphin (php thingy) CVE-2014-3809 (Cross-site scripting (XSS) vulnerability in the management interface i ...) NOT-FOR-US: Alcatel Lucent CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) NOT-FOR-US: BarracudaDrive CVE-2014-3807 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) NOT-FOR-US: BarracudaDrive CVE-2014-3806 (Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo ...) NOT-FOR-US: VMTurbo Operations Manager CVE-2014-3805 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-3804 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows re ...) NOT-FOR-US: AlienVault OSSIM CVE-2014-3803 (The SpeechInput feature in Blink, as used in Google Chrome before 35.0 ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser CVE-2014-3802 (msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distribute ...) NOT-FOR-US: Microsoft Visual Studio CVE-2014-3799 REJECTED CVE-2014-3798 (The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows ...) NOT-FOR-US: Citrix XenServer CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appl ...) NOT-FOR-US: VMware vSphere CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) ...) NOT-FOR-US: VMware NSX and vCNS CVE-2014-3795 REJECTED CVE-2014-3794 REJECTED CVE-2014-3793 (VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6 ...) NOT-FOR-US: VMware CVE-2014-3792 (Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 Route ...) NOT-FOR-US: Beetel Router CVE-2014-3791 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 ...) NOT-FOR-US: Easy File Sharing CVE-2014-3790 (Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows r ...) NOT-FOR-US: VMware vCenter Server Appliance CVE-2014-3789 (GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7 ...) NOT-FOR-US: Cogent DataHub CVE-2014-3788 (Heap-based buffer overflow in the Web Server in Cogent Real-Time Syste ...) NOT-FOR-US: Cogent DataHub CVE-2014-3787 (SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitra ...) NOT-FOR-US: SAP NetWeaver CVE-2014-3840 (Multiple cross-site scripting (XSS) vulnerabilities in apps/common/tem ...) - mayan (bug #718580) CVE-2014-3801 (OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, ...) - heat 2014.1-4 (bug #748824) NOTE: https://launchpad.net/bugs/1311223 CVE-2014-3786 (Multiple cross-site scripting (XSS) vulnerabilities in the contact mod ...) NOT-FOR-US: Pixie CMS CVE-2014-3785 RESERVED CVE-2014-3784 RESERVED CVE-2014-3783 (SQL injection vulnerability in admin/categories.php in Dotclear before ...) - dotclear 2.6.3+dfsg-1 CVE-2014-3782 (Multiple incomplete blacklist vulnerabilities in the filemanager::isFi ...) - dotclear 2.6.3+dfsg-1 CVE-2014-3781 (The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclea ...) - dotclear 2.6.3+dfsg-1 CVE-2014-3780 (Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 an ...) NOT-FOR-US: Citrix CVE-2014-3779 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfSe ...) NOT-FOR-US: ZOHO CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in goform/R ...) NOT-FOR-US: ARRIS modem CVE-2014-3777 (Directory traversal vulnerability in Reportico PHP Report Designer bef ...) NOT-FOR-US: Reportico PHP Report Designer CVE-2014-3770 RESERVED CVE-2014-3769 RESERVED CVE-2014-3768 RESERVED CVE-2014-3767 RESERVED CVE-2014-3766 RESERVED CVE-2014-3765 RESERVED CVE-2014-3764 (Cross-site scripting (XSS) vulnerability in the web-based device manag ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2014-3763 RESERVED CVE-2014-3762 RESERVED CVE-2014-3761 (Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with firmw ...) NOT-FOR-US: D-Link DAP 1150 CVE-2014-3760 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link DAP 1150 CVE-2014-3759 (Multiple SQL injection vulnerabilities in the BibTex Publications (si_ ...) NOT-FOR-US: TYPO3 extension si_bibtex CVE-2014-3758 (Cross-site scripting (XSS) vulnerability in the BibTex Publications (s ...) NOT-FOR-US: TYPO3 extension si_bibtex CVE-2014-3757 (SQL injection vulnerability in sorter.php in the phpManufaktur kitForm ...) NOT-FOR-US: phpManufaktur extension CVE-2014-3754 RESERVED CVE-2014-3753 (AgileBits 1Password through 1.0.9.340 allows security feature bypass ...) NOT-FOR-US: AgileBits 1Password CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and ea ...) NOT-FOR-US: G Data TotalProtection CVE-2014-3751 RESERVED CVE-2014-3750 (The Bilyoner application before 2.3.1 for Android and before 4.6.2 for ...) NOT-FOR-US: Bilyoner for Android CVE-2014-3748 RESERVED CVE-2014-3747 RESERVED CVE-2014-3746 RESERVED CVE-2014-3745 RESERVED CVE-2014-3744 (Directory traversal vulnerability in the st module before 0.2.5 for No ...) NOT-FOR-US: Node st module CVE-2014-3743 (Multiple cross-site scripting (XSS) vulnerabilities in the Marked modu ...) - node-marked 0.3.1+dfsg-1 CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js all ...) NOT-FOR-US: hapi framework for Node.js CVE-2014-3741 (The printDirect function in lib/printer.js in the node-printer module ...) NOT-FOR-US: node-printer CVE-2014-3740 (Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.0019 ...) NOT-FOR-US: SpiceWorks CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in templates/defaultheader.ph ...) NOT-FOR-US: Storesprite CVE-2014-3736 RESERVED CVE-2014-3735 (ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers ...) NOT-FOR-US: Intel Ideo Video CVE-2014-3734 RESERVED CVE-2014-3733 RESERVED CVE-2014-3732 RESERVED CVE-2014-3731 RESERVED CVE-2014-3729 RESERVED CVE-2014-3728 RESERVED CVE-2014-3727 RESERVED CVE-2014-3726 RESERVED CVE-2014-3725 RESERVED CVE-2014-3724 RESERVED CVE-2014-3723 RESERVED CVE-2014-3722 RESERVED CVE-2014-3721 RESERVED CVE-2014-3720 RESERVED CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...) NOT-FOR-US: Ex Libris ALEPH 500 (Integrated library management system) CVE-2014-3713 RESERVED CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...) NOT-FOR-US: Katello CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...) {DSA-3070-1} - kfreebsd-9 (bug #766275) - kfreebsd-10 10.1~svn273874-1 (bug #766278) [experimental] - kfreebsd-11 11.0~svn284956-1 (bug #766279) CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the ...) {DSA-3074-1 DSA-3072-1 DLA-94-1 DLA-86-1} - file 1:5.20-2 (bug #768806) NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 - php5 5.6.3+dfsg-1 (bug #768807) NOTE: https://bugs.php.net/bug.php?id=68283 NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch) CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback method in ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 ...) - nova 2014.1.3-6 (low) [wheezy] - nova (Minor issue) NOTE: affected versions up to 2014.1.3, and 2014.2 CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, whe ...) {DSA-3069-1 DLA-84-1} - curl 7.38.0-3 NOTE: http://curl.haxx.se/docs/adv_20141105.html NOTE: Upstream commit: https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945 CVE-2014-3706 (ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attac ...) NOT-FOR-US: ovirt-engine CVE-2014-3705 RESERVED CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal ...) {DSA-3051-1} - drupal7 7.32-1 (bug #765507) - drupal6 (Only affects Drupal 7) CVE-2014-3703 (OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic p ...) NOT-FOR-US: Red Hat Openstack 4 Neutron CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows remote at ...) - edeploy (bug #717664) CVE-2014-3701 (eDeploy has tmp file race condition flaws ...) - edeploy (bug #717664) CVE-2014-3700 (eDeploy through at least 2014-10-14 has remote code execution due to e ...) - edeploy (bug #717664) CVE-2014-3699 (eDeploy has RCE via cPickle deserialization of untrusted data ...) - edeploy (bug #717664) CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol plu ...) {DSA-3055-1} - pidgin 2.10.10-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2014-3697 (Absolute path traversal vulnerability in the untar_block function in w ...) - pidgin (Windows specific) CVE-2014-3696 (nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidg ...) {DSA-3055-1} - pidgin 2.10.10-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2014-3695 (markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.1 ...) {DSA-3055-1} - pidgin 2.10.10-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2014-3694 (The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/ ...) {DSA-3055-1} - pidgin 2.10.10-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Remote i ...) - libreoffice 1:4.3.3~rc2~git20141011-1 [wheezy] - libreoffice (Introduced in 4.0.0) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/ CVE-2014-3692 (The customization template in Red Hat CloudForms 3.1 Management Engine ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-3691 (Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5. ...) NOT-FOR-US: Foreman Smart Proxy CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.1 ...) {DSA-3060-1} - linux 3.16.7-1 - linux-2.6 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a (v3.18-rc1) CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local g ...) {DSA-3067-1 DSA-3066-1} - qemu 2.1+dfsg-6 (bug #765496) [squeeze] - qemu - qemu-kvm [squeeze] - qemu-kvm NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks. NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows remot ...) {DSA-3060-1 DLA-118-1} - linux 3.16.7-1 - linux-2.6 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26b87c7881006311828bb0ab271a551a62dcceb4 (v3.18-rc1) CVE-2014-3687 (The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in t ...) {DSA-3060-1 DLA-118-1} - linux 3.16.7-1 - linux-2.6 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b69040d8e39f20d5215a03502a8e8b4c6ab78395 (v3.18-rc1) CVE-2014-3686 (wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certai ...) {DSA-3052-1 DLA-147-1} - wpasupplicant - hostapd [squeeze] - hostapd (Vulnerable code not present in 0.6.10) - wpa 2.3-1 (bug #765352; high) CVE-2014-3685 REJECTED CVE-2014-3684 (The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Reso ...) {DSA-3058-1 DLA-78-1} - torque 2.4.16+dfsg-1.5 (bug #763922) NOTE: https://github.com/adaptivecomputing/torque/commit/967cdc80150690459a47a35a658abeee0ca6e5cb NOTE: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9 NOTE: 2.4 is end-of-life upstream thus no patches available for that branch. CVE-2014-3683 (Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysk ...) {DSA-3047-1 DLA-72-1} - rsyslog 8.4.2-1 NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ CVE-2014-3682 (XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl f ...) NOT-FOR-US: jBPM Designer CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and L ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3680 (Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticate ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3679 (The Monitoring plugin before 1.53.0 for Jenkins allows remote attacker ...) NOT-FOR-US: Jenkins monitoring plugin NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 CVE-2014-3678 (Cross-site scripting (XSS) vulnerability in the Monitoring plugin befo ...) NOT-FOR-US: Jenkins monitoring plugin NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 CVE-2014-3677 (Unspecified vulnerability in Shim might allow attackers to execute arb ...) NOT-FOR-US: shim (the UEFI one, not the systemd) CVE-2014-3676 (Heap-based buffer overflow in Shim allows remote attackers to execute ...) NOT-FOR-US: shim (the UEFI one, not the systemd) CVE-2014-3675 (Shim allows remote attackers to cause a denial of service (out-of-boun ...) NOT-FOR-US: shim (the UEFI one, not the systemd) CVE-2014-3674 (Red Hat OpenShift Enterprise before 2.2 does not properly restrict acc ...) NOT-FOR-US: OpenShift Enterprise CVE-2014-3673 (The SCTP implementation in the Linux kernel through 3.17.2 allows remo ...) {DSA-3060-1} - linux 3.16.7-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze9 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1) CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local g ...) {DLA-571-1} - xen 4.4.0-1 NOTE: Xen switched to qemu-system in 4.4.0-1 NOTE: http://xenbits.xen.org/xsa/advisory-180.html NOTE: Related hardening for libvirt: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf NOTE: This is hardly a vulnerability in qemu per se, but rather a problem of integrating qemu CVE-2014-3671 REJECTED CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in PH ...) {DSA-3064-1 DLA-94-1} - php5 5.6.2+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68113 CVE-2014-3669 (Integer overflow in the object_custom function in ext/standard/var_uns ...) {DSA-3064-1 DLA-94-1} - php5 5.6.2+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68044 CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime impl ...) {DSA-3064-1 DLA-94-1} - php5 5.6.2+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68027 CVE-2014-3667 (Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3666 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3665 (Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure tru ...) - jenkins (bug #767541) [jessie] - jenkins (Backport not feasible, insecure feature is documented as such) NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented, NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30 CVE-2014-3664 (Directory traversal vulnerability in Jenkins before 1.583 and LTS befo ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3663 (Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticate ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3662 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3661 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...) - jenkins 1.565.3-1 (bug #763899) CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ...) {DSA-2978-2 DSA-3057-1 DLA-151-1 DLA-80-1} [jessie] - libxml2 2.9.1+dfsg1-5 - libxml2 2.9.2+dfsg1-1 (bug #765722) NOTE: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html NOTE: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230 NOTE: Beware the upstream patch relies on other commits not NOTE: available in the squeeze/wheezy version (at least cff2546f that NOTE: changes how the ent->checked variable is used and likely a3f1e3e5 too) CVE-2014-3659 REJECTED CVE-2014-3658 RESERVED CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt be ...) - libvirt 1.2.9-1 [wheezy] - libvirt (Vulnerable code introduced later) [squeeze] - libvirt (Vulnerable code introduced later) NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=fc22b2e74890873848b43fffae43025d22053669 (v1.2.9) NOTE: Introduced by: libvirt.org/git/?p=libvirt.git;a=commit;h=2c6808044408fba9ff9547ad88bb8a0f44ee21a0 (v0.10.0-rc0) CVE-2014-3656 (JBoss KeyCloak: XSS in login-status-iframe.html ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3655 (JBoss KeyCloak is vulnerable to soft token deletion via CSRF ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3654 (Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java ...) NOT-FOR-US: Red Hat Satellite CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview funct ...) - foreman (bug #663101) NOTE: http://projects.theforeman.org/issues/7483 NOTE: https://github.com/sodabrew/foreman/issues/1 CVE-2014-3652 (JBoss KeyCloak: Open redirect vulnerability via failure to validate th ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a d ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3650 RESERVED NOT-FOR-US: JBoss AeroGear CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...) NOT-FOR-US: JBoss AeroGear CVE-2014-3648 RESERVED CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel throug ...) {DSA-3060-1} - linux 3.16.7-1 - linux-2.6 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=234f3ce485d54017f15cf5e0699cff4100121601 NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=d1442d85cc30ea75f7d399474ca738e0bc96f715 CVE-2014-3646 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3. ...) {DSA-3060-1} - linux 3.16.7-1 - linux-2.6 (Vulnerable code not present) NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a642fc305053cc1c6e47e4f4df327895747ab485 CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.1 ...) {DSA-3060-1} - linux 3.12.6-1 - linux-2.6 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e (v3.12-rc1) CVE-2014-3644 RESERVED CVE-2014-3643 (jersey: XXE via parameter entities not disabled by the jersey SAX pars ...) NOT-FOR-US: Jersey SAX parser CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in Red Hat ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder befo ...) - cinder 2014.1.3-1 NOTE: Affects version up to 2014.1.2 CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...) {DSA-3045-1 DSA-3044-1} - qemu 2.1+dfsg-5 (bug #762532) [squeeze] - qemu - qemu-kvm [squeeze] - qemu-kvm NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...) {DSA-3026-1 DLA-87-1} - dbus 1.8.8-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919 CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in D-Bus b ...) {DSA-3026-1 DLA-87-1} - dbus 1.8.8-1 NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053 CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does no ...) {DSA-3026-1} - dbus 1.8.8-1 [squeeze] - dbus (Version in squeeze does not support FD passing with SCM_RIGHTS) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80559 CVE-2014-3636 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows ...) {DSA-3026-1} - dbus 1.8.8-1 [squeeze] - dbus (Version in squeeze does not support FD passing with SCM_RIGHTS) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=82820 CVE-2014-3635 (Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x ...) {DSA-3026-1} - dbus 1.8.8-1 [squeeze] - dbus (Version in Squeeze does not support FD passing with SCM_RIGHTS) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=83622 CVE-2014-3634 (rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier ...) {DSA-3040-1 DLA-72-1} - rsyslog 8.4.1-1 - inetutils 2:1.9.2.39.3a460-1 [wheezy] - inetutils (Minor issue) [squeeze] - inetutils (Minor issue) CVE-2014-3633 (The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...) {DSA-3038-1} - libvirt 1.2.8-2 (bug #762203) [squeeze] - libvirt (Vulnerable code introduced in v0.9.8) NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8) NOTE: Upstream advisory: http://security.libvirt.org/2014/0004.html CVE-2014-3632 (The default configuration in a sudoers file in the Red Hat openstack-n ...) - neutron (Red Hat-specific) NOTE: Regression of fix for CVE-2013-6433, Red Hat specific in RedHat Enterprise Open Stack Platform 5.0 CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in ...) - linux 3.16.3-1 [wheezy] - linux (Vulnerable code introduced later) - linux-2.6 (Vulnerable code introduced later) NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 (v3.13) NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e CVE-2014-3630 (XML external entity (XXE) vulnerability in the Java XML processing fun ...) NOT-FOR-US: Play framework CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in ...) - qpid-cpp (low; bug #772794) [wheezy] - qpid-cpp (Minor issue) NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch CVE-2014-3628 (Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stat ...) - lucene-solr (Only affects later 4.x releases) NOTE: https://issues.apache.org/jira/browse/SOLR-6738 CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 an ...) NOT-FOR-US: Apache Hadoop CVE-2014-3626 (The Grails Resource Plugin often has to exchange URIs for resources wi ...) NOT-FOR-US: Grails Resource Plugin CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 th ...) {DLA-1853-1} - libspring-java 3.2.13-1 (bug #769698) [wheezy] - libspring-java (Minor issue) NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x) NOTE: https://jira.spring.io/browse/SPR-12354 NOTE: http://www.pivotal.io/security/cve-2014-3625 CVE-2014-3624 (Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to by ...) - trafficserver 5.0.0-1 [wheezy] - trafficserver (Only affects 4.0.2 to 4.1.2) NOTE: https://issues.apache.org/jira/browse/TS-2677 CVE-2014-3623 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF ...) NOT-FOR-US: Apache CXF CVE-2014-3622 (Use-after-free vulnerability in the add_post_var function in the Posth ...) - php5 5.6.1+dfsg-1 (unimportant) NOTE: Not exploitable NOTE: https://bugs.php.net/bug.php?id=68088 CVE-2014-3621 (The catalog url replacement in OpenStack Identity (Keystone) before 20 ...) - keystone 2014.1.3-1 [wheezy] - keystone (Vulnerable code not present) NOTE: up to 2013.2.3 and 2014.1 versions up to 2014.1.2.1 CVE-2014-3620 (cURL and libcurl before 7.38.0 allow remote attackers to bypass the Sa ...) - curl 7.38.0-1 [wheezy] - curl (affects versions 7.31.0 and later) [squeeze] - curl (affects versions 7.31.0 and later) NOTE: http://curl.haxx.se/docs/adv_20140910B.html NOTE: Introduced by https://github.com/bagder/curl/commit/85b9dc8023 CVE-2014-3619 (The __socket_proto_state_machine function in GlusterFS 3.5 allows remo ...) [experimental] - glusterfs 3.6.2-1 - glusterfs 3.5.2-2 (bug #781018) [wheezy] - glusterfs (Vulnerability introduced after 3.2 release) [squeeze] - glusterfs (Vulnerability introduced after 3.2 release) NOTE: http://review.gluster.org/#/c/8848/ (3.5) NOTE: http://review.gluster.org/#/c/8662/4 (master) NOTE: GlusterFS after version 3.2 got changes in the RPC handling which seem to NOTE: introduce the vulnerability. With 3.2.x issue is not reproducible. CVE-2014-3617 (The forum_print_latest_discussions function in mod/forum/lib.php in Mo ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619 CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ssl_session_cach ...) {DSA-3029-1 DLA-55-1} - nginx 1.6.2-1 (bug #761940) NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html NOTE: Upstream patch: http://trac.nginx.org/nginx/changeset/1ee1db30c9b96e9e43e85ab0bfba42140af24966/nginx (stable-1.6 branch) NOTE: See follow up on: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html CVE-2014-3615 (The VGA emulator in QEMU allows local guest users to read host memory ...) {DSA-3045-1 DSA-3044-1} - qemu 2.1+dfsg-5 - qemu-kvm [squeeze] - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5 NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7 CVE-2014-3614 (Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6 ...) - pdns-recursor 3.6.1-1 [wheezy] - pdns-recursor (Only affects 3.6.0) [squeeze] - pdns-recursor (Only affects 3.6.0) CVE-2014-3613 (cURL and libcurl before 7.38.0 does not properly handle IP addresses i ...) {DSA-3022-1 DLA-64-1} - curl 7.38.0-1 NOTE: http://curl.haxx.se/docs/adv_20140910A.html CVE-2014-3612 (The LDAPLoginModule implementation in the Java Authentication and Auth ...) - activemq 5.6.0+dfsg1-4 (low; bug #777196) [wheezy] - activemq 5.6.0+dfsg-1+deb7u1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt CVE-2014-3611 (Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm ...) {DSA-3060-1} - linux 3.16.7-1 - linux-2.6 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=2febc839133280d5a5e8e1179c94ea674489dae2 CVE-2014-3610 (The WRMSR processing functionality in the KVM subsystem in the Linux k ...) {DSA-3060-1} - linux 3.16.7-1 - linux-2.6 [squeeze] - linux-2.6 (KVM not supported in Squeeze LTS) NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=8b3c3104c3f4f706e99365c3e0d2aa61b95f969f NOTE: Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue. CVE-2014-3609 (HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allo ...) {DSA-3139-1 DSA-3014-1 DLA-216-1 DLA-45-1} - squid 2.7.STABLE9-5 (bug #776194) - squid3 3.3.8-1.2 (bug #759509) NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_2.txt CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows r ...) - nova 2014.1.3-1 [wheezy] - nova (Vulnerable code in 2013.2 to 2013.2.2) NOTE: Incomplete fix for CVE-2014-2573 CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not proper ...) - libvt-ldap-java 3.3.8-1 (bug #763608) CVE-2014-3606 REJECTED CVE-2014-3605 REJECTED CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not proper ...) - not-yet-commons-ssl 0.3.15-1 (bug #759526) NOTE: http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html CVE-2014-3603 (The (1) HttpResource and (2) FileBackedHttpResource implementations in ...) - libopensaml2-java 2.6.2-1 (bug #759470) NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt NOTE: http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666 CVE-2014-3602 (Red Hat OpenShift Enterprise before 2.2 allows local users to obtain I ...) NOT-FOR-US: OpenShift CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kern ...) - linux 3.16.2-1 [wheezy] - linux 3.2.63-1 - linux-2.6 (Vulnerable code not present) NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before ...) - activemq 5.6.0+dfsg1-4 (low; bug #777196) [wheezy] - activemq 5.6.0+dfsg-1+deb7u1 NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt CVE-2014-3599 (HornetQ REST is vulnerable to XML External Entity due to insecure conf ...) NOT-FOR-US: HornetQ CVE-2014-3598 (The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote atta ...) - pillow 2.5.3-1 - python-imaging (Vulnerable code not present) CVE-2014-3597 (Multiple buffer overflows in the php_parserr function in ext/standard/ ...) {DSA-3008-1 DLA-67-1} - php5 5.6.0+dfsg-1 NOTE: patch: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e NOTE: https://bugs.php.net/bug.php?id=67717 NOTE: incomplete fix for CVE-2014-4049 CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ve ...) {DLA-169-1} - axis 1.4-21 (low; bug #762444) [wheezy] - axis 1.4-16.2+deb7u1 [squeeze] - axis (Minor issue) NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch CVE-2014-3595 (Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7 ...) NOT-FOR-US: Red Hat Satellite CVE-2014-3594 (Cross-site scripting (XSS) vulnerability in the Host Aggregates interf ...) - horizon 2014.1.2-3 (bug #758930) [wheezy] - horizon (Vulnerable code not present) NOTE: up to 2013.2.3, and 2014.1 versions up to 2014.1.2 CVE-2014-3593 (Eval injection vulnerability in luci 0.26.0 allows remote authenticate ...) NOT-FOR-US: Luci CVE-2014-3592 (OpenShift Origin: Improperly validated team names could allow stored X ...) NOT-FOR-US: OpenShift Origin CVE-2014-3591 (Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciph ...) {DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1} - libgcrypt11 - libgcrypt20 1.6.3-2 - gnupg 1.4.18-7 NOTE: http://www.cs.tau.ac.il/~tromer/radioexp/ NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b CVE-2014-3590 (Versions of Foreman as shipped with Red Hat Satellite 6 does not check ...) - foreman (bug #663101) CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow befo ...) {DSA-3009-1 DLA-41-1} - pillow 2.5.3-1 (bug #758772) - python-imaging [squeeze] - python-imaging 1.1.7-2+deb6u1 NOTE: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d CVE-2014-3588 RESERVED CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c in fi ...) {DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1} - php5 5.6.0+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=67716 NOTE: https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947 - file 1:5.19-2 CVE-2014-3586 (The default configuration for the Command Line Interface in Red Hat En ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2014-3585 (redhat-upgrade-tool: Does not check GPG signatures when upgrading vers ...) NOT-FOR-US: redhat-upgrade-tool CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7. ...) NOT-FOR-US: Apache CXF CVE-2014-3583 (The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ...) - apache2 2.4.10-8 (low) [wheezy] - apache2 (no mod_proxy_fcgi in 2.2) [squeeze] - apache2 (no mod_proxy_fcgi in 2.2) NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818 NOTE: Only exploitable by a malicious fcgi script. CVE-2014-3582 (In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary ...) NOT-FOR-US: Apache Ambari CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in ...) {DLA-71-1} - apache2 2.4.10-3 [wheezy] - apache2 (Only affects 2.4) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6 CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x be ...) {DSA-3107-1 DLA-119-1} - subversion 1.8.10-5 (bug #773263) NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x ...) NOT-FOR-US: Apache ActiveMQ Apollo CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x befo ...) {DLA-1853-1} - libspring-java 3.2.13-1 (low; bug #760733) [wheezy] - libspring-java (minor issue) NOTE: https://github.com/spring-projects/spring-framework/issues/16414 NOTE: https://github.com/spring-projects/spring-framework/commit/f6fddeb6eb7da625fd711ab371ff16512f431e8d CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents Htt ...) {DLA-222-1} - httpcomponents-client 4.3.5-1 [wheezy] - httpcomponents-client 4.1.1-2+deb7u1 [squeeze] - httpcomponents-client (Minor issue) - commons-httpclient 3.1-11 (bug #758086) [wheezy] - commons-httpclient 3.1-10.2+deb7u1 NOTE: See https://bugs.debian.org/758086#59 for full details. CVE-2014-3576 (The processControlCommand function in broker/TransportConnection.java ...) {DSA-3330-1} - activemq 5.6.0+dfsg1-4+deb8u1 (bug #792857) CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenO ...) NOT-FOR-US: OpenOffice on Windows CVE-2014-3574 (Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote at ...) - libapache-poi-java 3.10.1-1 [wheezy] - libapache-poi-java (Minor issue) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764 CVE-2014-3573 (The oVirt Engine backend module, as used in Red Hat Enterprise Virtual ...) NOT-FOR-US: oVirt Engine CVE-2014-3572 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9. ...) {DSA-3125-1 DLA-132-1} - openssl 1.0.1k-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ef28c6d6767a6a30df5add36171894c96628fe98 CVE-2014-3571 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k a ...) {DSA-3125-1 DLA-132-1} - openssl 1.0.1k-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8d7aab986b499f34d9e1bc58fbfd77f05c38116e NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b CVE-2014-3570 (The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0. ...) {DSA-3125-1 DLA-132-1} - openssl 1.0.1k-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a7a44ba55cb4f884c6bc9ceac90072dea38e66d CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, ...) {DSA-3125-1 DLA-81-1} - openssl 1.0.1k-1 NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d CVE-2014-3568 (OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j d ...) {DSA-3053-1 DLA-81-1} - openssl 1.0.1j-1 CVE-2014-3567 (Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL ...) {DSA-3053-1 DLA-81-1} - openssl 1.0.1j-1 CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...) {DSA-3489-1 DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-400-1 DLA-282-1 DLA-157-1} - arora (unimportant) - bouncycastle (SSLv3 needs to be explicitly enabled) NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ - chromium-browser 39.0.2171.71-1 (bug #765928) [wheezy] - chromium-browser [squeeze] - chromium-browser - conkeror (unimportant) - cyassl (bug #769905) - wolfssl 3.4.8+dfsg-1 NOTE: wolfssl actually fixed with the initial upload to unstable after the rename - dwb (unimportant) - openssl 1.0.1j-1 [wheezy] - openssl (Will be addressed through a point update, #774299) [squeeze] - openssl (Change considered too risky) - galeon (unimportant) - gnutls26 [squeeze] - gnutls26 (Minor issue) [wheezy] - gnutls26 (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163 - gnutls28 3.3.8-5 (bug #769904) - kazehakase (unimportant) - kdebase (unimportant) - kde-baseapps (unimportant) - epiphany-browser (unimportant) - haskell-tls 1.2.9-2 (bug #768164) [wheezy] - haskell-tls (Minor issue) - icedove 31.3.0-1 [squeeze] - icedove - iceweasel 31.2.0esr-2 [squeeze] - iceweasel - matrixssl (low) [squeeze] - matrixssl (Minor issue) [wheezy] - matrixssl (Minor issue) - midori (unimportant) - netsurf 3.6-1 (unimportant) - nss 2:3.17.1-1 [squeeze] - nss (Upstream doesn't plan to disable SSLv3, stick with that) [wheezy] - nss (Upstream doesn't plan to disable SSLv3, stick with that) - openjdk-6 6b34-1.13.6-1 - openjdk-7 7u75-2.5.4-1 - openjdk-8 8u40~b04-1 - polarssl 1.3.9-2 [squeeze] - polarssl (Minor issue) [wheezy] - polarssl (Minor issue) - pound 2.6-6 (bug #765539) [squeeze] - pound (Minor issue) - surf (unimportant) - tlslite [wheezy] - tlslite (Minor issue) - uzbl (unimportant) - erlang 1:17.3-dfsg-3 (bug #771359) [squeeze] - erlang (Minor issue) [wheezy] - erlang (Minor issue) - lighttpd 1.4.35-4 (bug #765702) NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV NOTE: Fix is to disable SSLv3 in library or application configurations NOTE: Browsers based on webkit (with the exception of Chromium) or khtml are not covered by security support CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is us ...) - net-snmp 5.7.2.1~dfsg-7 (bug #760132) [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1 [squeeze] - net-snmp (Minor issue) CVE-2014-3564 (Multiple heap-based buffer overflows in the status_handler function in ...) {DSA-3005-1 DLA-39-1} - gpgme1.0 1.5.1-1 (bug #756651) [squeeze] - gpgme1.0 1.2.0-1.2+deb6u1 NOTE: patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 CVE-2014-3563 (Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 20 ...) - salt 2014.1.10+ds-1 NOTE: http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html CVE-2014-3562 (Red Hat Directory Server 8 and 389 Directory Server, when debugging is ...) - 389-ds-base 1.3.2.21-1 (bug #757437) CVE-2014-3561 (The rhevm-log-collector package in Red Hat Enterprise Virtualization 3 ...) NOT-FOR-US: rhevm-log-collector CVE-2014-3560 (NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4 ...) - samba 2:4.1.11+dfsg-1 (bug #756759) [squeeze] - samba (Only affects 4.x) [wheezy] - samba (Only affects 4.x) CVE-2014-3559 (The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 doe ...) NOT-FOR-US: ovirt-engine-backend CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hi ...) - libhibernate-validator-java 4.2.1-2 (low; bug #762690) [jessie] - libhibernate-validator-java (Only used as a build dependency for libhibernate3-java) [wheezy] - libhibernate-validator-java (Only used as a build dependency for libhibernate3-java) [squeeze] - libhibernate-validator-java (Only used as a build dependency for libhibernate3-java) NOTE: RedHat upgraded to new upstream versions in their security NOTE: updates. No patches are available for the 4.0.x branch we NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2. NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912 CVE-2014-3557 REJECTED CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...) - nginx 1.6.1-1 (bug #757196) [wheezy] - nginx (Affects 1.5.6 - 1.7.3) [squeeze] - nginx (Affects 1.5.6 - 1.7.3) NOTE: fixed in nginx 1.7.4, 1.6.1 CVE-2014-3555 (OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno be ...) - neutron 2014.1.1-3 (bug #755134) CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp all ...) - libndp 1.4-1 (bug #756389) CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990 CVE-2014-3552 (The Shibboleth authentication plugin in auth/shibboleth/index.php in M ...) - moodle 2.6.1-1 [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 CVE-2014-3551 (Multiple cross-site scripting (XSS) vulnerabilities in the advanced-gr ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223 CVE-2014-3550 (Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task ...) - moodle (Only affects 2.7.x) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227 CVE-2014-3549 (Cross-site scripting (XSS) vulnerability in the get_description functi ...) - moodle (Only affects 2.7.x) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201 CVE-2014-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471 CVE-2014-3547 (Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042 CVE-2014-3546 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760 CVE-2014-3545 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148 CVE-2014-3544 (Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 CVE-2014-3543 (mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417 CVE-2014-3542 (mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5 ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463 CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4. ...) - moodle 2.7.2-1 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616 CVE-2014-3540 REJECTED CVE-2014-3539 (base/oi/doa.py in the Rope library in CPython (aka Python) allows remo ...) - rope 0.10.3-1 (bug #777525) [jessie] - rope (Minor issue) [squeeze] - rope (Minor issue) [wheezy] - rope (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1116485 NOTE: https://github.com/python-rope/rope/issues/105 NOTE: 0.10.3-1 only adds a mitigation for the issue, so not completely fixed. NOTE: Still mark it as fixed in this version because patch limits socket NOTE: connections to localhost only CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read du ...) {DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1} - file 1:5.19-1 NOTE: fix relies on the new feature that introduced regex/ syntax, might be too intrusive for backporting. - php5 5.6.0~rc4+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=67705 CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the lp gr ...) {DSA-2990-1 DLA-0022-1} - cups 1.7.4-1 [squeeze] - cups 1.4.4-7+squeeze6 NOTE: https://www.cups.org/str.php?L4450 CVE-2014-3536 (CFME (CloudForms Management Engine) 5: RHN account information is logg ...) NOT-FOR-US: Red Hat CloudForms CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectl ...) - linux (RHEL-specific, incomplete backport) - linux-2.6 (RHEL-specific, incomplete backport) NOTE: Fix: https://git.kernel.org/linus/256df2f3879efdb2e9808bdb1b54b16fbb11fa38 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=896015#c8 CVE-2014-3534 (arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s39 ...) {DSA-2992-1} - linux 3.14.13-2 (bug #728705) - linux-2.6 (Vulnerable code was introduced later) CVE-2014-3533 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to ...) {DSA-2971-1} - dbus 1.8.6-1 [squeeze] - dbus (Vulnerable code not present) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80469 CVE-2014-3532 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux ...) {DSA-2971-1} - dbus 1.8.6-1 [squeeze] - dbus (Fix for other kernel version) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80163 CVE-2014-3531 (Multiple cross-site scripting (XSS) vulnerabilities in Foreman before ...) - foreman (bug #663101) CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...) NOT-FOR-US: PicketLink CVE-2014-3529 (The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers ...) - libapache-poi-java 3.10.1-1 [wheezy] - libapache-poi-java (Minor issue) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56164 CVE-2014-3527 (When using the CAS Proxy ticket authentication from Spring Security 3. ...) - libspring-security-java (bug #582181) CVE-2014-3526 (Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M ...) NOT-FOR-US: Apache Wicket CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...) - trafficserver 5.0.1-1 (low) [wheezy] - trafficserver (Minor issue) CVE-2014-3524 (Apache OpenOffice before 4.1.1 allows remote attackers to execute arbi ...) NOT-FOR-US: OpenOffice for Windows CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c i ...) - apache2 (Affects only Windows systems) CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7. ...) - subversion 1.8.10-1 [wheezy] - subversion (unimportant) [squeeze] - subversion (unimportant) NOTE: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt CVE-2014-3521 (The component in (1) /luci/homebase and (2) /luci/cluster menu in Red ...) NOT-FOR-US: luci as included in conga CVE-2014-3520 (OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, ...) - keystone 2014.1.1-3 (bug #753511) [wheezy] - keystone (Vulnerable code not present) CVE-2014-3519 (The open_by_handle_at function in vzkernel before 042stab090.5 in the ...) - linux-2.6 (Vulnerable code not yet present) - linux (Kernels after squeeze no longer contain the openvz flavour) CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterpris ...) NOT-FOR-US: JBoss Application Server CVE-2014-3517 (api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2 ...) - nova 2014.1.1-8 (bug #755042) [wheezy] - nova (Only exploitable when used with neutron, which is not in stable) CVE-2014-3516 RESERVED CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...) {DSA-2974-1 DLA-0018-1} - php5 5.6.0~rc2+dfsg-1 [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67492 CVE-2014-3514 (activerecord/lib/active_record/relation/query_methods.rb in Active Rec ...) - rails 2:4.1.5-1 [wheezy] - rails (Only affects 4.0.0 and all Later Versions) [squeeze] - rails (Unsupported in squeeze-lts) - rails-3.2 (Only affects 4.0.0 and all Later Versions) - ruby-activerecord-2.3 (Only affects 4.0.0 and all Later Versions) - ruby-activerecord-3.2 (Only affects 4.0.0 and all Later Versions) CVE-2014-3513 (Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 b ...) {DSA-3053-1} - openssl 1.0.1j-1 [squeeze] - openssl (DLTS SRTP introduced in 1.0.1) CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implement ...) {DSA-2998-1} - openssl 1.0.1i-1 [squeeze] - openssl (vulnerable code not present) CVE-2014-3511 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 bef ...) {DSA-2998-1} - openssl 1.0.1i-1 [squeeze] - openssl (Doesn't support TLS higher than 1.0) CVE-2014-3510 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9 ...) {DSA-2998-1 DLA-33-1} - openssl 1.0.1i-1 CVE-2014-3509 (Race condition in the ssl_parse_serverhello_tlsext function in t1_lib. ...) {DSA-2998-1} - openssl 1.0.1i-1 [squeeze] - openssl (vulnerable code not present) CVE-2014-3508 (The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 ...) {DSA-2998-1 DLA-33-1} - openssl 1.0.1i-1 CVE-2014-3507 (Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 b ...) {DSA-2998-1 DLA-33-1} - openssl 1.0.1i-1 CVE-2014-3506 (d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, ...) {DSA-2998-1 DLA-33-1} - openssl 1.0.1i-1 CVE-2014-3505 (Double free vulnerability in d1_both.c in the DTLS implementation in O ...) {DSA-2998-1 DLA-33-1} - openssl 1.0.1i-1 CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ ...) - serf 1.3.7-1 (bug #757965) [wheezy] - serf (Minor issue) [squeeze] - serf (Minor issue) CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate ...) NOT-FOR-US: Apache Syncope CVE-2014-3502 (Apache Cordova Android before 3.5.1 allows remote attackers to open an ...) NOT-FOR-US: Apache Cordova CVE-2014-3501 (Apache Cordova Android before 3.5.1 allows remote attackers to bypass ...) NOT-FOR-US: Apache Cordova CVE-2014-3500 (Apache Cordova Android before 3.5.1 allows remote attackers to change ...) NOT-FOR-US: Apache Cordova CVE-2014-3499 (Docker 1.0.0 uses world-readable and world-writable permissions on the ...) - docker.io (RHEL specific, socket based activation not shipped) CVE-2014-3498 (The user module in ansible before 1.6.6 allows remote authenticated us ...) - ansible 1.7.0+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5 (v1.7.0) CVE-2014-3497 (Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 thr ...) - swift 1.13.1-1 (bug #752087) [wheezy] - swift (Only affects 1.11.0 to 1.13.1) CVE-2014-3496 (cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 throu ...) NOT-FOR-US: OpenShift Origin CVE-2014-3495 (duplicity 0.6.24 has improper verification of SSL certificates ...) - duplicity 0.6.21-1 (low; bug #751902) [wheezy] - duplicity (Minor issue) NOTE: Since python-boto 2.6.0, cf. #751902, boto's default is now to enable NOTE: certificate verification. This is as such only a issue if using boto's NOTE: version outside of the packaged one in Debian. Mark 0.6.21-1 as fixing NOTE: version since this is the first upload to unstable after python-boto NOTE: 2.8.0-1 was uploaded. CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.9 ...) - kde4libs 4:4.13.3-1 (bug #752052) [wheezy] - kde4libs (Affects kdelibs 4.10.95 to 4.13.2) [squeeze] - kde4libs (Affects kdelibs 4.10.95 to 4.13.2) NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f CVE-2014-3493 (The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x be ...) {DSA-2966-1} - samba 2:4.1.9+dfsg-1 [squeeze] - samba (Only affects 3.6 and later) - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: https://www.samba.org/samba/security/CVE-2014-3493 CVE-2014-3492 (Multiple cross-site scripting (XSS) vulnerabilities in the host YAML v ...) - foreman (bug #663101) CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1 ...) - foreman (bug #663101) NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881 CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red H ...) NOT-FOR-US: RESTEasy framework for JBoss CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ( ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...) {DLA-2110-1} - netty (Introduced in 3.9.0) - netty-3.9 3.9.9.Final-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects NOTE: 3.9.0 and 3.9.1. NOTE: https://github.com/netty/netty/issues/2562 NOTE: https://github.com/netty/netty/commit/2fa9400a59d0563a66908aba55c41e7285a04994 CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in th ...) {DSA-3021-1 DSA-2974-1 DLA-27-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d - php5 5.6.0~rc1+dfsg-1 [squeeze] - php5 (Vulnerable code was introduced later) NOTE: https://bugs.php.net/bug.php?id=67413 CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_c ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterpri ...) NOT-FOR-US: ovirt-engine-api / RHEV CVE-2014-3484 (Multiple stack-based buffer overflows in the __dn_expand function in n ...) - musl 1.1.4-1 (bug #750815) CVE-2014-3483 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...) {DSA-2982-1} - ruby-activerecord-2.3 [wheezy] - ruby-activerecord-2.3 - ruby-activerecord-3.2 - rails 2:4.1.4-1 [wheezy] - rails (src:rails in wheezy is just a transition package) [squeeze] - rails (Unsupported in squeeze-lts) - rails-3.2 3.2.19-1 - rails-4.0 CVE-2014-3482 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...) {DSA-2982-1} - ruby-activerecord-2.3 [wheezy] - ruby-activerecord-2.3 - ruby-activerecord-3.2 - rails 2:4.1.4-1 [wheezy] - rails (src:rails in wheezy is just a transition package) [squeeze] - rails (Unsupported in squeeze-lts) - rails-3.2 3.2.19-1 - rails-4.0 CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBo ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...) {DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382 - php5 5.6.0~rc1+dfsg-1 [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67412 CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...) {DSA-3021-1 DSA-2974-1 DLA-27-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67 - php5 5.6.0~rc1+dfsg-1 [squeeze] - php5 (Vulnerable code was introduced later) NOTE: https://bugs.php.net/bug.php?id=67411 CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file before ...) {DSA-3021-1 DSA-2974-1 DLA-27-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08 - php5 5.6.0~rc1+dfsg-1 [squeeze] - php5 (Vulnerable code was introduced later) NOTE: https://bugs.php.net/bug.php?id=67410 CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...) {DSA-2971-1 DLA-87-1} - dbus 1.8.4-1 (low) [squeeze] - dbus (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=78979 CVE-2014-3476 (OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...) - keystone 2014.1.1-2 (bug #751454) [wheezy] - keystone (Vulnerable code not present) CVE-2014-3475 (Cross-site scripting (XSS) vulnerability in the Users panel (admin/use ...) - horizon 2014.1.1-3 (bug #754255) [wheezy] - horizon (Minor issue) CVE-2014-3474 (Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/ ...) - horizon 2014.1.1-3 (bug #754255) [wheezy] - horizon (Minor issue) CVE-2014-3473 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack se ...) - horizon 2014.1.1-3 (bug #754255) [wheezy] - horizon (Minor issue) CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss Applicat ...) NOT-FOR-US: JBoss Enterprise Application Platform CVE-2014-3471 (Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emula ...) - qemu 2.1+dfsg-1 [wheezy] - qemu (Vulnerable code not present) [wheezy] - qemu-kvm (Vulnerable code not present) [squeeze] - qemu (Vulnerable code not present) - qemu-kvm [squeeze] - qemu-kvm (Vulnerable code not present) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0) NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3 CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL bef ...) {DSA-2950-1 DLA-0003-1} - openssl 1.0.1h-1 (bug #750665) [squeeze] - openssl 0.9.8o-4squeeze15 CVE-2014-3469 (The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU ...) {DSA-3056-1 DLA-77-1} - libtasn1-3 - libtasn1-6 3.6-1 CVE-2014-3468 (The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not prop ...) {DSA-3056-1 DLA-77-1} - libtasn1-3 - libtasn1-6 3.6-1 CVE-2014-3467 (Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn ...) {DSA-3056-1 DLA-77-1} - libtasn1-3 - libtasn1-6 3.6-1 CVE-2014-3466 (Buffer overflow in the read_server_hello function in lib/gnutls_handsh ...) {DSA-2944-1 DLA-0001-1} - gnutls26 2.12.23-16 - gnutls28 3.2.15-1 [squeeze] - gnutls26 2.8.6-1+squeeze4 NOTE: http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/ CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3. ...) - gnutls26 (Affected code was introduced in 3.0) - gnutls28 3.2.10-1 CVE-2014-3464 (The EJB invocation handler implementation in Red Hat JBossWS, as used ...) NOT-FOR-US: JBoss WS CVE-2014-3463 REJECTED CVE-2014-3800 (XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.x ...) NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package - xbmc 2:13.2+dfsg1-5 (low; bug #747428) [jessie] - xbmc (Minor issue) [wheezy] - xbmc (Minor issue) NOTE: http://trac.xbmc.org/ticket/15198 CVE-2014-3774 (Multiple cross-site scripting (XSS) vulnerabilities in items.php in Te ...) - teampass (bug #730180) NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de CVE-2014-3773 (Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow ...) - teampass (bug #730180) NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de CVE-2014-3772 (TeamPass before 2.1.20 allows remote attackers to bypass access restri ...) - teampass (bug #730180) NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f CVE-2014-3771 (TeamPass before 2.1.20 allows remote attackers to bypass access restri ...) - teampass (bug #730180) NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f CVE-2014-4703 (lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain s ...) - nagios-plugins (incomplete fix for CVE-2014-4701 not applied) NOTE: check_dhcp is not installed with root suid permissions in Debian NOTE: http://seclists.org/fulldisclosure/2014/Jun/141 NOTE: Introduced due to incomplete fix for CVE-2014-4701 in 2.0.2. - monitoring-plugins (Vulnerable code not present, fix for CVE-2014-4701 adressed differently directly by dropping privileges) CVE-2014-4702 (The check_icmp plugin in Nagios Plugins before 2.0.2 allows local user ...) - nagios-plugins (unimportant) NOTE: http://seclists.org/fulldisclosure/2014/May/74 NOTE: Fixed in nagios-plugins 2.0.2 NOTE: check_imcp is not installed with root suid permissions in Debian - monitoring-plugins (Fixed with initial upload to Debian) NOTE: https://github.com/monitoring-plugins/monitoring-plugins/commit/48025ff39c3a78b7805bf803ac96730cef53e15c CVE-2014-4701 (The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local user ...) - nagios-plugins (unimportant) NOTE: check_dhcp is not installed with root suid permissions in Debian NOTE: http://seclists.org/fulldisclosure/2014/May/74 NOTE: fixed in nagios-plugins 2.0.2 (but needs to be made complete to not open NOTE: CVE-2014-4703) and thus include the fix from 2.0.3 upstream. - monitoring-plugins (Fixed with initial upload to Debian) NOTE: https://github.com/monitoring-plugins/monitoring-plugins/commit/48025ff39c3a78b7805bf803ac96730cef53e15c CVE-2014-3776 (Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit i ...) - chicken 4.9.0-1 (bug #748904) [squeeze] - chicken (Minor issue) [wheezy] - chicken (Minor issue) NOTE: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin ...) {DSA-2935-1} - libgadu 1:1.12.0~rc3-1 [squeeze] - libgadu (Vulnerable code not present) CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote a ...) NOT-FOR-US: Construtiva CIS Manager CMS CVE-2014-3719 (Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex L ...) NOT-FOR-US: ALEPH500 Integrated library management system CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM g ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly val ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) CVE-2014-3739 (Open redirect vulnerability in zport/acl_users/cookieAuthHelper/login_ ...) - zenoss (bug #361253) CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote ...) - zenoss (bug #361253) CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to for ...) - mumble 1.2.6-1 (bug #748189) [squeeze] - mumble (Minor issue) [wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2 NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt CVE-2014-3755 (The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6 ...) - mumble 1.2.6-1 (bug #748189) [squeeze] - mumble (Minor issue) [wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2 NOTE: http://mumble.info/security/Mumble-SA-2014-005.txt CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrar ...) - qemu 2.1+dfsg-1 (bug #739589) - qemu-kvm [wheezy] - qemu (Too intrusive to backport, minor risk) [wheezy] - qemu-kvm (Too intrusive to backport, minor risk) [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322 CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the NQMc ...) NOT-FOR-US: NetIQ Sentinel CVE-2014-3459 (Heap-based buffer overflow in SolarWinds Network Configuration Manager ...) NOT-FOR-US: SolarWinds Network Configuration Manager CVE-2014-3458 RESERVED CVE-2014-3457 RESERVED CVE-2014-3456 (Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition ...) NOT-FOR-US: GitLab Enterprise Edition CVE-2014-3455 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) NOT-FOR-US: MediaWiki extension SemanticForms CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in Special:CreateCateg ...) NOT-FOR-US: MediaWiki extension SemanticForms CVE-2014-3452 (Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allo ...) NOT-FOR-US: K-lite Codec CVE-2014-3451 (OpenFire XMPP Server before 3.10 accepts self-signed certificates, whi ...) NOT-FOR-US: Openfire CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global Protecti ...) NOT-FOR-US: Panda CVE-2014-3449 (BSS Continuity CMS 4.2.22640.0 has an Authentication Bypass vulnerabil ...) NOT-FOR-US: BSS Continuity CMS CVE-2014-3448 (BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerabili ...) NOT-FOR-US: BSS Continuity CMS CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vulnerab ...) NOT-FOR-US: BSS Continuity CMS CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in ...) NOT-FOR-US: BSS Continuity CMS CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require ...) NOT-FOR-US: HandsomeWeb SOS Webpages CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...) {DSA-2934-1} - python-django 1.6.5-1 NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/ CVE-2014-XXXX [data leak during restore] - obnam 1.8-1 (low; bug #745112) [wheezy] - obnam (Minor issue) CVE-2014-3462 (The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remo ...) - encfs 1.8.1-1 (low; bug #736066) [jessie] - encfs (Minor issue) [squeeze] - encfs (Minor issue) [wheezy] - encfs (Minor issue) NOTE: Shortcoming documented in 1.7.4-4 NOTE: https://defuse.ca/audits/encfs.htm NOTE: Upstream issue: https://github.com/vgough/encfs/issues/14 CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...) NOT-FOR-US: Drupal module CVE-2014-3444 (The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16. ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2014-3443 (JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to ca ...) NOT-FOR-US: JetAudio CVE-2014-3442 (Winamp 5.666 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Winamp CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remo ...) - vlc (VLC in Debian uses the system version of libpng which handles the malformed file correctly as invalid) NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html CVE-2014-3440 (The Agent Control Interface in the management server in Symantec Criti ...) NOT-FOR-US: Symantec CVE-2014-3439 (ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 bef ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2014-3438 (Multiple cross-site scripting (XSS) vulnerabilities in console interfa ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2014-3437 (The management console in Symantec Endpoint Protection Manager (SEPM) ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...) NOT-FOR-US: Symantec CVE-2014-3435 REJECTED CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...) NOT-FOR-US: Symantec CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: Symantec CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in ...) NOT-FOR-US: Symantec CVE-2014-3431 (Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x ...) NOT-FOR-US: Symantec PGP Desktop CVE-2014-3429 (IPython Notebook 0.12 through 1.x before 1.2 does not validate the ori ...) - ipython 1.2.0~rc1-1 (low) [wheezy] - ipython 0.13.1-2+deb7u1 [squeeze] - ipython (Vulnerable code not present) NOTE: https://github.com/ipython/ipython/pull/4845 CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with f ...) NOT-FOR-US: Yealink VoIP Phones CVE-2014-3427 (CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.7 ...) NOT-FOR-US: Yealink VoIP Phones CVE-2014-3420 RESERVED CVE-2014-3419 (Infoblox NetMRI before 6.8.5 has a default password of admin for the " ...) NOT-FOR-US: Infoblox NetMRI CVE-2014-3418 (config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remo ...) NOT-FOR-US: Infoblox NetMRI CVE-2014-3417 (uPortal before 4.0.13.1 does not properly check the CONFIG permission, ...) NOT-FOR-US: uPortal CVE-2014-3416 (uPortal before 4.0.13.1 does not properly check the MANAGE permissions ...) NOT-FOR-US: uPortal CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remote au ...) NOT-FOR-US: Sharetronix CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before ...) NOT-FOR-US: Sharetronix CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has a ...) NOT-FOR-US: Juniper CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...) NOT-FOR-US: Juniper Junos Space CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...) NOT-FOR-US: Juniper NSM CVE-2014-3410 (The syslog-management subsystem in Cisco Adaptive Security Appliance ( ...) NOT-FOR-US: Cisco CVE-2014-3409 (The Ethernet Connectivity Fault Management (CFM) handling feature in C ...) NOT-FOR-US: Cisco IOS CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco Prime Optical CVE-2014-3407 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...) NOT-FOR-US: Cisco CVE-2014-3406 (Race condition in the IP logging feature in Cisco Intrusion Prevention ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2014-3405 (Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy ...) NOT-FOR-US: Cisco IOS CVE-2014-3404 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS X ...) NOT-FOR-US: Cisco IOS CVE-2014-3403 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS X ...) NOT-FOR-US: Cisco IOS CVE-2014-3402 (The authentication-manager process in the web framework in Cisco Intru ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2014-3401 RESERVED CVE-2014-3400 (Cisco WebEx Meetings Server allows remote authenticated users to obtai ...) NOT-FOR-US: Cisco WebEx CVE-2014-3399 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-3398 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-3397 (The network stack in Cisco TelePresence MCU Software before 4.3(2.30) ...) NOT-FOR-US: TelePresence MCU CVE-2014-3396 (Cisco IOS XR on ASR 9000 devices does not properly use compression for ...) NOT-FOR-US: Cisco IOS CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigg ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 bef ...) NOT-FOR-US: Cisco ASA CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA Sof ...) NOT-FOR-US: Cisco ASA CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before 8.2(5.5 ...) NOT-FOR-US: Cisco ASA CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before 8 ...) NOT-FOR-US: Cisco ASA CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in ...) NOT-FOR-US: Cisco ASA CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 ...) NOT-FOR-US: Cisco ASA CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), ...) NOT-FOR-US: Cisco ASA CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14 ...) NOT-FOR-US: Cisco ASA CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA Softw ...) NOT-FOR-US: Cisco ASA CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM ...) NOT-FOR-US: Cisco ASA CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), 8 ...) NOT-FOR-US: Cisco ASA CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 ...) NOT-FOR-US: Cisco ASA CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.1 ...) NOT-FOR-US: Cisco ASA CVE-2014-3381 (The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the Cisc ...) NOT-FOR-US: Cisco AsyncOS CVE-2014-3380 (Cisco Unified Communications Domain Manager Platform Software 4.4(.3) ...) NOT-FOR-US: Cisco Unified Communications CVE-2014-3379 (Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 device ...) NOT-FOR-US: Cisco IOS CVE-2014-3378 (tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to cau ...) NOT-FOR-US: Cisco IOS CVE-2014-3377 (snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated user ...) NOT-FOR-US: Cisco IOS CVE-2014-3376 (Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Cisco IOS CVE-2014-3375 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3374 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin i ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3373 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3372 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3371 REJECTED CVE-2014-3370 (Cisco TelePresence Video Communication Server (VCS) and Expressway Sof ...) NOT-FOR-US: Cisco TelePresence CVE-2014-3369 (The SIP IX implementation in Cisco TelePresence Video Communication Se ...) NOT-FOR-US: Cisco TelePresence CVE-2014-3368 (Cisco TelePresence Video Communication Server (VCS) and Expressway Sof ...) NOT-FOR-US: Cisco TelePresence CVE-2014-3367 (Cross-site scripting (XSS) vulnerability in the vCloud Director compon ...) NOT-FOR-US: Cisco CVE-2014-3366 (SQL injection vulnerability in the administrative web interface in Cis ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3365 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Sec ...) NOT-FOR-US: Cisco Prime Security Manager CVE-2014-3364 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...) NOT-FOR-US: Cisco CVE-2014-3363 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco CVE-2014-3362 (Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3 ...) NOT-FOR-US: Cisco CVE-2014-3361 (The ALG module in Cisco IOS 15.0 through 15.4 does not properly implem ...) NOT-FOR-US: Cisco IOS CVE-2014-3360 (Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS ...) NOT-FOR-US: Cisco IOS CVE-2014-3359 (Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, ...) NOT-FOR-US: Cisco IOS CVE-2014-3358 (Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE ...) NOT-FOR-US: Cisco IOS CVE-2014-3357 (Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE ...) NOT-FOR-US: Cisco IOS CVE-2014-3356 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3. ...) NOT-FOR-US: Cisco IOS CVE-2014-3355 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3. ...) NOT-FOR-US: Cisco IOS CVE-2014-3354 (Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x ...) NOT-FOR-US: Cisco IOS CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing Sys ...) NOT-FOR-US: Cisco CVE-2014-3352 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3 ...) NOT-FOR-US: Cisco CVE-2014-3351 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does n ...) NOT-FOR-US: Cisco CVE-2014-3350 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does n ...) NOT-FOR-US: Cisco CVE-2014-3349 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does n ...) NOT-FOR-US: Cisco CVE-2014-3348 (The SSH module in the Integrated Management Controller (IMC) before 2. ...) NOT-FOR-US: Cisco Unified Computing System CVE-2014-3347 (Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rat ...) NOT-FOR-US: Cisco CVE-2014-3346 (The web framework in Cisco Transport Gateway for Smart Call Home (aka ...) NOT-FOR-US: Cisco CVE-2014-3345 (The web framework in Cisco Transport Gateway for Smart Call Home (aka ...) NOT-FOR-US: Cisco CVE-2014-3344 (Multiple cross-site scripting (XSS) vulnerabilities in the web framewo ...) NOT-FOR-US: Cisco CVE-2014-3343 (Cisco IOS XR 5.1 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Cisco CVE-2014-3342 (The CLI in Cisco IOS XR allows remote authenticated users to obtain se ...) NOT-FOR-US: Cisco CVE-2014-3341 (The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 a ...) NOT-FOR-US: Cisco NX-OS CVE-2014-3340 (Directory traversal vulnerability in an unspecified PHP script in the ...) NOT-FOR-US: Cisco CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web inter ...) NOT-FOR-US: Cisco CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) 10. ...) NOT-FOR-US: Cisco CVE-2014-3337 (The SIP implementation in Cisco Unified Communications Manager (CM) 8. ...) NOT-FOR-US: Cisco CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity Connec ...) NOT-FOR-US: Cisco CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...) NOT-FOR-US: Cisco CVE-2014-3334 REJECTED CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote a ...) NOT-FOR-US: Cisco CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an i ...) NOT-FOR-US: Cisco CVE-2014-3331 (The Session Manager component in Packet Data Network Gateway (aka PGW) ...) NOT-FOR-US: Cisco CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly proce ...) NOT-FOR-US: Cisco CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component i ...) NOT-FOR-US: Cisco Prime Data Center Network Manager CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server a ...) NOT-FOR-US: Cisco Unified Presence Server CVE-2014-3327 (The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 an ...) NOT-FOR-US: Cisco CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security Man ...) NOT-FOR-US: Cisco Security Manager CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified C ...) NOT-FOR-US: Cisco CVE-2014-3324 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...) NOT-FOR-US: Cisco TelePrecence Server CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center Ente ...) NOT-FOR-US: Cisco CVE-2014-3322 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...) NOT-FOR-US: Cisco IOS CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...) NOT-FOR-US: Cisco CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in t ...) NOT-FOR-US: Cisco CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool (RT ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the Di ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3317 (Directory traversal vulnerability in the Multiple Analyzer in the Dial ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3316 (The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3315 (Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3314 (Cisco AnyConnect on Android and OS X does not properly verify the host ...) NOT-FOR-US: Cisco AnyConnect CVE-2014-3313 (Cross-site scripting (XSS) vulnerability in the web user interface on ...) NOT-FOR-US: Cisco Small Business phones CVE-2014-3312 (The debug console interface on Cisco Small Business SPA300 and SPA500 ...) NOT-FOR-US: Cisco Small Business phones CVE-2014-3311 (Heap-based buffer overflow in the file-sharing feature in WebEx Meetin ...) NOT-FOR-US: Cisco WebEx CVE-2014-3310 (The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meet ...) NOT-FOR-US: Cisco WebEx CVE-2014-3309 (The NTP implementation in Cisco IOS and IOS XE does not properly suppo ...) NOT-FOR-US: Cisco WebEx CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static ...) NOT-FOR-US: Cisco IOS XR CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on Cis ...) NOT-FOR-US: Cisco Small Cell CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, E ...) NOT-FOR-US: Cisco CVE-2014-3305 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-3304 (The OutlookAction Class in Cisco WebEx Meetings Server allows remote a ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly res ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-3302 (user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does n ...) NOT-FOR-US: Cisco CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5 ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified Communication ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial of servi ...) NOT-FOR-US: Cisco IOS CVE-2014-3298 (Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cl ...) NOT-FOR-US: Cisco CVE-2014-3297 (Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not ...) NOT-FOR-US: Cisco CVE-2014-3296 (The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server ...) NOT-FOR-US: Cisco WebEx CVE-2014-3295 (The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows remo ...) NOT-FOR-US: Cisco NX-OS CVE-2014-3294 (Cisco WebEx Meeting Server does not properly restrict the content of U ...) NOT-FOR-US: Cisco WebEx Meeting Server CVE-2014-3293 (Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to us ...) NOT-FOR-US: Cisco IOS CVE-2014-3292 (The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified C ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3291 (Cisco Wireless LAN Controller (WLC) devices allow remote attackers to ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-3290 (The mDNS implementation in Cisco IOS XE 3.12S does not properly intera ...) NOT-FOR-US: Cisco IOS XE CVE-2014-3289 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: Cisco CVE-2014-3288 RESERVED CVE-2014-3287 (SQL injection vulnerability in BulkViewFileContentsAction.java in the ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-3286 (The web framework in Cisco WebEx Meeting Server does not properly rest ...) NOT-FOR-US: Cisco WebEx Meeting Server CVE-2014-3285 (Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when ...) NOT-FOR-US: Cisco Wide Area Application Services CVE-2014-3284 (Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, al ...) NOT-FOR-US: Cisco IOS CVE-2014-3283 (Open redirect vulnerability in Self-Care Client Portal applications in ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3282 (The Administration GUI in the web framework in VOSS in Cisco Unified C ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3281 (The web framework in VOSS in Cisco Unified Communications Domain Manag ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3280 (The web framework in VOSS in Cisco Unified Communications Domain Manag ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3279 (The Administration GUI in the web framework in VOSS in Cisco Unified C ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3278 (The web framework in VOSS in Cisco Unified Communications Domain Manag ...) NOT-FOR-US: Cisco Unified Communications CVE-2014-3277 (The Administration GUI in the web framework in VOSS in Cisco Unified C ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-3276 (Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2014-3275 (SQL injection vulnerability in the web framework in Cisco Identity Ser ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2014-3274 (Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to H ...) NOT-FOR-US: Cisco TelePresence CVE-2014-3273 (The LLDP implementation in Cisco IOS allows remote attackers to cause ...) NOT-FOR-US: Cisco IOS CVE-2014-3272 (The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier al ...) NOT-FOR-US: Cisco CVE-2014-3271 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to c ...) NOT-FOR-US: Cisco IOS XR CVE-2014-3270 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to c ...) NOT-FOR-US: Cisco IOS XR CVE-2014-3269 (The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users ...) NOT-FOR-US: Cisco IOS XE CVE-2014-3268 (Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices all ...) NOT-FOR-US: Cisco Unified Border Element CVE-2014-3267 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco Security Manager CVE-2014-3266 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco Security Manager CVE-2014-3265 (Cross-site scripting (XSS) vulnerability in the Auto Update Server (AU ...) NOT-FOR-US: Cisco Security Manager CVE-2014-3264 (Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier a ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-3263 (The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to c ...) NOT-FOR-US: Cisco IOS CVE-2014-3262 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...) NOT-FOR-US: Cisco IOS CVE-2014-3261 (Buffer overflow in the Smart Call Home implementation in Cisco NX-OS o ...) NOT-FOR-US: Cisco NX-OS CVE-2014-3260 (Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the ...) NOT-FOR-US: Pacom CVE-2014-3259 RESERVED CVE-2014-3258 RESERVED CVE-2014-3257 RESERVED CVE-2014-3256 RESERVED CVE-2014-3255 RESERVED CVE-2014-3254 RESERVED CVE-2014-3253 RESERVED CVE-2014-3252 RESERVED CVE-2014-3251 (The MCollective aes_security plugin, as used in Puppet Enterprise befo ...) - mcollective 2.6.0+dfsg-1 (low; bug #758701) [wheezy] - mcollective (Minor issue) NOTE: Mcollective are not configured to use the plugin and are not vulnerable by default. NOTE: http://puppetlabs.com/security/cve/cve-2014-3251 CVE-2014-3250 (The default vhost configuration file in Puppet before 3.6.2 does not i ...) - puppet 3.7.0-1 (low) [squeeze] - puppet (Only exploitable in combination with Apache 2.4) [wheezy] - puppet (Only exploitable in combination with Apache 2.4) NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250 CVE-2014-3249 (Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...) - puppet (Only affects Puppet Enterprise) NOTE: http://puppetlabs.com/security/cve/cve-2014-3249 CVE-2014-3248 (Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2. ...) - puppet 3.7.0-1 (low) [wheezy] - puppet (Minor issue) [squeeze] - puppet (Minor issue) - hiera 1.3.4-1 (low) - ruby-hiera (low) [wheezy] - ruby-hiera (Minor issue) - facter 2.0.1-1 (low) [wheezy] - facter (Minor issue) [squeeze] - facter (Minor issue) - mcollective 2.5.2+dfsg-1 (low) [wheezy] - mcollective (Minor issue) NOTE: http://puppetlabs.com/security/cve/cve-2014-3248 NOTE: problem in combination with ruby <= 1.9.1 CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remo ...) - collabtive 2.0+dfsg-1 (bug #748828) [wheezy] - collabtive (Minor issue) CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote authentica ...) - collabtive 1.2+dfsg-2 (bug #748828) [wheezy] - collabtive (Minor issue) CVE-2014-3245 RESERVED CVE-2014-3244 (XML external entity (XXE) vulnerability in the RSSDashlet dashlet in S ...) NOT-FOR-US: SugarCRM CVE-2014-3241 RESERVED CVE-2014-3240 RESERVED CVE-2014-3239 RESERVED CVE-2014-3238 RESERVED CVE-2014-3237 RESERVED CVE-2014-3236 RESERVED CVE-2014-3235 RESERVED CVE-2014-3234 RESERVED CVE-2014-3233 RESERVED CVE-2014-3232 RESERVED CVE-2014-3231 RESERVED CVE-2014-3229 RESERVED CVE-2014-3228 RESERVED CVE-2014-3227 (dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect th ...) {DSA-2915-2} - dpkg 1.17.9 CVE-2014-3226 RESERVED CVE-2014-3224 (Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 V200R003C00SPC50 ...) NOT-FOR-US: Huawei CVE-2014-3223 (Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300 ...) NOT-FOR-US: Huawei CVE-2014-3222 (In Huawei eSpace Meeting with software V100R001C03SPC201 and the earli ...) NOT-FOR-US: Huawei CVE-2014-3221 (Huawei Eudemon8000E firewall with software V200R001C01SPC800 and earli ...) NOT-FOR-US: Huawei CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authent ...) NOT-FOR-US: F5 BIG-IQ CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filte ...) {DSA-2949-1 DLA-0015-1} - linux 3.14.4-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3 NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8 NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67 CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension imple ...) {DSA-2949-1 DLA-0015-1} - linux 3.14.4-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3 NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8 NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67 CVE-2014-3430 (Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x befo ...) {DSA-2954-1 DLA-0004-1} - dovecot 1:2.2.13~rc1-1 (low; bug #747549) [squeeze] - dovecot 1:1.2.15-7+deb6u1 NOTE: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499 CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of ...) NOT-FOR-US: NCSA Mosaic CVE-2014-3425 (NCSA Mosaic 2.0 and earlier allows local users to cause a denial of se ...) NOT-FOR-US: NCSA Mosaic CVE-2014-3424 (lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users ...) - emacs23 (bug #747100) [wheezy] - emacs23 (Minor issue) [squeeze] - emacs23 (Minor issue) - emacs24 24.3+1-4 - xemacs21-packages (Vulnerable code not present) NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local user ...) - emacs23 (bug #747100) [wheezy] - emacs23 (Minor issue) [squeeze] - emacs23 (Minor issue) - emacs24 24.3+1-4 - xemacs21-packages (Vulnerable code not present) NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local ...) - emacs23 (bug #747100) [wheezy] - emacs23 (Minor issue) [squeeze] - emacs23 (Minor issue) - emacs24 24.3+1-4 - xemacs21-packages (Vulnerable code not present) NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users ...) - emacs23 (bug #747100) [wheezy] - emacs23 (Minor issue) [squeeze] - emacs23 (Minor issue) - emacs24 24.3+1-4 NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html CVE-2014-9091 (Icecast before 2.4.0 does not change the supplementary group privilege ...) - icecast2 2.4.0-1 (low) [squeeze] - icecast2 (Minor issue) [wheezy] - icecast2 (Minor issue) NOTE: https://trac.xiph.org/changeset/19137/ CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity expansi ...) - python-soappy 0.12.22-1 (low; bug #747280) [squeeze] - python-soappy (Minor issue) [wheezy] - python-soappy (Minor issue) NOTE: http://www.pnigos.com/?p=260 CVE-2014-3242 (SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SO ...) - python-soappy 0.12.22-1 (low; bug #747280) [squeeze] - python-soappy (Minor issue) [wheezy] - python-soappy (Minor issue) NOTE: http://www.pnigos.com/?p=260 CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler ...) - cobbler (Fixed before initial upload) CVE-2014-3219 (fish before 2.1.1 allows local users to write to arbitrary files via a ...) - fish 2.1.1-1 (low; bug #746259) [squeeze] - fish (Minor issue) [wheezy] - fish (Minor issue) CVE-2014-3218 RESERVED CVE-2014-3217 RESERVED CVE-2014-3216 (GOM Media Player 2.2.57.5189 and earlier allows remote attackers to ca ...) NOT-FOR-US: Gretech GOM Media Player CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissi ...) - policycoreutils (seunshare not enabled/built in Debian) CVE-2014-3214 (The prefetch implementation in named in ISC BIND 9.10.0, when a recurs ...) - bind9 (prefetch option introduced in BIND 9.10.0b1) NOTE: https://kb.isc.org/article/AA-01161 CVE-2014-3213 RESERVED CVE-2014-3212 RESERVED CVE-2014-3211 (Publify before 8.0.1 is vulnerable to a Denial of Service attack ...) NOT-FOR-US: Publify CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking ...) NOT-FOR-US: WordPress plugin Booking System CVE-2014-3208 (A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (ps ...) NOT-FOR-US: askpop3d CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Seagate CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a h ...) NOT-FOR-US: Seagate CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...) NOT-FOR-US: Unity CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restric ...) NOT-FOR-US: Unity CVE-2014-3202 (Unity before 7.2.1 does not properly handle entry activation, which al ...) NOT-FOR-US: Unity CVE-2014-3201 (core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used ...) - chromium-browser 39.0.2171.71-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125 ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...) - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: libv8 not covered by security support CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the PDFi ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in core/loader/Nav ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...) - chromium-browser (Only affects Windows) CVE-2014-3195 (Google V8, as used in Google Chrome before 38.0.2125.101, does not pro ...) - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser NOTE: libv8 not covered by security support CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in Goog ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3193 (The SessionService::GetLastSession function in browser/sessions/sessio ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3192 (Use-after-free vulnerability in the ProcessingInstruction::setXSLStyle ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in c ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...) - chromium-browser 38.0.2125.101-1 [wheezy] - chromium-browser [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...) - chromium-browser (only affects versions supporting Apple's facetime) CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in devices/hid/hid-p ...) - linux 3.16.5-1 [wheezy] - linux 3.2.63-1 - linux-2.6 (Vulnerable code not present) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101 NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3) CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function i ...) {DLA-118-1} - linux 3.16.2-2 [wheezy] - linux 3.2.63-1 - linux-2.6 NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98 NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3) CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel be ...) {DLA-246-1} - linux 3.16.2-2 [wheezy] - linux 3.2.63-1 - linux-2.6 NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91 NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2) CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request function in d ...) - linux 3.16.2-2 [wheezy] - linux 3.2.63-1 - linux-2.6 (Vulnerable code not present) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90 NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2) CVE-2014-3182 (Array index error in the logi_dj_raw_event function in drivers/hid/hid ...) - linux 3.16.2-2 [wheezy] - linux 3.2.63-1 - linux-2.6 (Vulnerable driver introduced later) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89 NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2) CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event func ...) - linux 3.16.5-1 [wheezy] - linux 3.2.63-1 - linux-2.6 (Vulnerable code not present) NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100 NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3) CVE-2014-3180 (** DISPUTED ** In kernel/compat.c in the Linux kernel before 3.17, as ...) - linux 4.0.2-1 (unimportant) NOTE: https://git.kernel.org/linus/849151dd5481bc8acb1d287a299b5d6a4ca9f1c3 (3.17-rc4) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=408827 NOTE: https://lkml.org/lkml/2014/9/7/29 NOTE: The respective code path is unreachable. CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3178 (Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3177 (Google Chrome before 37.0.2062.94 does not properly handle the interac ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3176 (Google Chrome before 37.0.2062.94 does not properly handle the interac ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3175 (Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3174 (modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementati ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.94 does not ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3172 (The Debugger extension API in browser/extensions/api/debugger/debugger ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3171 (Use-after-free vulnerability in the V8 bindings in Blink, as used in G ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3169 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3168 (Use-after-free vulnerability in the SVG implementation in Blink, as us ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before 36 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3165 (Use-after-free vulnerability in modules/websockets/WorkerThreadableWeb ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3164 (cmds/servicemanager/service_manager.c in Android before commit 7d42a3c ...) NOT-FOR-US: Android CVE-2014-3163 RESERVED CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985 ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3161 (The WebMediaPlayerAndroid::load function in content/renderer/media/and ...) NOT-FOR-US: Android CVE-2014-3160 (The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher ...) {DSA-3039-1} - chromium-browser 37.0.2062.120-1 [squeeze] - chromium-browser CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in components/ ...) NOT-FOR-US: Android CVE-2014-3158 (Integer overflow in the getword function in options.c in pppd in Paul' ...) {DSA-3079-1 DLA-74-1} - ppp 2.4.6-3 (medium; bug #762789) NOTE: https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb NOTE: http://marc.info/?l=linux-ppp&m=140764978420764 NOTE: No known exploit yet but potential local privilege escalation to root for users in "dip" group CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer f ...) {DSA-2959-1} - chromium-browser 35.0.1916.153-1 [squeeze] - chromium-browser CVE-2014-3156 (Buffer overflow in the clipboard implementation in Google Chrome befor ...) {DSA-2959-1} - chromium-browser 35.0.1916.153-1 [squeeze] - chromium-browser CVE-2014-3155 (net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chro ...) {DSA-2959-1} - chromium-browser 35.0.1916.153-1 [squeeze] - chromium-browser CVE-2014-3154 (Use-after-free vulnerability in the ChildThread::Shutdown function in ...) {DSA-2959-1} - chromium-browser 35.0.1916.153-1 [squeeze] - chromium-browser CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel throu ...) {DSA-2949-1 DLA-0007-1} - linux 3.14.5-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze7 NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/92357 CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-3151 RESERVED CVE-2014-3150 (Livebox 1.1 allows remote authenticated users to upload arbitrary conf ...) NOT-FOR-US: Livebox CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (a ...) NOT-FOR-US: Invision Power IP.Board CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid ...) NOT-FOR-US: OkCupid CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature ...) NOT-FOR-US: Splunk CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in lx ...) {DSA-2941-1 DLA-0009-1} - lxml 3.3.5-1 (bug #746812) [squeeze] - lxml 2.2.8-2+deb6u1 NOTE: http://lxml.de/3.3/changes-3.3.5.html NOTE: http://seclists.org/fulldisclosure/2014/Apr/210 NOTE: https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc CVE-2014-3143 RESERVED CVE-2014-3142 RESERVED CVE-2014-3141 RESERVED CVE-2014-3140 REJECTED CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 all ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hot ...) NOT-FOR-US: Xerox DocuShare CVE-2014-3136 (Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev ...) NOT-FOR-US: D-Link CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 ...) NOT-FOR-US: vBulletin CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView application i ...) NOT-FOR-US: SAP BusinessObjects CVE-2014-3133 (SAP Netweaver Java Application Server does not properly restrict acces ...) NOT-FOR-US: SAP NetWeaver CVE-2014-3132 (SAP Background Processing does not properly restrict access, which all ...) NOT-FOR-US: SAP Background Processing CVE-2014-3131 (SAP Profile Maintenance does not properly restrict access, which allow ...) NOT-FOR-US: SAP Solution Manager CVE-2014-3130 (The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basi ...) NOT-FOR-US: SAP NetWeaver CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP N ...) NOT-FOR-US: SAP NetWeaver CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set the p ...) - ldns 1.6.17-4 (low; bug #746758) [squeeze] - ldns (Minor issue) [wheezy] - ldns 1.6.13-1+deb7u1 CVE-2014-3230 (The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl ...) - liblwp-protocol-https-perl 6.04-3 (bug #746579) [wheezy] - liblwp-protocol-https-perl (Introduced by bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04) NOTE: Introduced by https://github.com/dagolden/lwp-protocol-https/commit/bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 NOTE: CVE assignment for https://github.com/libwww-perl/lwp-protocol-https/pull/14#issuecomment-42328818 CVE-2014-3207 (Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserve ...) - sks 1.1.5-1 (low; bug #746626) [squeeze] - sks (Minor issue) [wheezy] - sks 1.1.3-2+deb7u1 NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077 CVE-2014-3137 (Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before ...) {DSA-2948-1} - python-bottle 0.12.6-1 (bug #746322) [squeeze] - python-bottle (bug affects versions 0.10.11-1 and 0.12.5-1) CVE-2014-3128 RESERVED CVE-2014-3127 (dpkg 1.15.9 on Debian squeeze introduces support for the "C-style enco ...) {DSA-2915-2} - dpkg 1.17.9 CVE-2014-3126 RESERVED CVE-2014-3125 (Xen 4.4.x, when running on an ARM system, does not properly context sw ...) - xen (Only 32- and 64-bit ARM systems are affected from Xen 4.4 onwards) CVE-2014-3124 (The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local g ...) {DSA-3006-1} - xen 4.4.1-1 (bug #757724) [squeeze] - xen (Xen versions from 4.1 onwards are vulnerable) CVE-2014-3123 (Cross-site scripting (XSS) vulnerability in admin/manage-images.php in ...) NOT-FOR-US: Wordpress plugin CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape sequences ...) {DSA-2925-1} - rxvt-unicode 9.20-1 (bug #746593) CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dynamic ...) - elasticsearch 1.0.3+dfsg-3 (bug #759736) NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853 CVE-2014-3119 (Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier ...) NOT-FOR-US: web2Project CVE-2014-3118 RESERVED CVE-2014-3117 RESERVED CVE-2014-3116 RESERVED CVE-2014-3115 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Fortinet Fortiweb CVE-2014-3114 (The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and ...) NOT-FOR-US: WordPress plugin ezpz-one-click-backup CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 ...) NOT-FOR-US: RealPlayer CVE-2014-3112 RESERVED CVE-2014-3110 (Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCO ...) NOT-FOR-US: Honeywell FALCON XLWeb controllor CVE-2014-3109 RESERVED CVE-2014-3108 RESERVED CVE-2014-3107 RESERVED CVE-2014-3106 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, an ...) NOT-FOR-US: IBM WebSphere CVE-2014-3105 (The OSLC integration feature in the Web component in IBM Rational Clea ...) NOT-FOR-US: IBM WebSphere CVE-2014-3104 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, an ...) NOT-FOR-US: IBM WebSphere CVE-2014-3103 (The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0. ...) NOT-FOR-US: IBM WebSphere CVE-2014-3102 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 ...) NOT-FOR-US: IBM WebSphere CVE-2014-3101 (The login form in the Web component in IBM Rational ClearQuest 7.1 bef ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in /system/bin/ ...) NOT-FOR-US: Android service KeyStore CVE-2014-3099 (Unspecified vulnerability in the Security component in IBM Systems Dir ...) NOT-FOR-US: IBM Systems Director CVE-2014-3098 RESERVED CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ( ...) NOT-FOR-US: IBM Tivoli CVE-2014-3096 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program M ...) NOT-FOR-US: IBM Curam CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 thro ...) NOT-FOR-US: IBM DB2 CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through F ...) NOT-FOR-US: IBM DB2 CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passw ...) NOT-FOR-US: IBM CVE-2014-3092 (IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Mana ...) NOT-FOR-US: IBM CVE-2014-3091 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...) NOT-FOR-US: IBM Rational ClearCase CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1 ...) NOT-FOR-US: IBM Rational Directory Server CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client t ...) NOT-FOR-US: IBM Sametime CVE-2014-3087 (callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 ...) NOT-FOR-US: IBM CVE-2014-3086 (Unspecified vulnerability in the IBM Java Virtual Machine, as used in ...) NOT-FOR-US: IBM WebSphere CVE-2014-3085 (systest.php on IBM GCM16 and GCM32 Global Console Manager switches wit ...) NOT-FOR-US: IBM CVE-2014-3084 (IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and ...) NOT-FOR-US: IBM CVE-2014-3083 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3082 RESERVED CVE-2014-3081 (prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches wi ...) NOT-FOR-US: IBM CVE-2014-3080 (Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and G ...) NOT-FOR-US: IBM CVE-2014-3079 (The Administration and Reporting Tool in IBM Rational License Key Serv ...) NOT-FOR-US: IBM CVE-2014-3078 RESERVED CVE-2014-3077 (IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x ...) NOT-FOR-US: IBM CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote att ...) NOT-FOR-US: IBM CVE-2014-3075 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...) NOT-FOR-US: IBM CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local ...) NOT-FOR-US: IBM AIX CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mo ...) NOT-FOR-US: Novell Identity Manager CVE-2014-3072 (Unspecified vulnerability in the Automation Server in IBM Security App ...) NOT-FOR-US: IBM Security AppScan CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console i ...) NOT-FOR-US: IBM InfoSphere CVE-2014-3070 (The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access compon ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-3068 (IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 be ...) NOT-FOR-US: IBM JDK CVE-2014-3067 RESERVED CVE-2014-3066 (IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote attack ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2014-3065 (Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 b ...) NOT-FOR-US: IBM JDK CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management - Collabora ...) NOT-FOR-US: IBM CVE-2014-3063 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x bef ...) NOT-FOR-US: IBM CVE-2014-3062 (Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend ...) NOT-FOR-US: IBM CVE-2014-3060 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 applianc ...) NOT-FOR-US: IBM WebSphere CVE-2014-3059 (Unspecified vulnerability in the Administrative Console on the IBM Web ...) NOT-FOR-US: IBM WebSphere CVE-2014-3058 (Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere D ...) NOT-FOR-US: IBM CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List (UTL ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-3056 (The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-3055 (SQL injection vulnerability in the Unified Task List (UTL) Portlet for ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-3054 (Multiple open redirect vulnerabilities in the Unified Task List (UTL) ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-3053 (The Local Management Interface (LMI) in IBM Security Access Manager (I ...) NOT-FOR-US: IBM ISAM CVE-2014-3052 (The reverse-proxy feature in IBM Security Access Manager (ISAM) for We ...) NOT-FOR-US: IBM ISAM CVE-2014-3051 (The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Appli ...) NOT-FOR-US: IBM Tivoli CVE-2014-3050 (IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before ...) NOT-FOR-US: IBM Rational Team Concert CVE-2014-3049 RESERVED CVE-2014-3048 (Unspecified vulnerability on the IBM System Storage Virtualization Eng ...) NOT-FOR-US: IBM System Storage Virtualization Engine CVE-2014-3047 RESERVED CVE-2014-3046 RESERVED CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before ...) NOT-FOR-US: IBM CVE-2014-3044 RESERVED CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remot ...) NOT-FOR-US: IBM CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does n ...) NOT-FOR-US: IBM CICS Transaction Serve CVE-2014-3041 (SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x ...) NOT-FOR-US: IBM CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contra ...) NOT-FOR-US: IBM CVE-2014-3039 RESERVED CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop g ...) NOT-FOR-US: IBM SPSS Modeler CVE-2014-3037 (Cross-site request forgery (CSRF) vulnerability in IBM Configuration M ...) NOT-FOR-US: IBM CVE-2014-3036 (Unspecified vulnerability in IBM API Management 3.0.0.0, when basic au ...) NOT-FOR-US: IBM API Management CVE-2014-3035 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend Analysi ...) NOT-FOR-US: IBM CVE-2014-3034 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Mana ...) NOT-FOR-US: IBM CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing Port ...) NOT-FOR-US: IBM Emptoris Sourcing Portfolio CVE-2014-3032 (Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Servic ...) NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2014-3030 RESERVED CVE-2014-3029 RESERVED CVE-2014-3028 RESERVED CVE-2014-3027 RESERVED CVE-2014-3026 (CRLF injection vulnerability in IBM Maximo Asset Management 7.5 throug ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-3024 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Ma ...) NOT-FOR-US: IBM CVE-2014-3023 RESERVED CVE-2014-3022 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3021 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 bef ...) NOT-FOR-US: IBM Tivoli Integrated Portal CVE-2014-3019 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...) NOT-FOR-US: IBM CVE-2014-3018 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...) NOT-FOR-US: IBM CVE-2014-3017 RESERVED CVE-2014-3016 RESERVED CVE-2014-3015 (Cross-site request forgery (CSRF) vulnerability in the Web player in I ...) NOT-FOR-US: IBM Sametime CVE-2014-3014 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...) NOT-FOR-US: IBM Sametime CVE-2014-3013 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Socia ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program Ma ...) NOT-FOR-US: IBM Curam Social Program Management CVE-2014-3011 (IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers ...) NOT-FOR-US: IBM OpenPages GRC Platform CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSpher ...) NOT-FOR-US: IBM WebSphere CVE-2014-3009 (The GDS component in IBM InfoSphere Master Data Management - Collabora ...) NOT-FOR-US: IBM InfoSphere CVE-2014-3008 (Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to ...) NOT-FOR-US: Unitrends Enterprise Backup CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allo ...) - pillow 2.4.0-1 (bug #737059) - python-imaging [squeeze] - python-imaging (Minor issue) [wheezy] - python-imaging (Minor issue) NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when up ...) NOT-FOR-US: Sitepark Information Enterprise Server CVE-2014-3005 (XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21r ...) - zabbix 1:2.2.5+dfsg-1 (bug #751910) [squeeze] - zabbix (Unsupported in squeeze-lts) NOTE: http://seclists.org/fulldisclosure/2014/Jun/87 NOTE: Upstream issue tracking https://support.zabbix.com/browse/ZBX-8151 CVE-2014-3004 (The default configuration for the Xerces SAX Parser in Castor before 1 ...) NOT-FOR-US: Castor CVE-2014-3003 REJECTED CVE-2014-3002 RESERVED CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not ...) - kfreebsd-10 NOTE: it is called SA-14:07.devfs in the freebsd world NOTE: the devfs rules file is loaded by /etc/init.d/freebsd-utils on boot, so debian never was vulnerable CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3 before p ...) {DSA-2952-1} - kfreebsd-10 10.0-5 (bug #746949) - kfreebsd-9 (bug #746951) - kfreebsd-8 (bug #746952) [wheezy] - kfreebsd-8 (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) CVE-2014-2999 RESERVED CVE-2014-2998 RESERVED CVE-2014-2997 RESERVED CVE-2014-2996 (XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem ...) NOT-FOR-US: XCloner Standalone CVE-2014-2995 (Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in ...) NOT-FOR-US: WordPress plugin Twitget CVE-2014-2994 (Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS ...) NOT-FOR-US: Acunetix Web Vulnerability Scanner CVE-2014-2993 (The Birebin.com application for Android does not verify X.509 certific ...) NOT-FOR-US: Birebin.com application for Android CVE-2014-2992 (The Misli.com application for Android does not verify X.509 certificat ...) NOT-FOR-US: Misli.com application for Android CVE-2014-2991 RESERVED CVE-2014-2990 RESERVED CVE-2014-2989 (Cross-site request forgery (CSRF) vulnerability in Open Assessment Tec ...) NOT-FOR-US: Open Assessment Technologies TAO CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Commu ...) NOT-FOR-US: EGroupware EPL CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupwa ...) NOT-FOR-US: EGroupware EPL CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel bef ...) {DSA-2926-1 DLA-0015-1} - linux 3.14.4-1 (bug #747326) - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: Introduced by https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233 NOTE: Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1) CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remo ...) - miniupnpc 1.6-4 (low; bug #748913) [wheezy] - miniupnpc (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618 NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9 NOTE: https://www.openwall.com/lists/oss-security/2014/04/30/3 CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to ...) - cups-filters 1.0.53-1 [wheezy] - cups-filters (vulnerable code not present) NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195 CVE-2014-4337 (The process_browse_data function in utils/cups-browsed.c in cups-brows ...) - cups-filters 1.0.53-1 [wheezy] - cups-filters (vulnerable code not present) CVE-2014-4336 (The generate_local_queue function in utils/cups-browsed.c in cups-brow ...) - cups-filters 1.0.53-1 [wheezy] - cups-filters (vulnerable code not present) NOTE: incomplete fix was applied NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194 CVE-2014-3111 (Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 throug ...) NOT-FOR-US: fog cloning solution CVE-2014-2985 RESERVED CVE-2014-2984 REJECTED CVE-2014-2982 RESERVED CVE-2014-2981 RESERVED CVE-2014-2979 RESERVED CVE-2014-2978 (The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispa ...) - directfb (Vulnerable code was introduced in 1.4.4) CVE-2014-2977 (Multiple integer signedness errors in the Dispatch_Write function in p ...) - directfb (Vulnerable code was introduced in 1.4.13) CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allo ...) NOT-FOR-US: Sixnet SixView CVE-2014-2975 (Cross-site scripting (XSS) vulnerability in php/user_account.php in Si ...) NOT-FOR-US: Silver Peak VX CVE-2014-2974 (Cross-site request forgery (CSRF) vulnerability in php/user_account.ph ...) NOT-FOR-US: Silver Peak VX CVE-2014-2973 REJECTED CVE-2014-2972 (expand.c in Exim before 4.83 expands mathematical comparisons twice, w ...) - exim4 4.82.1-2 (low) [squeeze] - exim4 (Minor issue) [wheezy] - exim4 4.80-7+deb7u1 CVE-2014-2971 (Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroP ...) NOT-FOR-US: MicroPact iComplaints CVE-2014-2970 REJECTED CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a har ...) NOT-FOR-US: NETGEAR GS108PE Prosafe Plus switches CVE-2014-2968 (Cross-site scripting (XSS) vulnerability in the web interface on the H ...) NOT-FOR-US: Huawei E355 CH1E355SM firmware CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers ...) NOT-FOR-US: Autodesk VRED Professional CVE-2014-2966 (The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly pe ...) NOT-FOR-US: Resin Pro CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php in Spa ...) NOT-FOR-US: SpamTitan CVE-2014-2964 (Cobham Aviator 700D and 700E satellite terminals have hardcoded passwo ...) NOT-FOR-US: Cobham Aviator 700D and 700E satellite terminals CVE-2014-2963 (Multiple cross-site scripting (XSS) vulnerabilities in group/control_p ...) NOT-FOR-US: Liferay Portal CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...) NOT-FOR-US: Belkin router CVE-2014-2961 RESERVED CVE-2014-2960 (Vision Critical before 2014-05-30 allows attackers to read arbitrary f ...) NOT-FOR-US: Vision Critical CVE-2014-2959 (logViewer.htm on the Dell ML6000 tape backup system with firmware befo ...) NOT-FOR-US: Quantum Scalar CVE-2014-2958 RESERVED CVE-2014-2957 (The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPE ...) - exim4 4.82.1-1 (unimportant) [squeeze] - exim4 (Vulnerable code introduced in 4.82) [wheezy] - exim4 (Vulnerable code introduced in 4.82) NOTE: https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html NOTE: EXPERIMENTAL_DMARC not enabled CVE-2014-2956 (ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelpe ...) NOT-FOR-US: AVG Secure Search toolbar and AVG Safeguard CVE-2014-2955 (Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers ...) NOT-FOR-US: Raritan PX CVE-2014-2954 RESERVED CVE-2014-2953 RESERVED CVE-2014-2952 [Arbitrary File Deletion as Root in Webmin] RESERVED - webmin NOTE: https://sites.utexas.edu/iso/2014/09/09/arbitrary-file-deletion-as-root-in-webmin/ CVE-2014-2951 (Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded pas ...) NOT-FOR-US: Datum Systems SnIP CVE-2014-2950 (Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require au ...) NOT-FOR-US: Datum Systems SnIP CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager ...) NOT-FOR-US: F5 ARX Data Manager CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Su ...) NOT-FOR-US: Bizagi BPM CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM S ...) NOT-FOR-US: Bizagi BPM CVE-2014-2946 (Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in ...) NOT-FOR-US: Huawei device CVE-2014-2945 REJECTED CVE-2014-2944 REJECTED CVE-2014-2943 REJECTED CVE-2014-2942 (Cobham Aviator 700D and 700E satellite terminals use an improper algor ...) NOT-FOR-US: Cobham Aviator CVE-2014-2941 (** DISPUTED ** Cobham Sailor 6000 satellite terminals have hardcoded T ...) NOT-FOR-US: Cobham Sailor 6000 satellite terminals CVE-2014-2940 (Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF ...) NOT-FOR-US: Cobham Sailor 900 and 6000 satellite terminals CVE-2014-2939 (Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterp ...) NOT-FOR-US: Alfresco CVE-2014-2938 (Hanvon FaceID before 1.007.110 does not require authentication, which ...) NOT-FOR-US: Hanvon FaceID CVE-2014-2937 REJECTED CVE-2014-2936 (The directory manager in Caldera 9.20 allows remote attackers to condu ...) NOT-FOR-US: Caldera CVE-2014-2935 (costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows ...) NOT-FOR-US: Caldera CVE-2014-2934 (Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote at ...) NOT-FOR-US: Caldera CVE-2014-2933 (Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 ...) NOT-FOR-US: Caldera CVE-2014-2932 RESERVED CVE-2014-2931 RESERVED CVE-2014-2930 RESERVED CVE-2014-2929 RESERVED CVE-2014-2928 (The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and ...) NOT-FOR-US: F5 BIG-IP CVE-2014-2927 (The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5. ...) NOT-FOR-US: Kaseya Virtual System Administrator CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content. ...) NOT-FOR-US: ASUS RT series CVE-2014-2924 RESERVED CVE-2014-2923 RESERVED CVE-2014-2922 (The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Ne ...) NOT-FOR-US: pimcore CVE-2014-2921 (The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Ne ...) NOT-FOR-US: pimcore CVE-2014-2920 RESERVED CVE-2014-2919 RESERVED CVE-2014-2918 RESERVED CVE-2014-2917 RESERVED CVE-2014-2916 (Cross-site request forgery (CSRF) vulnerability in the subscription pa ...) NOT-FOR-US: subscription page editor CVE-2014-2914 (fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to t ...) - fish 2.1.1-1 (bug #746259) [wheezy] - fish (Web interface not yet present) [squeeze] - fish (Web interface not yet present) NOTE: https://github.com/fish-shell/fish-shell/issues/1438 CVE-2014-2912 RESERVED CVE-2014-2911 RESERVED CVE-2014-2910 RESERVED CVE-2014-2909 (CRLF injection vulnerability in the integrated web server on Siemens S ...) NOT-FOR-US: Siemens CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web server ...) NOT-FOR-US: Siemens CVE-2014-2906 (The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does no ...) - fish 2.1.1-1 (low; bug #746259) [squeeze] - fish (Minor issue) [wheezy] - fish (Minor issue) NOTE: https://github.com/fish-shell/fish-shell/issues/1437 CVE-2014-2905 (fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the ...) - fish 2.1.1-1 (low; bug #746259) [squeeze] - fish (Minor issue) [wheezy] - fish (Minor issue) NOTE: https://github.com/fish-shell/fish-shell/issues/1436 CVE-2014-2895 RESERVED CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of s ...) {DSA-2922-1} - strongswan 5.1.2-1 CVE-2014-2887 RESERVED CVE-2014-2886 (GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) chara ...) - gksu [stretch] - gksu (Minor issue) [jessie] - gksu (Minor issue) [wheezy] - gksu (Minor issue) [squeeze] - gksu (Minor issue) NOTE: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu NOTE: In Debian libgksu installs two alternatives gconf-defaults.libgksu-sudo NOTE: and gconf-defaults.libgksu-su, where the gconf-defaults.libgksu-su is NOTE: enabled (in auto mode). CVE-2014-2883 RESERVED CVE-2014-2882 (Unspecified vulnerability in the management GUI in Citrix NetScaler Ap ...) NOT-FOR-US: Citrix Netscaler CVE-2014-2881 (Unspecified vulnerability in the Diffie-Hellman key agreement implemen ...) NOT-FOR-US: Citrix Netscaler CVE-2014-2880 (Open redirect vulnerability in the Oracle Identity Manager component i ...) NOT-FOR-US: Oracle Identity Manager CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...) NOT-FOR-US: SonicWALL CVE-2014-2878 RESERVED CVE-2014-2877 RESERVED CVE-2014-2876 RESERVED CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...) - lua-cgi (unimportant; bug #953037) NOTE: https://github.com/keplerproject/cgilua/issues/17 NOTE: The code itself is broken and thus cannot be exploited per se if not fixed, NOTE: see details in https://bugs.debian.org/954300 CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts] - virtualenvwrapper 4.3-1 (low; bug #745580) [wheezy] - virtualenvwrapper (Minor issue) [squeeze] - virtualenvwrapper (Minor issue) CVE-2014-2907 (The srtp_add_address function in epan/dissectors/packet-rtp.c in the R ...) - wireshark 1.10.7-1 (bug #745595) [wheezy] - wireshark (Affects 1.10.x only) [squeeze] - wireshark (Affects 1.10.x only) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-06.html CVE-2014-2986 (The vgic_distr_mmio_write function in the virtual guest interrupt cont ...) - xen (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards) CVE-2014-2980 (Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run ...) - gnustep-base 1.24.6-1 (bug #745470) [wheezy] - gnustep-base 1.22.1-4+deb7u1 [squeeze] - gnustep-base (Minor issue) NOTE: https://savannah.gnu.org/bugs/?41751 CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict acc ...) - xen (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards) CVE-2014-2913 (** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios ...) - nagios-nrpe 2.15-1 (unimportant; bug #745272) NOTE: This in insecure by design anyway CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate t ...) {DSA-2914-1 DSA-2913-1} - drupal7 7.27-1 - drupal6 NOTE: https://drupal.org/SA-CORE-2014-002 CVE-2014-2904 (wolfssl before 3.2.0 has a server certificate that is not properly aut ...) - cyassl (bug #770229) - wolfssl 3.4.8+dfsg-1 (bug #792646) NOTE: wolfssl actually fixed with the initial upload to unstable after the rename NOTE: according to maintainer addressed in 3.2.0 upstream CVE-2014-2903 (CyaSSL does not check the key usage extension in leaf certificates, wh ...) - cyassl (bug #770229) - wolfssl 3.4.8+dfsg-1 (bug #792646) NOTE: wolfssl actually fixed with the initial upload to unstable after the rename NOTE: according to maintainer addressed in 3.2.0 upstream CVE-2014-2902 (wolfssl before 3.2.0 does not properly authorize CA certificate for si ...) - cyassl (bug #770229) - wolfssl 3.4.8+dfsg-1 (bug #792646) NOTE: wolfssl actually fixed with the initial upload to unstable after the rename NOTE: according to maintainer addressed in 3.2.0 upstream CVE-2014-2901 (wolfssl before 3.2.0 does not properly issue certificates for a server ...) - cyassl (bug #770229) - wolfssl 3.4.8+dfsg-1 (bug #792646) NOTE: wolfssl actually fixed with the initial upload to unstable after the rename NOTE: according to maintainer addressed in 3.2.0 upstream CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certifica ...) - cyassl 2.9.4+dfsg-1 CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial ...) - cyassl 2.9.4+dfsg-1 CVE-2014-2898 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecifie ...) - cyassl 2.9.4+dfsg-1 CVE-2014-2897 (The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does ...) - cyassl 2.9.4+dfsg-1 CVE-2014-2896 (The DoAlert function in the (1) TLS and (2) DTLS implementations in wo ...) - cyassl 2.9.4+dfsg-1 CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in ...) - phpmyid (bug #492325) CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...) NOT-FOR-US: Ruby Gem sfpagent CVE-2014-2885 (Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) ...) - truecrypt (bug #364034) CVE-2014-2884 (The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt ...) - truecrypt (bug #364034) CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2873 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not requir ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2872 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2871 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HT ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2870 (The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2869 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2868 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2867 (Unrestricted file upload vulnerability in PaperThin CommonSpot before ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2866 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on clien ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2865 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2864 (Multiple directory traversal vulnerabilities in PaperThin CommonSpot b ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2863 (Multiple absolute path traversal vulnerabilities in PaperThin CommonSp ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2862 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2861 (Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0. ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2860 (Multiple cross-site scripting (XSS) vulnerabilities in PaperThin Commo ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2859 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote a ...) NOT-FOR-US: PaperThin CommonSpot CVE-2014-2858 (Directory traversal vulnerability in the Resources plugin 1.0.0 before ...) - grails (bug #473213) CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 f ...) - grails (bug #473213) CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c in lib ...) {DSA-2916-1} - libmms 0.6.2-4 (bug #745301) - xine-lib (mmsh is libmms-specific) NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 CVE-2014-2893 (The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and ...) - llvm-toolchain-snapshot 1:3.5~svn211669-1 (bug #744817) - llvm-toolchain-3.3 - llvm-toolchain-3.4 1:3.4.2-1 CVE-2014-2854 (Cross-site scripting (XSS) vulnerability in the SemanticTitle extensio ...) NOT-FOR-US: MediaWiki extension SemanticTitle CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in includes/actions/InfoActio ...) - mediawiki (Vulnerable code not present) CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an RXS_CheckRespons ...) {DSA-2899-1} - openafs 1.6.7-1 CVE-2014-2850 (The network interface configuration page (netinterface) in Sophos Web ...) NOT-FOR-US: Sophos Web Appliance CVE-2014-2849 (The Change Password dialog box (change_password) in Sophos Web Applian ...) NOT-FOR-US: Sophos Web Appliance CVE-2014-2848 (A race condition in the wmi_malware_scan.nbin plugin before 2014022622 ...) NOT-FOR-US: Nessus CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows r ...) NOT-FOR-US: CIS Manager CMS CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php i ...) NOT-FOR-US: Arkeia Server Backup CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.509 cer ...) NOT-FOR-US: Cyberduck on Windows CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...) NOT-FOR-US: F-Secure Messaging Secure Gateway CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...) NOT-FOR-US: MapSuite MapAPI CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...) NOT-FOR-US: Juniper ScreenOS CVE-2014-2841 RESERVED CVE-2014-2840 RESERVED NOT-FOR-US: TR-069 Auto Configuration Servers NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22 for Wor ...) NOT-FOR-US: GD Star Rating plugin for WordPress CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the GD S ...) NOT-FOR-US: GD Star Rating plugin for WordPress CVE-2014-2837 RESERVED CVE-2014-2836 RESERVED CVE-2014-2835 RESERVED CVE-2014-2834 RESERVED CVE-2014-2833 RESERVED CVE-2014-2832 RESERVED CVE-2014-2831 RESERVED CVE-2014-2829 (Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly res ...) NOT-FOR-US: MongooseIM CVE-2014-2827 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2826 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2825 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2824 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2823 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2822 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2821 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2820 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2819 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ga ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2818 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2817 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ga ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2816 (Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundatio ...) NOT-FOR-US: Microsoft CVE-2014-2815 (Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrar ...) NOT-FOR-US: Microsoft CVE-2014-2814 (Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and ...) NOT-FOR-US: Microsoft Server CVE-2014-2813 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2812 REJECTED CVE-2014-2811 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2810 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2809 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2808 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2807 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2806 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2805 REJECTED CVE-2014-2804 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2803 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2802 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2801 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2800 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2798 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2797 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2796 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2795 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2794 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2793 REJECTED CVE-2014-2792 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2791 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2790 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2789 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2788 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2787 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2785 (Microsoft Internet Explorer 7 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2784 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2783 (Microsoft Internet Explorer 7 through 11 does not prevent use of wildc ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2781 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windo ...) NOT-FOR-US: Microsoft Windows CVE-2014-2780 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2014-2779 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2777 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2776 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2775 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2774 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2773 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2772 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2771 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2770 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2769 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2768 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2767 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2764 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2763 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2762 REJECTED CVE-2014-2761 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2760 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2759 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2758 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2757 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2756 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2755 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2754 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2753 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-2752 (SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded ...) NOT-FOR-US: SAP CVE-2014-2751 (SAP Print and Output Management has hardcoded credentials, which makes ...) NOT-FOR-US: SAP CVE-2014-2750 REJECTED CVE-2014-2749 (The HANA ICM process in SAP HANA allows remote attackers to obtain the ...) NOT-FOR-US: SAP CVE-2014-2748 (The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for ...) NOT-FOR-US: SAP CVE-2014-2747 RESERVED CVE-2014-2740 RESERVED CVE-2014-2738 RESERVED CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the ...) NOT-FOR-US: KnowledgeTree CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.1 ...) NOT-FOR-US: MODX Revolution CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that t ...) NOT-FOR-US: WinSCP CVE-2014-2734 (** DISPUTED ** The openssl extension in Ruby 2.x does not properly mai ...) NOTE: considered invalid and should be rejected, see https://gist.github.com/emboss/91696b56cd227c8a0c13 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1 CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Siemens SINEMA CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated web ser ...) NOT-FOR-US: Siemens SINEMA CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web server in S ...) NOT-FOR-US: Siemens SINEMA CVE-2014-2889 (Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_j ...) - linux 3.2.1-1 - linux-2.6 3.2.1-1 [squeeze] - linux-2.6 (Introduced in 3.0) NOTE: introduced by https://git.kernel.org/linus/0a14842f5a3c0e88a1e59fac5c3025db39721f74 NOTE: Upstrem fix in https://git.kernel.org/linus/a03ffcf873fe0f2565386ca8ef832144c42e67fa CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in h ...) {DSA-2933-1 DSA-2932-1} - qemu 2.0.0+dfsg-1 (bug #745157) [squeeze] - qemu (Vulnerable code not present) - qemu-kvm [squeeze] - qemu-kvm (Vulnerable code not present) NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00 CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...) - rsync 3.1.0-3 (bug #744791) [wheezy] - rsync (Introduced in 3.1.0) [squeeze] - rsync (Introduced in 3.1.0) NOTE: Introduced with https://git.samba.org/?p=rsync.git;a=commitdiff;h=5ebe9a46d7f3c846a6d665cb8c6ab8b79508a6df NOTE: Fix: https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c in Comm ...) - cups 1.7.2-1 [squeeze] - cups 1.4.4-7+squeeze5 [wheezy] - cups 1.5.3-5+deb7u2 NOTE: http://www.cups.org/str.php?L4356 CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities] - node-marked 0.3.1+dfsg-1 NOTE: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in ...) {DSA-2926-1} - linux 3.14.4-1 (low) - linux-2.6 (Introduced in 3.0) NOTE: https://lkml.org/lkml/2014/4/10/736 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...) - cifs-utils (unimportant) [squeeze] - cifs-utils (Vulnerable code not present) [wheezy] - cifs-utils (pam_cifscreds introduced in 6.3) NOTE: cifscreds PAM not built in unstable CVE-2014-2828 (The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and ...) - keystone 2014.1-1 [wheezy] - keystone (Only affects 2013.1 to 2013.2.3) NOTE: https://launchpad.net/bugs/1300274 CVE-2014-2746 (net/IOService.java in Tigase before 5.2.1 does not properly restrict t ...) NOT-FOR-US: Tigase XMPP Server CVE-2014-2745 (Prosody before 0.9.4 does not properly restrict the processing of comp ...) {DSA-2895-1} - prosody 0.9.4-1 [squeeze] - prosody (Minor issue) NOTE: http://hg.prosody.im/0.9/rev/a97591d2e1ad NOTE: http://hg.prosody.im/0.9/rev/1107d66d2ab2 CVE-2014-2744 (plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightw ...) {DSA-2895-1} - prosody 0.9.4-1 - lua-expat 1.3.0-1 [wheezy] - lua-expat 1.2.0-5+deb7u1 [squeeze] - lua-expat (Minor issue) [squeeze] - prosody (Minor issue) NOTE: http://hg.prosody.im/0.9/rev/b3b1c9da38fb CVE-2014-2743 (plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does n ...) NOT-FOR-US: Openfire CVE-2014-2742 (Isode M-Link before 16.0v7 does not properly restrict the processing o ...) NOT-FOR-US: Openfire CVE-2014-2741 (nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 ...) NOT-FOR-US: Openfire CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 201 ...) NOT-FOR-US: Microsoft Office CVE-2014-2739 (The cma_req_handler function in drivers/infiniband/core/cma.c in the L ...) - linux (Introduced and fixed in 3.14) - linux-2.6 ((Introduced and fixed in 3.14) CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS ...) NOT-FOR-US: Ektron Web Content Management System CVE-2014-2728 RESERVED CVE-2014-2727 (The STARTTLS implementation in MailMarshal before 7.2 allows plaintext ...) NOT-FOR-US: MailMarshal CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function i ...) - redmine 2.5.1-1 (bug #743828) [squeeze] - redmine (Redmine not supported because of rails) [wheezy] - redmine (Redmine not supported because of rails) NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3 NOTE: https://jvn.jp/en/jp/JVN93004610/ CVE-2014-2726 RESERVED CVE-2014-2725 RESERVED CVE-2014-2724 RESERVED CVE-2014-2723 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...) NOT-FOR-US: Fortinet CVE-2014-2722 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...) NOT-FOR-US: Fortinet CVE-2014-2721 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote ...) NOT-FOR-US: Fortinet CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Cen ...) NOT-FOR-US: IZArc Archiver CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with firmwar ...) NOT-FOR-US: ASUS RT series routers CVE-2014-2718 (ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66 ...) NOT-FOR-US: ASUS routers CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier an ...) NOT-FOR-US: Honeywell FALCON XLWeb controller CVE-2014-2716 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...) NOT-FOR-US: Ekahau Real-Time Location Tracking System CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templat ...) NOT-FOR-US: Drupal plugin CVE-2014-2714 (The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...) NOT-FOR-US: Juniper Junos CVE-2014-2713 (Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, ...) NOT-FOR-US: Juniper Junos CVE-2014-2712 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos bef ...) NOT-FOR-US: Juniper Junos CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos bef ...) NOT-FOR-US: Juniper Junos CVE-2014-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerl ...) NOT-FOR-US: Oliver (formerly Webshar) CVE-2014-2705 RESERVED CVE-2014-2704 RESERVED CVE-2014-2703 RESERVED CVE-2014-2702 RESERVED CVE-2014-2701 RESERVED CVE-2014-2700 RESERVED CVE-2014-2699 RESERVED CVE-2014-2698 RESERVED CVE-2014-2697 RESERVED CVE-2014-2696 RESERVED CVE-2014-2695 RESERVED CVE-2014-2694 RESERVED CVE-2014-2693 RESERVED CVE-2014-2692 RESERVED CVE-2014-2691 RESERVED CVE-2014-2690 (Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows l ...) NOT-FOR-US: Citrix VDI-in-a-Box CVE-2014-2689 (Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier ...) NOT-FOR-US: Offiria CVE-2014-2688 RESERVED CVE-2014-2687 RESERVED CVE-2014-5880 REJECTED CVE-2014-2709 (lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attacke ...) {DSA-2970-1} - cacti 0.8.8b+dfsg-4 (bug #743565) [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #743565) NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public) NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439 NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls CVE-2014-2708 (Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8 ...) {DSA-2970-1} - cacti 0.8.8b+dfsg-4 (bug #743565) [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #743565) NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public) NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439 NOTE: CVE for all changes to graph_xport.php to ensure that data is numeric CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP pr ...) - cups-filters 1.0.51-1 (bug #743470) [wheezy] - cups-filters (vulnerable code not present) NOTE: Introduced in at least 1.0.41 CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before 3. ...) - linux 3.13.7-1 (low) [wheezy] - linux 3.2.57-1 - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.33) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba CVE-2014-2686 (Ansible prior to 1.5.4 mishandles the evaluation of some strings. ...) - ansible 1.5.4+dfsg-1 CVE-2014-2680 (The update process in Xmind 3.4.1 and earlier allow remote attackers t ...) - xmind (bug #520954; bug #641605) CVE-2014-2679 RESERVED CVE-2014-2677 RESERVED CVE-2014-2676 RESERVED CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php i ...) NOT-FOR-US: WP HTML Sitemap plugin for WordPress CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination (twitter Styl ...) NOT-FOR-US: Ajax Pagination (twitter Style) plugin for WordPress CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote atta ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO Mana ...) NOT-FOR-US: ZOHO ManageEngine OpStor CVE-2014-2666 RESERVED CVE-2014-2664 (Unrestricted file upload vulnerability in the ProfileController::actio ...) NOT-FOR-US: X2Engine X2CR CVE-2014-2663 RESERVED CVE-2014-2662 RESERVED CVE-2014-2661 RESERVED CVE-2014-2660 RESERVED CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in Pap ...) NOT-FOR-US: Papercut MF/NG NOTE: This is not the papercut NNTP server. CVE-2014-2658 (Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 269 ...) NOT-FOR-US: PaperCut MF CVE-2014-2657 (Unspecified vulnerability in the print release functionality in PaperC ...) NOT-FOR-US: PaperCut MF CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earl ...) NOT-FOR-US: MobFox mAdserve CVE-2014-2685 (The GenericConsumer class in the Consumer component in ZendOpenId befo ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.5-0.1 (bug #743175) NOTE: http://framework.zend.com/security/advisory/ZF2014-02 CVE-2014-2684 (The GenericConsumer class in the Consumer component in ZendOpenId befo ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.5-0.1 (bug #743175) NOTE: http://framework.zend.com/security/advisory/ZF2014-02 CVE-2014-2683 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 an ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.5-0.1 (bug #743175) NOTE: http://framework.zend.com/security/advisory/ZF2014-01 CVE-2014-2682 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 an ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.5-0.1 (bug #743175) NOTE: http://framework.zend.com/security/advisory/ZF2014-01 CVE-2014-2681 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 an ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.5-0.1 (bug #743175) NOTE: http://framework.zend.com/security/advisory/ZF2014-01 CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel th ...) {DLA-0015-1} - linux 3.13.10-1 [wheezy] - linux 3.2.57-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: https://lkml.org/lkml/2014/3/29/188 CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) imp ...) - linux 3.13.7-1 [wheezy] - linux (Introduced in 3.4) - linux-2.6 (Introduced in 3.4) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=621b5060e823301d0cba4cb52a7ee3491922d291 NOTE: only affects powerpc architecture CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in drivers/net/wirele ...) - linux 3.13.7-1 [wheezy] - linux 3.2.57-1 - linux-2.6 (Introduced in 3.0) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8 CVE-2014-2669 (Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL ...) {DSA-2865-1} - postgresql-9.1 9.1.12-1 - postgresql-8.4 [wheezy] - postgresql-8.4 (9.x branch only) [squeeze] - postgresql-8.4 (9.x branch only) - postgresql-9.3 9.3.3-1 CVE-2014-2668 (Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a de ...) - couchdb (low; bug #788962) [wheezy] - couchdb (Minor issue) [squeeze] - couchdb (Minor issue) NOTE: High resource usage in CPU and memory while query is active. No crash for deamon in 1.4.0-3+b1 and 1.2.0-5 versions. NOTE: http://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commitdiff_plain;h=0fb5aa9e67bd291ca2638dba961f4ddd3f6ccb3e;hp=198bea3479dfecac13ab1a3e95f902b8eba02f7d CVE-2014-2667 (Race condition in the _get_masked_mode function in Lib/os.py in Python ...) - python3.1 [squeeze] - python3.1 (Minor issue) - python3.2 (low) [wheezy] - python3.2 (Minor issue) - python3.3 - python3.4 3.4.1-1 - python2.5 (Only affects Python 3.x) - python2.6 (Only affects Python 3.x) - python2.7 (Only affects Python 3.x) CVE-2014-2665 (includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.1 ...) {DSA-2891-1} - mediawiki 1:1.19.14+dfsg-1 (bug #742857) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=62497 NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html CVE-2014-2656 REJECTED CVE-2014-2655 (SQL injection vulnerability in the gen_show_status function in functio ...) {DSA-2889-1} - postfixadmin 2.3.5-3 NOTE: http://sourceforge.net/p/postfixadmin/code/1650 CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in OpenSSH ...) {DSA-2894-1} - openssh 1:6.6p1-1 (low; bug #742513) CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) befo ...) NOT-FOR-US: OpenScape Deployment Service CVE-2014-2651 (Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an a ...) NOT-FOR-US: Unify OpenStage/OpenScape Desk Phone IP SIP CVE-2014-2650 (Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an ...) NOT-FOR-US: Unify OpenStage / OpenScape Desk Phone IP CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows ...) NOT-FOR-US: HP Operations Manager CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UN ...) NOT-FOR-US: HP Operations Manager CVE-2014-2647 (Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP ...) NOT-FOR-US: HP Operations Manager CVE-2014-2646 (Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allow ...) NOT-FOR-US: HP Network Automation CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...) NOT-FOR-US: HP Systems Insight Manager CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...) NOT-FOR-US: HP Systems Insight Manager CVE-2014-2643 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2014-2642 (HP System Management Homepage (SMH) before 7.4 allows remote attackers ...) NOT-FOR-US: HP System Management Homepage CVE-2014-2641 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...) NOT-FOR-US: HP System Management Homepage CVE-2014-2640 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP System Management Homepage CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module Manager be ...) NOT-FOR-US: HP MPIO Device CVE-2014-2638 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...) NOT-FOR-US: HP Sprinter CVE-2014-2637 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...) NOT-FOR-US: HP Sprinter CVE-2014-2636 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...) NOT-FOR-US: HP Sprinter CVE-2014-2635 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...) NOT-FOR-US: HP Sprinter CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) 7.2 ...) NOT-FOR-US: HP Service Manager CVE-2014-2633 (Cross-site request forgery (CSRF) vulnerability in the server in HP Se ...) NOT-FOR-US: HP Service Manager CVE-2014-2632 (Unspecified vulnerability in the WebTier component in HP Service Manag ...) NOT-FOR-US: HP Service Manager CVE-2014-2631 (Unspecified vulnerability in HP Application Lifecycle Management (aka ...) NOT-FOR-US: HP Application Lifecycle Management / Quality Center CVE-2014-2630 (Unspecified vulnerability in HP Operations Agent 11.00, when Glance is ...) NOT-FOR-US: HP Operations Agent CVE-2014-2629 (HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, an ...) NOT-FOR-US: HP NonStop Safeguard Security Software CVE-2014-2628 (Unspecified vulnerability in HP Enterprise Maps 1 allows remote authen ...) NOT-FOR-US: HP Enterprise Maps CVE-2014-2627 (Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32 ...) NOT-FOR-US: HP NonStop NetBatch CVE-2014-2626 (Directory traversal vulnerability in the toServerObject function in HP ...) NOT-FOR-US: HP Network Virtualization CVE-2014-2625 (Directory traversal vulnerability in the storedNtxFile function in HP ...) NOT-FOR-US: HP Network Virtualization CVE-2014-2624 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9. ...) NOT-FOR-US: HP Network Node Manager CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x allows remo ...) NOT-FOR-US: HP Data Protector CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...) NOT-FOR-US: HP Intelligent Management Center CVE-2014-2621 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...) NOT-FOR-US: HP Intelligent Management Center CVE-2014-2620 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...) NOT-FOR-US: HP Intelligent Management Center CVE-2014-2619 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...) NOT-FOR-US: HP Intelligent Management Center CVE-2014-2618 (Unspecified vulnerability in HP Intelligent Management Center (iMC) be ...) NOT-FOR-US: HP Intelligent Management Center CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...) NOT-FOR-US: HP Universal CMDB CVE-2014-2616 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...) NOT-FOR-US: HP Universal CMDB CVE-2014-2615 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...) NOT-FOR-US: HP Universal CMDB CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2 ...) NOT-FOR-US: HP SiteScope CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...) NOT-FOR-US: HP Release Control CVE-2014-2612 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...) NOT-FOR-US: HP Release Control CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP ...) NOT-FOR-US: HP Software Executive Scorecard CVE-2014-2610 (Directory traversal vulnerability in the Content Acceleration Pack (CA ...) NOT-FOR-US: HP Software Executive Scorecard CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9. ...) NOT-FOR-US: HP Software Executive Scorecard CVE-2014-2608 (Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 ...) NOT-FOR-US: HP Smart Update Manager CVE-2014-2607 (Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 ...) NOT-FOR-US: HP Operations Manager CVE-2014-2606 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVir ...) NOT-FOR-US: HP StoreVirtual CVE-2014-2605 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVir ...) NOT-FOR-US: HP StoreVirtual CVE-2014-2604 (Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP ...) NOT-FOR-US: HP IceWall CVE-2014-2603 (Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8 ...) NOT-FOR-US: HP CVE-2014-2602 (Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote aut ...) NOT-FOR-US: HP OneView CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier ...) NOT-FOR-US: HP CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through S ...) NOT-FOR-US: HP CVE-2014-2598 (Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post ...) NOT-FOR-US: Quick Page/Post Redirect plugin for WordPress CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a ...) NOT-FOR-US: PCNetSoftware RAC Server CVE-2014-2596 RESERVED CVE-2014-2595 (Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attac ...) NOT-FOR-US: Barracuda Web Application Firewall (WAF) CVE-2014-2594 RESERVED CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager 6.3. ...) NOT-FOR-US: Aruba Networks ClearPass Policy Manager CVE-2014-2592 (Unrestricted file upload vulnerability in Aruba Web Management portal ...) NOT-FOR-US: Aruba Web Management portal CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allow ...) NOT-FOR-US: AIX CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...) NOT-FOR-US: Siemens RuggedCom ROS CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend serv ...) NOT-FOR-US: SonicWall CVE-2014-2588 (Directory traversal vulnerability in servlet/downloadReport in McAfee ...) NOT-FOR-US: McAfee CVE-2014-2587 (SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee ...) NOT-FOR-US: McAfee CVE-2014-2586 (Cross-site scripting (XSS) vulnerability in the login audit form in Mc ...) NOT-FOR-US: McAfee CVE-2014-2584 RESERVED CVE-2014-2583 (Multiple directory traversal vulnerabilities in pam_timestamp.c in the ...) - pam 1.1.8-3.1 (low; bug #757555) [wheezy] - pam (Minor issue) [squeeze] - pam (Minor issue) NOTE: Fix: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8 CVE-2014-2582 RESERVED CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner ...) NOT-FOR-US: WordPress plugin xcloner CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk befor ...) NOT-FOR-US: Splunk Web CVE-2014-2577 (Multiple cross-site scripting (XSS) vulnerabilities in the Transform C ...) NOT-FOR-US: Transform Foundation server CVE-2014-2575 (Directory traversal vulnerability in the File Manager component in Dev ...) NOT-FOR-US: ASP.NET WebForms and MVC CVE-2014-2574 RESERVED CVE-2014-2570 (Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...) - php-font-lib (unimportant) NOTE: make_subset.php installed to examples NOTE: http://seclists.org/bugtraq/2014/Mar/128 CVE-2014-2569 RESERVED CVE-2014-2566 RESERVED CVE-2014-2565 (The commandline interface in Blue Coat Content Analysis System (CAS) 1 ...) NOT-FOR-US: Blue Coat Content Analysis System CVE-2014-2564 RESERVED CVE-2014-2563 RESERVED CVE-2014-2562 RESERVED CVE-2014-2561 RESERVED CVE-2014-2560 (The PhonerLite phone before 2.15 provides hashed credentials in a resp ...) NOT-FOR-US: PhonerLite phone CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in twitget. ...) NOT-FOR-US: WordPress plugin Twitget CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...) NOT-FOR-US: WordPress plugin file-gallery CVE-2014-2557 RESERVED CVE-2014-2556 RESERVED CVE-2014-2555 RESERVED CVE-2014-2554 (OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 ...) {DLA-1119-1} - otrs2 3.3.6-1 [squeeze] - otrs2 (Minor issue) NOTE: https://www.otrs.com/security-advisory-2014-05-clickjacking-issue/ CVE-2014-2553 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) {DLA-1119-1} - otrs2 3.3.6-1 [squeeze] - otrs2 (Minor issue) CVE-2014-2552 (Brookins Consulting (BC) Collected Information Export extension for eZ ...) NOT-FOR-US: Brookins Consulting (BC) Collected Information Export extension CVE-2014-2551 RESERVED CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable Comment ...) NOT-FOR-US: Disable Comments plugin for WordPress CVE-2014-2549 RESERVED CVE-2014-2548 RESERVED CVE-2014-2547 RESERVED CVE-2014-2546 RESERVED CVE-2014-2545 (TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File ...) NOT-FOR-US: TIBCO CVE-2014-2544 (Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desk ...) NOT-FOR-US: Spotfire CVE-2014-2543 (Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Dae ...) NOT-FOR-US: TIBCO CVE-2014-2542 (Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd ...) NOT-FOR-US: TIBCO CVE-2014-2541 (The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezv ...) NOT-FOR-US: TIBCO CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server befor ...) NOT-FOR-US: Orbit Open Ad Server CVE-2014-2539 RESERVED CVE-2014-2537 (Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 ...) NOT-FOR-US: Sophos UTM CVE-2014-2536 (Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0 ...) NOT-FOR-US: McAfee Cloud Identity Manager CVE-2014-2535 (Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x be ...) NOT-FOR-US: McAfee Web Gateway CVE-2014-2534 (/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...) NOT-FOR-US: BlackBerry CVE-2014-2533 (/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...) NOT-FOR-US: BlackBerry CVE-2014-2531 (SQL injection vulnerability in xhr.php in InterWorx Web Control Panel ...) NOT-FOR-US: InterWorx Control Panel CVE-2014-2530 RESERVED CVE-2014-2529 RESERVED CVE-2014-2526 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...) NOT-FOR-US: BarracudaDrive CVE-2014-2525 (Heap-based buffer overflow in the yaml_parser_scan_uri_escapes functio ...) {DSA-2885-1 DSA-2884-1} - libyaml 0.1.4-3.2 (bug #742732) - libyaml-libyaml-perl 0.41-5 NOTE: http://www.ocert.org/advisories/ocert-2014-003.html CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P0 ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P0 ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 befo ...) NOT-FOR-US: EMC RecoverPoint Appliance CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Docu ...) NOT-FOR-US: EMC Documentum CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5. ...) NOT-FOR-US: EMC RSA Archer GRC Platform CVE-2014-2516 (Open redirect vulnerability in EMC RSA Authentication Manager 8.x befo ...) NOT-FOR-US: EMC RSA Authentication Manager CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4 ...) NOT-FOR-US: EMC Documentum CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2513 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...) NOT-FOR-US: EMC Documentum eRoom CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...) NOT-FOR-US: EMC Documentum CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 be ...) NOT-FOR-US: EMC Documentum Foundation Services CVE-2014-2509 (Session fixation vulnerability in the Report Advisor (RA) component in ...) NOT-FOR-US: EMC NCM CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2507 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-2505 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers ...) NOT-FOR-US: EMC RSA Archer GRC Platform CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, ...) NOT-FOR-US: EMC Documentum D2 CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager (DA ...) NOT-FOR-US: EMC Documentum Digital Asset Manager CVE-2014-2502 (Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Ada ...) NOT-FOR-US: EMC RSA Adaptive Authentication CVE-2014-2501 RESERVED CVE-2014-2500 RESERVED CVE-2014-2499 RESERVED CVE-2014-2498 RESERVED CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bi ...) {DSA-3006-1} - xen 4.4.1-1 (bug #757724) [squeeze] - xen (Only affects 4.1 and later) CVE-2014-2585 (ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external ap ...) - owncloud 6.0.2+dfsg-1 CVE-2014-2580 (The netback driver in Xen, when using certain Linux versions that do n ...) - linux 3.13.10-1 [wheezy] - linux (Introduced in 3.12) - linux-2.6 (Introduced in 3.12) NOTE: upstream patch: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=e9d8b2c2968499c1f96563e6522c56958d5a1d0d (first included in v3.15-rc1). CVE-2014-2532 (sshd in OpenSSH before 6.6 does not properly support wildcards on Acce ...) {DSA-2894-1} - openssh 1:6.6p1-1 NOTE: Default sshd_config in Debian has AcceptEnv LANG LC_* NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2 CVE-2014-2581 (Smb4K before 1.1.1 allows remote attackers to obtain credentials via v ...) - smb4k 1.1.2-1 (low; bug #742816) [wheezy] - smb4k (Minor issue) [squeeze] - smb4k (Minor issue) NOTE: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/ CVE-2014-2576 (plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_ ...) - claws-mail 3.10.1-1 (bug #742695) [wheezy] - claws-mail (rssyl plugin in separate source package) [squeeze] - claws-mail (rssyl plugin in separate source package) NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106 - claws-mail-extra-plugins [squeeze] - claws-mail-extra-plugins (Minor issue) [wheezy] - claws-mail-extra-plugins (Minor issue) CVE-2014-2573 (The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 ...) - nova 2014.1-9 (bug #750144) [wheezy] - nova (Vulnerable code in 2013.2 to 2013.2.2) NOTE: https://bugs.launchpad.net/nova/+bug/1269418 CVE-2014-2568 (Use-after-free vulnerability in the nfqnl_zcopy function in net/netfil ...) - linux 3.13.7-1 - linux-2.6 (Introduced in 3.10 commit ae08ce002108) [wheezy] - linux (Introduced in 3.10 commit ae08ce002108) NOTE: Upstream path: https://lkml.org/lkml/2014/3/20/421 CVE-2014-2567 (The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenC ...) NOT-FOR-US: Trojita CVE-2014-2538 (Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rac ...) - ruby-rack-ssl 1.3.2-4 (low; bug #742186) [wheezy] - ruby-rack-ssl (Minor issue) NOTE: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b CVE-2014-2528 (kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when de ...) - k4dirstat 2.7.5-1 (bug #741659) [wheezy] - k4dirstat (Minor issue) - kdirstat [squeeze] - kdirstat (Minor issue) CVE-2014-2527 (kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when de ...) - k4dirstat (Uses single quotes for affected code) - kdirstat (low) [squeeze] - kdirstat (Minor issue) CVE-2014-2571 (Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) CVE-2014-2572 (mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not prope ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) CVE-2014-2524 (The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 a ...) - readline6 6.3-7 (low; bug #741953) [wheezy] - readline6 (Minor issue) [squeeze] - readline6 (Minor issue) CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3. ...) {DSA-2906-1} - linux 3.13.10-1 [wheezy] - linux 3.2.57-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92 CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when running on Windows and us ...) - curl (Only present in code only running on Windows) CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...) {DSA-3215-1 DLA-189-1} - php5 5.6.0~rc4+dfsg-1 [wheezy] - php5 (imagecreatefromxpm function not in used gd extension) [squeeze] - php5 (imagecreatefromxpm function not in used gd extension) - libgd2 2.1.0-4 (low; bug #744719) NOTE: http://web.archive.org/web/20150221193227/http://net-ninja-mr.me/2014/03/14/php-gd-v5-4-17-2-color-visual-null-pointer-dereference/ CVE-2014-2496 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle CVE-2014-2495 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing ...) NOT-FOR-US: Oracle CVE-2014-2494 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2985-1} - mysql-5.5 5.5.39-1 (bug #754941) - mysql-5.1 (Only affects 5.5 and later) - mariadb-5.5 5.5.38-1 (bug #754940) - mariadb-10.0 (Fixed before initial upload) - percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1 CVE-2014-2493 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-2492 (Unspecified vulnerability in the Oracle Agile Product Collaboration co ...) NOT-FOR-US: Oracle CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle Java SE 7 ...) {DSA-2987-1 DSA-2980-1 DLA-96-1} - openjdk-6 6b32-1.13.4-1 NOTE: http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec CVE-2014-2489 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DLA-313-1} - virtualbox 4.3.12-dfsg-1 (bug #754939) [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 - virtualbox-ose [squeeze] - virtualbox-ose (Specific details withheld, but CVSS score indicates low impact) CVE-2014-2488 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DLA-313-1} - virtualbox 4.3.12-dfsg-1 (bug #754939) [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 - virtualbox-ose [squeeze] - virtualbox-ose (Specific details withheld, but CVSS score indicates low impact) CVE-2014-2487 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox (Only applies if VBox is running on Windows) - virtualbox-ose (Only applies if VBox is running on Windows) CVE-2014-2486 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DLA-313-1} - virtualbox 4.3.12-dfsg-1 (bug #754939) [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 - virtualbox-ose [squeeze] - virtualbox-ose (Specific details withheld, but CVSS score indicates low impact) CVE-2014-2485 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) NOT-FOR-US: Oracle CVE-2014-2484 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects 5.6) - mysql-5.1 (Only affects 5.6) - mariadb-5.5 (Only affects 5.6) - percona-xtradb-cluster-5.5 (Only affects 5.6) CVE-2014-2483 (Unspecified vulnerability in the Java SE component in Oracle Java SE J ...) {DSA-2987-1} - openjdk-6 (vulnerable code not present) - openjdk-7 7u65-2.5.1-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003 CVE-2014-2482 (Unspecified vulnerability in the Oracle Concurrent Processing componen ...) NOT-FOR-US: Oracle CVE-2014-2481 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-2480 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-2479 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle CVE-2014-2478 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-2477 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.3.12-dfsg-1 (bug #754939) [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 - virtualbox-ose (Only affects 4.0 and later) CVE-2014-2476 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Virtualization CVE-2014-2475 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Virtualization CVE-2014-2474 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Virtualization CVE-2014-2473 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Virtualization CVE-2014-2472 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Virtualization CVE-2014-2471 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...) NOT-FOR-US: Oracle iLearning CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2469 (Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows at ...) - lighttpd (Only affects lighttpd on Oracle Solaris) CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2014-2467 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2466 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2465 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2464 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2463 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...) NOT-FOR-US: Oracle Secure Global Desktop (SGD) CVE-2014-2462 REJECTED CVE-2014-2461 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2460 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2459 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2458 (Unspecified vulnerability in the Oracle Agile Product Lifecycle compon ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2457 (Unspecified vulnerability in the Oracle Agile Product Lifecycle compon ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2456 (Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise ...) NOT-FOR-US: Oracle CVE-2014-2455 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...) NOT-FOR-US: Oracle Hyperion CVE-2014-2454 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...) NOT-FOR-US: Oracle Hyperion CVE-2014-2453 (Unspecified vulnerability in the Hyperion Common Admin component in Or ...) NOT-FOR-US: Oracle Hyperion CVE-2014-2452 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2451 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-2450 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-2449 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent Acq ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2448 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2447 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2446 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2445 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-2444 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-2443 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2442 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-2441 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox-guest-additions (Only affects 4.1 and later) - virtualbox-guest-additions-iso 4.3.10-1 [wheezy] - virtualbox-guest-additions-iso (Non-free not supported) NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html CVE-2014-2440 (Unspecified vulnerability in the MySQL Client component in Oracle MySQ ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 NOTE: this is the same issue as CVE-2014-0001, see https://www.openwall.com/lists/oss-security/2014/09/11/23 CVE-2014-2439 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...) NOT-FOR-US: Oracle Secure Global Desktop (SGD) CVE-2014-2438 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier an ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-2437 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2436 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier an ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-2435 (Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-2434 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-2433 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2432 (Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-2431 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier an ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-2430 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier an ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-2429 (Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2014-2428 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-2427 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2426 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2425 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2424 (Unspecified vulnerability in the Oracle Event Processing component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2423 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2422 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2 ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2014-2421 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2420 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-2419 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier an ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-2418 (Unspecified vulnerability in the Oracle Data Integrator component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2417 (Unspecified vulnerability in the Oracle Data Integrator component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2416 (Unspecified vulnerability in the Oracle Data Integrator component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2415 (Unspecified vulnerability in the Oracle Data Integrator component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2414 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2413 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) {DSA-2923-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 (Only affects Java 7/8) CVE-2014-2412 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2411 (Unspecified vulnerability in the Oracle Identity Analytics component i ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2410 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2014-2409 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-2408 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-2407 (Unspecified vulnerability in the Oracle Data Integrator component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2406 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-2405 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...) {DSA-2912-1} - openjdk-6 6b31-1.13.3-1 CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2402 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) {DSA-2923-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 (Only affects Java 7/8) CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2014-2400 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-2398 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2397 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-2396 RESERVED CVE-2014-2395 RESERVED CVE-2014-2394 RESERVED CVE-2014-2393 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4. ...) NOT-FOR-US: Open-Xchange CVE-2014-2392 (The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7 ...) NOT-FOR-US: Open-Xchange CVE-2014-2391 (The password recovery service in Open-Xchange AppSuite before 7.2.2-re ...) NOT-FOR-US: Open-Xchange CVE-2014-2390 (Cross-site request forgery (CSRF) vulnerability in the User Management ...) NOT-FOR-US: McAfee Network Security Manager CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in qconnD ...) NOT-FOR-US: BlackBerry Z 10 CVE-2014-2388 (The Storage and Access service in BlackBerry OS 10.x before 10.2.1.192 ...) NOT-FOR-US: BlackBerry OS CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web UI in S ...) NOT-FOR-US: Sophos Antivirus CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...) NOT-FOR-US: VMware on Windows CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...) - php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619) NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterpris ...) NOT-FOR-US: Faronics CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...) NOT-FOR-US: Schneider Electric CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...) NOT-FOR-US: Schneider Electric CVE-2014-2379 (Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and Tr ...) NOT-FOR-US: Sensys Networks CVE-2014-2378 (Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and Tr ...) NOT-FOR-US: Sensys Networks CVE-2014-2377 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1 ...) NOT-FOR-US: Ecava IntegraXor SCADA Server CVE-2014-2376 (SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4. ...) NOT-FOR-US: Ecava IntegraXor SCADA Server CVE-2014-2375 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1 ...) NOT-FOR-US: Ecava IntegraXor SCADA Server CVE-2014-2374 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim I ...) NOT-FOR-US: Accuenergy CVE-2014-2373 (The web server on the AXN-NET Ethernet module accessory 3.04 for the A ...) NOT-FOR-US: Accuenergy CVE-2014-2372 RESERVED CVE-2014-2371 RESERVED CVE-2014-2370 (Cross-site scripting (XSS) vulnerability in the web application on Omr ...) NOT-FOR-US: Omron CVE-2014-2369 (Cross-site request forgery (CSRF) vulnerability in the web application ...) NOT-FOR-US: Omron CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech W ...) NOT-FOR-US: Advantech WebAccess CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in broadweb/include/gCh ...) NOT-FOR-US: Advantech WebAccess CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenti ...) NOT-FOR-US: Advantech WebAccess CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2 allows rem ...) NOT-FOR-US: Advantech WebAccess CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before 7. ...) NOT-FOR-US: Advantech WebAccess CVE-2014-2363 (Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which ...) NOT-FOR-US: Morpho Itemiser CVE-2014-2362 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rel ...) NOT-FOR-US: OleumTech Wireless Gateway CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, wh ...) NOT-FOR-US: OleumTech Wireless Gateway CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules all ...) NOT-FOR-US: OleumTech Wireless Gateway CVE-2014-2359 (OleumTech Wireless Sensor Network devices allow remote attackers to ob ...) NOT-FOR-US: OleumTech Wireless Sensor Network devices CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: Fox-IT Fox DataDiode CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in SUB ...) NOT-FOR-US: SUBNET SubSTATION Server 2 CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require a ...) NOT-FOR-US: Innominate mGuard CVE-2014-2355 (The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIM ...) NOT-FOR-US: Systems Integrated GE Proficy HMI/SCADA-CIMPLICITY CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password hashin ...) NOT-FOR-US: Cogent DataHub CVE-2014-2353 (Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3. ...) NOT-FOR-US: Cogent DataHub CVE-2014-2352 (Directory traversal vulnerability in Cogent DataHub before 7.3.5 allow ...) NOT-FOR-US: Cogent DataHub CVE-2014-2351 (SQL injection vulnerability in the LiveData service in CSWorks before ...) NOT-FOR-US: CSWorks CVE-2014-2350 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentia ...) NOT-FOR-US: Emerson DeltaV CVE-2014-2349 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to mo ...) NOT-FOR-US: Emerson DeltaV CVE-2014-2348 RESERVED CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessio ...) NOT-FOR-US: Amtelco miSecureMessages CVE-2014-2346 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.1 ...) NOT-FOR-US: COPA-DATA CVE-2014-2345 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through 7.1 ...) NOT-FOR-US: COPA-DATA CVE-2014-2344 REJECTED CVE-2014-2343 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physica ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2014-2342 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2014-2341 (Session fixation vulnerability in CubeCart before 5.2.9 allows remote ...) NOT-FOR-US: CubeCart CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin ...) NOT-FOR-US: WordPress plugin xcloner-backup-and-restore CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNU ...) NOT-FOR-US: GNU Board CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypa ...) {DSA-2903-1} - strongswan 5.1.2-4 CVE-2014-2337 RESERVED CVE-2014-2336 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...) NOT-FOR-US: Fortinet FortiManager CVE-2014-2335 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...) NOT-FOR-US: Fortinet FortiManager CVE-2014-2334 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User In ...) NOT-FOR-US: Fortinet FortiManager CVE-2014-2333 (Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...) NOT-FOR-US: WordPress plugin Lazyest Gallery CVE-2014-2332 (Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authen ...) - check-mk 1.2.2p3-1 (bug #742689) [wheezy] - check-mk (Minor issue) NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt CVE-2014-2331 (Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated use ...) - check-mk 1.2.6p4-1 (bug #742689) [wheezy] - check-mk (Minor issue) NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt CVE-2014-2330 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mult ...) - check-mk 1.2.6p4-1 (bug #742689) [wheezy] - check-mk (Minor issue) NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt CVE-2014-2329 (Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before ...) - check-mk 1.2.2p3-1 (bug #742689) [wheezy] - check-mk (Minor issue) NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remot ...) {DSA-2970-1} - cacti 0.8.8b+dfsg-4 (bug #742768) [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768) NOTE: http://bugs.cacti.net/view.php?id=2433 CVE-2014-2327 (Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8 ...) {DSA-2970-1} - cacti 0.8.8b+dfsg-6 (bug #742768) [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768) NOTE: http://bugs.cacti.net/view.php?id=2432 CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ...) {DSA-2970-1} - cacti 0.8.8b+dfsg-4 (bug #742768) [squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768) NOTE: http://bugs.cacti.net/view.php?id=2431 CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote attac ...) NOT-FOR-US: ATCOM Netvolution CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7 ...) NOT-FOR-US: OpenDocMan CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search Everyth ...) NOT-FOR-US: WP plugin search-everything CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You C ...) NOT-FOR-US: WP plugin thankyoubutton CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in Atl ...) NOT-FOR-US: Atlassian JIRA CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...) NOT-FOR-US: Atlassian JIRA CVE-2014-2387 (Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities ...) - pen 0.22.1-1 (low; bug #741370) [squeeze] - pen (Minor issue) [wheezy] - pen (Minor issue) CVE-2014-2386 (Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, all ...) {DSA-2956-1} - icinga 1.11.0-1 [squeeze] - icinga (Vulnerable code not present) CVE-2014-2325 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Ga ...) NOT-FOR-US: Proxmox Mail Gateway CVE-2014-2324 (Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ...) {DSA-2877-1} - lighttpd 1.4.33-1+nmu3 (bug #741493) CVE-2014-2323 (SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1. ...) {DSA-2877-1} - lighttpd 1.4.33-1+nmu3 (bug #741493) CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allow ...) NOT-FOR-US: Ruby Gem Arabic Prawn CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote atta ...) NOT-FOR-US: ZTE F460 and F660 cable modems CVE-2014-2320 RESERVED CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 u ...) NOTE: Non issue NOTE: http://seclists.org/oss-sec/2014/q1/550 CVE-2014-2312 (The main function in android_main.cpp in thermald allows local users t ...) - thermald (android_main.cpp not used for Debian build) CVE-2014-2311 (SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 ...) NOT-FOR-US: MODx Revolution CVE-2014-2308 RESERVED CVE-2014-2307 RESERVED CVE-2014-2306 RESERVED CVE-2014-2305 RESERVED CVE-2014-2304 (A vulnerability in version 0.90 of the Open Floodlight SDN controller ...) NOT-FOR-US: Open Floodlight CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ( ...) NOT-FOR-US: webEdition CMS CVE-2014-2302 (The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x befor ...) NOT-FOR-US: webEdition CMS CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...) NOT-FOR-US: OrbiTeam BSCW CVE-2014-2300 RESERVED CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPE ...) {DSA-2871-1} - wireshark 1.10.6-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-04.html CVE-2014-2298 RESERVED CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhispe ...) NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress CVE-2014-2296 (XML external entity (XXE) vulnerability in java/org/jasig/cas/util/Sam ...) NOT-FOR-US: Jasig CAS CVE-2014-2295 RESERVED CVE-2014-2294 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers to condu ...) NOT-FOR-US: Open Web Analytics CVE-2014-2293 (Zikula Application Framework before 1.3.7 build 11 allows remote attac ...) NOT-FOR-US: Zikula CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in Junip ...) NOT-FOR-US: Junos Pulse Secure Access Service CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (S ...) NOT-FOR-US: Junos CVE-2014-2290 RESERVED CVE-2014-2289 (res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Op ...) - asterisk (Only affects Asterisk 12.x) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-004.html CVE-2014-2288 (The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, w ...) - asterisk (Only affects Asterisk 12.x) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-003.html CVE-2014-2287 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11. ...) {DLA-781-1} - asterisk 1:11.8.1~dfsg-1 (bug #741313) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-002.html CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x befo ...) {DLA-455-1} - asterisk 1:11.8.1~dfsg-1 (bug #741313) [squeeze] - asterisk (Unsupported in squeeze-lts) NOTE: http://downloads.asterisk.org/pub/security/AST-2014-001.html CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x bef ...) {DSA-2871-1} - wireshark 1.10.6-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-03.html CVE-2014-2282 (The dissect_protocol_data_parameter function in epan/dissectors/packet ...) - wireshark 1.10.6-1 [wheezy] - wireshark (Vulnerable code not present) [squeeze] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-02.html CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c i ...) {DSA-2871-1} - wireshark 1.10.6-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672 NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel thr ...) - linux 3.13.6-1 [wheezy] - linux 3.2.57-1 - linux-2.6 (Introduced in v3.0) NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0 NOTE: Fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39 CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers t ...) - net-snmp 5.7.2~dfsg-3 (bug #684388) [wheezy] - net-snmp 5.4.3~dfsg-2.8 [squeeze] - net-snmp (Minor issue) NOTE: http://sourceforge.net/p/net-snmp/patches/1113/ CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in Seed ...) NOT-FOR-US: SeedDMS CVE-2014-2279 (Multiple directory traversal vulnerabilities in SeedDMS (formerly Leto ...) NOT-FOR-US: SeedDMS CVE-2014-2278 (Unrestricted file upload vulnerability in op/op.AddFile2.php in SeedDM ...) NOT-FOR-US: SeedDMS CVE-2014-2277 (The make_temporary_filename function in perltidy 20120701-1 and earlie ...) - perltidy 20130922-1 (bug #740670) [wheezy] - perltidy (Minor issue) [squeeze] - perltidy (Minor issue) CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Converged N ...) NOT-FOR-US: EMC CVE-2014-2275 RESERVED CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the Subscribe To Co ...) NOT-FOR-US: Subscribe To Comments Reloaded plugin for WordPress CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 al ...) NOT-FOR-US: Huawei Router CVE-2014-2272 RESERVED CVE-2014-2271 (cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office ...) NOT-FOR-US: Kingsoft Office CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 ...) NOT-FOR-US: vTiger CRM CVE-2014-2268 (views/Index.php in the Install module in vTiger 6.0 before Security Pa ...) NOT-FOR-US: vTiger CRM CVE-2014-2267 RESERVED CVE-2014-2266 RESERVED CVE-2014-2265 (Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to by ...) NOT-FOR-US: Rock Lobster Contact Form CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 upda ...) NOT-FOR-US: Synology DiskStation Manager CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad - libav 6:10.4-1 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257 CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9 ...) NOT-FOR-US: Base SAS CVE-2014-2261 RESERVED CVE-2014-2260 (Cross-site scripting (XSS) vulnerability in plugins/main/content/js/aj ...) NOT-FOR-US: Ajenti CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...) NOT-FOR-US: Siemens CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...) NOT-FOR-US: Siemens CVE-2014-2257 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...) NOT-FOR-US: Siemens CVE-2014-2256 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...) NOT-FOR-US: Siemens CVE-2014-2255 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...) NOT-FOR-US: Siemens CVE-2014-2254 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...) NOT-FOR-US: Siemens CVE-2014-2253 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 all ...) NOT-FOR-US: Siemens CVE-2014-2252 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...) NOT-FOR-US: Siemens CVE-2014-2251 (The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices ...) NOT-FOR-US: Siemens CVE-2014-2250 (The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices ...) NOT-FOR-US: Siemens CVE-2014-2249 (Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7- ...) NOT-FOR-US: Siemens CVE-2014-2248 (Open redirect vulnerability in the integrated web server on Siemens SI ...) NOT-FOR-US: Siemens CVE-2014-2247 (The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices w ...) NOT-FOR-US: Siemens CVE-2014-2246 (Cross-site scripting (XSS) vulnerability in the integrated web server ...) NOT-FOR-US: Siemens CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer f ...) - freetype 2.5.2-1.1 (bug #741299) [wheezy] - freetype (vuln. code introduced around 2.5) [squeeze] - freetype (vuln. code introduced around 2.5) NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/ NOTE: https://savannah.nongnu.org/bugs/?41697#comment2 if I understood it right CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in cff/c ...) - freetype 2.5.2-1.1 (bug #741299) [wheezy] - freetype (vuln. code introduced around 2.5) [squeeze] - freetype (vuln. code introduced around 2.5) NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/ NOTE: https://savannah.nongnu.org/bugs/?41697#comment0 CVE-2014-2239 RESERVED CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier use ...) - openssl (Apple-specific patch) CVE-2014-2233 (Server-side request forgery (SSRF) vulnerability in the MapAPI in Info ...) NOT-FOR-US: Infoware MapSuite CVE-2014-2232 (Absolute path traversal vulnerability in the MapAPI in Infoware MapSui ...) NOT-FOR-US: Infoware MapSuite CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...) NOT-FOR-US: synetics i-doit pro CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php in O ...) NOT-FOR-US: OpenX CVE-2014-2229 RESERVED CVE-2014-2228 (The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote a ...) NOT-FOR-US: HP Fortify SCA CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Ne ...) NOT-FOR-US: Ubiquiti Networks CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...) NOT-FOR-US: Ubiquiti Networks CVE-2014-2225 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti ...) NOT-FOR-US: Ubiquiti Networks CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not as ...) NOT-FOR-US: Plogger CVE-2014-2223 (Unrestricted file upload vulnerability in plog-admin/plog-upload.php i ...) NOT-FOR-US: Plogger CVE-2014-2222 RESERVED CVE-2014-2221 RESERVED CVE-2014-2220 RESERVED CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimp ...) NOT-FOR-US: CMSimple CVE-2014-2218 RESERVED CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload control in ...) NOT-FOR-US: Telerik UI for ASP.NET AJAX CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 an ...) NOT-FOR-US: Fortinet FortiOS CVE-2014-2215 REJECTED CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9. ...) NOT-FOR-US: Erwin Web Portal CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supp ...) NOT-FOR-US: Facebook HipHop Virtual Machine CVE-2014-2208 (CRLF injection vulnerability in the LightProcess protocol implementati ...) NOT-FOR-US: Facebook HipHop Virtual Machine CVE-2014-2207 RESERVED CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) b ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2014-2204 RESERVED CVE-2014-2203 RESERVED CVE-2014-2202 RESERVED CVE-2014-2201 (The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS ...) NOT-FOR-US: Cisco NX-OS CVE-2014-2200 (Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authen ...) NOT-FOR-US: Cisco CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, WebE ...) NOT-FOR-US: Cisco WebEx CVE-2014-2198 (Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platf ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-2197 (The Administration GUI in the web framework in Cisco Unified Communica ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-2196 (Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when ...) NOT-FOR-US: Cisco Wide Area Application Services CVE-2014-2195 (Cisco AsyncOS on Email Security Appliance (ESA) and Content Security M ...) NOT-FOR-US: Cisco AsyncOS CVE-2014-2194 (system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interacti ...) NOT-FOR-US: Cisco Unified Web and E-mail Interaction Manager CVE-2014-2193 (Cisco Unified Web and E-Mail Interaction Manager places session identi ...) NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager CVE-2014-2192 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-ma ...) NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager CVE-2014-2191 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco CVE-2014-2190 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco CVE-2014-2189 REJECTED CVE-2014-2188 REJECTED CVE-2014-2187 RESERVED CVE-2014-2186 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-2185 (The Call Detail Records (CDR) Management component in Cisco Unified Co ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-2184 (The IP Manager Assistant (IPMA) component in Cisco Unified Communicati ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-2183 (The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 rout ...) NOT-FOR-US: Cisco CVE-2014-2182 (Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay i ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2181 (Cisco Adaptive Security Appliance (ASA) Software allows remote authent ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center Expr ...) NOT-FOR-US: Cisco Unified Contact Center Express CVE-2014-2179 (The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV12 ...) NOT-FOR-US: Cisco RV CVE-2014-2178 (Cross-site request forgery (CSRF) vulnerability in the administrative ...) NOT-FOR-US: Cisco RV CVE-2014-2177 (The network-diagnostics administration interface in the Cisco RV route ...) NOT-FOR-US: Cisco RV CVE-2014-2176 (Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a Trident-b ...) NOT-FOR-US: Cisco IOS CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...) NOT-FOR-US: Cisco CVE-2014-2174 (Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 ...) NOT-FOR-US: Cisco CVE-2014-2173 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...) NOT-FOR-US: Cisco CVE-2014-2172 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE S ...) NOT-FOR-US: Cisco CVE-2014-2171 (Heap-based buffer overflow in Cisco TelePresence TC Software 4.x throu ...) NOT-FOR-US: Cisco CVE-2014-2170 (Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before ...) NOT-FOR-US: Cisco CVE-2014-2169 (Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Sof ...) NOT-FOR-US: Cisco CVE-2014-2168 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE S ...) NOT-FOR-US: Cisco CVE-2014-2167 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...) NOT-FOR-US: Cisco CVE-2014-2166 (The SIP implementation in Cisco TelePresence TC Software 4.x and TE So ...) NOT-FOR-US: Cisco CVE-2014-2165 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...) NOT-FOR-US: Cisco CVE-2014-2164 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...) NOT-FOR-US: Cisco CVE-2014-2163 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...) NOT-FOR-US: Cisco CVE-2014-2162 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x a ...) NOT-FOR-US: Cisco CVE-2014-2161 (The H.225 subsystem in Cisco TelePresence System MXP Series Software b ...) NOT-FOR-US: Cisco CVE-2014-2160 (The H.225 subsystem in Cisco TelePresence System MXP Series Software b ...) NOT-FOR-US: Cisco CVE-2014-2159 (The H.225 subsystem in Cisco TelePresence System MXP Series Software b ...) NOT-FOR-US: Cisco CVE-2014-2158 (Cisco TelePresence System MXP Series Software before F9.3.1 allows rem ...) NOT-FOR-US: Cisco CVE-2014-2157 (Cisco TelePresence System MXP Series Software before F9.3.1 allows rem ...) NOT-FOR-US: Cisco CVE-2014-2156 (Cisco TelePresence System MXP Series Software before F9.3.1 allows rem ...) NOT-FOR-US: Cisco CVE-2014-2155 (The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows rem ...) NOT-FOR-US: Cisco CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security Ap ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2153 (Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in ...) NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-2152 (Cross-site request forgery (CSRF) vulnerability in the INSERT page in ...) NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2150 REJECTED CVE-2014-2149 REJECTED CVE-2014-2148 RESERVED CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does n ...) NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-2146 (The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15 ...) NOT-FOR-US: Cisco CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...) NOT-FOR-US: Cisco CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...) NOT-FOR-US: Cisco CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE al ...) NOT-FOR-US: Cisco CVE-2014-2142 (Cisco ONS 15454 controller cards with software 10.0 and earlier allow ...) NOT-FOR-US: Cisco ONS CVE-2014-2141 (The session-termination functionality on Cisco ONS 15454 controller ca ...) NOT-FOR-US: Cisco ONS CVE-2014-2140 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow r ...) NOT-FOR-US: Cisco ONS CVE-2014-2139 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow r ...) NOT-FOR-US: Cisco ONS CVE-2014-2138 (CRLF injection vulnerability in the web framework in Cisco Security Ma ...) NOT-FOR-US: Cisco Security Manager CVE-2014-2137 (CRLF injection vulnerability in the web framework in Cisco Web Securit ...) NOT-FOR-US: Cisco Web Security Appliance CVE-2014-2136 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...) NOT-FOR-US: Cisco WebEx CVE-2014-2135 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...) NOT-FOR-US: Cisco WebEx CVE-2014-2134 (Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) playe ...) NOT-FOR-US: Cisco WebEx CVE-2014-2133 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...) NOT-FOR-US: Cisco WebEx CVE-2014-2132 (Cisco WebEx Recording Format (WRF) player and Advanced Recording Forma ...) NOT-FOR-US: Cisco WebEx CVE-2014-2131 (The packet driver in Cisco IOS allows remote attackers to cause a deni ...) NOT-FOR-US: Cisco IOS CVE-2014-2130 (Cisco Secure Access Control Server (ACS) provides an unintentional adm ...) NOT-FOR-US: Cisco CVE-2014-2129 (The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) S ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2128 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2127 (Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2126 (Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2125 (Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Uni ...) NOT-FOR-US: Cisco Unity Connection Server CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T ...) NOT-FOR-US: Cisco CVE-2014-2123 RESERVED CVE-2014-2122 (Memory leak in the GUI in the Impact server in Cisco Hosted Collaborat ...) NOT-FOR-US: Cisco CVE-2014-2121 (The Java-based software in Cisco Hosted Collaboration Solution (HCS) a ...) NOT-FOR-US: Cisco CVE-2014-2120 (Cross-site scripting (XSS) vulnerability in the WebVPN login page in C ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS So ...) NOT-FOR-US: Cisco AsyncOS CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in dashboard-relat ...) NOT-FOR-US: Cisco PRSM CVE-2014-2117 (Multiple open redirect vulnerabilities in Cisco Emergency Responder (E ...) NOT-FOR-US: Cisco CVE-2014-2116 (Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers ...) NOT-FOR-US: Cisco CVE-2014-2115 (Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserS ...) NOT-FOR-US: Cisco CVE-2014-2114 (Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emerg ...) NOT-FOR-US: Cisco CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 ...) NOT-FOR-US: Cisco IOS CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...) NOT-FOR-US: Cisco IOS CVE-2014-2111 (The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 1 ...) NOT-FOR-US: Cisco IOS CVE-2014-2110 RESERVED CVE-2014-2109 (The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 1 ...) NOT-FOR-US: Cisco IOS CVE-2014-2108 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before ...) NOT-FOR-US: Cisco IOS CVE-2014-2107 (Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA ...) NOT-FOR-US: Cisco CVE-2014-2106 (Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S all ...) NOT-FOR-US: Cisco IOS CVE-2014-2105 RESERVED CVE-2014-2104 (Multiple cross-site scripting (XSS) vulnerabilities in the Business Vo ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2014-2103 (Cisco Intrusion Prevention System (IPS) Software allows remote attacke ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2014-2102 (Cisco Unified Contact Center Express (Unified CCX) does not properly r ...) NOT-FOR-US: Cisco Unified Contact Center Express CVE-2014-2101 RESERVED CVE-2014-2100 RESERVED CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: [Anton] appears to not be present in any version of libav CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect d ...) - ffmpeg (Vulnerable code not present) - libav 6:10.4-1 [wheezy] - libav (Vulnerable code not present) NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=849b9d34 (master) NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6be5a3c0 (release/10) NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=36d8914f (release/9) CVE-2014-2097 (The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: [Anton] appears to not be present in any version of libav CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManag ...) - cmsms (bug #608888) CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admi ...) NOT-FOR-US: ATutor CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in IL ...) NOT-FOR-US: ILIAS CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via ...) NOT-FOR-US: ILIAS CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 all ...) NOT-FOR-US: ILIAS CVE-2014-2087 (Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload ...) NOT-FOR-US: Free Download Manager CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs i ...) - net-snmp 5.7.2.1~dfsg-3 (unimportant) [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072778 NOTE: Upstream fix: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/ NOTE: unimportant since it only segfaults with older Perl version NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ddfa59c CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2. ...) - net-snmp 5.7.2.1~dfsg-3 (bug #742817) [wheezy] - net-snmp (Only affects code from 5.5 through 5.7.2) [squeeze] - net-snmp (Only affects code from 5.5 through 5.7.2) NOTE: http://sourceforge.net/p/net-snmp/mailman/message/32026655/ NOTE: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/ CVE-2014-XXXX [buffer overflow] - mp3gain 1.6.2-1 (low; bug #740268) [squeeze] - mp3gain (Minor issue) [wheezy] - mp3gain (Minor issue) NOTE: http://sourceforge.net/p/mp3gain/bugs/36/ CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent ...) {DSA-2943-1 DSA-2873-1 DLA-145-1} - file 1:5.17-1 NOTE: http://bugs.gw.com/view.php?id=313 NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801 - php5 5.5.10+dfsg-1 (bug #740960) NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f CVE-2014-5795 REJECTED CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple (CMS ...) - cmsms (bug #608888) CVE-2014-2244 (Cross-site scripting (XSS) vulnerability in the formatHTML function in ...) - mediawiki (vulnerable code not present) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61362 NOTE: https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z CVE-2014-2243 (includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x befor ...) - mediawiki 1:1.19.12+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61346 NOTE: https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z CVE-2014-2242 (includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and ...) - mediawiki 1:1.19.12+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=60771 NOTE: https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z CVE-2014-2238 (SQL injection vulnerability in the manage configuration page (adm_conf ...) - mantis [wheezy] - mantis (Introduced in 1.2.13) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=17055 CVE-2014-2237 (The memcache token backend in OpenStack Identity (Keystone) 2013.1 thr ...) - keystone 2013.2.3-1 [wheezy] - keystone (Minor issue) NOTE: https://launchpad.net/bugs/1260080 CVE-2014-2236 (Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0 ...) - askbot (bug #687966) CVE-2014-2235 (Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allow ...) - askbot (bug #687966) CVE-2014-2214 (Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh ...) NOT-FOR-US: POSH web app (different from src:posh) CVE-2014-2213 (Open redirect vulnerability in the password reset functionality in POS ...) NOT-FOR-US: POSH web app (different from src:posh) CVE-2014-2212 (The remember me feature in portal/scr_authentif.php in POSH (aka Posh ...) NOT-FOR-US: POSH web app (different from src:posh) CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in POSH (ak ...) NOT-FOR-US: POSH web app (different from src:posh) CVE-2014-2206 (Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8. ...) NOT-FOR-US: GetGo Download Manager CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 all ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish 0.3.2-1+deb6u1 [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2095 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, wh ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish 0.3.2-1+deb6u1 [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2094 (Untrusted search path vulnerability in Catfish through 0.4.0.3, when a ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish 0.3.2-1+deb6u1 [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3 allows ...) - catfish 1.0.1-1 (low; bug #739958) [squeeze] - catfish 0.3.2-1+deb6u1 [wheezy] - catfish 0.3.2-2+deb7u1 CVE-2014-2086 RESERVED CVE-2014-2085 REJECTED CVE-2014-2084 (Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, ...) NOT-FOR-US: Skybox View Appliances CVE-2014-2083 RESERVED CVE-2014-2082 RESERVED CVE-2014-2081 (Multiple SQL injection vulnerabilities in the login in web_reports/cgi ...) NOT-FOR-US: Innovative vtls-Virtua CVE-2014-2080 (Cross-site scripting (XSS) vulnerability in manager/templates/default/ ...) NOT-FOR-US: MODx Revolution CVE-2014-2079 (X File Explorer (aka xfe) might allow local users to bypass intended a ...) - xfe 1.37-2 (bug #739536) [wheezy] - xfe (Minor issue) [squeeze] - xfe (Minor issue) CVE-2014-2078 (The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allo ...) NOT-FOR-US: Open-Xchange CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...) NOT-FOR-US: Open-Xchange CVE-2014-2076 RESERVED CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK ...) NOT-FOR-US: TIBCO Enterprise Administrator CVE-2014-2074 RESERVED CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allow ...) NOT-FOR-US: Dassault Systemes Catia CVE-2014-2072 (Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadeq ...) NOT-FOR-US: Dassault Systemes Catia CVE-2014-2071 (Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.6164 ...) NOT-FOR-US: Aruba Networks ClearPass Policy Manager CVE-2014-2070 RESERVED CVE-2014-2069 (Absolute path traversal vulnerability in Eshtery CMS allows remote att ...) NOT-FOR-US: Eshtery CMS CVE-2014-2068 (The doIndex function in hudson/util/RemotingDiagnostics.java in CloudB ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb CVE-2014-2067 (Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.ja ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014 CVE-2014-2066 (Session fixation vulnerability in Jenkins before 1.551 and LTS before ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a CVE-2014-2065 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and L ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7 CVE-2014-2064 (The loadUserByUsername function in hudson/security/HudsonPrivateSecuri ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec CVE-2014-2063 (Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6 CVE-2014-2062 (Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the AP ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3 CVE-2014-2061 (The input control in PasswordParameterDefinition in Jenkins before 1.5 ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef CVE-2014-2060 (The Winstone servlet container in Jenkins before 1.551 and LTS before ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0 CVE-2014-2059 (Directory traversal vulnerability in the CLI job creation (hudson/cli/ ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d CVE-2014-2058 (BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows rem ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e CVE-2014-2057 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 6.0.2+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-007/ CVE-2014-2056 (PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0 ...) - owncloud 6.0.2+dfsg-1 - phpdocx 3.0+dfsg-2 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/ CVE-2014-2055 (SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6 ...) - owncloud 6.0.2+dfsg-1 - php-sabredav 1.7.11+dfsg-1 NOTE: https://github.com/fruux/sabre-dav/releases/tag/1.7.11 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/ CVE-2014-2054 (PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6. ...) - owncloud 6.0.2+dfsg-1 - dolibarr 3.5.3+dfsg1-1 - moodle 2.7.5+dfsg-3 (bug #775842) [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: dolibarr removed phpexcel in 3.5.3+dfsg1-1 / #729538 NOTE: moodle also contain a copy of PHPExcel NOTE: owncloud does not mention details NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/ NOTE: https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt CVE-2014-2053 (getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6. ...) {DSA-3001-1 DLA-56-1} - owncloud 6.0.2+dfsg-1 - php-getid3 1.9.7-2 [wheezy] - php-getid3 1.9.3-1+deb7u1 [squeeze] - php-getid3 (Vulnerable code not present) NOTE: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/ - wordpress 3.9.2+dfsg-1 (bug #757312) NOTE: https://core.trac.wordpress.org/changeset/29390 CVE-2014-2052 (Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x bef ...) - owncloud 6.0.2+dfsg-1 NOTE: owncloud advisory does not mention details for ZendFramework NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/ NOTE: The reference wrt zendframework is for CVE-2012-6532 CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...) - owncloud 6.0.2+dfsg-1 CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...) - owncloud 6.0.2+dfsg-1 CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...) - owncloud 6.0.0+dfsg-1 CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...) - owncloud CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is c ...) - owncloud 6.0.2+dfsg-1 CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 r ...) NOT-FOR-US: Broadcom Ltd PIPA C211 CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the old and new ...) NOT-FOR-US: Viprinet CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud befo ...) - owncloud (Windows-specific) CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...) NOT-FOR-US: Procentia IntelliPen CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project functiona ...) NOT-FOR-US: Livetecs Timelive CVE-2014-2041 RESERVED CVE-2014-2040 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) callbac ...) NOT-FOR-US: WordPress plugin MediaFileRenamer CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux kerne ...) - linux 3.13.4-1 [wheezy] - linux (Introduced in 3.11) - linux-2.6 (Introduced in 3.11) NOTE: Introduced by https://git.kernel.org/linus/c7559663e42f4294ffe31fe159da6b6a66b35d61 NOTE: Fixed by https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24 CVE-2014-2036 RESERVED CVE-2014-2035 (Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web C ...) NOT-FOR-US: InterWorx Web Control Panel CVE-2014-2034 (Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through ...) NOT-FOR-US: Sonatype Nexus OSS CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, ...) NOT-FOR-US: Blue Coat ProxySG CVE-2014-2028 RESERVED CVE-2014-2026 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: Intrexx CVE-2014-2025 (Unrestricted file upload vulnerability in an unspecified third party t ...) NOT-FOR-US: Intrexx CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in classes/controller/error.p ...) NOT-FOR-US: Open Classifieds CVE-2014-2023 (Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 an ...) NOT-FOR-US: vBulletin CVE-2014-2022 (SQL injection vulnerability in includes/api/4/breadcrumbs_create.php i ...) NOT-FOR-US: vBulletin CVE-2014-2021 (Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBul ...) NOT-FOR-US: vBulletin CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...) - php5 5.5.9+dfsg-1 [wheezy] - php5 (Vulnerable code was introduced in 5.5.0) [squeeze] - php5 (Vulnerable code was introduced in 5.5.0) CVE-2014-2019 (The iCloud subsystem in Apple iOS before 7.1 allows physically proxima ...) NOT-FOR-US: Apple iOS CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x t ...) - icedove 24.2.0-1 [squeeze] - icedove CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition before ...) NOT-FOR-US: OXID eShop CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Prof ...) NOT-FOR-US: OXID eShop CVE-2014-2012 RESERVED CVE-2014-2011 RESERVED CVE-2014-2010 RESERVED CVE-2014-2009 (The mPAY24 payment module before 1.6 for PrestaShop allows remote atta ...) NOT-FOR-US: mPAY24 payment module for PrestaShop CVE-2014-2008 (SQL injection vulnerability in confirm.php in the mPAY24 payment modul ...) NOT-FOR-US: mPAY24 payment module for PrestaShop CVE-2014-2007 RESERVED CVE-2014-2006 (Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x ...) NOT-FOR-US: Intercom Web Kyukincho CVE-2014-2005 (Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5. ...) NOT-FOR-US: Sophos Enterprise Console CVE-2014-2004 (The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 thro ...) NOT-FOR-US: SEIL routers CVE-2014-2003 (JustSystems JUST Online Update, as used in Ichitaro through 2014 and o ...) NOT-FOR-US: JustSystems Ichitaro CVE-2014-2002 (Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and ...) NOT-FOR-US: C-BOARD Moyuku CVE-2014-2001 (The East Japan Railway Company JR East Japan application before 1.2.0 ...) NOT-FOR-US: Android application for East Japan Railway Company CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...) NOT-FOR-US: NTT application for Android CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP 1.1 throu ...) NOT-FOR-US: FuelPHP CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of Agroin ...) NOT-FOR-US: SOY CMS CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier a ...) NOT-FOR-US: ATEN IP KVM Switch CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypa ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search functionali ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet in Cyb ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 all ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages functionality ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through ...) NOT-FOR-US: NTT DATA INTRAMART CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...) NOT-FOR-US: TOSHIBA TEC e-Studio CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allo ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote ...) NOT-FOR-US: Cybozu Garoon CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and earl ...) NOT-FOR-US: KOKUYO CamiApp application CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu Remo ...) NOT-FOR-US: Cybozu Remote Service Manager CVE-2014-1983 (Unspecified vulnerability in Cybozu Remote Service Manager through 2.3 ...) NOT-FOR-US: Cybozu Remote Service Manager CVE-2014-1982 (The administrative interface in Allied Telesis AT-RG634A ADSL Broadban ...) NOT-FOR-US: Allied Telesis AT-RG634A ADSL Broadband router CVE-2014-1981 REJECTED CVE-2014-1980 (Cross-site scripting (XSS) vulnerability in include/functions_metadata ...) - piwigo (low) [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2014-1979 (The NTT DOCOMO sp mode mail application 5900 through 6300 for Android ...) NOT-FOR-US: NTT DOCOMO mail app CVE-2014-1978 (The application link interface in the NTT DOCOMO sp mode mail applicat ...) NOT-FOR-US: NTT DOCOMO mail app CVE-2014-1977 (The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4 ...) NOT-FOR-US: NTT DOCOMO mail app CVE-2014-1976 (The Demaecan application 2.1.0 and earlier for Android does not verify ...) NOT-FOR-US: Demaecan Android app CVE-2014-1975 (Directory traversal vulnerability in the R-Company Unzipper applicatio ...) NOT-FOR-US: Unzipper Android app CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer applicat ...) NOT-FOR-US: LYSESOFT CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer applica ...) NOT-FOR-US: NextApp File Explorer application for Android CVE-2014-1972 (Apache Tapestry before 5.3.6 relies on client-side object storage with ...) NOT-FOR-US: Apache Tapestry CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...) NOT-FOR-US: Silex CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...) NOT-FOR-US: ES File Explorer File Manager for Android CVE-2014-1969 (Directory traversal vulnerability in the apps4u@android SD Card Manage ...) NOT-FOR-US: apps4u@android SD Card Manager application CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 an ...) NOT-FOR-US: XooNIps module for XOOPS CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...) NOT-FOR-US: Denny's application for Android CVE-2014-1966 (The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 ...) NOT-FOR-US: Siemens RuggedCom ROS CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the Integ ...) NOT-FOR-US: SAP Exchange Infrastructure CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration Repository ...) NOT-FOR-US: SAP Exchange Infrastructure CVE-2014-1963 (Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 allo ...) NOT-FOR-US: SAP NetWeaver CVE-2014-1962 (Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensiti ...) NOT-FOR-US: SAP CRM CVE-2014-1961 (Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver all ...) NOT-FOR-US: SAP NetWeaver CVE-2014-1960 (The Solution Manager in SAP NetWeaver does not properly restrict acces ...) NOT-FOR-US: SAP NetWeaver CVE-2014-1957 (FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to ...) NOT-FOR-US: FortiGuard FortiWeb CVE-2014-1956 (CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allow ...) NOT-FOR-US: FortiGuard FortiWeb CVE-2014-1955 (Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before ...) NOT-FOR-US: FortiGuard FortiWeb CVE-2014-1954 RESERVED CVE-2014-1953 RESERVED CVE-2014-1952 RESERVED CVE-2014-1951 RESERVED CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed action ...) NOT-FOR-US: OpenDocMan CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7 ...) NOT-FOR-US: OpenDocMan CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier a ...) NOT-FOR-US: Ilch CMS CVE-2014-1942 (Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx ...) NOT-FOR-US: Pearson eSIS Enterprise Student Information System CVE-2014-1941 RESERVED CVE-2014-1940 RESERVED CVE-2014-1931 (The user login page in Visibility Software Cyber Recruiter before 8.1. ...) NOT-FOR-US: Visibility Software Cyber Recruiter CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use the app ...) NOT-FOR-US: Visibility Software Cyber Recruiter CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s39 ...) {DSA-2906-1} - linux 3.13.5-1 [wheezy] - linux 3.2.57-1 - linux-2.6 NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0 CVE-2014-2037 (Openswan 2.6.40 allows remote attackers to cause a denial of service ( ...) - openswan (Incomplete fix was never applied) CVE-2014-2032 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS befo ...) - maradns (Deadwood resolver not enabled) NOTE: https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3 CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS befo ...) - maradns (Deadwood resolver not enabled) NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093 CVE-2014-2030 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...) {DSA-2898-1} - imagemagick 8:6.7.7.10+dfsg-1 (bug #740250) [squeeze] - imagemagick (CVE only for versions with r1448 applied) NOTE: for the issue in newer imagemagick versions using "L%06ld" string. CVE-2014-2029 (The automatic version check functionality in the tools in Percona Tool ...) - percona-toolkit 2.2.7-1~dfsg1 (bug #740846) [wheezy] - percona-toolkit (version-check introduced in 2.1.4) - percona-xtrabackup 2.2.3-1 (bug #751377) CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct ...) - egroupware CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap mod ...) {DLA-977-1} - freeradius 2.2.5+dfsg-0.1 (low; bug #742820) [squeeze] - freeradius (Minor issue) NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch CVE-2014-2014 (imapsync before 1.584, when running with the --tls option, attempts a ...) - imapsync CVE-2014-1959 (lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 trea ...) {DSA-2866-1} - gnutls26 2.12.23-12 [squeeze] - gnutls26 (does not allow X.509 v1 certificates by default) - gnutls28 3.2.11-1 NOTE: https://gitlab.com/gnutls/gnutls/commit/b1abfe3d18 NOTE: introduced by https://gitlab.com/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6 CVE-2014-1958 (Buffer overflow in the DecodePSDPixels function in coders/psd.c in Ima ...) {DSA-2898-1} - imagemagick 8:6.7.7.10+dfsg-1 (bug #740250) [squeeze] - imagemagick (DecodePSDPixels function is not present) NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage? NOTE: http://secunia.com/advisories/56844/ CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Xen 4.1 onwards affected) CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screen ...) - gtk+3.0 3.11.8-1 [wheezy] - gtk+3.0 (Only affects GTK+ 3.10.9 and later) - gtk+2.0 (Only affects GTK+ 3.10.9 and later) - cinnamon 2.2.14-1 (bug #738828) NOTE: https://www.openwall.com/lists/oss-security/2014/02/12/7 NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4 NOTE: The CVE was originally assigned specifically for cinnamon-screensaver, but the underlying fix lies in gtk+3.0 NOTE: and later MITRE assigned the CVE to GTK+ 3.10.9 and later, see official MITRE CVE description. CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 through ...) - glance 2013.2.2-1 (bug #738924) [wheezy] - glance (Only affects Havana) NOTE: https://launchpad.net/bugs/1275062 CVE-2014-1947 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...) {DSA-2898-1} - imagemagick 8:6.7.7.10+dfsg-1 (bug #740250) NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736 - graphicsmagick 1.3.20-1 (unimportant) NOTE: for graphicsmagick: https://bugzilla.redhat.com/show_bug.cgi?id=1064098#c13 NOTE: Rendered non-exploitable by fortified source for graphicsmagick CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause ...) {DSA-2868-1 DSA-2861-1} - file 1:5.17-0.1 (bug #738832) NOTE: http://mx.gw.com/pipermail/file/2014/001337.html NOTE: https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f NOTE: https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70 - php5 5.5.10+dfsg-1 (bug #739012) CVE-2014-1929 (python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to hav ...) {DSA-2946-1} - python-gnupg 0.3.6-1 (bug #738509) CVE-2014-1926 RESERVED CVE-2014-1920 RESERVED CVE-2014-1919 RESERVED CVE-2014-1918 RESERVED CVE-2014-1917 RESERVED CVE-2014-1916 (The (1) opus_packet_get_nb_frames and (2) opus_packet_get_samples_per_ ...) NOT-FOR-US: MumbleKit / Mumble for iOS CVE-2014-1915 (Multiple cross-site request forgery (CSRF) vulnerabilities in Command ...) NOT-FOR-US: Command School Student Management System CVE-2014-1914 (Multiple cross-site scripting (XSS) vulnerabilities in Command School ...) NOT-FOR-US: Command School Student Management System CVE-2014-1913 RESERVED CVE-2014-1911 (The Foscam FI8910W camera with firmware before 11.37.2.55 allows remot ...) NOT-FOR-US: Foscam camera CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...) NOT-FOR-US: Citrix ShareFile Mobile CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) videowhisper_streaming.p ...) NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live ...) NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhispe ...) NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the V ...) NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/Form ...) {DSA-2890-1} - libspring-java 3.0.6.RELEASE-13 (bug #741604) NOTE: http://www.gopivotal.com/security/cve-2014-1904 CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.1 ...) NOT-FOR-US: FreePBX CVE-2014-1902 (Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera mo ...) NOT-FOR-US: Y-Cam cameras CVE-2014-1901 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB00 ...) NOT-FOR-US: Y-Cam cameras CVE-2014-1900 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB00 ...) NOT-FOR-US: Y-Cam cameras CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ( ...) NOT-FOR-US: Citrix NetScaler Gateway CVE-2014-1898 RESERVED CVE-2014-1897 RESERVED CVE-2014-1890 RESERVED CVE-2014-1889 (The Group creation process in the Buddypress plugin before 1.9.2 for W ...) NOT-FOR-US: Buddypress plugin for WordPress CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin befo ...) NOT-FOR-US: BuddyPress plugin for WordPress CVE-2014-1880 RESERVED CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin b ...) {DSA-2975-1} - phpmyadmin 4:4.1.7-1 (unimportant) [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c i ...) {DSA-2956-1 DLA-1615-1 DLA-461-1 DLA-60-1} - icinga 1.10.3-1 - nagios3 (bug #823721) NOTE: Fixed by https://github.com/Icinga/icinga-core/commit/eedf4f7d88cdc50843572224eb38a2f5c78a2dc5 CVE-2014-1873 RESERVED CVE-2014-1872 RESERVED CVE-2014-1871 RESERVED CVE-2014-1870 (Opera before 19 on Mac OS X allows user-assisted remote attackers to s ...) NOT-FOR-US: Opera CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.s ...) - db4o (unimportant) - jenkins 1.565.3-1 (bug #763899) NOTE: in -doc package CVE-2014-1939 (java/android/webkit/BrowserFrame.java in Android before 4.4 uses the a ...) NOT-FOR-US: Android Jelly Bean CVE-2014-1938 (python-rply before 0.7.4 insecurely creates temporary files. ...) - python-rply 0.7.4-1 (unimportant; bug #737627) NOTE: this CVE is for the insecure use of /tmp as followup for CVE-2014-1604 NOTE: https://github.com/alex/rply/issues/42 NOTE: Not exploitable with kernel hardening since wheezy CVE-2014-1937 (Gamera before 3.4.1 insecurely creates temporary files. ...) - gamera 3.4.1-1 (low; bug #737324) [squeeze] - gamera (Minor issue) [wheezy] - gamera 3.3.3-2+deb7u1 CVE-2014-1936 (rc before 1.7.1-5 insecurely creates temporary files. ...) - rc 1.7.1-5 (unimportant; bug #737125) NOTE: Only in the test suite, not part of the standard package CVE-2014-1935 (9base 1:6-6 and 1:6-7 insecurely creates temporary files which results ...) - 9base (unimportant; bug #737206) [squeeze] - 9base (Minor issue) NOTE: Not exploitable with kernel hardening since wheezy CVE-2014-1934 (tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Pyth ...) - eyed3 0.6.18-3 (unimportant; bug #737062) [squeeze] - eyed3 (Minor issue) NOTE: Upstream patch: https://bitbucket.org/nicfit/eyed3/commits/372bbacb7a70 NOTE: https://bitbucket.org/nicfit/eyed3/issue/65/tagpy-in-eyed3-allows-local-users-to NOTE: Neutralised by protected_symlinks kernel temp hardening CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...) - pillow 2.4.0-1 (low; bug #737059) - python-imaging [squeeze] - python-imaging (Minor issue) [wheezy] - python-imaging (Minor issue) CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript fun ...) - pillow 2.4.0-1 (low; bug #737059) - python-imaging [squeeze] - python-imaging (Minor issue) [wheezy] - python-imaging (Minor issue) CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly escap ...) {DSA-2946-1} - python-gnupg 0.3.6-1 (bug #738509) CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...) {DSA-2946-1} - python-gnupg 0.3.6-1 (bug #738509) CVE-2014-1925 (SQL injection vulnerability in the MARC framework import/export functi ...) - koha (bug #702134) CVE-2014-1924 (The MARC framework import/export function (admin/import_export_framewo ...) - koha (bug #702134) CVE-2014-1923 (Multiple directory traversal vulnerabilities in the (1) staff interfac ...) - koha (bug #702134) CVE-2014-1922 (Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha be ...) - koha (bug #702134) CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the sa ...) {DSA-2860-1} - parcimonie 0.8.1-1 (bug #738134) CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android De ...) - android-tools 4.2.2+git20130529-5.1 (bug #770513) - android-platform-system-core 1:6.0.0+r26-1~stage1 [jessie] - android-platform-system-core (Minor issue) NOTE: http://www.droidsec.org/advisories/2014/02/04/two-security-issues-found-in-the-android-sdk-tools.html CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4 ...) - xen 4.4.0-1 [squeeze] - xen (Only affects 4.2 and later) [wheezy] - xen (Only affects 4.2 and later) CVE-2014-1895 (Off-by-one error in the flask_security_avc_cachestats function in xsm/ ...) - xen 4.4.0-1 [squeeze] - xen (Only affects 4.2 and later) [wheezy] - xen (Only affects 4.2 and later) CVE-2014-1894 (Multiple integer overflows in unspecified suboperations in the flask h ...) - xen (XSM not enabled in build) NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected CVE-2014-1893 (Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETB ...) - xen (XSM not enabled in build) NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected CVE-2014-1892 (Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause ...) - xen (XSM not enabled in build) NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected CVE-2014-1891 (Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL ...) - xen (XSM not enabled in build) NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected CVE-2014-1887 (The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2 ...) NOT-FOR-US: Apache Cordova CVE-2014-1886 (The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9. ...) NOT-FOR-US: Apache Cordova CVE-2014-1885 (The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or ...) NOT-FOR-US: Apache Cordova CVE-2014-1884 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...) NOT-FOR-US: Apache Cordova CVE-2014-1883 (Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoadi ...) NOT-FOR-US: Apache Cordova CVE-2014-1882 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...) NOT-FOR-US: Apache Cordova CVE-2014-1881 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...) NOT-FOR-US: Apache Cordova CVE-2014-1868 (Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when us ...) - restlet (bug #596472) CVE-2014-1867 (suPHP before 0.7.2 source-highlighting feature allows security bypass ...) - suphp (bug #736969) [squeeze] - suphp (Minor issue) [wheezy] - suphp (Minor issue) CVE-2014-1866 RESERVED CVE-2014-1865 RESERVED CVE-2014-1864 RESERVED CVE-2014-1863 RESERVED CVE-2014-1862 RESERVED CVE-2014-1861 (The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 doe ...) NOT-FOR-US: Jetro COCKPIT Secure Browsing CVE-2014-1859 ((1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) ...) - python-numpy 1:1.8.1~rc1-1 (low; bug #737778) [squeeze] - python-numpy (Minor issue) [wheezy] - python-numpy (Minor issue) NOTE: issue fixed by https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15 CVE-2014-1858 (__init__.py in f2py in NumPy before 1.8.1 allows local users to write ...) - python-numpy 1:1.8.1~rc1-1 (low; bug #737778) [squeeze] - python-numpy (Minor issue) [wheezy] - python-numpy (Minor issue) CVE-2014-1857 RESERVED CVE-2014-1856 RESERVED CVE-2014-1855 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel befor ...) NOT-FOR-US: Seo Panel CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the AdRotat ...) NOT-FOR-US: AdRotate plugin for WordPress CVE-2014-1853 RESERVED CVE-2014-1852 RESERVED CVE-2014-1851 RESERVED CVE-2014-1850 REJECTED CVE-2014-1849 (Foscam IP camera 11.37.2.49 and other versions, when using the Foscam ...) NOT-FOR-US: Foscam CVE-2014-1848 RESERVED CVE-2014-1847 RESERVED CVE-2014-1844 RESERVED CVE-2014-1843 (Directory traversal vulnerability in the web interface in Titan FTP Se ...) NOT-FOR-US: Titan FTP Server CVE-2014-1842 (Directory traversal vulnerability in the web interface in Titan FTP Se ...) NOT-FOR-US: Titan FTP Server CVE-2014-1841 (Directory traversal vulnerability in the web interface in Titan FTP Se ...) NOT-FOR-US: Titan FTP Server CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB ...) NOT-FOR-US: MyBB CVE-2014-1830 (Requests (aka python-requests) before 2.3.0 allows remote servers to o ...) {DSA-3146-1} - requests 2.3.0-1 (bug #733108) NOTE: https://github.com/kennethreitz/requests/issues/1885 CVE-2014-1829 (Requests (aka python-requests) before 2.3.0 allows remote servers to o ...) {DSA-3146-1} - requests 2.3.0-1 (bug #733108) NOTE: https://github.com/kennethreitz/requests/issues/1885 CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in Modules/socket ...) {DSA-2880-1 DLA-25-1} - python2.5 (low) [squeeze] - python2.5 (Minor issue) - python2.6 (low) [wheezy] - python2.6 (Minor issue) - python2.7 2.7.6-6 (low) - python3.1 (low) [squeeze] - python3.1 (Minor issue) - python3.2 (low) [wheezy] - python3.2 (Minor issue) - python3.3 3.3.5-1 (low) - python3.4 3.4.0-1 (low) NOTE: http://bugs.python.org/issue20246 NOTE: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 al ...) NOT-FOR-US: Dokeos CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in Op ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 (low; bug #737562) - openjdk-6 6b31-1.13.3-1 (low) CVE-2014-1875 (The Capture::Tiny module before 0.24 for Perl allows local users to wr ...) - libcapture-tiny-perl 0.24-1 (bug #737835) [wheezy] - libcapture-tiny-perl (Minor issue) [squeeze] - libcapture-tiny-perl (Minor issue) CVE-2014-1874 (The security_context_to_sid_core function in security/selinux/ss/servi ...) {DSA-2906-1} - linux 3.13.4-1 [wheezy] - linux 3.2.57-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98, first included in v3.14-rc2 CVE-2014-1860 (Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities ...) NOT-FOR-US: Contao CMS CVE-2014-1832 (Phusion Passenger 4.0.37 allows local users to write to certain files ...) - ruby-passenger 4.0.37-2 [wheezy] - ruby-passenger (incomplete patch never applied) - passenger (incomplete patch never applied) CVE-2014-1831 (Phusion Passenger before 4.0.37 allows local users to write to certain ...) - ruby-passenger 4.0.37-1 (low; bug #736958) [wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958) - passenger 4.0.37-1 [squeeze] - passenger (minor issue) CVE-2014-1845 (An unspecified setuid root helper in Enlightenment before 0.17.6 allow ...) - e17 0.17.3-3 (bug #737705) NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463 NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77 CVE-2014-1846 (Enlightenment before 0.17.6 might allow local users to gain privileges ...) - e17 0.17.3-3 (bug #737705) NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463 NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77 CVE-2014-1839 (The Execute class in shellutils in logilab-commons before 0.61.0 uses ...) - logilab-common 0.61.0-1 (low; bug #737051) [squeeze] - logilab-common (Minor issue) [wheezy] - logilab-common (Minor issue) CVE-2014-1838 (The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py ...) - logilab-common 0.61.0-1 (low; bug #737051) [squeeze] - logilab-common (Minor issue) [wheezy] - logilab-common (Minor issue) CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (co ...) NOT-FOR-US: Joomla com_komento CVE-2014-1836 (Absolute path traversal vulnerability in htdocs/libraries/image-editor ...) NOT-FOR-US: ImpressCMS CVE-2014-1835 (The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 ...) NOT-FOR-US: Echor Ruby Gem CVE-2014-1834 (The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 ...) NOT-FOR-US: Echor Ruby Gem CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 allo ...) - devscripts 2.14.8 (low; bug #737160) [squeeze] - devscripts (Minor issue) [wheezy] - devscripts (Minor issue) CVE-2014-XXXX [no input validation for search function] - fookebox 0.7.2-1 (low; bug #736821) [wheezy] - fookebox (Minor issue) CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in xps/xps ...) {DSA-2951-1} - mupdf 1.3-2 (bug #738857) NOTE: http://www.hdwsec.fr/blog/mupdf.html NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957 NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc CVE-2014-1828 (The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad d ...) NOT-FOR-US: iOS iThoughtsHD app CVE-2014-1827 (The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transf ...) NOT-FOR-US: iOS iThoughtsHD app CVE-2014-1826 (Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 f ...) NOT-FOR-US: iOS iThoughtsHD app CVE-2014-1825 REJECTED CVE-2014-1824 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP ...) NOT-FOR-US: Microsoft Windows CVE-2014-1823 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...) NOT-FOR-US: Microsoft Lync Server CVE-2014-1822 REJECTED CVE-2014-1821 REJECTED CVE-2014-1820 (Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) ...) NOT-FOR-US: Microsoft CVE-2014-1819 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-1818 (GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2014-1817 (usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2014-1816 (Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly ...) NOT-FOR-US: Microsoft XML Core Services CVE-2014-1815 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1814 (The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vi ...) NOT-FOR-US: Microsoft CVE-2014-1813 (Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticate ...) NOT-FOR-US: Microsoft CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, Window ...) NOT-FOR-US: Microsoft CVE-2014-1811 (The TCP implementation in Microsoft Windows Vista SP2, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2014-1810 REJECTED CVE-2014-1809 (The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, a ...) NOT-FOR-US: Microsoft CVE-2014-1808 (Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attacker ...) NOT-FOR-US: Microsoft CVE-2014-1807 (The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-1806 (The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, ...) NOT-FOR-US: Microsoft CVE-2014-1805 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1804 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1803 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1802 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1801 REJECTED CVE-2014-1800 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1798 REJECTED CVE-2014-1797 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1796 (Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1795 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1794 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1793 REJECTED CVE-2014-1792 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1791 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1790 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1789 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1788 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1787 REJECTED CVE-2014-1786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1785 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1784 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1783 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1782 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1781 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1780 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1779 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1778 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1777 (Microsoft Internet Explorer 10 and 11 allows remote attackers to read ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1776 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1775 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1774 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1773 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1772 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1771 (SChannel in Microsoft Internet Explorer 6 through 11 does not ensure t ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1769 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1768 REJECTED CVE-2014-1767 (Double free vulnerability in the Ancillary Function Driver (AFD) in af ...) NOT-FOR-US: Microsoft Windows CVE-2014-1766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Windows CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1764 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 9 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT ...) NOT-FOR-US: Microsoft Word CVE-2014-1760 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1759 (pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2014-1758 (Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote a ...) NOT-FOR-US: Microsoft Word CVE-2014-1757 (Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility ...) NOT-FOR-US: Microsoft Word CVE-2014-1756 (Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 ...) NOT-FOR-US: Microsoft CVE-2014-1755 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1754 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...) NOT-FOR-US: Microsoft CVE-2014-1753 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1752 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1751 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916 ...) {DSA-2939-1} [squeeze] - chromium-browser - chromium-browser 35.0.1916.114-1 CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in Bl ...) {DSA-2939-1} [squeeze] - chromium-browser - chromium-browser 35.0.1916.114-1 CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeC ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser CVE-2014-1746 (The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_ ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as us ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream functio ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument ...) {DSA-2939-1} - chromium-browser 35.0.1916.114-1 [squeeze] - chromium-browser CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance f ...) {DSA-2930-1} - chromium-browser 34.0.1847.137-1 [squeeze] - chromium-browser CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the Ch ...) {DSA-2930-1} - chromium-browser 34.0.1847.137-1 [squeeze] - chromium-browser CVE-2014-1740 (Multiple use-after-free vulnerabilities in net/websockets/websocket_jo ...) {DSA-2930-1} - chromium-browser 34.0.1847.137-1 [squeeze] - chromium-browser CVE-2014-1739 (The media_device_enum_entities function in drivers/media/media-device. ...) - linux 3.14.7-1 (unimportant) [wheezy] - linux 3.2.60-1 - linux-2.6 [squeeze] - linux-2.6 (Vulnerability introduced in 2.6.38) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8 NOTE: Not exploitable with any sane setup CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux ke ...) {DSA-2928-1 DSA-2926-1} - linux 3.14.4-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2145e15e0557a01b9195d1c7199a1b92cb9be81f CVE-2014-1737 (The raw_cmd_copyin function in drivers/block/floppy.c in the Linux ker ...) {DSA-2928-1 DSA-2926-1} - linux 3.14.4-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c CVE-2014-1736 (Integer overflow in api.cc in Google V8, as used in Google Chrome befo ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, a ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847 ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in G ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser CVE-2014-1732 (Use-after-free vulnerability in browser/ui/views/speech_recognition_bu ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows an ...) {DSA-2920-1} - chromium-browser 34.0.1847.132-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, a ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847 ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1727 (Use-after-free vulnerability in content/renderer/renderer_webcolorchoo ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1726 (The drag implementation in Google Chrome before 34.0.1847.116 allows u ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1725 (The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1724 (Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatch ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser - speech-dispatcher 0.8-7 (low; bug #745808) [squeeze] - speech-dispatcher (Minor issue) [wheezy] - speech-dispatcher (Minor issue) NOTE: no specific information available (possibly already be fixed in 0.8), the fix in chromium was to disable speechd by default CVE-2014-1723 (The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Googl ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1722 (Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnony ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1721 (Google V8, as used in Google Chrome before 34.0.1847.116, does not pro ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1720 (Use-after-free vulnerability in the HTMLBodyElement::insertedInto func ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1719 (Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWo ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1718 (Integer overflow in the SoftwareFrameManager::SwapToNewFrame function ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser CVE-2014-1717 (Google V8, as used in Google Chrome before 34.0.1847.116, does not pro ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype f ...) {DSA-2905-1} - chromium-browser 34.0.1847.116-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before 33.0.1750.15 ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2014-1714 (The ScopedClipboardWriter::WritePickledData function in ui/base/clipbo ...) - chromium-browser (Windows-specific) CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in bindin ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2014-1712 RESERVED CVE-2014-1711 (The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 ...) NOT-FOR-US: Chrome OS CVE-2014-1710 (The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buf ...) NOT-FOR-US: Chrome OS CVE-2014-1709 RESERVED CVE-2014-1708 (The boot implementation in Google Chrome OS before 33.0.1750.152 does ...) NOT-FOR-US: Chrome OS CVE-2014-1707 (Directory traversal vulnerability in CrosDisks in Google Chrome OS bef ...) NOT-FOR-US: Chrome OS CVE-2014-1706 (crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inj ...) NOT-FOR-US: Chrome OS CVE-2014-1705 (Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and L ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) - libv8 [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, a ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2014-1703 (Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDro ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2014-1702 (Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThr ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2014-1701 (The GenerateFunction function in bindings/scripts/code_generator_v8.pm ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2014-1700 (Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2014-1699 (Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote attack ...) NOT-FOR-US: Siemens SIMATIC CVE-2014-1698 (Directory traversal vulnerability in Siemens SIMATIC WinCC OA before 3 ...) NOT-FOR-US: Siemens SIMATIC WinCC OA CVE-2014-1697 (The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 ...) NOT-FOR-US: Siemens SIMATIC WinCC OA CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash alg ...) NOT-FOR-US: Siemens SIMATIC WinCC OA CVE-2014-1695 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) {DLA-1119-1} - otrs2 3.3.5-1 [squeeze] - otrs2 (Minor issue) NOTE: https://www.otrs.com/security-advisory-2014-03-xss-issue/ CVE-2014-1750 (Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps ...) NOT-FOR-US: WordPress plugin nokia-mapsplaces CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) Cust ...) {DSA-2867-1} - otrs2 3.3.4-1 (low) NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/ CVE-2014-1693 (Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OT ...) - erlang 1:16.b.3.1-dfsg-3 (low; bug #738132) [squeeze] - erlang (Minor issue) [wheezy] - erlang 1:15.b.1-dfsg-4+deb7u1 CVE-2014-1692 (The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Mak ...) - openssh (J-PAKE not activated) CVE-2014-1691 (The framework/Util/lib/Horde/Variables.php script in the Util library ...) {DSA-2853-1} - horde3 (medium; bug #737149) - php-horde-util 2.3.0-1 NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3 NOTE: https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93 is also required CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel be ...) - linux 3.12.8-1 [wheezy] - linux (Introduced in 3.7) - linux-2.6 (Introduced in 3.7) NOTE: https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886 CVE-2014-1689 RESERVED CVE-2014-1688 RESERVED CVE-2014-1687 RESERVED CVE-2014-1686 (MediaWiki 1.18.0 allows remote attackers to obtain the installation pa ...) - mediawiki (unimportant) NOTE: http://seclists.org/fulldisclosure/2014/Mar/102 NOTE: path disclosure not an issue CVE-2014-1685 (The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2 ...) - zabbix 1:2.2.2+dfsg-1 [squeeze] - zabbix (Unsupported in squeeze-lts) CVE-2014-1684 (The ASF_ReadObject_file_properties function in modules/demux/asf/libas ...) - vlc 2.1.4-1 (unimportant; bug #743033) NOTE: Crash in enduser application, no security impact CVE-2014-1683 (The bashMail function in cms/data/skins/techjunkie/fragments/contacts/ ...) NOT-FOR-US: SkyBlueCanvas CMS CVE-2014-1682 (The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ...) - zabbix 1:2.2.2+dfsg-1 (bug #737818) [squeeze] - zabbix (Unsupported in squeeze-lts) NOTE: https://support.zabbix.com/browse/ZBX-7703 CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700 ...) {DSA-2811-1} - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2014-1680 (Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 ...) NOT-FOR-US: Bandisoft Bandizip CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) NOT-FOR-US: Open-Xchange CVE-2014-1678 RESERVED CVE-2014-1677 (Technicolor TC7200 with firmware STD6.01.12 could allow remote attacke ...) NOT-FOR-US: Technicolor TC7200 NOTE: https://www.exploit-db.com/exploits/31894/ CVE-2014-1676 RESERVED CVE-2014-1675 RESERVED CVE-2014-1674 RESERVED CVE-2014-1673 (Check Point Session Authentication Agent allows remote attackers to ob ...) NOT-FOR-US: Check Point Session Authentication Agent CVE-2014-1672 (Check Point R75.47 Security Gateway and Management Server does not pro ...) NOT-FOR-US: Check Point R75.47 Security Gateway and Management Server CVE-2014-1671 (Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 an ...) NOT-FOR-US: Dell KACE K1000 CVE-2014-1670 (The Microsoft Bing application before 4.2.1 for Android allows remote ...) NOT-FOR-US: Microsoft Bing application CVE-2014-1669 RESERVED CVE-2014-1668 RESERVED CVE-2014-1667 RESERVED CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allo ...) - owncloud CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server (f ...) NOT-FOR-US: Citrix XenMobile Device Manager server CVE-2014-1662 REJECTED CVE-2014-1661 REJECTED CVE-2014-1660 REJECTED CVE-2014-1659 REJECTED CVE-2014-1658 REJECTED CVE-2014-1657 REJECTED CVE-2014-1656 REJECTED CVE-2014-1655 REJECTED CVE-2014-1654 REJECTED CVE-2014-1653 REJECTED CVE-2014-1652 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec Web Gateway CVE-2014-1651 (SQL injection vulnerability in clientreport.php in the management cons ...) NOT-FOR-US: Symantec Web Gateway CVE-2014-1650 (SQL injection vulnerability in user.php in the management console in S ...) NOT-FOR-US: Symantec Web Gateway CVE-2014-1649 (The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allo ...) NOT-FOR-US: Symantec Workspace Streaming CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in brightmail/setting/complia ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2014-1647 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Prof ...) NOT-FOR-US: Symantec CVE-2014-1646 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Prof ...) NOT-FOR-US: Symantec CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in ...) NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI ...) NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2014-1643 (The Web Email Protection component in Symantec Encryption Management S ...) NOT-FOR-US: Symantec PGP Universal Web Messenger CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...) - xen 4.4.0-1 [wheezy] - xen (Vulnerable code not present) [squeeze] - xen (Vulnerable code not present) CVE-2014-1664 (The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP ...) NOT-FOR-US: GoToMeeting in Android CVE-2014-1641 RESERVED CVE-2014-1637 (Command School Student Management System 1.06.01 does not properly res ...) NOT-FOR-US: Command School Student Management System CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student Manag ...) NOT-FOR-US: Command School Student Management System CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with f ...) NOT-FOR-US: Belkin router CVE-2014-1634 (SQL Injection exists in Advanced Newsletter Magento extension before 2 ...) NOT-FOR-US: Magento extension CVE-2014-1633 RESERVED CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...) NOT-FOR-US: Eventum CVE-2014-1631 (Eventum before 2.3.5 allows remote attackers to reinstall the applicat ...) NOT-FOR-US: Eventum CVE-2014-1630 RESERVED CVE-2014-1629 RESERVED CVE-2014-1628 RESERVED CVE-2014-1627 RESERVED CVE-2014-1625 RESERVED CVE-2014-1623 RESERVED CVE-2014-1622 RESERVED CVE-2014-1621 RESERVED CVE-2014-1620 (Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX ...) NOT-FOR-US: HIOX Guest Book CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and ...) NOT-FOR-US: Cubic CMS CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script a ...) NOT-FOR-US: UAEPD Shopping Cart Script CVE-2014-1617 (Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Over ...) NOT-FOR-US: Microsys CVE-2014-1616 RESERVED CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon B ...) NOT-FOR-US: Carbon Black CVE-2014-1614 RESERVED CVE-2014-1613 (Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP ...) - dotclear 2.6.2+dfsg-1 CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web Manag ...) NOT-FOR-US: Mediatrix CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x befor ...) {DSA-2891-1} - mediawiki 1:1.19.11+dfsg-1 [squeeze] - mediawiki CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...) {DSA-3030-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in api/soap/m ...) {DSA-3030-1} - mantis [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102 CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the EventCa ...) NOT-FOR-US: Drupal EventCalendar CVE-2014-1606 RESERVED CVE-2014-1605 RESERVED CVE-2014-1603 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3 ...) NOT-FOR-US: GetSimple CMS CVE-2014-1602 RESERVED CVE-2014-1601 RESERVED CVE-2014-1600 RESERVED CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box rou ...) NOT-FOR-US: SFR Box router CVE-2014-1598 (centurystar 7.12 ActiveX Control has a Stack Buffer Overflow ...) NOT-FOR-US: centurystar CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics i- ...) NOT-FOR-US: i-doit CVE-2014-1596 REJECTED CVE-2014-1595 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunder ...) - iceweasel (Specific to MacOS X) - icedove (Specific to MacOS X) CVE-2014-1594 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird ...) {DSA-3092-1 DSA-3090-1} - iceweasel 31.3.0esr-1 - icedove 31.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1593 (Stack-based buffer overflow in the mozilla::FileBlockCache::Read funct ...) {DSA-3092-1 DSA-3090-1} - iceweasel 31.3.0esr-1 - icedove 31.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1592 (Use-after-free vulnerability in the nsHtml5TreeOperation function in x ...) {DSA-3092-1 DSA-3090-1} - iceweasel 31.3.0esr-1 - icedove 31.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1591 (Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in ...) - iceweasel (Only affects Firefox 33) - icedove (Only affects Firefox 33) CVE-2014-1590 (The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34. ...) {DSA-3092-1 DSA-3090-1} - iceweasel 31.3.0esr-1 - icedove 31.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1589 (Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide styleshe ...) - iceweasel (Only affects Firefox 33) - icedove (Only affects Firefox 33) CVE-2014-1588 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 33) - icedove (Only affects Firefox 33) CVE-2014-1587 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3092-1 DSA-3090-1} - iceweasel 31.3.0esr-1 - icedove 31.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1586 (content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefo ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1585 (The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozi ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1584 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...) - iceweasel (Only affects Firefox 32 and later) - icedove (Only affects Firefox 32 and later) [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1583 (The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x befo ...) {DSA-3050-1} - iceweasel 31.2.0esr-1 [squeeze] - iceweasel CVE-2014-1582 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...) - iceweasel (Only affects Firefox 32 and later) - icedove (Only affects Firefox 32 and later) [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1581 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Fir ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory for GI ...) - iceweasel (Only affects Firefox 32 and later) - icedove (Only affects Firefox 32 and later) [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1579 REJECTED CVE-2014-1578 (The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove - libvpx 1.3.0-3 (bug #765435) [wheezy] - libvpx (vp9 codec not yet present) [squeeze] - libvpx (vp9 codec not yet present) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html NOTE: https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba CVE-2014-1577 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1576 (Heap-based buffer overflow in the nsTransformedTextRun function in Moz ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1575 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 32 and later) - icedove (Only affects Firefox 32 and later) [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1574 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3061-1 DSA-3050-1} - iceweasel 31.2.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1573 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.1 ...) - bugzilla4 (bug #669643) - bugzilla [squeeze] - bugzilla NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578 CVE-2014-1572 (The confirm_create_account function in the account-creation feature in ...) - bugzilla4 (bug #669643) - bugzilla [squeeze] - bugzilla NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812 CVE-2014-1571 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.1 ...) - bugzilla4 (bug #669643) - bugzilla [squeeze] - bugzilla NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140 CVE-2014-1570 RESERVED CVE-2014-1569 (The definite_length_decoder function in lib/util/quickder.c in Mozilla ...) {DSA-3186-1 DLA-154-1} - nss 2:3.17.2-1.1 (bug #773625) CVE-2014-1568 (Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...) {DSA-3037-1 DSA-3034-1 DSA-3033-1 DLA-62-1} - nss 2:3.17.1-1 - iceweasel (uses system nss) - icedove (uses system nss) [squeeze] - iceweasel [squeeze] - icedove NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-73.html NOTE: http://www.intelsecurity.com/advanced-threat-research/# CVE-2014-1567 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Fir ...) {DSA-3028-1 DSA-3018-1} - iceweasel 31.1.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1566 (Mozilla Firefox before 31.1 on Android does not properly restrict copy ...) - iceweasel (Specific to Android) CVE-2014-1565 (The mozilla::dom::AudioEventTimeline function in the Web Audio API imp ...) - iceweasel 31.1.0esr-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.2.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) CVE-2014-1564 (Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunder ...) - iceweasel 31.1.0esr-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.2.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) CVE-2014-1563 (Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff ...) - iceweasel 31.1.0esr-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.2.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) CVE-2014-1562 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...) {DSA-3028-1 DSA-3018-1} - iceweasel 31.1.0esr-1 - icedove 31.2.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1561 (Mozilla Firefox before 31.0 does not properly restrict use of drag-and ...) - iceweasel 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-60.html CVE-2014-1560 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote a ...) - iceweasel 31.0-1 - icedove 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [wheezy] - icedove (Only affects releases after ESR24) [squeeze] - iceweasel [squeeze] - icedove NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html CVE-2014-1559 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote a ...) - iceweasel 31.0-1 - icedove 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [wheezy] - icedove (Only affects releases after ESR24) [squeeze] - iceweasel [squeeze] - icedove NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html CVE-2014-1558 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote a ...) - iceweasel 31.0-1 - icedove 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [wheezy] - icedove (Only affects releases after ESR24) [squeeze] - iceweasel [squeeze] - icedove NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html CVE-2014-1557 (The ConvolveHorizontally function in Skia, as used in Mozilla Firefox ...) {DSA-2996-1 DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel - icedove 31.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-64.html CVE-2014-1556 (Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunder ...) {DSA-2996-1 DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel - icedove 31.0-1 [squeeze] - icedove NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-62.html CVE-2014-1555 (Use-after-free vulnerability in the nsDocLoader::OnProgress function i ...) {DSA-2996-1 DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel - icedove 31.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-61.html CVE-2014-1554 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 31.1.0esr-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.2.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) CVE-2014-1553 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 31.1.0esr-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.2.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) CVE-2014-1552 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properl ...) - iceweasel 31.0-1 - icedove 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [wheezy] - icedove (Only affects releases after ESR24) [squeeze] - iceweasel [squeeze] - icedove NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-66.html CVE-2014-1551 (Use-after-free vulnerability in the FontTableRec destructor in Mozilla ...) - iceweasel (Affects only Windows platform) - icedove (Affects only Windows platform) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-59.html CVE-2014-1550 (Use-after-free vulnerability in the MediaInputPort class in Mozilla Fi ...) - iceweasel 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-58.html CVE-2014-1549 (The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer fun ...) - iceweasel 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel - icedove 31.0-1 [squeeze] - icedove [wheezy] - icedove (Only affects releases after ESR24) NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-57.html CVE-2014-1548 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 31.0-1 [wheezy] - iceweasel (Only affects releases after ESR24) [squeeze] - iceweasel CVE-2014-1547 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2996-1 DSA-2986-1} - iceweasel 31.0-1 [squeeze] - iceweasel - icedove 31.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-56.html CVE-2014-1546 (The response function in the JSONP endpoint in WebService/Server/JSONR ...) - bugzilla4 (bug #669643) - bugzilla [squeeze] - bugzilla NOTE: bugzilla part for Adobe Flash's CVE-2014-4671. CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote a ...) {DSA-2962-1 DSA-2960-1 DSA-2955-1 DLA-32-1} - nspr 2:4.10.6-1 - iceweasel 30.0-1 - icedove 31.0~b1-1 [squeeze] - iceweasel [squeeze] - icedove [squeeze] - nspr 4.8.6-1+squeeze2 NOTE: Only the Wheezy builds use the bundled nspr CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate function i ...) {DSA-3071-1 DSA-2996-1 DSA-2986-1 DLA-89-1} - nss 2:3.16.3-1 - iceweasel 31.0-1 [squeeze] - iceweasel - icedove 31.2.0-1 [squeeze] - icedove NOTE: patch: https://hg.mozilla.org/projects/nss/rev/204f22c527f8 NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-63.html CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads func ...) - iceweasel (Only affects Windows 8) - icedove (Only affects Windows 8) CVE-2014-1542 (Buffer overflow in the Speex resampler in the Web Audio subsystem in M ...) - iceweasel 30.0-1 - icedove 31.0~b1-1 [wheezy] - iceweasel (Doesn't affect ESR24) [squeeze] - iceweasel [wheezy] - icedove (Doesn't affect ESR24) [squeeze] - icedove CVE-2014-1541 (Use-after-free vulnerability in the RefreshDriverTimer::TickDriver fun ...) {DSA-2960-1 DSA-2955-1} - iceweasel 30.0-1 - icedove 31.0~b1-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1540 (Use-after-free vulnerability in the nsEventListenerManager::CompileEve ...) - iceweasel 30.0-1 - icedove 31.0~b1-1 [wheezy] - iceweasel (Doesn't affect ESR24) [squeeze] - iceweasel [wheezy] - icedove (Doesn't affect ESR24) [squeeze] - icedove CVE-2014-1539 (Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do no ...) - iceweasel (Only affects Mac OS X) - icedove (Only affects Mac OS X) CVE-2014-1538 (Use-after-free vulnerability in the nsTextEditRules::CreateMozBR funct ...) {DSA-2960-1 DSA-2955-1} - iceweasel 30.0-1 - icedove 31.0~b1-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1537 (Use-after-free vulnerability in the mozilla::dom::workers::WorkerPriva ...) - iceweasel 30.0-1 - icedove 31.0~b1-1 [wheezy] - iceweasel (Doesn't affect ESR24) [squeeze] - iceweasel [wheezy] - icedove (Doesn't affect ESR24) [squeeze] - icedove CVE-2014-1536 (The PropertyProvider::FindJustificationRange function in Mozilla Firef ...) - iceweasel 30.0-1 - icedove 31.0~b1-1 [wheezy] - iceweasel (Doesn't affect ESR24) [squeeze] - iceweasel [wheezy] - icedove (Doesn't affect ESR24) [squeeze] - icedove CVE-2014-1535 RESERVED CVE-2014-1534 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 30.0-1 - icedove 31.0~b1-1 [wheezy] - iceweasel (Doesn't affect ESR24) [squeeze] - iceweasel [wheezy] - icedove (Doesn't affect ESR24) [squeeze] - icedove CVE-2014-1533 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2960-1 DSA-2955-1} - iceweasel 30.0-1 - icedove 31.0~b1-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1532 (Use-after-free vulnerability in the nsHostResolver::ConditionallyRefre ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1531 (Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeig ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ES ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 2 ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1528 (The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo ...) - iceweasel (Windows-specific) CVE-2014-1527 (Mozilla Firefox before 29.0 on Android allows remote attackers to spoo ...) - iceweasel (Only affects Firefox on Android) - icedove (Only affects Firefox on Android) CVE-2014-1526 (The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaM ...) - iceweasel (Only affects Firefox 28) - icedove (Only affects Firefox 28) CVE-2014-1525 (The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before ...) - iceweasel (Only affects Firefox 28) - icedove (Only affects Firefox 28) CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1522 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...) - iceweasel (Only affects Firefox 28) - icedove (Only affects Firefox 28) CVE-2014-1521 REJECTED CVE-2014-1520 (maintenservice_installer.exe in the Maintenance Service Installer in M ...) - iceweasel (Windows-specific) CVE-2014-1519 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 28) - icedove (Only affects Firefox 28) CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2924-1 DSA-2918-1} - iceweasel 24.5.0esr-1 - icedove 24.5.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x befor ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2014-1516 (The saltProfileName function in base/GeckoProfileDirectories.java in M ...) - iceweasel (Android-specific) CVE-2014-1515 (Mozilla Firefox before 28.0.1 on Android processes a file: URL by copy ...) - iceweasel (Android-specific) CVE-2014-1514 (vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24. ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1513 (TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1512 (Use-after-free vulnerability in the TypeObject class in the JavaScript ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1511 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1510 (The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1509 (Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1508 (The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 2 ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1507 (Directory traversal vulnerability in the DeviceStorage API in Mozilla ...) NOT-FOR-US: Firefox OS CVE-2014-1506 (Directory traversal vulnerability in Android Crash Reporter in Mozilla ...) - iceweasel (Android-specific) - icedove (Android-specific) CVE-2014-1505 (The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1504 (The session-restore feature in Mozilla Firefox before 28.0 and SeaMonk ...) - iceweasel (Only affects Firefox 27) - icedove (Only affects Firefox 27) CVE-2014-1503 RESERVED CVE-2014-1502 (The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage ...) - iceweasel (Only affects Firefox 27) - icedove (Only affects Firefox 27) CVE-2014-1501 (Mozilla Firefox before 28.0 on Android allows remote attackers to bypa ...) - iceweasel (Android-specific) - icedove (Android-specific) CVE-2014-1500 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote att ...) - iceweasel (Only affects Firefox 27) - icedove (Only affects Firefox 27) CVE-2014-1499 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote att ...) - iceweasel (Only affects Firefox 27) - icedove (Only affects Firefox 27) CVE-2014-1498 (The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 a ...) - iceweasel (Only affects Firefox 27) - icedove (Only affects Firefox 27) CVE-2014-1497 (The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox b ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1496 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...) - iceweasel (Online update not used in Debian) - icedove (Online update not used in Debian) CVE-2014-1495 RESERVED CVE-2014-1494 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 27) - icedove (Only affects Firefox 27) CVE-2014-1493 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2911-1 DSA-2881-1} - iceweasel 24.4.0esr-1 - icedove 24.4.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1492 (The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...) {DSA-2994-1 DLA-23-1} - nss 2:3.16-1 [squeeze] - nss 3.12.8-1+squeeze8 - iceweasel (Only affects Firefox 28) - icedove (Only affects Firefox 28) CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozi ...) {DSA-2994-1 DSA-2858-1 DLA-23-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 - nss 2:3.15.4-1 [squeeze] - nss 3.12.8-1+squeeze8 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1490 (Race condition in libssl in Mozilla Network Security Services (NSS) be ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 - nss 2:3.15.4-1 [squeeze] - nss (Too complex to backport) [wheezy] - nss (complex to backport) [squeeze] - iceweasel [squeeze] - icedove NOTE: session tickets must be enabled by the client (mainly browsers) CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to about ...) - iceweasel (Only affects Firefox 26) - icedove (Only affects Firefox 26) CVE-2014-1488 (The Web workers implementation in Mozilla Firefox before 27.0 and SeaM ...) - iceweasel (Only affects Firefox 26) - icedove (Only affects Firefox 26) CVE-2014-1487 (The Web workers implementation in Mozilla Firefox before 27.0, Firefox ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1486 (Use-after-free vulnerability in the imgRequestProxy function in Mozill ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1485 (The Content Security Policy (CSP) implementation in Mozilla Firefox be ...) - iceweasel (Only affects Firefox 26) - icedove (Only affects Firefox 26) CVE-2014-1484 (Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system- ...) - iceweasel (Only affects Firefox for Android) - icedove (Only affects Firefox for Android) CVE-2014-1483 (Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote att ...) - iceweasel (Only affects Firefox 26) - icedove (Only affects Firefox 26) CVE-2014-1482 (RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x befor ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1481 (Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1480 (The file-download implementation in Mozilla Firefox before 27.0 and Se ...) - iceweasel (Only affects Firefox 26) - icedove (Only affects Firefox 26) CVE-2014-1479 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1478 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 26) - icedove (Only affects Firefox 26) CVE-2014-1477 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2858-1} - iceweasel 24.3.0esr-1 - icedove 24.3.0-1 [squeeze] - iceweasel [squeeze] - icedove CVE-2014-1474 (Algorithmic complexity vulnerability in Email::Address::List before 0. ...) - libemail-address-list-perl 0.03-1 NOTE: http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough an ...) - xen 4.4.0-1 [squeeze] - xen (Only affects 4.2 and later) [wheezy] - xen (Only affects 4.2 and later) NOTE: https://www.openwall.com/lists/oss-security/2014/01/23/2 CVE-2014-1640 (axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe tem ...) - axiom 20120501-17 (low; bug #736358) [squeeze] - axiom (Minor issue) [wheezy] - axiom (Minor issue) CVE-2014-1639 (syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mk ...) - syncevolution 1.3.99.7-1 (unimportant; bug #736357) NOTE: Only exploitable during build time CVE-2014-1638 ((1) debian/postrm and (2) debian/localepurge.config in localepurge bef ...) - localepurge 0.7.3.2 (bug #736359) [squeeze] - localepurge 0.6.2+nmu1+squeeze1 [wheezy] - localepurge 0.6.3+deb7u1 CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module befo ...) - libmarc-xml-perl 1.0.2-1 (bug #736275) [wheezy] - libmarc-xml-perl (Too intrusive to backport) [squeeze] - libmarc-xml-perl (Too intrusive to backport) NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/ NOTE: older versions do not have the ability to set a user custom parser, trying to fix CVE-2014-1626 not clear yet NOTE: upstream developer contacted and is looking into it; backport fix might be to intrusive due to change in used Module CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function in py ...) - pyxdg 0.25-4 (low; bug #736247) [squeeze] - pyxdg (get_runtime_dir introduced in later version) [wheezy] - pyxdg (get_runtime_dir introduced in later version) CVE-2014-1611 (Cross-site scripting (XSS) vulnerability in the Anonymous Posting modu ...) NOT-FOR-US: Drupal contrib CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka pyth ...) - python-rply 0.7.1-1 NOTE: https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ente ...) NOT-FOR-US: McAfee Vulnerability Manager CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise ...) NOT-FOR-US: McAfee Vulnerability Manager CVE-2014-1471 (SQL injection vulnerability in the StateGetStatesByType function in Ke ...) {DSA-2867-1} - otrs2 3.3.4-1 (low) NOTE: https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/ CVE-2014-1470 REJECTED CVE-2014-1469 (BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Servi ...) NOT-FOR-US: BlackBerry Enterprise Server CVE-2014-1468 RESERVED CVE-2014-1467 (BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Servi ...) NOT-FOR-US: IBM Domino CVE-2014-1466 (SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remot ...) NOT-FOR-US: CSP MySQL User Manager CVE-2014-1465 RESERVED CVE-2014-1464 RESERVED CVE-2014-1463 RESERVED CVE-2014-1462 RESERVED CVE-2014-1461 RESERVED CVE-2014-1460 RESERVED CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 ...) NOT-FOR-US: doorGets CMS CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration int ...) NOT-FOR-US: FortiGuard FortiWeb CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates random nonc ...) NOT-FOR-US: Open Web Analytics CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...) NOT-FOR-US: Open Web Analytics CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in Pea ...) NOT-FOR-US: Pearson eSIS Enterprise Student Information System CVE-2014-1454 (Pearson eSIS (Enterprise Student Information System) message board has ...) NOT-FOR-US: Pearson eSIS (Enterprise Student Information System) message board CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not acquir ...) {DSA-2952-1} - kfreebsd-8 [wheezy] - kfreebsd-8 (Non standard kernel, will be fixed in a point update) [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) - kfreebsd-9 (bug #743984) - kfreebsd-10 10.0-4 NOTE: kfreebsd-8 might be affected but NFS implementation isn't the one used there by default CVE-2014-1452 (Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in F ...) NOT-FOR-US: bsnmpd CVE-2014-1451 RESERVED CVE-2014-1450 RESERVED CVE-2014-1449 (The Maxthon Cloud Browser application before 4.1.6.2000 for Android al ...) NOT-FOR-US: Maxthon Cloud Browser application for Android CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote authenticated users ...) NOT-FOR-US: Core FTP Server CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before build ...) NOT-FOR-US: Core FTP Server CVE-2014-1441 (Core FTP Server 1.2 before build 515 allows remote attackers to cause ...) NOT-FOR-US: Core FTP Server CVE-2014-1440 RESERVED CVE-2014-1439 (The libxml_disable_entity_loader function in runtime/ext/ext_simplexml ...) NOT-FOR-US: HipHop Virtual Machine for PHP CVE-2014-1437 REJECTED CVE-2014-1436 REJECTED CVE-2014-1435 REJECTED CVE-2014-1434 REJECTED CVE-2014-1433 REJECTED CVE-2014-1432 REJECTED CVE-2014-1431 REJECTED CVE-2014-1430 REJECTED CVE-2014-1429 REJECTED CVE-2014-1428 (A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an a ...) NOT-FOR-US: Ubuntu MAAS CVE-2014-1427 (A vulnerability in the REST API of Ubuntu MAAS allows an attacker to c ...) NOT-FOR-US: Ubuntu MAAS CVE-2014-1426 (A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allo ...) NOT-FOR-US: Ubuntu MAAS CVE-2014-1425 (cmanager 0.32 does not properly enforce nesting when modifying cgroup ...) - cgmanager 0.33-3 [jessie] - cgmanager 0.33-2+deb8u1 CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 ...) - apparmor (Vulnerable code only in Ubuntu-specific backport of patch) NOTE: Caused by a patch that was added to the Ubuntu packaging before NOTE: it was taken upstream. The one that was merged upstream (and part NOTE: of AppArmor 2.9.0) is not affected. The closest version to the NOTE: affected one that we ever had in Debian (2.8.96~2652) did not NOTE: include the faulty patch. CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) NOT-FOR-US: signond from Ubuntu Touch CVE-2014-1422 (In Ubuntu's trust-store, if a user revokes location access from an app ...) NOT-FOR-US: Ubuntu trust-store CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) - mountall (partman-efi in jessie uses secure umask, mount in older releases not affected) NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183 NOTE: and http://www.ubuntu.com/usn/usn-2411-1 CVE-2014-1420 (On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp ...) NOT-FOR-US: ubuntu-ui-toolkit CVE-2014-1419 (Race condition in the power policy functions in policy-funcs in acpi-s ...) {DSA-2984-1 DLA-30-1} - acpi-support 0.142-2 CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...) {DSA-2934-1} - python-django 1.6.5-1 NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/ CVE-2014-1417 RESERVED CVE-2014-1416 RESERVED CVE-2014-1415 RESERVED CVE-2014-1414 RESERVED CVE-2014-1413 RESERVED CVE-2014-1412 RESERVED CVE-2014-1411 RESERVED CVE-2014-1410 RESERVED CVE-2014-1476 (The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an e ...) {DSA-2847-1} - drupal6 (Only occurs on Drupal 7 sites which upgraded from Drupal 6 or earlier) - drupal7 7.26-1 CVE-2014-1475 (The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...) {DSA-2851-1 DSA-2847-1} - drupal6 - drupal7 7.26-1 CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kern ...) {DSA-2906-1} - linux 3.12.8-1 (low) - linux-2.6 (low) [wheezy] - linux 3.2.54-1 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed CVE-2014-1445 (The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kerne ...) {DSA-2906-1} - linux 3.12.6-1 (low) - linux-2.6 (low) [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1 CVE-2014-1444 (The fst_get_iface function in drivers/net/wan/farsync.c in the Linux k ...) {DSA-2906-1} - linux 3.12.6-1 (low) - linux-2.6 (low) [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=96b340406724d87e4621284ebac5e059d67b2194 CVE-2014-1438 (The restore_fpu_checking function in arch/x86/include/asm/fpu-internal ...) {DLA-0007-1} - linux 3.12.8-1 (bug #733551) - linux-2.6 [wheezy] - linux 3.2.54-1 [squeeze] - linux-2.6 2.6.32-48squeeze7 NOTE: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0 CVE-2014-1448 REJECTED CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in lib ...) {DSA-2846-1} - libvirt 1.2.1-1 (bug #735676) [squeeze] - libvirt (Unsupported in squeeze-lts) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577 NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0 NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf CVE-2014-1409 (MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5. ...) NOT-FOR-US: MobileIron VSP CVE-2014-1404 RESERVED CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM befor ...) NOT-FOR-US: easyXDM CVE-2014-1397 RESERVED CVE-2014-1396 RESERVED CVE-2014-1395 RESERVED CVE-2014-1394 RESERVED CVE-2014-1393 RESERVED CVE-2014-1392 RESERVED CVE-2014-1391 (QT Media Foundation in Apple OS X before 10.9.5 allows remote attacker ...) NOT-FOR-US: Apple Quicktime CVE-2014-1390 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1389 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1388 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1387 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1386 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1385 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1384 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, all ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1383 (Apple TV before 6.1.2 allows remote authenticated users to bypass an i ...) NOT-FOR-US: Apple TV CVE-2014-1382 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1381 (Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOT ...) NOT-FOR-US: Apple OS X Thunderbolt CVE-2014-1380 (The Security - Keychain component in Apple OS X before 10.9.4 does not ...) NOT-FOR-US: Apple OS X CVE-2014-1379 (Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain ...) NOT-FOR-US: Apple OS X CVE-2014-1378 (IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to byp ...) NOT-FOR-US: Apple OS X CVE-2014-1377 (Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 a ...) NOT-FOR-US: Apple OS X CVE-2014-1376 (Intel Compute in Apple OS X before 10.9.4 does not properly restrict a ...) NOT-FOR-US: Apple OS X Intel Compute CVE-2014-1375 (Intel Graphics Driver in Apple OS X before 10.9.4 allows local users t ...) NOT-FOR-US: Apple OS X Intel Graphics Driver CVE-2014-1374 REJECTED CVE-2014-1373 (Intel Graphics Driver in Apple OS X before 10.9.4 does not properly re ...) NOT-FOR-US: Apple OS X Intel Graphics Driver CVE-2014-1372 (Graphics Driver in Apple OS X before 10.9.4 does not properly restrict ...) NOT-FOR-US: Apple OS X Graphics Driver CVE-2014-1371 (Array index error in Dock in Apple OS X before 10.9.4 allows attackers ...) NOT-FOR-US: Apple OS X Dock CVE-2014-1370 (The byte-swapping implementation in copyfile in Apple OS X before 10.9 ...) NOT-FOR-US: Apple CVE-2014-1369 (WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-a ...) NOT-FOR-US: WebKit CVE-2014-1368 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1367 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1366 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1365 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1364 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1363 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1362 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: WebKit CVE-2014-1361 (Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, ...) NOT-FOR-US: Apple iOS CVE-2014-1360 (Lockdown in Apple iOS before 7.1.2 does not properly verify data from ...) NOT-FOR-US: Apple iOS CVE-2014-1359 (Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X bef ...) NOT-FOR-US: Apple iOS CVE-2014-1358 (Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X befo ...) NOT-FOR-US: Apple iOS CVE-2014-1357 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...) NOT-FOR-US: Apple iOS CVE-2014-1356 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...) NOT-FOR-US: Apple iOS CVE-2014-1355 (The IOKit implementation in the kernel in Apple iOS before 7.1.2 and A ...) NOT-FOR-US: Apple iOS CVE-2014-1354 (CoreGraphics in Apple iOS before 7.1.2 does not properly restrict allo ...) NOT-FOR-US: Apple iOS CVE-2014-1353 (Lock Screen in Apple iOS before 7.1.2 does not properly manage the tel ...) NOT-FOR-US: Apple iOS CVE-2014-1352 (Lock Screen in Apple iOS before 7.1.2 does not properly enforce the li ...) NOT-FOR-US: Apple iOS CVE-2014-1351 (Siri in Apple iOS before 7.1.2 allows physically proximate attackers t ...) NOT-FOR-US: Apple iOS CVE-2014-1350 (Settings in Apple iOS before 7.1.2 allows physically proximate attacke ...) NOT-FOR-US: Apple iOS CVE-2014-1349 (Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 allow ...) NOT-FOR-US: Apple iOS CVE-2014-1348 (Mail in Apple iOS before 7.1.2 advertises the availability of data pro ...) NOT-FOR-US: Apple iOS CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for ...) NOT-FOR-US: Apple iTunes CVE-2014-1346 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, doe ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1345 (WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x ...) - webkitgtk 2.4.8-1 (unimportant) CVE-2014-1344 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1343 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1342 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1341 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1340 (WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1339 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1338 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1337 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1336 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1335 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1334 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1333 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1332 REJECTED CVE-2014-1331 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1330 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1329 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1328 REJECTED CVE-2014-1327 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1326 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1325 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 a ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1324 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1323 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, all ...) NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into a ...) NOT-FOR-US: Apple CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically ...) NOT-FOR-US: Apple CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple ...) NOT-FOR-US: Apple CVE-2014-1319 (Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows ...) NOT-FOR-US: Apple CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not proper ...) NOT-FOR-US: Apple CVE-2014-1317 (iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credential ...) NOT-FOR-US: Apple CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers ...) NOT-FOR-US: Apple CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9. ...) NOT-FOR-US: Apple CVE-2014-1314 (WindowServer in Apple OS X through 10.9.2 does not prevent session cre ...) NOT-FOR-US: Apple CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1306 REJECTED CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attacke ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1301 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1297 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, doe ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Ap ...) NOT-FOR-US: Apple CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9 ...) NOT-FOR-US: Apple CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allow ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1288 REJECTED CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physic ...) NOT-FOR-US: Apple CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attacker ...) NOT-FOR-US: SpringBoard Lock Screen in Apple iOS CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate attack ...) NOT-FOR-US: Springboard in Apple iOS CVE-2014-1284 REJECTED CVE-2014-1283 REJECTED CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...) NOT-FOR-US: Apple CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the as ...) NOT-FOR-US: Photos Backend in Apple iOS CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows re ...) NOT-FOR-US: Apple CVE-2014-1279 (Apple TV before 6.1 does not properly restrict logging, which allows l ...) NOT-FOR-US: Apple TV CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 ...) NOT-FOR-US: Apple CVE-2014-1277 REJECTED CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct us ...) NOT-FOR-US: IOKit HID Event in Apple iOS CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before ...) NOT-FOR-US: Apple CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers ...) NOT-FOR-US: FaceTime in Apple iOS CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers ...) NOT-FOR-US: Apple CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple ...) NOT-FOR-US: Apple CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not p ...) NOT-FOR-US: Apple CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple ...) NOT-FOR-US: Apple CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/s ...) NOT-FOR-US: Apple CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X b ...) NOT-FOR-US: Apple CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after ...) NOT-FOR-US: Apple CVE-2014-1263 (curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport ...) - curl (Only applies to Curl on Mac OS or iOS) NOTE: http://curl.haxx.se/docs/adv_20140326C.html CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers ...) NOT-FOR-US: Apple CVE-2014-1261 (Integer signedness error in CoreText in Apple OS X before 10.9.2 allow ...) NOT-FOR-US: Apple CVE-2014-1260 (QuickLook in Apple OS X through 10.8.5 allows remote attackers to exec ...) NOT-FOR-US: Apple CVE-2014-1259 (Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows at ...) NOT-FOR-US: Apple CVE-2014-1258 (Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9. ...) NOT-FOR-US: Apple CVE-2014-1257 (CFNetwork in Apple OS X through 10.8.5 does not remove session cookies ...) NOT-FOR-US: Apple CVE-2014-1256 (Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9 ...) NOT-FOR-US: Apple CVE-2014-1255 (Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properl ...) NOT-FOR-US: Apple CVE-2014-1254 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote at ...) NOT-FOR-US: Apple CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cau ...) NOT-FOR-US: Apple Boot Camp CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...) NOT-FOR-US: Apple Pages CVE-2014-1251 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2014-1250 (Apple QuickTime before 7.7.5 does not properly perform a byte-swapping ...) NOT-FOR-US: Apple QuickTime CVE-2014-1249 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2014-1248 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2014-1247 (Apple QuickTime before 7.7.5 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2014-1246 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2014-1245 (Integer signedness error in Apple QuickTime before 7.7.5 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2014-1244 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2014-1243 (Apple QuickTime before 7.7.5 does not initialize an unspecified pointe ...) NOT-FOR-US: Apple QuickTime CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, ...) NOT-FOR-US: Apple iTunes CVE-2014-1241 RESERVED CVE-2014-1240 RESERVED CVE-2014-1239 RESERVED CVE-2014-1238 (Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialo ...) NOT-FOR-US: Q-Pulse CVE-2014-1237 (Cross-site scripting (XSS) vulnerability in synetics i-doit pro before ...) NOT-FOR-US: i-doit CVE-2014-1232 (Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plu ...) NOT-FOR-US: Foliopress CVE-2014-1231 RESERVED CVE-2014-1230 RESERVED CVE-2014-1229 RESERVED CVE-2014-1228 RESERVED CVE-2014-1227 RESERVED CVE-2014-1226 (The pipe_init_terminal function in main.c in s3dvt allows local users ...) - s3d 0.2.2-13 (unimportant) NOTE: http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html NOTE: Additional patch hunk applied in 0.2.2-11 (experimental) only NOTE: Not running with elevated privileges in Debian packaging CVE-2014-1225 RESERVED CVE-2014-1224 (Incomplete blacklist vulnerability in the user registration feature in ...) NOT-FOR-US: rexx Recruitment CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx ...) NOT-FOR-US: Telligent Evolution CVE-2014-1222 (Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM ...) NOT-FOR-US: vTiger CRM CVE-2014-1221 RESERVED NOT-FOR-US: Dameware CVE-2014-1220 RESERVED NOT-FOR-US: IT2 Workstation CVE-2014-1219 (CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID ...) NOT-FOR-US: 2E Web Option CVE-2014-1218 RESERVED CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to sy ...) NOT-FOR-US: Livetecs Timelive CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...) NOT-FOR-US: Fitnesse Wiki CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 allo ...) NOT-FOR-US: Core FTP Server CVE-2014-1214 (views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component ...) NOT-FOR-US: Projoom NovaSFH Plugin CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9. ...) NOT-FOR-US: Sophos Anti Virus CVE-2014-1212 RESERVED CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud Direc ...) NOT-FOR-US: VMWare CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does ...) NOT-FOR-US: VMware vSphere Client CVE-2014-1209 (VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Up ...) NOT-FOR-US: VMware vSphere Client CVE-2014-1208 (VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, V ...) NOT-FOR-US: VMWare CVE-2014-1207 (VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers ...) NOT-FOR-US: VMWare CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open Web Ana ...) NOT-FOR-US: Open Web Analytics CVE-2014-1205 RESERVED CVE-2014-1204 (SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8 ...) NOT-FOR-US: Tableau Server CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remot ...) NOT-FOR-US: SoapUI CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH3 ...) NOT-FOR-US: Lorex CVE-2014-0999 (Sendio before 7.2.4 includes the session identifier in URLs in emails, ...) NOT-FOR-US: Sendio CVE-2014-0998 (Integer signedness error in the vt console driver (formerly Newcons) i ...) [experimental] - kfreebsd-11 11.0~svn284956-1 - kfreebsd-10 10.1~svn274115-3 (bug #779194) - kfreebsd-9 (don't have newcons) - kfreebsd-8 (don't have newcons) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc CVE-2014-0997 (WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2 ...) NOT-FOR-US: WiFiMonitor in Android CVE-2014-0996 RESERVED CVE-2014-0995 (The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier ...) NOT-FOR-US: SAP Netweaver CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics ...) NOT-FOR-US: Delphi CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in ...) NOT-FOR-US: Embarcadero CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0990 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0989 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0988 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0987 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0986 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0985 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, ...) NOT-FOR-US: SAP Router CVE-2014-0983 (Multiple array index errors in programs that are automatically generat ...) {DSA-2904-1} - virtualbox 4.3.10-dfsg-1 (bug #741602) - virtualbox-ose (bug #741602) NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities CVE-2014-0982 REJECTED CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4 ...) {DSA-2904-1} - virtualbox 4.3.10-dfsg-1 (bug #741602) - virtualbox-ose (bug #741602) NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities CVE-2014-0980 (Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attac ...) NOT-FOR-US: Publish-It CVE-2014-0976 RESERVED CVE-2014-0975 RESERVED CVE-2014-0974 (The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Ke ...) NOT-FOR-US: Little Kernel (bootloader) CVE-2014-0973 (The image_verify function in platform/msm_shared/image_verify.c in the ...) NOT-FOR-US: Little Kernel (bootloader) CVE-2014-0972 (The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm ...) - linux (affects drivers/gpu/msm, not merged in mainline) CVE-2014-1408 (The Conceptronic C54APM access point with runtime code 1.26 has a defa ...) NOT-FOR-US: Conceptronic C54APM access point CVE-2014-1407 (Multiple cross-site scripting (XSS) vulnerabilities on the Conceptroni ...) NOT-FOR-US: Conceptronic C54APM access point CVE-2014-1406 (CRLF injection vulnerability in goform/formWlSiteSurvey on the Concept ...) NOT-FOR-US: Conceptronic C54APM access point CVE-2014-1405 (Multiple open redirect vulnerabilities on the Conceptronic C54APM acce ...) NOT-FOR-US: Conceptronic C54APM access point CVE-2014-1402 (The default configuration for bccache.FileSystemBytecodeCache in Jinja ...) - jinja2 2.7.2-1 (low; bug #734747) [squeeze] - jinja2 (Minor issue) [wheezy] - jinja2 (Minor issue) NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue CVE-2014-1401 (Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allo ...) NOT-FOR-US: AuraCMS CVE-2014-1400 (The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 ...) NOT-FOR-US: Drupal 7 Entity module CVE-2014-1399 (The entity wrapper access API in the Entity API module 7.x-1.x before ...) NOT-FOR-US: Drupal 7 Entity module CVE-2014-1398 (The entity wrapper access API in the Entity API module 7.x-1.x before ...) NOT-FOR-US: Drupal 7 Entity module CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in lib/cgraph/scan. ...) {DSA-2843-1} - graphviz 2.26.3-16.1 (bug #734745) NOTE: fix: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff CVE-2014-1235 (Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34 ...) - graphviz 2.26.3-16.1 (bug #734745) [wheezy] - graphviz (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a) [squeeze] - graphviz (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a) NOTE: CVE is for buffer overflow introduced by applying only 7aaddf52cd98589fb0c3ab72a393f8411838438a NOTE: fix: https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750 CVE-2014-1234 (The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obta ...) NOT-FOR-US: Paratrooper Newrelic Ruby Gem CVE-2014-1233 (The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtai ...) NOT-FOR-US: Paratrooper Pingdom Ruby Gem CVE-2014-1203 (The get_login_ip_config_file function in Eyou Mail System before 3.6 a ...) NOT-FOR-US: Eyou Mail System CVE-2014-0979 (The start_authentication function in lightdm-gtk-greeter.c in LightDM ...) - lightdm-gtk-greeter 1.6.1-5 (bug #734472) NOTE: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=857303 [wheezy] - lightdm-gtk-greeter (in Wheezy, lightdm restarts when the greeter crashes, so there's no DoS) CVE-2014-0978 (Stack-based buffer overflow in the yyerror function in lib/cgraph/scan ...) {DSA-2843-1} - graphviz 2.26.3-16 (bug #734745) NOTE: https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a NOTE: additional commit required (new CVE-2014-1235): https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750 NOTE: see: https://bugzilla.redhat.com/show_bug.cgi?id=1049165#c6 CVE-2014-0977 (Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Mo ...) {DSA-2841-1} - movabletype-opensource 5.2.9+dfsg-1 (bug #734304) CVE-2014-0971 RESERVED CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management - Collabora ...) NOT-FOR-US: IBM InfoSphere CVE-2014-0969 (Cross-site request forgery (CSRF) vulnerability in the GDS component i ...) NOT-FOR-US: IBM CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM I ...) NOT-FOR-US: IBM InfoSphere CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM I ...) NOT-FOR-US: IBM InfoSphere CVE-2014-0966 (SQL injection vulnerability in the GDS component in IBM InfoSphere Mas ...) NOT-FOR-US: IBM CVE-2014-0965 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0964 (IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and 6. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0963 (The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IB ...) NOT-FOR-US: IBM Global Security Kit CVE-2014-0962 RESERVED CVE-2014-0961 (Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity ...) NOT-FOR-US: IBM Tivoli Identity Manager CVE-2014-0960 (IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before 1.1 ...) NOT-FOR-US: IBM PureApplication System CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through 6.1. ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0957 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...) NOT-FOR-US: IBM CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM WebSp ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 b ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0953 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM Web ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM WebS ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0950 (Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM S ...) NOT-FOR-US: IBM CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design Ma ...) NOT-FOR-US: IBM Rational Software Architect Design CVE-2014-0947 (Unspecified vulnerability in the server in IBM Rational Software Archi ...) NOT-FOR-US: IBM Rational Software Architect Design CVE-2014-0946 (The RES Console in Rule Execution Server in IBM Operational Decision M ...) NOT-FOR-US: IBM CVE-2014-0945 (Cross-site scripting (XSS) vulnerability in the RES Console in Rule Ex ...) NOT-FOR-US: IBM CVE-2014-0944 (Cross-site request forgery (CSRF) vulnerability in the RES Console in ...) NOT-FOR-US: IBM CVE-2014-0943 (IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0. ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventVi ...) NOT-FOR-US: IBM Netcool CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in webtop/eventviewer/eventVi ...) NOT-FOR-US: IBM Netcool CVE-2014-0940 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Serv ...) NOT-FOR-US: IBM Tivoli CVE-2014-0939 RESERVED CVE-2014-0938 RESERVED CVE-2014-0937 RESERVED CVE-2014-0936 (IBM Security AppScan Source 8.0 through 9.0, when the publish-assessme ...) NOT-FOR-US: IBM Security AppScan CVE-2014-0935 (Unspecified vulnerability in IBM Smart Analytics System 7700 before FP ...) NOT-FOR-US: IBM Smart Analytics System CVE-2014-0934 RESERVED CVE-2014-0933 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Info ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...) NOT-FOR-US: IBM CVE-2014-0931 (Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN ...) NOT-FOR-US: IBM CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, a ...) NOT-FOR-US: IBM AIX CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles compon ...) NOT-FOR-US: IBM Connections CVE-2014-0928 RESERVED CVE-2014-0927 (The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 a ...) NOT-FOR-US: IBM CVE-2014-0926 RESERVED CVE-2014-0925 (Open redirect vulnerability in IBM Sterling Control Center 5.4.0 befor ...) NOT-FOR-US: IBM Sterling Control Center CVE-2014-0924 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify th ...) NOT-FOR-US: IBM MessageSight CVE-2014-0923 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote atta ...) NOT-FOR-US: IBM MessageSight CVE-2014-0922 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote atta ...) NOT-FOR-US: IBM MessageSight CVE-2014-0921 (The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allo ...) NOT-FOR-US: IBM MessageSight CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...) NOT-FOR-US: IBM SPSS Analytic Server CVE-2014-0919 (IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords ...) NOT-FOR-US: IBM DB2 CVE-2014-0918 (Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in ...) NOT-FOR-US: IBM Eclipse Help System CVE-2014-0917 (Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System (I ...) NOT-FOR-US: IBM Eclipse Help System CVE-2014-0916 RESERVED CVE-2014-0915 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5. ...) NOT-FOR-US: IBM iNotes CVE-2014-0912 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before 7.5.0. ...) NOT-FOR-US: IBM WebSphere MQ CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0909 (The Administration and Reporting Tool in IBM Rational License Key Serv ...) NOT-FOR-US: IBM CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager (BPM ...) NOT-FOR-US: IBM Business Process Manager CVE-2014-0907 (Multiple untrusted search path vulnerabilities in unspecified (1) setu ...) NOT-FOR-US: IBM DB2 CVE-2014-0906 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2014-0905 (IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure f ...) NOT-FOR-US: IBM CVE-2014-0904 (The update process in IBM Security AppScan Standard 7.9 through 8.8 do ...) NOT-FOR-US: IBM Security AppScan Standard CVE-2014-0903 RESERVED CVE-2014-0902 RESERVED CVE-2014-0901 (Cross-site scripting (XSS) vulnerability in the Social Rendering imple ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0900 (The Device Administrator code in Android before 4.4.1_r1 might allow a ...) NOT-FOR-US: Android CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workloa ...) NOT-FOR-US: IBM AIX CVE-2014-0898 RESERVED CVE-2014-0897 (The Configuration Patterns component in IBM Flex System Manager (FSM) ...) NOT-FOR-US: IBM CVE-2014-0896 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS SamplePowe ...) NOT-FOR-US: IBM SPSS CVE-2014-0894 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0893 (Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Ma ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 F ...) NOT-FOR-US: IBM CVE-2014-0891 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5 ...) NOT-FOR-US: IBM Sametime CVE-2014-0889 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite ...) NOT-FOR-US: IBM Atlas Suite CVE-2014-0888 (IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Workli ...) NOT-FOR-US: IBM CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...) NOT-FOR-US: IBM Lotus Protector for Mail Security CVE-2014-0886 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...) NOT-FOR-US: IBM Lotus Protector for Mail Security CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in ...) NOT-FOR-US: IBM Lotus Protector for Mail Security CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lo ...) NOT-FOR-US: IBM Lotus Protector for Mail Security CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware Managem ...) NOT-FOR-US: IBM CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, ...) NOT-FOR-US: IBM CVE-2014-0881 (The TPM on Integrated Management Module II (IMM2) on IBM Flex System x ...) NOT-FOR-US: IBM CVE-2014-0880 (IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; an ...) NOT-FOR-US: IBM SAN Volume Controller CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX control ...) NOT-FOR-US: IBM Datacap Taskmaster Capture CVE-2014-0878 (The IBMSecureRandom component in the IBMJCE and IBMSecureRandom crypto ...) NOT-FOR-US: IBM JDK CVE-2014-0877 (IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remo ...) NOT-FOR-US: IBM Cognos CVE-2014-0876 (Buffer overflow in the Java GUI Configuration Wizard and Preferences E ...) NOT-FOR-US: IBM CVE-2014-0875 (Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 throug ...) NOT-FOR-US: IBM Storwize V7000 Unified CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x ...) NOT-FOR-US: IBM Content Navigator CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) NOT-FOR-US: IBM InfoSphere CVE-2014-0872 (The installation process in IBM Security Key Lifecycle Manager 2.5 sto ...) NOT-FOR-US: IBM CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Al ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0869 (The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5 ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0868 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0867 (rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0866 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0865 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in Executer ...) NOT-FOR-US: IBM Algo Credit Limits CVE-2014-0863 (The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, ...) NOT-FOR-US: IBM CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational Collabor ...) NOT-FOR-US: IBM Rational Collaborative Lifecycle Management CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2014-0860 (The firmware before 3.66E in IBM BladeCenter Advanced Management Modul ...) NOT-FOR-US: IBM CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS) 7.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authe ...) NOT-FOR-US: IBM Content Navigator CVE-2014-0857 (The Administrative Console in IBM WebSphere Application Server (WAS) 8 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0856 RESERVED CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0854 (The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2014-0853 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Forward ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2014-0852 (IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5 ...) NOT-FOR-US: IBM CVE-2014-0851 RESERVED CVE-2014-0850 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...) NOT-FOR-US: IBM InfoSphere CVE-2014-0849 (IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2014-0848 (The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server co ...) NOT-FOR-US: IBM Netezza Performance Portal CVE-2014-0847 RESERVED CVE-2014-0846 (Cross-site scripting (XSS) vulnerability in IBM Rational Requirements ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2014-0845 (Open redirect vulnerability in IBM Rational Requirements Composer 3.x ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2014-0844 (Unspecified vulnerability in IBM Rational Requirements Composer 3.x be ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2014-0843 (Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6 ...) NOT-FOR-US: IBM Rational Focal Point CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point 6.4.x a ...) NOT-FOR-US: IBM Rational Focal Point CVE-2014-0841 (IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a w ...) NOT-FOR-US: IBM CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Fo ...) NOT-FOR-US: IBM Rational Focal Point CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x befo ...) NOT-FOR-US: IBM Rational Focal Point CVE-2014-0838 (The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-0837 (The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-0836 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-0835 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2014-0834 (IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 t ...) NOT-FOR-US: IBM General Parallel File System CVE-2014-0833 (The OAC component in IBM Financial Transaction Manager (FTM) 2.0 befor ...) NOT-FOR-US: IBM Financial Transaction Manager CVE-2014-0832 (Multiple cross-site scripting (XSS) vulnerabilities in configuration-d ...) NOT-FOR-US: IBM Financial Transaction Manager CVE-2014-0831 (Cross-site request forgery (CSRF) vulnerability in the OAC component i ...) NOT-FOR-US: IBM Financial Transaction Manager CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation i ...) NOT-FOR-US: IBM Financial Transaction Manager CVE-2014-0829 (Multiple buffer overflows in IBM Rational ClearCase 7.x before 7.1.2.1 ...) NOT-FOR-US: IBM Rational ClearCase CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manag ...) NOT-FOR-US: IBM WebSphere Portal CVE-2014-0827 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Workl ...) NOT-FOR-US: IBM InfoSphere CVE-2014-0826 RESERVED CVE-2014-0825 (Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maxi ...) NOT-FOR-US: IBM Maximo Asset Management and others CVE-2014-0824 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management and others CVE-2014-0823 (IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x bef ...) NOT-FOR-US: IBM Domino CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon 2 ...) NOT-FOR-US: Cybozu Garoon CVE-2014-0820 (Directory traversal vulnerability in the download feature in Cybozu Ga ...) NOT-FOR-US: Cybozu Garoon CVE-2014-0819 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 al ...) NOT-FOR-US: Autodesk AutoCAD CVE-2014-0818 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 al ...) NOT-FOR-US: Autodesk AutoCAD CVE-2014-0817 (Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not prope ...) NOT-FOR-US: Cybozu Garoon CVE-2014-0816 (Unspecified vulnerability in Norman Security Suite 10.1 and earlier al ...) NOT-FOR-US: Norman Security Suite CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows at ...) NOT-FOR-US: Opera CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allo ...) NOT-FOR-US: phpMyFAQ CVE-2014-0813 (Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before 2.8 ...) NOT-FOR-US: phpMyFAQ CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 a ...) NOT-FOR-US: KENT-WEB Joyful Note CVE-2014-0811 (Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP ...) NOT-FOR-US: Blackboard Vista CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3 ...) NOT-FOR-US: JustSystems Sanshiro 2007 CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka Si ...) NOT-FOR-US: Gapless Player SimZip CVE-2014-0808 (The lfCheckError function in data/class/pages/shopping/LC_Page_Shoppin ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2014-0806 (The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile ...) NOT-FOR-US: Sleipnir Mobile application CVE-2014-0805 (Directory traversal vulnerability in the NeoFiler application 5.4.3 an ...) NOT-FOR-US: NeoFiler CVE-2014-0804 (Directory traversal vulnerability in the CGENE Security File Manager P ...) NOT-FOR-US: CGENE Security File Manager CVE-2014-0803 (Directory traversal vulnerability in the tetra filer application 2.3.1 ...) NOT-FOR-US: tetra filer application CVE-2014-0802 (Directory traversal vulnerability in the aokitaka ZIP with Pass applic ...) NOT-FOR-US: aokitaka ZIP with Pass CVE-2014-0801 RESERVED CVE-2014-0800 RESERVED CVE-2014-0799 RESERVED CVE-2014-0798 RESERVED CVE-2014-0797 RESERVED CVE-2014-0796 RESERVED CVE-2014-0795 RESERVED CVE-2014-0794 (SQL injection vulnerability in the JV Comment (com_jvcomment) componen ...) NOT-FOR-US: JV Comment Joomla Extension CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...) NOT-FOR-US: Komento Joomla Extension CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to cre ...) NOT-FOR-US: Sonatype Nexus CVE-2014-0790 RESERVED CVE-2014-0791 (Integer overflow in the license_read_scope_list function in libfreerdp ...) {DLA-2356-1} - freerdp (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941 NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45 NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc. CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object Acti ...) NOT-FOR-US: OPC Automation 2.0 Server CVE-2014-0788 REJECTED CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 al ...) NOT-FOR-US: WellinTech KingSCADA CVE-2014-0786 (Ecava IntegraXor before 4.1.4393 allows remote attackers to read clear ...) NOT-FOR-US: Ecava IntegraXor CVE-2014-0785 REJECTED CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...) NOT-FOR-US: Yokogawa CENTUM CS 3000 CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 ...) NOT-FOR-US: Yokogawa CENTUM CS 3000 CVE-2014-0782 (Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Func ...) NOT-FOR-US: Yokogawa CENTUM CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...) NOT-FOR-US: Yokogawa CENTUM CS 3000 CVE-2014-0780 (Directory traversal vulnerability in NTWebServer in InduSoft Web Studi ...) NOT-FOR-US: InduSoft Web Studio CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 componen ...) NOT-FOR-US: Schneider Electric CVE-2014-0778 (The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows ...) NOT-FOR-US: Progea Movicon CVE-2014-0777 (The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and earli ...) NOT-FOR-US: IOServer OPC Server CVE-2014-0776 RESERVED CVE-2014-0775 REJECTED CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider Elec ...) NOT-FOR-US: Schneider Electric OPC Factory Server CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX contro ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0772 (The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 Activ ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX cont ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X- ...) NOT-FOR-US: Festo controller CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0766 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0765 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0764 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows r ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech W ...) NOT-FOR-US: Advantech WebAccess CVE-2014-0762 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows p ...) NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway CVE-2014-0761 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows r ...) NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and CECX-X- ...) NOT-FOR-US: Festo controller CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric Float ...) NOT-FOR-US: Schneider Electric Floating License Manager CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8. ...) NOT-FOR-US: ICONICS CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...) NOT-FOR-US: Smart Software Solutions (3S) CoDeSys Runtime Toolkit CVE-2014-0756 REJECTED CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not p ...) NOT-FOR-US: Rockwell Automation RSLogix CVE-2014-0754 (Directory traversal vulnerability in SchneiderWEB on Schneider Electri ...) NOT-FOR-US: SchneiderWEB CVE-2014-0753 (Stack-based buffer overflow in the SCADA server in Ecava IntegraXor be ...) NOT-FOR-US: Ecava IntegraXor CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote att ...) NOT-FOR-US: Ecava IntegraXor CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the WebView ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2014-0749 (Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open- ...) {DSA-2936-1} - torque 2.4.16+dfsg-1.4 (bug #748827) CVE-2014-0748 (apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP0 ...) NOT-FOR-US: Aprun/apinit on Cray supercomputers CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0746 (The disaster recovery system (DRS) in Cisco Unified Contact Center Exp ...) NOT-FOR-US: Cisco Unified Contact Center CVE-2014-0745 (Cross-site request forgery (CSRF) vulnerability in the Unified Service ...) NOT-FOR-US: Cisco Unified Contact Center Express CVE-2014-0744 REJECTED CVE-2014-0743 (The Certificate Authority Proxy Function (CAPF) component in Cisco Uni ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0742 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0741 (The certificate-import feature in the Certificate Authority Proxy Func ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0740 (Cross-site request forgery (CSRF) vulnerability in the Call Detail Rec ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0739 (Race condition in the Phone Proxy component in Cisco Adaptive Security ...) NOT-FOR-US: Cisco ASA CVE-2014-0738 (The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) S ...) NOT-FOR-US: Cisco ASA CVE-2014-0737 (The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote atta ...) NOT-FOR-US: The Cisco Unified IP Phone CVE-2014-0736 (Cross-site request forgery (CSRF) vulnerability in the Call Detail Rec ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0735 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ( ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0734 (SQL injection vulnerability in the Certificate Authority Proxy Functio ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0733 (The Enterprise License Manager (ELM) component in Cisco Unified Commun ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0732 (The Real Time Monitoring Tool (RTMT) web application in Cisco Unified ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0731 (The administration interface in Cisco Unified Communications Manager ( ...) NOT-FOR-US: Cisco Unified Computing System CVE-2014-0730 (Cisco Unified Computing System (UCS) Central Software 1.1 and earlier ...) NOT-FOR-US: Cisco Unified Computing System CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility Application (EM ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0728 (SQL injection vulnerability in the Java database interface in Cisco Un ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0727 (SQL injection vulnerability in the CallManager Interactive Voice Respo ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0726 (SQL injection vulnerability in the IP Manager Assistant (IPMA) interfa ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0725 (Cisco Unified Communications Manager (UCM) does not require authentica ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0724 (The bulk administration interface in Cisco Unified Communications Mana ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0723 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ( ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0722 (The log4jinit web application in Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0721 (The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows re ...) NOT-FOR-US: Cisco Unified SIP Phone 3905 CVE-2014-0720 (Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows ...) NOT-FOR-US: Cisco IPS CVE-2014-0719 (The control-plane access-list implementation in Cisco IPS Software bef ...) NOT-FOR-US: Cisco IPS CVE-2014-0718 (The produce-verbose-alert feature in Cisco IPS Software 7.1 before 7.1 ...) NOT-FOR-US: Cisco IPS CVE-2014-0717 RESERVED CVE-2014-0716 RESERVED CVE-2014-0715 RESERVED CVE-2014-0714 RESERVED CVE-2014-0713 RESERVED CVE-2014-0712 RESERVED CVE-2014-0711 RESERVED CVE-2014-0710 (Race condition in the cut-through proxy feature in Cisco Firewall Serv ...) NOT-FOR-US: Cisco Firewall Services Module CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded p ...) NOT-FOR-US: Cisco UCS Director CVE-2014-0708 (WebEx Meeting Center in Cisco WebEx Business Suite does not properly c ...) NOT-FOR-US: Cisco WebEx Business Suite CVE-2014-0707 (Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before 7 ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-0706 (Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-0705 (The multicast listener discovery (MLD) service on Cisco Wireless LAN C ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-0704 (The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-0703 (Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distr ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-0702 RESERVED CVE-2014-0701 (Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2014-0700 RESERVED CVE-2014-0699 RESERVED CVE-2014-0698 RESERVED CVE-2014-0697 RESERVED CVE-2014-0696 RESERVED CVE-2014-0695 RESERVED CVE-2014-0694 (Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and ...) NOT-FOR-US: Cisco CVE-2014-0693 RESERVED CVE-2014-0692 RESERVED CVE-2014-0691 (Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insuffici ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-0690 RESERVED CVE-2014-0689 RESERVED CVE-2014-0688 RESERVED CVE-2014-0687 RESERVED CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0685 (Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware all ...) NOT-FOR-US: Cisco CVE-2014-0684 (Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause ...) NOT-FOR-US: Cisco CVE-2014-0683 (The web management interface on the Cisco RV110W firewall with firmwar ...) NOT-FOR-US: Cisco CVE-2014-0682 (Cisco WebEx Meetings Server allows remote authenticated users to bypas ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2014-0681 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services En ...) NOT-FOR-US: Cisco Identity Service Engine CVE-2014-0680 (Cross-site scripting (XSS) vulnerability in the HTTP control interface ...) NOT-FOR-US: Cisco Identity Service Engine CVE-2014-0679 (Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before 1 ...) NOT-FOR-US: Cisco Prime Infrastructure CVE-2014-0678 (The portal interface in Cisco Secure Access Control System (ACS) does ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS all ...) NOT-FOR-US: Cisco NX-OS CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command rest ...) NOT-FOR-US: Cisco NX-OS CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication Ser ...) NOT-FOR-US: Cisco CVE-2014-0674 (Cisco Video Surveillance Operations Manager (VSOM) does not require au ...) NOT-FOR-US: Cisco Video Surveillance Operations Manager CVE-2014-0673 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Cisco Video Surveillance CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly en ...) NOT-FOR-US: Cisco MediaSense CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote attacker ...) NOT-FOR-US: Cisco MediaSense CVE-2014-0670 (Cross-site scripting (XSS) vulnerability in the Search and Play interf ...) NOT-FOR-US: Cisco MediaSense CVE-2014-0669 (The Wireless Session Protocol (WSP) feature in the Gateway GPRS Suppor ...) NOT-FOR-US: Cisco ASR 5000 CVE-2014-0668 (Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2014-0667 (The RMI interface in Cisco Secure Access Control System (ACS) does not ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2014-0666 (Directory traversal vulnerability in the Send Screen Capture implement ...) NOT-FOR-US: Cisco Jabber CVE-2014-0665 (The RBAC implementation in Cisco Identity Services Engine (ISE) Softwa ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2014-0664 (The server in Cisco Unity Connection allows remote authenticated users ...) NOT-FOR-US: Cisco Unity Connection CVE-2014-0663 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2014-0662 (The SIP module in Cisco TelePresence Video Communication Server (VCS) ...) NOT-FOR-US: Cisco TelePresence CVE-2014-0661 (The System Status Collection Daemon (SSCD) in Cisco TelePresence Syste ...) NOT-FOR-US: Cisco TelePresence CVE-2014-0660 (Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows ...) NOT-FOR-US: Cisco TelePresence CVE-2014-0659 (The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS440 ...) NOT-FOR-US: Cisco Small Business Devices CVE-2014-0658 (Cisco 9900 Unified IP phones allow remote attackers to cause a denial ...) NOT-FOR-US: Cisco 9900 Unified IP phones CVE-2014-0657 (The administration portal in Cisco Unified Communications Manager (Uni ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2014-0656 (Cisco Context Directory Agent (CDA) allows remote authenticated users ...) NOT-FOR-US: Cisco Context Directory Agent CVE-2014-0655 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-0654 (Cisco Context Directory Agent (CDA) allows remote attackers to modify ...) NOT-FOR-US: Cisco Context Directory Agent CVE-2014-0653 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2014-0652 (Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco ...) NOT-FOR-US: Cisco Context Directory Agent CVE-2014-0651 (The administrative interface in Cisco Context Directory Agent (CDA) do ...) NOT-FOR-US: Cisco Context Directory Agent CVE-2014-0650 (The web interface in Cisco Secure Access Control System (ACS) 5.x befo ...) NOT-FOR-US: Cisco Secure ACS RMI CVE-2014-0649 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x befo ...) NOT-FOR-US: Cisco Secure ACS RMI CVE-2014-0648 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x befo ...) NOT-FOR-US: Cisco Secure ACS RMI CVE-2014-0647 (The Starbucks 2.6.1 application for iOS stores sensitive information i ...) NOT-FOR-US: Starbucks iOS application CVE-2014-0646 (The runtime WS component in the server in EMC RSA Access Manager 6.1.3 ...) NOT-FOR-US: EMC CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Manageme ...) NOT-FOR-US: EMC CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attacke ...) NOT-FOR-US: EMC CVE-2014-0643 (EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 1 ...) NOT-FOR-US: EMC RSA NetWitness and RSA Security Analytics CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...) NOT-FOR-US: EMC Documentum Content Server CVE-2014-0641 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC ...) NOT-FOR-US: EMC RSA Archer GRC Platform CVE-2014-0640 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authentic ...) NOT-FOR-US: EMC RSA Archer GRC Platform CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...) NOT-FOR-US: RSA Archer CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive Authenticatio ...) NOT-FOR-US: RSA Adaptive Authentication CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office case-manag ...) NOT-FOR-US: RSA Adaptive Authentication CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x b ...) NOT-FOR-US: EMC RSA BSAFE Micro Edition Suite CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x b ...) NOT-FOR-US: EMC VPLEX CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTT ...) NOT-FOR-US: EMC VPLEX CVE-2014-0633 (The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not prop ...) NOT-FOR-US: EMC VPLEX CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5. ...) NOT-FOR-US: EMC VPLEX CVE-2014-0631 REJECTED CVE-2014-0630 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...) NOT-FOR-US: EMC CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...) NOT-FOR-US: EMC CVE-2014-0628 (The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0 ...) NOT-FOR-US: EMC CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1 ...) NOT-FOR-US: EMC RSA CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1. ...) NOT-FOR-US: EMC RSA CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC ...) NOT-FOR-US: EMC RSA CVE-2014-0624 (EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properl ...) NOT-FOR-US: EMC RSA CVE-2014-0623 (Cross-site scripting (XSS) vulnerability in the Self-Service Console i ...) NOT-FOR-US: EMC RSA CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 throug ...) NOT-FOR-US: EMC Documentum Foundation Services CVE-2014-0621 (Multiple cross-site request forgery (CSRF) vulnerabilities in Technico ...) NOT-FOR-US: Technicolor TC7200 STD6.01.12 CVE-2014-0620 (Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (fo ...) NOT-FOR-US: Technicolor TC7200 STD6.01.12 CVE-2014-0619 (Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1 ...) NOT-FOR-US: Hamster Free ZIP Archiver CVE-2014-0618 (Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R be ...) NOT-FOR-US: SRX Services Gateways CVE-2014-0617 (Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before ...) NOT-FOR-US: SRX Services Gateways CVE-2014-0616 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 1 ...) NOT-FOR-US: Juniper JunOS CVE-2014-0615 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 1 ...) NOT-FOR-US: JunOS CLI CVE-2014-0614 (Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is e ...) NOT-FOR-US: Juniper Junos CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 b ...) NOT-FOR-US: JunOS CVE-2014-0612 (Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before 1 ...) NOT-FOR-US: Juniper Junos CVE-2014-0611 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in No ...) NOT-FOR-US: Novell GroupWise CVE-2014-0610 (The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and ...) NOT-FOR-US: Novell GroupWise CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 SP ...) NOT-FOR-US: Novell Open Enterprise Server CVE-2014-0608 RESERVED CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream Proces ...) NOT-FOR-US: Attachmate Verastream Process Designer CVE-2014-0606 REJECTED CVE-2014-0605 (Directory traversal vulnerability in the rftpcom.dll ActiveX control i ...) NOT-FOR-US: Attachmate Reflection FTP Client CVE-2014-0604 (Directory traversal vulnerability in the rftpcom.dll ActiveX control i ...) NOT-FOR-US: Attachmate Reflection FTP Client CVE-2014-0603 (The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client be ...) NOT-FOR-US: Attachmate Reflection FTP Client CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in the NQMc ...) NOT-FOR-US: NetIQ Security Manager CVE-2014-0601 RESERVED CVE-2014-0600 (FileUploadServlet in the Administration service in Novell GroupWise 20 ...) NOT-FOR-US: Novell GroupWise CVE-2014-0599 (Cross-site scripting (XSS) vulnerability in iPrint in Novell Open Ente ...) NOT-FOR-US: Novell Open Enterprise Server CVE-2014-0598 (Directory traversal vulnerability in iPrint in Novell Open Enterprise ...) NOT-FOR-US: Novell Open Enterprise Server CVE-2014-0597 RESERVED CVE-2014-0596 RESERVED CVE-2014-0595 (/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open ...) NOT-FOR-US: Novel OES CVE-2014-0594 (In the Open Build Service (OBS) before version 2.4.6 the CSRF protecti ...) - open-build-service (Fixed before initial release to Debian) NOTE: https://github.com/openSUSE/open-build-service/commit/2188c059b67b82171d0e28ef59f77e62d22a09d8 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=870606 CVE-2014-0593 (The set_version script as shipped with obs-service-set_version is a so ...) NOT-FOR-US: script for OBS CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...) NOT-FOR-US: Crowbar CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND 9. ...) {DSA-3023-1 DLA-48-1} - bind9 1:9.9.5.dfsg-2 (bug #735190) NOTE: https://kb.isc.org/article/AA-01078 NOTE: https://kb.isc.org/article/AA-01085 CVE-2014-0590 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0589 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0588 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 a ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0587 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0586 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0585 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0584 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0583 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0582 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0581 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0580 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0579 REJECTED CVE-2014-0578 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0577 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0576 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.2 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0575 REJECTED CVE-2014-0574 (Double free vulnerability in Adobe Flash Player before 13.0.0.252 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0573 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 a ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0572 (Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 b ...) NOT-FOR-US: Adobe ColdFusion CVE-2014-0571 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 befor ...) NOT-FOR-US: Adobe ColdFusion CVE-2014-0570 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 9. ...) NOT-FOR-US: Adobe ColdFusion CVE-2014-0569 (Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0568 (The NtSetInformationFile system call hook feature in Adobe Reader and ...) NOT-FOR-US: Adobe Reader CVE-2014-0567 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...) NOT-FOR-US: Adobe Reader CVE-2014-0566 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o ...) NOT-FOR-US: Adobe Reader CVE-2014-0565 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o ...) NOT-FOR-US: Adobe Reader CVE-2014-0564 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0563 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 o ...) NOT-FOR-US: Adobe Reader CVE-2014-0562 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-0561 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10. ...) NOT-FOR-US: Adobe Reader CVE-2014-0560 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-0559 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0558 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0557 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0556 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0555 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0554 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0553 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 a ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0552 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0551 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0550 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0549 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0548 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0547 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0546 (Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 o ...) NOT-FOR-US: Adobe CVE-2014-0545 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0544 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0543 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0542 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0541 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0540 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0539 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0538 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 a ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0537 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0535 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0534 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Win ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0533 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0532 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0531 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0530 REJECTED CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0527 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0526 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0525 (The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x befor ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0524 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0523 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0522 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0521 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 o ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2014-0520 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...) NOT-FOR-US: Flash plugin CVE-2014-0519 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...) NOT-FOR-US: Flash plugin CVE-2014-0518 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...) NOT-FOR-US: Flash plugin CVE-2014-0517 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...) NOT-FOR-US: Flash plugin CVE-2014-0516 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11 ...) NOT-FOR-US: Flash plugin CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x t ...) NOT-FOR-US: Flash plugin CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not p ...) NOT-FOR-US: Adobe Reader Mobile application CVE-2014-0513 (Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and ...) NOT-FOR-US: Adobe Illustrator CS6 CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protecti ...) NOT-FOR-US: Adobe Reader CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attac ...) NOT-FOR-US: Adobe Reader CVE-2014-0510 (Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remo ...) NOT-FOR-US: Flash plugin CVE-2014-0509 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0508 (Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x befor ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0507 (Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x t ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 ...) NOT-FOR-US: Adobe Flash Player CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ex ...) NOT-FOR-US: Adobe Shockwave Player CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x befor ...) NOT-FOR-US: Flash plugin CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x befor ...) NOT-FOR-US: Flash plugin CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 an ...) NOT-FOR-US: Flash plugin CVE-2014-0501 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ex ...) NOT-FOR-US: Adobe Shockwave Player CVE-2014-0500 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ex ...) NOT-FOR-US: Adobe Shockwave Player CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x befor ...) NOT-FOR-US: Flash plugin CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 ...) NOT-FOR-US: Flash plugin CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...) NOT-FOR-US: Flash plugin CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 1 ...) NOT-FOR-US: Adobe Reader CVE-2014-0495 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...) NOT-FOR-US: Adobe Reader CVE-2014-0494 (Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Digital Editions CVE-2014-0493 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...) NOT-FOR-US: Adobe Reader CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12 ...) NOT-FOR-US: Flash plugin CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12 ...) NOT-FOR-US: Flash plugin CVE-2014-0490 (The apt-get download command in APT before 1.0.9 does not properly val ...) {DSA-3025-1} - apt 0.9.12 NOTE: fixed with commit http://anonscm.debian.org/cgit/apt/apt.git/commit/?id=d57f6084aaa3972073114973d149ea2291b36682 [squeeze] - apt (apt download command and vulnerable code not present) CVE-2014-0489 (APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, doe ...) {DSA-3025-1 DLA-53-1} - apt 1.0.9 CVE-2014-0488 (APT before 1.0.9 does not "invalidate repository data" when moving fro ...) {DSA-3025-1 DLA-53-1} - apt 1.0.9 CVE-2014-0487 (APT before 1.0.9 does not verify downloaded files if they have been mo ...) {DSA-3025-1 DLA-53-1} - apt 1.0.9 CVE-2014-0486 (Knot DNS before 1.5.2 allows remote attackers to cause a denial of ser ...) - knot 1.5.2-1 CVE-2014-0485 (S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which ...) {DSA-3013-1} - s3ql 2.10.1+dfsg-4 (high) CVE-2014-0484 (The Debian acpi-support package before 0.140-5+deb7u3 allows local use ...) {DSA-3020-1 DLA-49-1} - acpi-support 0.142-4 CVE-2014-0483 (The administrative interface (contrib.admin) in Django before 1.4.14, ...) {DSA-3010-1 DLA-65-1} - python-django 1.6.6-1 CVE-2014-0482 (The contrib.auth.middleware.RemoteUserMiddleware middleware in Django ...) {DSA-3010-1 DLA-65-1} - python-django 1.6.6-1 CVE-2014-0481 (The default configuration for the file upload handling system in Djang ...) {DSA-3010-1 DLA-65-1} - python-django 1.6.6-1 CVE-2014-0480 (The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x ...) {DSA-3010-1 DLA-65-1} - python-django 1.6.6-1 CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remot ...) {DSA-2997-1 DLA-31-1} - reportbug 6.5.0+nmu1 [squeeze] - reportbug 4.12.6+deb6u1 CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which all ...) {DSA-2958-1 DLA-0005-1} - apt 1.0.4 (bug #749795) [squeeze] - apt 0.8.10.3+squeeze2 CVE-2014-0477 (The parse function in Email::Address module before 1.905 for Perl uses ...) {DSA-2969-1 DLA-0011-1} - libemail-address-perl 1.905-1 [squeeze] - libemail-address-perl 1.889-2+deb6u1 CVE-2014-0476 (The slapper function in chkrootkit before 0.50 does not properly quote ...) {DSA-2945-1 DLA-0002-1} - chkrootkit 0.49-5 [squeeze] - chkrootkit 0.49-4+deb6u1 CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka gli ...) {DSA-2976-1 DLA-43-1} - glibc 2.19-6 - eglibc CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressFie ...) {DSA-2934-1} - python-django 1.6.3-1 CVE-2014-0473 (The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6 ...) {DSA-2934-1} - python-django 1.6.3-1 CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...) {DSA-2934-1} - python-django 1.6.3-1 CVE-2014-0471 (Directory traversal vulnerability in the unpacking functionality in dp ...) {DSA-2915-1} - dpkg 1.17.8 CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the setuid ...) {DSA-2917-1} - super 3.30.0-7 CVE-2014-0469 (Stack-based buffer overflow in a certain Debian patch for xbuffy befor ...) {DSA-2921-1} - xbuffy 3.3.bl.3.dfsg-9 CVE-2014-0468 RESERVED - fusionforge 5.3+20140506-1 [squeeze] - fusionforge (Unsupported in squeeze-lts) NOTE: http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html CVE-2014-0467 (Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attacker ...) {DSA-2874-1} - mutt 1.5.22-2 (bug #708731) CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when exe ...) {DSA-2892-1} - a2ps 1:4.14-1.3 (bug #742902) CVE-2014-0465 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0464 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...) - openjdk-7 (Only affects Java 8) - openjdk-6 (Only affects Java 8) CVE-2014-0463 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...) - openjdk-7 (Only affects Java 8) - openjdk-6 (Only affects Java 8) CVE-2014-0462 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...) {DSA-2912-1} - openjdk-6 6b31-1.13.3-1 CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0460 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) {DSA-2923-1 DSA-2912-1} - lcms [squeeze] - lcms (Minor issue) [wheezy] - lcms (Minor issue) - lcms2 2.6-1 (low; bug #745471) [wheezy] - lcms2 (Minor issue) CVE-2014-0458 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0457 (Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0456 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0455 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) {DSA-2923-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 (Only affects Java 7/8) CVE-2014-0454 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) {DSA-2923-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 (Only affects Java 7/8) CVE-2014-0453 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0452 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0451 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0449 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Jav ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0448 (Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote a ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0447 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...) NOT-FOR-US: Solaris CVE-2014-0446 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0444 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Pro ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0443 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0442 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows loc ...) NOT-FOR-US: Solaris CVE-2014-0441 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0440 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0439 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0438 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0437 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mysql-5.5 5.5.35+dfsg-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0436 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hype ...) NOT-FOR-US: Oracle CVE-2014-0435 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0434 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0433 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-0432 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Em ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-0430 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-0429 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...) {DSA-2923-1 DSA-2912-1} - openjdk-7 7u55-2.4.7-1 - openjdk-6 6b31-1.13.3-1 CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0427 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2014-0426 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0425 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Pr ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0424 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0423 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0421 (Unspecified vulnerability in Oracle Solaris 10, when running on the SP ...) NOT-FOR-US: Solaris CVE-2014-0420 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1} - mariadb-5.5 5.5.35-1 - mysql-5.5 5.5.35+dfsg-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5 and 5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0419 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) co ...) NOT-FOR-US: Oracle Secure Global Desktop CVE-2014-0418 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0417 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2014-0416 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0415 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0414 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0413 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mysql-5.5 5.5.35+dfsg-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0411 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0410 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0409 REJECTED CVE-2014-0408 (Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X ...) - openjdk-6 (Specific to MacOS X) - openjdk-7 (Specific to MacOS X) CVE-2014-0407 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DSA-2878-1} - virtualbox-ose (low) - virtualbox 4.3.6-dfsg-1 (low; bug #735410) CVE-2014-0406 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DSA-2878-1} - virtualbox-ose (low) - virtualbox 4.3.6-dfsg-1 (low; bug #735410) CVE-2014-0405 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox-guest-additions (bug #735410) [squeeze] - virtualbox-guest-additions (Non-free not supported) - virtualbox-guest-additions-iso 4.3.10-1 (bug #735410) [wheezy] - virtualbox-guest-additions-iso (Non-free not supported) CVE-2014-0404 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DSA-2878-1} - virtualbox-ose (low) - virtualbox 4.3.6-dfsg-1 (low; bug #735410) CVE-2014-0403 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0402 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.35+dfsg-1 - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0401 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.35+dfsg-1 - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0400 (Unspecified vulnerability in the Oracle Internet Directory component i ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0399 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0398 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-0397 (Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 ...) NOT-FOR-US: Oracle Solaris CVE-2014-0396 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0395 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0393 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.35+dfsg-1 - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0392 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0391 (Unspecified vulnerability in the Oracle Identity Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0390 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) NOT-FOR-US: Oracle Solaris CVE-2014-0389 (Unspecified vulnerability in Oracle iLearning 6.0 allows remote attack ...) NOT-FOR-US: Oracle iLearning CVE-2014-0388 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human Reso ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0387 (Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, whe ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0386 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.35+dfsg-1 - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0385 (Unspecified vulnerability in Oracle Java SE 7u45, when installing on O ...) - openjdk-6 (Specific to MacOS X) - openjdk-7 (Specific to MacOS X) CVE-2014-0384 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2919-1} - mysql-5.5 5.5.37-1 (bug #744910) - mariadb-5.5 5.5.37-1 (bug #745330) - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5/5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2014-0383 (Unspecified vulnerability in the Oracle Identity Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0382 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 all ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2014-0381 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0380 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: PeopleSoft Enterprise CVE-2014-0379 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0378 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2014-0377 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2014-0376 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0375 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2014-0374 (Unspecified vulnerability in the Oracle Portal component in Oracle Fus ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2014-0373 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, an ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0372 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0371 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2014-0370 (Unspecified vulnerability in the Siebel Life Sciences component in Ora ...) NOT-FOR-US: Oracle Siebel CRM CVE-2014-0369 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) NOT-FOR-US: Oracle Siebel CRM CVE-2014-0368 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, an ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2014-0367 (Unspecified vulnerability in the Hyperion Essbase Administration Servi ...) NOT-FOR-US: Oracle Hyperion CVE-2014-0366 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2014-0365 RESERVED CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API before ...) NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964) CVE-2014-0363 (The ServerTrustManager component in the Ignite Realtime Smack XMPP API ...) NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964) CVE-2014-0362 (Cross-site scripting (XSS) vulnerability on Google Search Appliance (G ...) NOT-FOR-US: Google Search Appliance CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global Co ...) NOT-FOR-US: IBM CVE-2014-0360 REJECTED CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to exec ...) NOT-FOR-US: Xangati CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...) NOT-FOR-US: Xangati CVE-2014-0357 (Amtelco miSecureMessages allows remote attackers to read the messages ...) NOT-FOR-US: Amtelco miSecureMessages CVE-2014-0356 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ. ...) NOT-FOR-US: ZyXEL CVE-2014-0355 (Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUS ...) NOT-FOR-US: ZyXEL CVE-2014-0354 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ. ...) NOT-FOR-US: ZyXEL CVE-2014-0353 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ. ...) NOT-FOR-US: ZyXEL CVE-2014-0352 REJECTED CVE-2014-0351 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 an ...) NOT-FOR-US: Fortinet FortiOS CVE-2014-0350 (The Poco::Net::X509Certificate::verify method in the NetSSL library in ...) {DLA-1239-1} - poco 1.3.6p1-5 (low; bug #746637) [squeeze] - poco (Minor issue) CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote attacke ...) NOT-FOR-US: J2k-Codec CVE-2014-0348 (The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workst ...) NOT-FOR-US: Artiva CVE-2014-0347 (The Settings module in Websense Triton Unified Security Center 7.7.3 b ...) NOT-FOR-US: Websense Triton Unified Security Center CVE-2014-0346 REJECTED CVE-2014-0345 RESERVED CVE-2014-0344 (Properties.do in ZOHO ManageEngine OpStor before build 8500 does not p ...) NOT-FOR-US: ZOHO ManageEngine OpStor CVE-2014-0343 (The web interface on Virtual Access GW6110A routers with software 9.00 ...) NOT-FOR-US: GW6110A routers CVE-2014-0342 (Multiple unrestricted file upload vulnerabilities in fileupload.php in ...) NOT-FOR-US: PivotX CVE-2014-0341 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2 ...) NOT-FOR-US: PivotX CVE-2014-0340 RESERVED CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before ...) - webmin CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall po ...) NOT-FOR-US: WatchGuard Fireware XTM CVE-2014-0337 (Cross-site scripting (XSS) vulnerability in the web interface on Huawe ...) NOT-FOR-US: Huawei Echo Life HG8247 CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in S ...) NOT-FOR-US: Serena Dimensions CM CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...) NOT-FOR-US: Serena Dimensions CM CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) NOT-FOR-US: CMS Made Simple CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive deco ...) - libpng (Only affects libpng 1.6.0 through 1.6.9) - libpng1.6 1.6.10-1 CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...) NOT-FOR-US: Dell SonicWALL GMS CVE-2014-0331 (Cross-site scripting (XSS) vulnerability in the web administration int ...) NOT-FOR-US: Fortinet NGFW CVE-2014-0330 (Cross-site scripting (XSS) vulnerability in adminui/user_list.php on t ...) NOT-FOR-US: Dell KACE K1000 management appliance CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded ...) NOT-FOR-US: TELNET service on the ZTE ZXV10 W300 router CVE-2014-0328 (The thraneLINK protocol implementation on Cobham devices does not veri ...) NOT-FOR-US: Cobham CVE-2014-0327 (The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and ...) NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on Iridium satellite terminals CVE-2014-0326 (The Pilot Below Deck Equipment (BDE) and OpenPort implementations on I ...) NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on Iridium satellite terminals CVE-2014-0325 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...) NOT-FOR-US: Microsoft Internet Explorer 10 CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0320 REJECTED CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...) NOT-FOR-US: Microsoft CVE-2014-0318 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in ...) NOT-FOR-US: Microsoft CVE-2014-0316 (Memory leak in the Local RPC (LRPC) server implementation in Microsoft ...) NOT-FOR-US: Microsoft CVE-2014-0315 (Untrusted search path vulnerability in Microsoft Windows XP SP2 and SP ...) NOT-FOR-US: Microsoft CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0310 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0307 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0296 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not im ...) NOT-FOR-US: Microsoft .NET Framework CVE-2014-0294 (Microsoft Forefront Protection 2010 for Exchange Server does not prope ...) NOT-FOR-US: Microsoft Forefront Protection CVE-2014-0293 (Microsoft Internet Explorer 9 through 11 allows remote attackers to re ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0292 REJECTED CVE-2014-0291 REJECTED CVE-2014-0290 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0289 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0288 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0287 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0286 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0285 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0284 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0283 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0282 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0281 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0280 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0279 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0278 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0277 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0276 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0275 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0274 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0273 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0272 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0271 (The VBScript engine in Microsoft Internet Explorer 6 through 11, and V ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0270 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0269 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0268 (Microsoft Internet Explorer 8 through 11 does not properly restrict fi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0267 (Microsoft Internet Explorer 11 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2014-0266 (The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Win ...) NOT-FOR-US: Microsoft CVE-2014-0265 REJECTED CVE-2014-0264 REJECTED CVE-2014-0263 (The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and S ...) NOT-FOR-US: Microsoft Windows CVE-2014-0261 (Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remo ...) NOT-FOR-US: Microsoft Dynamics CVE-2014-0260 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT ...) NOT-FOR-US: Microsoft Office CVE-2014-0259 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...) NOT-FOR-US: Microsoft Office CVE-2014-0258 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, a ...) NOT-FOR-US: Microsoft Office CVE-2014-0257 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2014-0256 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold allo ...) NOT-FOR-US: Microsoft Windows Server CVE-2014-0255 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and ...) NOT-FOR-US: Microsoft Windows Server CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, a ...) NOT-FOR-US: Microsoft CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2014-0252 REJECTED CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 ...) NOT-FOR-US: Microsoft SharePoint CVE-2014-0250 (Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allo ...) - freerdp 1.1.0~git20140809.1.b07a5c1+dfsg-1 (unimportant; bug #749585) NOTE: A malicious RDP server has many more ways to mess with an RDP client CVE-2014-0249 (The System Security Services Daemon (SSSD) 1.11.6 does not properly id ...) - sssd 1.11.7-1 (low; bug #749569) [jessie] - sssd (Minor issue) [squeeze] - sssd (Minor issue) [wheezy] - sssd (Minor issue) CVE-2014-0248 (org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework ...) NOT-FOR-US: JBoss Seam CVE-2014-0247 (LibreOffice 4.2.4 executes unspecified VBA macros automatically, which ...) - libreoffice 1:4.2.5-1 [wheezy] - libreoffice (vulnerable code not present) CVE-2014-0246 (SOSreport stores the md5 hash of the GRUB bootloader password in an ar ...) - sosreport (unimportant; bug #749568) NOTE: Non-issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1101393#c5 CVE-2014-0245 (It was found that the implementation of the GTNSubjectCreatingIntercep ...) NOT-FOR-US: GateIn CVE-2014-0244 (The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x ...) {DSA-2966-1} - samba 2:4.1.9+dfsg-1 [squeeze] - samba (Only affects 3.6 and later) - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: https://www.samba.org/samba/security/CVE-2014-0244 CVE-2014-0243 (Check_MK through 1.2.5i2p1 allows local users to read arbitrary files ...) - check-mk (Vulnerable code not present) NOTE: https://www.lsexperts.de/advisories/lse-2014-05-21.txt CVE-2014-0242 (mod_wsgi module before 3.4 for Apache, when used in embedded mode, mig ...) {DSA-2937-1} - mod-wsgi 3.4-3 NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/b0a149c1f5e569932325972e2e20176a42e43517 CVE-2014-0241 (rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml ...) NOT-FOR-US: hammer_cli_foreman ruby gem CVE-2014-0240 (The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled ...) {DSA-2937-1} - mod-wsgi 3.5-1 (bug #748910) NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4 NOTE: only when running with linux >= 2.6.0 and < 3.1.0 CVE-2014-0239 (The internal DNS server in Samba 4.x before 4.0.18 does not check the ...) - samba 2:4.1.8+dfsg-1 (bug #749845) - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2 [squeeze] - samba (AD feature not present) [wheezy] - samba (AD feature not present) NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2 CVE-2014-0238 (The cdf_read_property_info function in cdf.c in the Fileinfo component ...) {DSA-3021-1 DSA-2943-1 DLA-145-1 DLA-27-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0 - php5 5.6.0~beta4+dfsg-1 (low) NOTE: https://bugs.php.net/bug.php?id=67327 CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo componen ...) {DSA-3021-1 DSA-2943-1 DLA-145-1 DLA-27-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d - php5 5.6.0~beta4+dfsg-1 (low) NOTE: https://bugs.php.net/bug.php?id=67328 CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before 5.6. ...) - file 1:5.19-1 [wheezy] - file (Introduced in 5.18) [squeeze] - file (Introduced in 5.18) - php5 5.6.0~beta4+dfsg-1 [wheezy] - php5 (Vulnerable code not present) [squeeze] - php5 (Vulnerable code not present) NOTE: https://bugs.php.net/bug.php?id=67329 CVE-2014-0235 REJECTED CVE-2014-0234 (The default configuration of broker.conf in Red Hat OpenShift Enterpri ...) NOT-FOR-US: OpenShift CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow re ...) NOT-FOR-US: OpenShift CVE-2014-0232 (Multiple cross-site scripting (XSS) vulnerabilities in framework/commo ...) NOT-FOR-US: Apache OFBiz CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not h ...) {DSA-2989-1 DLA-66-1} - apache2 2.4.10-1 CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0 ...) {DSA-3530-1 DLA-232-1} - tomcat6 6.0.41-3 (bug #785316) - tomcat7 7.0.55-1 [wheezy] - tomcat7 7.0.28-4+deb7u3 - tomcat8 8.0.9-1 NOTE: tomcat6 in jessie only builds the servlet API classes NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x) NOTE: https://svn.apache.org/viewvc?view=revision&revision=1659537 (6.x) CVE-2014-0229 (Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in C ...) NOT-FOR-US: Hadoop as packaged by Cloudera CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization m ...) NOT-FOR-US: Apache Hive CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apach ...) {DSA-3530-1 DLA-232-1} - tomcat6 6.0.41-3 (bug #785312) NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x) NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages - tomcat7 7.0.55-1 [wheezy] - tomcat7 7.0.28-4+deb7u3 NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x) - tomcat8 8.0.9-1 NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x) NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601332 (8.x) CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server befo ...) {DSA-2989-1 DLA-66-1} - apache2 2.4.10-1 CVE-2014-0225 (When processing user provided XML documents, the Spring Framework 4.0. ...) - libspring-java 3.0.6.RELEASE-14 (low; bug #753470) [squeeze] - libspring-java (Minor issue) [wheezy] - libspring-java (Minor issue) CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h d ...) {DSA-2950-1 DLA-0008-1 DLA-0003-1} - openssl 1.0.1h-1 (bug #750665) [squeeze] - openssl 0.9.8o-4squeeze15 CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-6 (bug #742730) [squeeze] - qemu (Unsupported in squeeze-lts) - qemu-kvm [squeeze] - qemu-kvm (Unsupported in squeeze-lts) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU bef ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-6 (bug #742730) [squeeze] - qemu (Unsupported in squeeze-lts) - qemu-kvm [squeeze] - qemu-kvm (Unsupported in squeeze-lts) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL before ...) {DSA-2950-1 DLA-0003-1} - openssl 1.0.1h-1 (bug #750665) [squeeze] - openssl 0.9.8o-4squeeze15 CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote authe ...) NOT-FOR-US: Cloudera Manager CVE-2014-0219 (Apache Karaf before 4.0.10 enables a shutdown port on the loopback int ...) - apache-karaf (bug #881297) CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader reposit ...) - moodle 2.6.3-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332 CVE-2014-0217 (enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the mo ...) - moodle 2.6.3-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126 CVE-2014-0216 (The My Home implementation in the block_html_pluginfile function in bl ...) - moodle 2.6.3-1 [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877 CVE-2014-0215 (The blind-marking implementation in Moodle through 2.3.11, 2.4.x befor ...) - moodle 2.6.3-1 [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750 CVE-2014-0214 (login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x b ...) - moodle 2.6.3-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119 CVE-2014-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assi ...) - moodle 2.6.3-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606 CVE-2014-0212 (qpid-cpp: ACL policies only loaded if the acl-file option specified en ...) - qpid-cpp (low; bug #772794) [wheezy] - qpid-cpp (Minor issue) NOTE: Upstream issue: https://issues.apache.org/jira/browse/QPID-4938 NOTE: Commit which does no longer build acl support only as plugin: https://svn.apache.org/viewvc?view=revision&revision=r1494697 CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyph ...) {DSA-2927-1} - libxfont 1:1.4.7-2 (unimportant) NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1 CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x be ...) {DSA-2927-1} - libxfont 1:1.4.7-2 (unimportant) NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1 CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlia ...) {DSA-2927-1} - libxfont 1:1.4.7-2 CVE-2014-0208 (Cross-site scripting (XSS) vulnerability in the search auto-completion ...) - foreman (bug #663101) CVE-2014-0207 (The cdf_read_short_sector function in cdf.c in file before 5.19, as us ...) {DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1} - file 1:5.19-1 [squeeze] - file 5.04-5+squeeze6 NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0 - php5 5.6.0~beta4+dfsg-1 [squeeze] - php5 5.3.3-7+squeeze21 NOTE: https://bugs.php.net/bug.php?id=67326 CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in ...) - linux 3.14.10-1 [wheezy] - linux (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797) - linux-2.6 (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797) NOTE: Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797 (v3.10) NOTE: Upstream patches: https://lkml.org/lkml/2014/6/24/619 https://lkml.org/lkml/2014/6/24/623 CVE-2014-0205 (The futex_wait function in kernel/futex.c in the Linux kernel before 2 ...) - linux 2.6.37 - linux-2.6 2.6.37-1 [squeeze] - linux-2.6 2.6.32-28 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704 (v2.6.37) NOTE: https://lkml.org/lkml/2010/9/16/99 NOTE: Introduced in f801073f87aa2 (around 2.6.31) according to SuSE Bugzilla CVE-2014-0204 (OpenStack Identity (Keystone) before 2014.1.1 does not properly handle ...) - keystone 2014.1-5 (bug #749026) [wheezy] - keystone CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before ...) {DLA-0015-1} - linux 2.6.33-1 - linux-2.6 2.6.37-1 [squeeze] - linux-2.6 2.6.32-48squeeze8 NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=86acdca1b63e6890540fa19495cfc708beff3d8b (v2.6.33) CVE-2014-0202 (The setup script in ovirt-engine-dwh, as used in the Red Hat Enterpris ...) NOT-FOR-US: ovirt / RHEV CVE-2014-0201 (ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization ...) NOT-FOR-US: ovirt / RHEV CVE-2014-0200 (The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) ...) NOT-FOR-US: ovirt / RHEV CVE-2014-0199 (The setup script in ovirt-engine-reports, as used in the Red Hat Enter ...) NOT-FOR-US: ovirt / RHEV CVE-2014-0198 (The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...) {DSA-2931-1} - openssl 1.0.1g-4 (bug #747432) [squeeze] - openssl (vulnerable code not present) NOTE: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 CVE-2014-0197 (CFME: CSRF protection vulnerability via permissive check of the referr ...) NOT-FOR-US: CloudForms Management Engine CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel th ...) {DSA-2928-1 DSA-2926-1} - linux 3.14.4-1 (bug #747166) - linux-2.6 NOTE: PoC: http://pastebin.com/yTSFUBgZ CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before ...) {DSA-2950-1 DLA-0003-1} - openssl 1.0.1h-1 (bug #750665) [squeeze] - openssl 0.9.8o-4squeeze15 CVE-2014-0194 REJECTED CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...) {DLA-2110-1} - netty (WebSocket08FrameDecoder function not present; bug #746639) - netty-3.9 3.9.9.Final-1 NOTE: https://github.com/netty/netty/commit/48edb7802b42b0e2eb5a55d8eca390e0c9066783 CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to provis ...) - foreman (bug #663101) CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before ...) {DSA-2978-2 DLA-151-1} - libxml2 2.9.1+dfsg1-4 (bug #747309) NOTE: The upstream patch we used in DSA-2978-1 and DLA-16-1 is only half of the fix. The other half is likely https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f which is only in libxml 2.9 and newer. This was found out with the test case given in https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-8935085. NOTE: First patches: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825 CVE-2014-0190 (The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to c ...) - qt4-x11 4:4.8.6+dfsg-1 (low) [wheezy] - qt4-x11 (Minor issue) [squeeze] - qt4-x11 (Minor issue) NOTE: https://qt.gitorious.org/qt/qtbase/commit/eb1325047f2697d24e93ebaf924900affc876bc1 NOTE: Possible squeeze backport in http://lists.debian.org/54ca4d0c.4696420a.0f32.4d29@mx.google.com CVE-2014-0189 (virt-who uses world-readable permissions for /etc/sysconfig/virt-who, ...) NOT-FOR-US: RedHat virt-who CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2 ...) NOT-FOR-US: OpenShift CVE-2014-0187 (The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013. ...) - neutron 2014.1.2-1 NOTE: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff;h=68a24e5f908412b83ca7c3f2d2d2014678e79570 NOTE: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff;h=42a8539d497322716df0150c2123befd246d69d8 CVE-2014-0186 (A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Li ...) - tomcat7 (RHEL-specific regression) CVE-2014-0185 (sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP be ...) {DSA-2943-1} - php5 5.5.12+dfsg-1 [squeeze] - php5 (FPM SAPI only enabled in 5.3.5-1) NOTE: https://bugs.php.net/bug.php?id=67060 CVE-2014-0184 (Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs th ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0183 (Versions of Katello as shipped with Red Hat Subscription Asset Manager ...) NOT-FOR-US: Katello CVE-2014-0182 (Heap-based buffer overflow in the virtio_load function in hw/virtio/vi ...) - qemu 2.1+dfsg-1 (bug #739589) - qemu-kvm [wheezy] - qemu (Too intrusive to backport, minor risk) [wheezy] - qemu-kvm (Too intrusive to backport, minor risk) [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) NOTE: Fix: http://git.qemu.org/?p=qemu.git;a=commit;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc NOTE: Regression fix needed: http://git.qemu.org/?p=qemu.git;a=commit;h=2f5732e9648fcddc8759a8fd25c0b41a38352be6 CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...) - linux 3.14.9-1 (bug #746738) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport to 2.6.32) [wheezy] - linux (Too intrusive to backport to 3.2) CVE-2014-0180 (The wait_for_task function in app/controllers/application_controller.r ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0179 (libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...) {DSA-3038-1} - libvirt 1.2.4-1 (unimportant) NOTE: no ACL mechanism in squeeze and wheezy and all access is root-equivalent NOTE: LSN-2014-0003: https://www.redhat.com/archives/libvir-list/2014-May/msg00209.html CVE-2014-0178 (Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1. ...) {DSA-2966-1} - samba 2:4.1.8+dfsg-1 (low) [squeeze] - samba (Vulnerable code not present) - samba4 4.0.0~beta2+dfsg1-3.2+deb7u2 NOTE: server packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2 CVE-2014-0177 (The am function in lib/hub/commands.rb in hub before 1.12.1 allows loc ...) NOT-FOR-US: Github client CVE-2014-0176 (Cross-site scripting (XSS) vulnerability in application/panel_control ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0175 (mcollective has a default password set at install ...) - mcollective (unimportant) NOTE: Password rotation is documented in README.Debian CVE-2014-0174 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...) NOT-FOR-US: Cumin CVE-2014-0173 (The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x ...) NOT-FOR-US: WordPress plugin Jetpack CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf.c in ...) - elfutils 0.158-1 (low; bug #744017) [squeeze] - elfutils (Affected code introduced in 0.153) [wheezy] - elfutils (Affected code introduced in 0.153) CVE-2014-0171 (XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in ...) NOT-FOR-US: Odata4j CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualizatio ...) NOT-FOR-US: Teiid CVE-2014-0169 (In JBoss EAP 6 a security domain is configured to use a cache that is ...) NOT-FOR-US: JBoss EAP CVE-2014-0168 (Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2. ...) NOT-FOR-US: Jolokia CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack Compute (N ...) - nova 2013.2.3-1 (bug #744051) [wheezy] - nova (Only affects 2013.1 to 2013.2.3) CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in W ...) {DSA-2901-1} - wordpress 3.8.2+dfsg-1 (bug #744018) CVE-2014-0165 (WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authentica ...) {DSA-2901-1} - wordpress 3.8.2+dfsg-1 (bug #744018) CVE-2014-0164 (openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise ...) - mcollective 1.2.1+dfsg-2 CVE-2014-0163 (Openshift has shell command injection flaws due to unsanitized data be ...) NOT-FOR-US: OpenShift CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service ...) - glance 2014.1-1 [wheezy] - glance (Only affects 2013.2 to 2013.2.3) CVE-2014-0161 (ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify tha ...) NOT-FOR-US: ovirt-engine-sdk-python CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1 ...) {DSA-2896-1} - openssl 1.0.1g-1 (bug #743883) [squeeze] - openssl (vulnerable code introduced in upstream commit 4817504) NOTE: fix: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902 NOTE: http://www.openssl.org/news/secadv/20140407.txt NOTE: system reboot is recommended after the upgrade CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call (RPC) in ...) {DSA-2899-1} - openafs 1.6.7-1 CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration ...) - horizon 2013.2.3-1 (bug #744019) [wheezy] - horizon (Vulnerable code not present) CVE-2014-0156 RESERVED CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel t ...) - linux 3.14.4-1 (low) [wheezy] - linux (Vulnerable code not present) - linux-2.6 (Vulnerable code not present) NOTE: fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 CVE-2014-0154 (oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set- ...) NOT-FOR-US: oVirt web admin interface CVE-2014-0153 (The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 lo ...) NOT-FOR-US: oVirt REST API CVE-2014-0152 (Session fixation vulnerability in the web admin interface in oVirt 3.4 ...) NOT-FOR-US: oVirt web admin interface CVE-2014-0151 (Cross-site request forgery (CSRF) vulnerability in oVirt Engine before ...) NOT-FOR-US: ovirt CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in hw/net/virti ...) {DSA-2910-1 DSA-2909-1} - qemu 1.7.0+dfsg-8 (bug #744221) - qemu-kvm CVE-2014-0149 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss W ...) NOT-FOR-US: JBoss Seam CVE-2014-0148 (Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to ...) - qemu 2.0.0+dfsg-1 (bug #742730) [squeeze] - qemu (vhdx support introduced in 1.5) [wheezy] - qemu (vhdx support introduced in 1.5) - qemu-kvm (vhdx support introduced in 1.5) CVE-2014-0147 (Qemu before 1.6.2 block diver for the various disk image formats used ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-1 (bug #742730) - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) CVE-2014-0146 (The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 an ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-1 (bug #742730) - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9 CVE-2014-0145 (Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, a ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-1 (bug #742730) - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) CVE-2014-0144 (QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-1 (bug #742730) - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) CVE-2014-0143 (Multiple integer overflows in the block drivers in QEMU, possibly befo ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-1 (bug #742730) - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) CVE-2014-0142 (QEMU, possibly before 2.0.0, allows local users to cause a denial of s ...) {DSA-3045-1 DSA-3044-1} - qemu 2.0.0+dfsg-1 (bug #742730) - qemu-kvm [squeeze] - qemu (Unsupported in squeeze-lts) [squeeze] - qemu-kvm (Unsupported in squeeze-lts) CVE-2014-0141 (Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. ...) NOT-FOR-US: Red Hat Satellite CVE-2014-0140 (Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remo ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-0139 (cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qso ...) {DSA-2902-1} - curl 7.36.0-1 (bug #742728) NOTE: http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch CVE-2014-0138 (The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re- ...) {DSA-2902-1} - curl 7.36.0-1 (bug #742728) NOTE: http://curl.haxx.se/libcurl-bad-reuse.patch CVE-2014-0137 (SQL injection vulnerability in the saved_report_delete action in the R ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0136 (The (1) get and (2) log methods in the AgentController in Red Hat Clou ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0135 (Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses wo ...) NOT-FOR-US: Kafo NOTE: Might be packaged after foreman (ITP bug #663101) CVE-2014-0134 (The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 201 ...) - nova 2013.2.2-4 (bug #742712) [wheezy] - nova (Introduced in Grizzly) NOTE: https://launchpad.net/bugs/1221190 CVE-2014-0133 (Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ...) - nginx 1.4.7-1 (unimportant; bug #742059) [wheezy] - nginx (Vulnerable code not present) [squeeze] - nginx (Vulnerable code not present) NOTE: ngx_http_spdy_module introduced in 1.3.15 NOTE: Debian compiles with --with-http_spdy_module, but also with --with-debug CVE-2014-0132 (The SASL authentication functionality in 389 Directory Server before 1 ...) - 389-ds-base 1.3.2.9-1.1 (bug #741600) CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in net/core/s ...) - linux 3.13.6-1 [wheezy] - linux 3.2.57-1 - linux-2.6 (Introduced in 3.1) NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2 CVE-2014-0130 (Directory traversal vulnerability in actionpack/lib/abstract_controlle ...) {DSA-2929-1} - ruby-actionpack-2.3 (Vulnerable code not present) - ruby-actionpack-3.2 (bug #747382) - rails-3.2 3.2.18-1 (bug #747382) - rails-4.0 (bug #747380) CVE-2014-0129 (badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6. ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140 CVE-2014-0128 (Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled ...) - squid (All Squid-3.0 and older versions not vulnerable) - squid3 3.4.8-1 (unimportant; bug #741312) NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_1.txt NOTE: only affects package rebuilds with --enable-ssl by users CVE-2014-0127 (The time-validation implementation in (1) mod/feedback/complete.php an ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656 CVE-2014-0126 (Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ...) - moodle 2.6.2-1 [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146 CVE-2014-0125 (repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4 ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409 CVE-2014-0124 (The identity-reporting implementations in mod/forum/renderer.php and m ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916 CVE-2014-0123 (The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...) - moodle 2.6.2-1 [squeeze] - moodle (Unsupported in squeeze-lts) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990 NOTE: squeeze version unaffected due to lack of fine-grained access control? CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2 ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082 CVE-2014-0121 (The admin terminal in Hawt.io does not require authentication, which a ...) NOT-FOR-US: hawtio-karaf-terminal CVE-2014-0120 (Cross-site request forgery (CSRF) vulnerability in the admin terminal ...) NOT-FOR-US: hawtio-karaf-terminal CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 d ...) {DSA-3530-1} - tomcat8 8.0.8-1 - tomcat7 7.0.54-1 - tomcat6 6.0.41-1 [wheezy] - tomcat7 7.0.28-4+deb7u4 CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate mod ...) {DSA-2989-1 DLA-66-1} - apache2 2.4.10-1 CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, wh ...) - apache2 2.4.10-1 [squeeze] - apache2 (Affects 2.4.6 to 2.4.9) [wheezy] - apache2 (Affects 2.4.6 to 2.4.9) CVE-2014-0116 (CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard ...) - libstruts1.2-java (Struts 2.0.0 through to Struts 2.3.16.2) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022 CVE-2014-0115 (Directory traversal vulnerability in the log viewer in Apache Storm 0. ...) NOT-FOR-US: Apache Storm CVE-2014-0114 (Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8. ...) {DSA-2940-1 DLA-57-1} - libstruts1.2-java 1.2.9-9 (bug #745897) NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E - commons-beanutils 1.9.2-1 (low) [wheezy] - commons-beanutils (Too intrusive to backport; might break existing apps) [squeeze] - commons-beanutils (Too intrusive to backport; might break existing apps) NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463 CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cook ...) - libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.16) NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.20 does not properly ...) - libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.16) NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote ...) NOT-FOR-US: Apache Syncope CVE-2014-0110 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attacke ...) NOT-FOR-US: Apache CXF CVE-2014-0109 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attacke ...) NOT-FOR-US: Apache CXF CVE-2014-0108 REJECTED CVE-2014-0107 (The TransformerFactory in Apache Xalan-Java before 2.7.2 does not prop ...) {DSA-2886-1} - libxalan2-java 2.7.1-9 (bug #742577) NOTE: https://issues.apache.org/jira/browse/XALANJ-2435 NOTE: http://svn.apache.org/viewvc?view=revision&revision=1581058 CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...) {DLA-160-1} - sudo 1.8.5p2-1 (low) [squeeze] - sudo (environment sanitising is enabled by default and turning it off in insecure anyway) NOTE: http://www.sudo.ws/sudo/alerts/env_add.html CVE-2014-0105 (The auth_token middleware in the OpenStack Python client library for K ...) - python-keystoneclient 1:0.6.0-4 (low; bug #742898) [wheezy] - python-keystoneclient (Vulnerable code yet in src:keystone) - keystone 2013.1.1-2 [wheezy] - keystone (Minor issue) NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient CVE-2014-0104 (In fence-agents before 4.0.17 does not verify remote SSL certificates ...) - fence-agents 4.0.17-1 (low; bug #764801) [jessie] - fence-agents (Minor issue) [wheezy] - fence-agents (Minor issue) CVE-2014-0103 (WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credent ...) - zarafa (bug #658433) CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyring.c ...) - linux 3.13.6-1 [wheezy] - linux (Introduced in v3.13) - linux-2.6 (Introduced in v3.13) NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 NOTE: patch: http://www.kernelhub.org/?msg=425013&p=2 CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linu ...) {DSA-2906-1} - linux 3.13.6-1 [wheezy] - linux 3.2.57-1 - linux-2.6 NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e NOTE: http://patchwork.ozlabs.org/patch/325898/ CVE-2014-0100 (Race condition in the inet_frag_intern function in net/ipv4/inet_fragm ...) - linux 3.13.6-1 [wheezy] - linux (Introduced in v3.9) - linux-2.6 (Introduced in v3.9) NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ef0eb0db4bf92c6d2510fe5c4dc51852746f206 NOTE: http://patchwork.ozlabs.org/patch/325844/ CVE-2014-0099 (Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apac ...) {DSA-3530-1} - tomcat8 8.0.5-1 - tomcat7 7.0.53-1 [wheezy] - tomcat7 7.0.28-4+deb7u3 - tomcat6 6.0.41-1 NOTE: http://svn.apache.org/r1578814 CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config modu ...) - apache2 2.4.9-1 [squeeze] - apache2 (Vulnerable code not present) [wheezy] - apache2 (Vulnerable code not present) NOTE: Looks like it was introduced in 2.2.23 which would mean that squeeze+wheezy are not affected. sf: waiting for confirmation. CVE-2014-0097 (The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 ...) - libspring-java (ActiveDirectoryLdapAuthenticator not yet present, introduced in 3.1) CVE-2014-0096 (java/org/apache/catalina/servlets/DefaultServlet.java in the default s ...) {DSA-3530-1} - tomcat8 8.0.5-1 - tomcat7 7.0.53-1 - tomcat6 6.0.41-1 [wheezy] - tomcat7 7.0.28-4+deb7u4 CVE-2014-0095 (java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat ...) - tomcat8 8.0.5-1 CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remo ...) - libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.16) CVE-2014-0093 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when usin ...) NOT-FOR-US: JBoss EAP CVE-2014-0092 (lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...) {DSA-2869-1} - gnutls26 2.12.23-13 - gnutls28 3.2.11-2 NOTE: http://gnutls.org/security.html#GNUTLS-SA-2014-2 CVE-2014-0091 (Foreman has improper input validation which could lead to partial Deni ...) - foreman (bug #663101) CVE-2014-0090 (Session fixation vulnerability in Foreman before 1.4.2 allows remote a ...) - foreman (bug #663101) CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in app/views/common/500.html. ...) - foreman (bug #663101) CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx 1. ...) - nginx (Only affects 1.5.10) CVE-2014-0087 (The check_privileges method in vmdb/app/controllers/application_contro ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFa ...) NOT-FOR-US: RichFaces NOTE: https://github.com/richfaces/richfaces/commit/4115c103f74e7cb0af6d392e22866e52db2bc4e7 NOTE: https://issues.jboss.org/browse/RF-13250 CVE-2014-0085 (JBoss Fuse did not enable encrypted passwords by default in its usage ...) NOT-FOR-US: Fuse Fabric CVE-2014-0084 (Ruby gem openshift-origin-node before 2014-02-14 does not contain a cr ...) NOT-FOR-US: rubygem-openshift-origin-node CVE-2014-0083 (The Ruby net-ldap gem before 0.11 uses a weak salt when generating SSH ...) - ruby-net-ldap (SSHA support not present) NOTE: SSHA support only from version v0.5.0, see #742706 CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...) {DSA-2929-1} - rails-4.0 (only 3.2.x and earlier) - rails-3.2 3.2.17-1 - ruby-actionpack-3.2 - ruby-actionpack-2.3 [wheezy] - ruby-actionpack-2.3 - rails 2.3.14.1 [squeeze] - rails (Unsupported in squeeze-lts) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ...) {DSA-2929-1} - rails-4.0 - rails-3.2 3.2.17-1 - ruby-actionpack-3.2 - ruby-actionpack-2.3 [wheezy] - ruby-actionpack-2.3 - rails 2.3.14.1 [squeeze] - rails (Unsupported in squeeze-lts) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2014-0080 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...) - rails-4.0 - ruby-activerecord-3.2 (affects only rails 4.0.x) - ruby-activerecord-2.3 (affects only rails 4.0.x) - rails (affects only rails 4.0.x) CVE-2014-0079 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...) NOT-FOR-US: Zarafa Collaboration Platform CVE-2014-0078 (The CatalogController in Red Hat CloudForms Management Engine (CFME) b ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0077 (drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...) - linux 3.13.10-1 [wheezy] - linux 3.2.57-1 - linux-2.6 (Vulnerable code not present) NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923 NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600 CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does no ...) {DSA-2908-1 DLA-0003-1} - openssl 1.0.1g-1 (low; bug #742923) [squeeze] - openssl 0.9.8o-4squeeze15 NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c CVE-2014-0075 (Integer overflow in the parseChunkHeader function in java/org/apache/c ...) {DSA-3530-1} - tomcat8 8.0.5-1 - tomcat7 7.0.53-1 [wheezy] - tomcat7 7.0.28-4+deb7u3 - tomcat6 6.0.41-1 CVE-2014-0074 (Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthen ...) - shiro 1.2.3-1 CVE-2014-0073 (The CDVInAppBrowser class in the Apache Cordova In-App-Browser standal ...) NOT-FOR-US: Apache Cordova CVE-2014-0072 (ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone p ...) NOT-FOR-US: Apache Cordova CVE-2014-0071 (PackStack in Red Hat OpenStack 4.0 does not enforce the default securi ...) - neutron 2014.1-1 CVE-2014-0070 REJECTED CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel th ...) - linux 3.13.6-1 (bug #741958) [wheezy] - linux 3.2.57-1 - linux-2.6 (Only affects 2.6.38 and later) NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401 NOTE: upstream fix 5d81de8e8667da7135d3a32a964087c0faf5483f included in v3.14-rc4 CVE-2014-0068 RESERVED NOT-FOR-US: OpenShift CVE-2014-0067 (The "make check" command for the test suites in PostgreSQL 9.3.3 and e ...) {DSA-2865-1 DSA-2864-1 DLA-0019-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0066 (The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16 ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0065 (Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9. ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0064 (Multiple integer overflows in the path_in and other unspecified functi ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0063 (Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0 ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0062 (Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0061 (The validator functions for the procedural languages (PLs) in PostgreS ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.12-1 (low) - postgresql-8.4 [wheezy] - postgresql-8.4 8.4.20-0wheezy1 - postgresql-9.3 9.3.3-1 - postgresql-plsh 1.20140221-1 [wheezy] - postgresql-plsh (Minor issue) [squeeze] - postgresql-plsh (Minor issue) CVE-2014-0060 (PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9. ...) {DSA-2865-1 DSA-2864-1} - postgresql-9.1 9.1.11-2 - postgresql-8.4 [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) - postgresql-9.3 9.3.3-1 CVE-2014-0059 (JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Applicatio ...) NOT-FOR-US: JBossSX CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise Applicati ...) NOT-FOR-US: JBoss EAP CVE-2014-0057 (The x_button method in the ServiceController (vmdb/app/controllers/ser ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2014-0056 (The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not chec ...) - neutron 2013.2.2-4 (bug #742800) CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsy ...) - linux 3.13.10-1 [wheezy] - linux 3.2.57-1 - linux-2.6 (Vulnerable code not present) NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923 NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600 CVE-2014-0054 (The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Frame ...) {DSA-2890-1} - libspring-java 3.0.6.RELEASE-13 (bug #741604) CVE-2014-0053 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 f ...) - grails (bug #473213) CVE-2014-0052 REJECTED CVE-2014-0051 REJECTED CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as use ...) {DSA-2897-1 DSA-2856-1} - libcommons-fileupload-java 1.3.1-1 - tomcat7 7.0.52-1 - tomcat6 (access to Manager application limited to authenticated administrators) NOTE: http://svn.apache.org/viewvc?view=revision&revision=1565169 NOTE: CVE might be splitted CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm ...) - linux 3.13.6-1 [wheezy] - linux (Introduced in 3.5) - linux-2.6 (Introduced in 3.5) NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b CVE-2014-0048 (An issue was found in Docker before 1.6.0. Some programs and scripts i ...) - docker.io 1.6.0+dfsg1-1 NOTE: According to Red Hat bug no longer present in 1.5 CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact via ve ...) - docker.io 1.6.0+dfsg1-1 NOTE: According to Red Hat bug no longer present in 1.5 CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in Embe ...) NOT-FOR-US: ember.js CVE-2014-0045 (The needSamples method in AudioOutputSpeech.cpp in the client in Mumbl ...) {DSA-2854-1} - mumble 1.2.4-0.2 (bug #737739) [squeeze] - mumble (Opus support not present) CVE-2014-0044 (The opus_packet_get_samples_per_frame function in client in Mumble 1.2 ...) {DSA-2854-1} - mumble 1.2.4-0.2 (bug #737739) [squeeze] - mumble (Opus support not present) CVE-2014-0043 (In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls ...) NOT-FOR-US: Apache Wicket CVE-2014-0042 (OpenStack Heat Templates (heat-templates), as used in Red Hat Enterpri ...) NOT-FOR-US: openstack-heat-templates CVE-2014-0041 (OpenStack Heat Templates (heat-templates), as used in Red Hat Enterpri ...) NOT-FOR-US: openstack-heat-templates CVE-2014-0040 (OpenStack Heat Templates (heat-templates), as used in Red Hat Enterpri ...) NOT-FOR-US: openstack-heat-templates CVE-2014-0039 (Untrusted search path vulnerability in fwsnort before 1.6.4, when not ...) - fwsnort 1.6.4-1 (low; bug #737495) [wheezy] - fwsnort (Minor issue) [squeeze] - fwsnort (Vulnerable code not present) NOTE: https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348 CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel b ...) - linux 3.13.4-1 (unimportant) [wheezy] - linux (Introduced in 3.4+) - linux-2.6 (Introduced in 3.4+) NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70 NOTE: Debian does not enable CONFIG_X86_X32, see #708070 CVE-2014-0037 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...) NOT-FOR-US: Zarafa Collaboration Platform CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with S ...) NOT-FOR-US: rbovirt CVE-2014-0035 (The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7. ...) NOT-FOR-US: Apache CFX CVE-2014-0034 (The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x b ...) NOT-FOR-US: Apache CFX CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0. ...) {DSA-3530-1 DLA-91-1} - tomcat6 6.0.39 CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apac ...) {DLA-207-1} - subversion 1.8.8-1 (low; bug #737815) [squeeze] - subversion (Minor issue) [wheezy] - subversion 1.6.17dfsg-4+deb7u5 CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache Clou ...) NOT-FOR-US: Apache CloudStack CVE-2014-0030 (The XML-RPC protocol support in Apache Roller before 5.0.3 allows atta ...) NOT-FOR-US: Apache Roller CVE-2014-0029 (Multiple cross-site scripting (XSS) vulnerabilities in the SAM web app ...) NOT-FOR-US: Katello CVE-2014-0028 (libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypa ...) - libvirt 1.2.1-1 [squeeze] - libvirt (Introduced in 1.1.1) [wheezy] - libvirt (Introduced in 1.1.1) NOTE: https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html CVE-2014-0027 (The play_wave_from_socket function in audio/auserver.c in Flite 1.4 al ...) - flite 1.4-release-8 (low; bug #734746) [wheezy] - flite (Minor issue) [squeeze] - flite (Minor issue) CVE-2014-0026 (katello-headpin is vulnerable to CSRF in REST API ...) NOT-FOR-US: Katello CVE-2014-0025 REJECTED CVE-2014-0024 RESERVED CVE-2014-0023 (OpenShift: Install script has temporary file creation vulnerability wh ...) NOT-FOR-US: OpenShift CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and e ...) NOT-FOR-US: yum cron CVE-2014-0021 (Chrony before 1.29.1 has traffic amplification in cmdmon protocol ...) - chrony 1.29.1-1 (low; bug #737644) [squeeze] - chrony (Minor issue) [wheezy] - chrony (Minor issue) CVE-2014-0020 (The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Not suitable for code injection) CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0 ...) - socat 1.7.2.3-1 (low; bug #736993) [squeeze] - socat (Minor issue) [wheezy] - socat (Minor issue) CVE-2014-0018 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss ...) NOT-FOR-US: Red Hat JBoss Enterprise Application Platform CVE-2014-0017 (The RAND_bytes function in libssh before 0.6.3, when forking is enable ...) {DSA-2879-1} - libssh 0.5.4-3 NOTE: http://git.libssh.org/projects/libssh.git/commit/?id=e99246246b4061f7e71463f8806b9dcad65affa0 CVE-2014-0016 (stunnel before 5.00, when using fork threading, does not properly upda ...) - stunnel4 (Debian package compiled with --with-threads=pthread) CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one authenticat ...) {DSA-2849-1} - curl 7.35.0-1 CVE-2014-0014 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1 ...) NOT-FOR-US: Ember.js CVE-2014-0013 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1 ...) NOT-FOR-US: Ember.js CVE-2014-0012 (FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create tempo ...) - jinja2 2.7.2-2 (bug #734956) [squeeze] - jinja2 (introduced by fix in 2.7.2) [wheezy] - jinja2 (introduced by fix in 2.7.2) NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7 CVE-2014-0011 (Multiple heap-based buffer overflows in the ZRLE_DECODE function in co ...) - tigervnc (Fixed before initial release in Debian) - vnc4 4.1.1+X4.3.0+t-1 (unimportant) NOTE: may affect related *VNC implementations if built with NDEBUG NOTE: e.g. vnc4 seems to have similar code in common/rfb/zrleDecode.h NOTE: starting with 4.1.1+X4.3.0+t-1 it's a transitional package CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/pro ...) - moodle 2.5.4-1 [squeeze] - moodle (Code correctly checks session key) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883 CVE-2014-0009 (course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4. ...) - moodle 2.5.4-1 (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643 CVE-2014-0008 (lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x b ...) - moodle 2.5.4-1 (low) [squeeze] - moodle (Vulnerable code not present) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 CVE-2014-0007 (The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows ...) - foreman (bug #663101) CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 throu ...) - swift 1.11.0-2 (low; bug #735582) [wheezy] - swift (Minor issue) CVE-2014-0005 (PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application ...) NOT-FOR-US: PicketBox/JBossSX CVE-2014-0004 (Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1. ...) {DSA-2872-1} - udisks2 2.1.3-1 - udisks 1.0.5-1 CVE-2014-0003 (The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before ...) NOT-FOR-US: Apache Camel CVE-2014-0002 (The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.1 ...) NOT-FOR-US: Apache Camel CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...) {DSA-2919-1 DLA-75-1} - mysql-5.1 (low) [squeeze] - mysql-5.1 (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x) - mysql-5.5 5.5.37-1 (low; bug #737596) - mariadb-5.5 5.5.35-1 (low; bug #737597) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1054592 NOTE: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 CVE-2014-0158 (Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJ ...) - openjpeg 1.3+dfsg-4.7 NOTE: Not considering a duplicate of CVE-2013-1447 following NOTE: https://www.openwall.com/lists/oss-security/2014/04/02/2 . A query NOTE: to MITRE though indicated that CVE-2014-0158 will not be REJECTED NOTE: since people might have tracked CVE-2014-0158 of the much higher NOTE: impact as due https://bugzilla.redhat.com/show_bug.cgi?id=1082925 NOTE: and https://bugzilla.suse.com/show_bug.cgi?id=871412