[Secure-testing-commits] r26435 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Sat Apr 5 09:14:12 UTC 2014
Author: joeyh
Date: 2014-04-05 09:14:12 +0000 (Sat, 05 Apr 2014)
New Revision: 26435
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-04 14:05:40 UTC (rev 26434)
+++ data/CVE/list 2014-04-05 09:14:12 UTC (rev 26435)
@@ -1,21 +1,105 @@
+CVE-2014-2726
+ RESERVED
+CVE-2014-2725
+ RESERVED
+CVE-2014-2724
+ RESERVED
+CVE-2014-2723
+ RESERVED
+CVE-2014-2722
+ RESERVED
+CVE-2014-2721
+ RESERVED
+CVE-2014-2720
+ RESERVED
+CVE-2014-2719
+ RESERVED
+CVE-2014-2718
+ RESERVED
+CVE-2014-2717
+ RESERVED
+CVE-2014-2716
+ RESERVED
+CVE-2014-2715
+ RESERVED
+CVE-2014-2714
+ RESERVED
+CVE-2014-2713
+ RESERVED
+CVE-2014-2712
+ RESERVED
+CVE-2014-2711
+ RESERVED
+CVE-2014-2710
+ RESERVED
+CVE-2014-2705
+ RESERVED
+CVE-2014-2704
+ RESERVED
+CVE-2014-2703
+ RESERVED
+CVE-2014-2702
+ RESERVED
+CVE-2014-2701
+ RESERVED
+CVE-2014-2700
+ RESERVED
+CVE-2014-2699
+ RESERVED
+CVE-2014-2698
+ RESERVED
+CVE-2014-2697
+ RESERVED
+CVE-2014-2696
+ RESERVED
+CVE-2014-2695
+ RESERVED
+CVE-2014-2694
+ RESERVED
+CVE-2014-2693
+ RESERVED
+CVE-2014-2692
+ RESERVED
+CVE-2014-2691
+ RESERVED
+CVE-2014-2690
+ RESERVED
+CVE-2014-2689
+ RESERVED
+CVE-2014-2688
+ RESERVED
+CVE-2014-2687
+ RESERVED
+CVE-2013-7352 (Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in ...)
+ TODO: check
+CVE-2013-7350 (Multiple unspecified vulnerabilities in Check Point Security Gateway ...)
+ TODO: check
+CVE-2013-7349 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote ...)
+ TODO: check
+CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...)
+ TODO: check
CVE-2014-5880
REJECTED
CVE-2014-2709
+ RESERVED
- cacti <unfixed> (bug #743565)
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
CVE-2014-2708 [SQL injection]
+ RESERVED
- cacti <unfixed> (bug #743565)
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
NOTE: CVE for all changes to graph_xport.php to ensure that data is numeric
CVE-2014-2707 [cups-browsed remote exploit]
+ RESERVED
- cups-filters 1.0.51-1 (bug #743470)
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: Introduced in at least 1.0.41
NOTE: fixed in 1.0.51, pending in git http://anonscm.debian.org/gitweb/?p=printing/cups-filters.git;a=commitdiff;h=e7293d18836d90815277a7efb410275b9baa27c7
CVE-2014-2706
+ RESERVED
- linux 3.13.7-1 (low)
- linux-2.6 <removed> (low)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
@@ -60,6 +144,7 @@
CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
NOT-FOR-US: Symphony CMS
CVE-2013-7351 [several XSS]
+ RESERVED
- shaarli 0.0.41~beta~dfsg2-4 (bug #743252)
NOTE: https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
CVE-2014-2685 [zendframework ZF2014-02]
@@ -82,20 +167,17 @@
RESERVED
- zendframework <unfixed> (bug #743175)
NOTE: http://framework.zend.com/security/advisory/ZF2014-01
-CVE-2014-2678 [rds: prevent dereference of a NULL device in rds_iw_laddr_check]
- RESERVED
+CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2014/3/29/188
-CVE-2014-2673 [error in the "arch_dup_task_struct()" function]
- RESERVED
+CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) ...)
- linux 3.13.7-1
[wheezy] - linux <not-affected> (Introduced in 3.4)
- linux-2.6 <not-affected> (Introduced in 3.4)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=621b5060e823301d0cba4cb52a7ee3491922d291
NOTE: only affects powerpc architecture
-CVE-2014-2672 [race condition error in the "ath_tx_aggr_sleep()" function]
- RESERVED
+CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in ...)
- linux 3.13.7-1
- linux-2.6 <removed>
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8
@@ -129,8 +211,7 @@
CVE-2014-2656 [arbitrary insertions of malicious data within cube parameter]
RESERVED
NOT-FOR-US: Hypercube
-CVE-2014-2655 [postfixadmin sql injection]
- RESERVED
+CVE-2014-2655 (SQL injection vulnerability in the gen_show_status function in ...)
{DSA-2889-1}
- postfixadmin 2.3.5-3
NOTE: http://sourceforge.net/p/postfixadmin/code/1650
@@ -280,8 +361,8 @@
RESERVED
CVE-2014-2579
RESERVED
-CVE-2014-2578
- RESERVED
+CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
+ TODO: check
CVE-2014-2577
RESERVED
CVE-2014-2575
@@ -322,8 +403,7 @@
[wheezy] - otrs2 <no-dsa> (Minor issue)
[squeeze] - otrs2 <no-dsa> (Minor issue)
NOTE: https://www.otrs.com/security-advisory-2014-05-clickjacking-issue/
-CVE-2014-2553 [XSS issue]
- RESERVED
+CVE-2014-2553 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
- otrs2 3.3.6-1
[wheezy] - otrs2 <no-dsa> (Minor issue)
[squeeze] - otrs2 <no-dsa> (Minor issue)
@@ -427,7 +507,7 @@
RESERVED
CVE-2014-2498
RESERVED
-CVE-2013-7348 [aio: prevent double free in ioctx_alloc]
+CVE-2013-7348 (Double free vulnerability in the ioctx_alloc function in fs/aio.c in ...)
- linux 3.13.4-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f
@@ -851,8 +931,8 @@
RESERVED
CVE-2014-2341
RESERVED
-CVE-2014-2340
- RESERVED
+CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin ...)
+ TODO: check
CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in ...)
NOT-FOR-US: GnuBoard
CVE-2014-2338
@@ -1307,10 +1387,9 @@
RESERVED
CVE-2014-2139
RESERVED
-CVE-2014-2138
- RESERVED
-CVE-2014-2137
- RESERVED
+CVE-2014-2138 (CRLF injection vulnerability in the web framework in Cisco Security ...)
+ TODO: check
+CVE-2014-2137 (CRLF injection vulnerability in the web framework in Cisco Web ...)
NOT-FOR-US: Cisco Web Security Appliance
CVE-2014-2136
RESERVED
@@ -1334,8 +1413,7 @@
RESERVED
CVE-2014-2126
RESERVED
-CVE-2014-2125
- RESERVED
+CVE-2014-2125 (Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco ...)
NOT-FOR-US: Cisco Unity Connection Server
CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T ...)
NOT-FOR-US: Cisco
@@ -1471,8 +1549,7 @@
- mantis <removed>
[squeeze] - mantis <no-dsa> (Minor issue)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
-CVE-2014-2237 [Trustee token revocation does not work with memcache backend]
- RESERVED
+CVE-2014-2237 (The memcache token backend in OpenStack Identity (Keystone) 2013.1 ...)
- keystone <unfixed>
[wheezy] - keystone <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1260080
@@ -1486,8 +1563,7 @@
CVE-2014-2213
RESERVED
NOT-FOR-US: POSH web app (different from src:posh)
-CVE-2014-2212
- RESERVED
+CVE-2014-2212 (The remember me feature in portal/scr_authentif.php in POSH (aka Posh ...)
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in POSH ...)
NOT-FOR-US: POSH web app (different from src:posh)
@@ -1661,8 +1737,8 @@
RESERVED
CVE-2014-2035 (Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web ...)
NOT-FOR-US: InterWorx Web Control Panel
-CVE-2014-2034
- RESERVED
+CVE-2014-2034 (Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through ...)
+ TODO: check
CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, ...)
NOT-FOR-US: Blue Coat ProxySG
CVE-2014-2028
@@ -1818,8 +1894,8 @@
NOT-FOR-US: OpenDocMan
CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)
NOT-FOR-US: Ilch CMS
-CVE-2014-1942
- RESERVED
+CVE-2014-1942 (Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx ...)
+ TODO: check
CVE-2014-1941
RESERVED
CVE-2014-1940
@@ -2084,30 +2160,24 @@
CVE-2014-1909
RESERVED
NOT-FOR-US: Android SDK Tools
-CVE-2014-1896 [XSA-86 libvchan failure handling malicious ring indexes]
- RESERVED
+CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
-CVE-2014-1895 [XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall]
- RESERVED
+CVE-2014-1895 (Off-by-one error in the flask_security_avc_cachestats function in ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
-CVE-2014-1894 [XSA-84]
- RESERVED
+CVE-2014-1894 (Multiple integer overflows in unspecified suboperations in the flask ...)
- xen <not-affected> (XSM not enabled in build)
NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
-CVE-2014-1893 [XSA-84]
- RESERVED
+CVE-2014-1893 (Multiple integer overflows in the (1) FLASK_GETBOOL and (2) ...)
- xen <not-affected> (XSM not enabled in build)
NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
-CVE-2014-1892 [XSA-84]
- RESERVED
+CVE-2014-1892 (Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause ...)
- xen <not-affected> (XSM not enabled in build)
NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
-CVE-2014-1891 [XSA-84]
- RESERVED
+CVE-2014-1891 (Multiple integer overflows in the (1) FLASK_GETBOOL, (2) ...)
- xen <not-affected> (XSM not enabled in build)
NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1887 (The DrinkedIn BarFinder application for Android, when Adobe PhoneGap ...)
@@ -2621,8 +2691,7 @@
[wheezy] - erlang <no-dsa> (Minor issue)
CVE-2014-1692 (The hash_buffer function in schnorr.c in OpenSSH through 6.4, when ...)
- openssh <not-affected> (J-PAKE not activated)
-CVE-2014-1691 [Possible remote code execution on horde3]
- RESERVED
+CVE-2014-1691 (The framework/Util/lib/Horde/Variables.php script in the Util library ...)
{DSA-2853-1}
- horde3 <removed> (medium; bug #737149)
- php-horde-util 2.3.0-1
@@ -3613,40 +3682,40 @@
RESERVED
CVE-2014-1314
RESERVED
-CVE-2014-1313
- RESERVED
-CVE-2014-1312
- RESERVED
-CVE-2014-1311
- RESERVED
-CVE-2014-1310
- RESERVED
-CVE-2014-1309
- RESERVED
-CVE-2014-1308
- RESERVED
-CVE-2014-1307
- RESERVED
+CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
CVE-2014-1306
RESERVED
-CVE-2014-1305
- RESERVED
-CVE-2014-1304
- RESERVED
+CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1302
- RESERVED
-CVE-2014-1301
- RESERVED
+CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1301 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1299
- RESERVED
-CVE-2014-1298
- RESERVED
-CVE-2014-1297
- RESERVED
+CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
+CVE-2014-1297 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
+ TODO: check
CVE-2014-1296
RESERVED
CVE-2014-1295
@@ -4132,8 +4201,8 @@
RESERVED
CVE-2014-0902
RESERVED
-CVE-2014-0901
- RESERVED
+CVE-2014-0901 (Cross-site scripting (XSS) vulnerability in the Social Rendering ...)
+ TODO: check
CVE-2014-0900
RESERVED
CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a ...)
@@ -4278,8 +4347,8 @@
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0829 (Multiple buffer overflows in IBM Rational ClearCase 7.x before ...)
NOT-FOR-US: IBM Rational ClearCase
-CVE-2014-0828
- RESERVED
+CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content ...)
+ TODO: check
CVE-2014-0827
RESERVED
CVE-2014-0826
@@ -5235,8 +5304,7 @@
CVE-2014-0467 (Buffer overflow in copy.c in Mutt before 1.5.23 allows remote ...)
{DSA-2874-1}
- mutt 1.5.22-2 (bug #708731)
-CVE-2014-0466 [does not invoke gs with -dSAFER]
- RESERVED
+CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when ...)
{DSA-2892-1}
- a2ps 1:4.14-1.3 (bug #742902)
CVE-2013-7196
@@ -6934,8 +7002,7 @@
RESERVED
CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.1 allows ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
-CVE-2014-0093
- RESERVED
+CVE-2014-0093 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when ...)
NOT-FOR-US: JBoss EAP
CVE-2014-0092 (lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...)
{DSA-2869-1}
@@ -10562,8 +10629,7 @@
RESERVED
CVE-2013-5643
RESERVED
-CVE-2013-5640
- RESERVED
+CVE-2013-5640 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote ...)
NOT-FOR-US: Gnew
CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 ...)
NOT-FOR-US: Gnew
@@ -11276,8 +11342,8 @@
RESERVED
CVE-2013-5366
RESERVED
-CVE-2013-5365
- RESERVED
+CVE-2013-5365 (Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, ...)
+ TODO: check
CVE-2013-5364 (Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and ...)
NOT-FOR-US: Secunia CSI Agent
CVE-2013-5363
@@ -14266,8 +14332,7 @@
CVE-2013-4241
RESERVED
NOT-FOR-US: WordPress plugin HMS Testimonials
-CVE-2013-4240
- RESERVED
+CVE-2013-4240 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS ...)
NOT-FOR-US: WordPress plugin HMS Testimonials
CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c in ...)
- libvirt 1.1.2~rc1-1 (bug #719533)
@@ -15927,8 +15992,8 @@
NOT-FOR-US: SearchBlox
CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
NOT-FOR-US: Dell iDRAC6
-CVE-2013-3588
- RESERVED
+CVE-2013-3588 (The web management interface on Zyxel P660 devices allows remote ...)
+ TODO: check
CVE-2013-3587 [BREACH attack against HTTP compression]
RESERVED
TODO: check
@@ -16172,8 +16237,8 @@
RESERVED
CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF ...)
NOT-FOR-US: Soda PDF
-CVE-2013-3484
- RESERVED
+CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before ...)
+ TODO: check
CVE-2013-3483 (Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER ...)
NOT-FOR-US: ERADAS ER Viewer
CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ...)
@@ -16783,8 +16848,8 @@
RESERVED
CVE-2013-3214
RESERVED
-CVE-2013-3213
- RESERVED
+CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through ...)
+ TODO: check
CVE-2013-3212
RESERVED
CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a ...)
@@ -17327,8 +17392,8 @@
RESERVED
CVE-2013-2946
RESERVED
-CVE-2013-2945
- RESERVED
+CVE-2013-2945 (SQL injection vulnerability in blogs/admin.php in b2evolution before ...)
+ TODO: check
CVE-2013-2944 (strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ...)
{DSA-2665-1}
- strongswan 4.6.4-7
@@ -19173,8 +19238,8 @@
RESERVED
CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation ...)
NOT-FOR-US: CA SiteMinder
-CVE-2013-2278
- RESERVED
+CVE-2013-2278 (Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when ...)
+ TODO: check
CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
- ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
- libav 6:0.8.6-1 (bug #703200)
@@ -20542,8 +20607,7 @@
NOT-FOR-US: Red Hat Satellite
CVE-2013-1870
REJECTED
-CVE-2013-1869
- RESERVED
+CVE-2013-1869 (CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and ...)
NOT-FOR-US: Red Hat Satellite
CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and ...)
- vlc 2.0.5-1
@@ -20877,8 +20941,7 @@
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
-CVE-2013-1770 [XSS issues in views_view.php]
- RESERVED
+CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia ...)
- ganglia 3.6.0-1 (low; bug #700158)
[squeeze] - ganglia <no-dsa> (Minor issue)
[wheezy] - ganglia <no-dsa> (Minor issue)
@@ -24047,8 +24110,8 @@
RESERVED
CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: mingle forum plugin for wp
-CVE-2013-0735
- RESERVED
+CVE-2013-0735 (Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle ...)
+ TODO: check
CVE-2013-0734 (Multiple cross-site scripting (XSS) vulnerabilities in the Mingle ...)
NOT-FOR-US: Mingle Forum Wordpress plugin
CVE-2013-0733
@@ -24059,8 +24122,8 @@
NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x ...)
NOT-FOR-US: Newscoop
-CVE-2013-0729
- RESERVED
+CVE-2013-0729 (Heap-based buffer overflow in Tracker Software PDF-XChange before ...)
+ TODO: check
CVE-2013-0728 (Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS ...)
NOT-FOR-US: ERDAS ECWP Browser Plugin
CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 ...)
@@ -43710,8 +43773,7 @@
- znc 0.202-2
[squeeze] - znc <not-affected> (Only affects 0.200 and 0.202)
[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
-CVE-2012-0032
- RESERVED
+CVE-2012-0032 (Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 ...)
NOT-FOR-US: JBoss Operations Network
CVE-2012-0031 (scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...)
{DSA-2405-1}
@@ -44097,8 +44159,7 @@
NOT-FOR-US: JMX Console
CVE-2011-4574
RESERVED
-CVE-2011-4573
- RESERVED
+CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...)
NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
NOT-FOR-US: CF Image Hosting Script
@@ -47908,8 +47969,7 @@
CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel ...)
- linux-2.6 3.2-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-3346
- RESERVED
+CVE-2011-3346 (Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before ...)
- qemu-kvm 0.15.1+dfsg-1 (bug #646118)
[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
More information about the Secure-testing-commits
mailing list