[Secure-testing-commits] r26567 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Apr 15 21:14:09 UTC 2014
Author: joeyh
Date: 2014-04-15 21:14:09 +0000 (Tue, 15 Apr 2014)
New Revision: 26567
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-15 20:59:22 UTC (rev 26566)
+++ data/CVE/list 2014-04-15 21:14:09 UTC (rev 26567)
@@ -1,3 +1,270 @@
+CVE-2014-2854
+ RESERVED
+CVE-2014-2853
+ RESERVED
+CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an ...)
+ TODO: check
+CVE-2014-2850 (The network interface configuration page (netinterface) in Sophos Web ...)
+ TODO: check
+CVE-2014-2849 (The Change Password dialog box (change_password) in Sophos Web ...)
+ TODO: check
+CVE-2014-2848 (A race condition in the wmi_malware_scan.nbin plugin before ...)
+ TODO: check
+CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows ...)
+ TODO: check
+CVE-2014-2846
+ RESERVED
+CVE-2014-2845
+ RESERVED
+CVE-2014-2844
+ RESERVED
+CVE-2014-2843
+ RESERVED
+CVE-2014-2842
+ RESERVED
+CVE-2014-2841
+ RESERVED
+CVE-2014-2840
+ RESERVED
+CVE-2014-2839
+ RESERVED
+CVE-2014-2838
+ RESERVED
+CVE-2014-2837
+ RESERVED
+CVE-2014-2836
+ RESERVED
+CVE-2014-2835
+ RESERVED
+CVE-2014-2834
+ RESERVED
+CVE-2014-2833
+ RESERVED
+CVE-2014-2832
+ RESERVED
+CVE-2014-2831
+ RESERVED
+CVE-2014-2829 (Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly ...)
+ TODO: check
+CVE-2014-2827
+ RESERVED
+CVE-2014-2826
+ RESERVED
+CVE-2014-2825
+ RESERVED
+CVE-2014-2824
+ RESERVED
+CVE-2014-2823
+ RESERVED
+CVE-2014-2822
+ RESERVED
+CVE-2014-2821
+ RESERVED
+CVE-2014-2820
+ RESERVED
+CVE-2014-2819
+ RESERVED
+CVE-2014-2818
+ RESERVED
+CVE-2014-2817
+ RESERVED
+CVE-2014-2816
+ RESERVED
+CVE-2014-2815
+ RESERVED
+CVE-2014-2814
+ RESERVED
+CVE-2014-2813
+ RESERVED
+CVE-2014-2812
+ RESERVED
+CVE-2014-2811
+ RESERVED
+CVE-2014-2810
+ RESERVED
+CVE-2014-2809
+ RESERVED
+CVE-2014-2808
+ RESERVED
+CVE-2014-2807
+ RESERVED
+CVE-2014-2806
+ RESERVED
+CVE-2014-2805
+ RESERVED
+CVE-2014-2804
+ RESERVED
+CVE-2014-2803
+ RESERVED
+CVE-2014-2802
+ RESERVED
+CVE-2014-2801
+ RESERVED
+CVE-2014-2800
+ RESERVED
+CVE-2014-2799
+ RESERVED
+CVE-2014-2798
+ RESERVED
+CVE-2014-2797
+ RESERVED
+CVE-2014-2796
+ RESERVED
+CVE-2014-2795
+ RESERVED
+CVE-2014-2794
+ RESERVED
+CVE-2014-2793
+ RESERVED
+CVE-2014-2792
+ RESERVED
+CVE-2014-2791
+ RESERVED
+CVE-2014-2790
+ RESERVED
+CVE-2014-2789
+ RESERVED
+CVE-2014-2788
+ RESERVED
+CVE-2014-2787
+ RESERVED
+CVE-2014-2786
+ RESERVED
+CVE-2014-2785
+ RESERVED
+CVE-2014-2784
+ RESERVED
+CVE-2014-2783
+ RESERVED
+CVE-2014-2782
+ RESERVED
+CVE-2014-2781
+ RESERVED
+CVE-2014-2780
+ RESERVED
+CVE-2014-2779
+ RESERVED
+CVE-2014-2778
+ RESERVED
+CVE-2014-2777
+ RESERVED
+CVE-2014-2776
+ RESERVED
+CVE-2014-2775
+ RESERVED
+CVE-2014-2774
+ RESERVED
+CVE-2014-2773
+ RESERVED
+CVE-2014-2772
+ RESERVED
+CVE-2014-2771
+ RESERVED
+CVE-2014-2770
+ RESERVED
+CVE-2014-2769
+ RESERVED
+CVE-2014-2768
+ RESERVED
+CVE-2014-2767
+ RESERVED
+CVE-2014-2766
+ RESERVED
+CVE-2014-2765
+ RESERVED
+CVE-2014-2764
+ RESERVED
+CVE-2014-2763
+ RESERVED
+CVE-2014-2762
+ RESERVED
+CVE-2014-2761
+ RESERVED
+CVE-2014-2760
+ RESERVED
+CVE-2014-2759
+ RESERVED
+CVE-2014-2758
+ RESERVED
+CVE-2014-2757
+ RESERVED
+CVE-2014-2756
+ RESERVED
+CVE-2014-2755
+ RESERVED
+CVE-2014-2754
+ RESERVED
+CVE-2014-2753
+ RESERVED
+CVE-2014-2752 (SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded ...)
+ TODO: check
+CVE-2014-2751 (SAP Print and Output Management has hardcoded credentials, which makes ...)
+ TODO: check
+CVE-2014-2750
+ REJECTED
+ TODO: check
+CVE-2014-2749 (The HANA ICM process in SAP HANA allows remote attackers to obtain the ...)
+ TODO: check
+CVE-2014-2748 (The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for ...)
+ TODO: check
+CVE-2014-2747
+ RESERVED
+CVE-2014-2740
+ RESERVED
+CVE-2014-2738
+ RESERVED
+CVE-2014-2737
+ RESERVED
+CVE-2014-2736
+ RESERVED
+CVE-2014-2735
+ RESERVED
+CVE-2014-2734
+ RESERVED
+CVE-2014-2733
+ RESERVED
+CVE-2014-2732
+ RESERVED
+CVE-2014-2731
+ RESERVED
+CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the ...)
+ TODO: check
+CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain unspecified ...)
+ TODO: check
+CVE-2013-7365 (Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal ...)
+ TODO: check
+CVE-2013-7364 (An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver ...)
+ TODO: check
+CVE-2013-7363 (Unspecified vulnerability in the Diagnostics (SMD) agent in SAP ...)
+ TODO: check
+CVE-2013-7362 (An unspecified RFC function in SAP CCMS Agent allows remote attackers ...)
+ TODO: check
+CVE-2013-7361 (Directory traversal vulnerability in SAP CMS and CM Services allows ...)
+ TODO: check
+CVE-2013-7360 (Unspecified vulnerability in SAP adminadapter allows remote attackers ...)
+ TODO: check
+CVE-2013-7359 (Unspecified vulnerability in SAP Mobile Infrastructure allows remote ...)
+ TODO: check
+CVE-2013-7358 (Unspecified vulnerability in SAP Guided Procedures Archive Monitor ...)
+ TODO: check
+CVE-2013-7357 (Unspecified vulnerability in the configuration service in SAP J2EE ...)
+ TODO: check
+CVE-2013-7356 (Unspecified vulnerability in the SAP CCMS / Database Monitors for ...)
+ TODO: check
+CVE-2013-7355 (SQL injection vulnerability in SAP BI Universal Data Integration ...)
+ TODO: check
+CVE-2012-6645 (Cross-site scripting (XSS) vulnerability in the autocomplete ...)
+ TODO: check
+CVE-2012-6644 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 ...)
+ TODO: check
+CVE-2012-6643 (Multiple SQL injection vulnerabilities in the update_counter function ...)
+ TODO: check
+CVE-2012-6642 (Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows ...)
+ TODO: check
+CVE-2011-5278 (SQL injection vulnerability in signature.php in Advanced Forum ...)
+ TODO: check
+CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the ...)
+ TODO: check
CVE-2014-XXXX [arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target]
- linux 3.2.20-1
- linux-2.6 3.2.1-1
@@ -20,41 +287,43 @@
CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities]
- node-marked 0.3.1+dfsg-1
NOTE: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
-CVE-2014-2851 [net: ping: refcount issue in ping_init_sock() function]
+CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://lkml.org/lkml/2014/4/10/736
NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
CVE-2014-2830 [cifs-utils: pam module pam_cifscreds stack overflow]
+ RESERVED
- cifs-utils <unfixed> (unimportant)
[squeeze] - cifs-utils <not-affected> (Vulnerable code not present)
[wheezy] - cifs-utils <not-affected> (pam_cifscreds introduced in 6.3)
NOTE: cifscreds PAM not built in unstable
CVE-2014-2828 [Keystone DoS through V3 API authentication chaining]
+ RESERVED
- keystone <unfixed>
NOTE: https://launchpad.net/bugs/1300274
-CVE-2014-2746
+CVE-2014-2746 (net/IOService.java in Tigase before 5.2.1 does not properly restrict ...)
NOT-FOR-US: Tigase XMPP Server
-CVE-2014-2745
+CVE-2014-2745 (Prosody before 0.9.4 does not properly restrict the processing of ...)
{DSA-2895-1}
- prosody 0.9.4-1
NOTE: http://hg.prosody.im/0.9/rev/a97591d2e1ad
NOTE: http://hg.prosody.im/0.9/rev/1107d66d2ab2
-CVE-2014-2744
+CVE-2014-2744 (plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) ...)
{DSA-2895-1}
- prosody 0.9.4-1
- lua-expat 1.3.0-1
[wheezy] - lua-expat 1.2.0-5+deb7u1
NOTE: http://hg.prosody.im/0.9/rev/b3b1c9da38fb
-CVE-2014-2743
+CVE-2014-2743 (plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does ...)
NOT-FOR-US: Openfire
-CVE-2014-2742
+CVE-2014-2742 (Isode M-Link before 16.0v7 does not properly restrict the processing ...)
NOT-FOR-US: Openfire
-CVE-2014-2741
+CVE-2014-2741 (Ignite Realtime Openfire before 3.9.2 does not properly restrict the ...)
NOT-FOR-US: Openfire
CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
NOT-FOR-US: Microsoft Office
-CVE-2014-2739 [IB/core: crash while resolving passive side RoCE L2 address in cma req handler]
+CVE-2014-2739 (The cma_req_handler function in drivers/infiniband/core/cma.c in the ...)
- linux <not-affected> (Introduced and fixed in 3.14)
- linux-2.6 <not-affected> ((Introduced and fixed in 3.14)
CVE-2014-2729
@@ -68,8 +337,7 @@
CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail ...)
- php-horde-imp 5.0.22
- horde3 <removed>
-CVE-2014-1985 [Open redirector]
- RESERVED
+CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function ...)
- redmine <unfixed> (bug #743828)
NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
CVE-2014-2726
@@ -96,14 +364,14 @@
RESERVED
CVE-2014-2715
RESERVED
-CVE-2014-2714
- RESERVED
-CVE-2014-2713
- RESERVED
-CVE-2014-2712
- RESERVED
-CVE-2014-2711
- RESERVED
+CVE-2014-2714 (The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...)
+ TODO: check
+CVE-2014-2713 (Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, ...)
+ TODO: check
+CVE-2014-2712 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...)
+ TODO: check
+CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...)
+ TODO: check
CVE-2014-2710
RESERVED
CVE-2014-2705
@@ -148,10 +416,12 @@
- node-connect <unfixed> (bug #744374)
NOTE: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
CVE-2013-7354
+ RESERVED
- libpng <undetermined>
NOTE: http://sourceforge.net/p/libpng/bugs/199/
TODO: check
CVE-2013-7353
+ RESERVED
- libpng <undetermined>
NOTE: http://sourceforge.net/p/libpng/bugs/199/
TODO: check
@@ -171,8 +441,7 @@
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
-CVE-2014-2708 [SQL injection]
- RESERVED
+CVE-2014-2708 (SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows ...)
- cacti 0.8.8b+dfsg-4 (bug #743565)
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
@@ -183,8 +452,7 @@
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: Introduced in at least 1.0.41
NOTE: fixed in 1.0.51, pending in git http://anonscm.debian.org/gitweb/?p=printing/cups-filters.git;a=commitdiff;h=e7293d18836d90815277a7efb410275b9baa27c7
-CVE-2014-2706
- RESERVED
+CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before ...)
- linux 3.13.7-1 (low)
- linux-2.6 <removed> (low)
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
@@ -439,8 +707,7 @@
NOT-FOR-US: McAfee
CVE-2014-2584
RESERVED
-CVE-2014-2583 [path traversal issue]
- RESERVED
+CVE-2014-2583 (Multiple directory traversal vulnerabilities in pam_timestamp.c in the ...)
- pam <unfixed> (low)
[wheezy] - pam <no-dsa> (Minor issue)
[squeeze] - pam <no-dsa> (Minor issue)
@@ -512,16 +779,16 @@
RESERVED
CVE-2014-2545
RESERVED
-CVE-2014-2544
- RESERVED
-CVE-2014-2543
- RESERVED
-CVE-2014-2542
- RESERVED
-CVE-2014-2541
- RESERVED
-CVE-2014-2540
- RESERVED
+CVE-2014-2544 (Unspecified vulnerability in Spotfire Web Player Engine, Spotfire ...)
+ TODO: check
+CVE-2014-2543 (Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing ...)
+ TODO: check
+CVE-2014-2542 (Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon ...)
+ TODO: check
+CVE-2014-2541 (The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), ...)
+ TODO: check
+CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server ...)
+ TODO: check
CVE-2014-2539
RESERVED
CVE-2014-2537 (Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 ...)
@@ -927,8 +1194,7 @@
RESERVED
CVE-2014-2390
RESERVED
-CVE-2014-2389
- RESERVED
+CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in ...)
NOT-FOR-US: BlackBerry Z 10
CVE-2014-2388
RESERVED
@@ -1038,8 +1304,8 @@
RESERVED
CVE-2014-2334
RESERVED
-CVE-2014-2333
- RESERVED
+CVE-2014-2333 (Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...)
+ TODO: check
CVE-2014-2332
RESERVED
- check-mk <unfixed> (bug #742689)
@@ -1471,14 +1737,14 @@
NOT-FOR-US: Cisco
CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE ...)
NOT-FOR-US: Cisco
-CVE-2014-2142
- RESERVED
-CVE-2014-2141
- RESERVED
-CVE-2014-2140
- RESERVED
-CVE-2014-2139
- RESERVED
+CVE-2014-2142 (Cisco ONS 15454 controller cards with software 10.0 and earlier allow ...)
+ TODO: check
+CVE-2014-2141 (The session-termination functionality on Cisco ONS 15454 controller ...)
+ TODO: check
+CVE-2014-2140 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow ...)
+ TODO: check
+CVE-2014-2139 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow ...)
+ TODO: check
CVE-2014-2138 (CRLF injection vulnerability in the web framework in Cisco Security ...)
NOT-FOR-US: Cisco Security Manager
CVE-2014-2137 (CRLF injection vulnerability in the web framework in Cisco Web ...)
@@ -1497,14 +1763,14 @@
NOT-FOR-US: Cisco IOS
CVE-2014-2130
RESERVED
-CVE-2014-2129
- RESERVED
-CVE-2014-2128
- RESERVED
-CVE-2014-2127
- RESERVED
-CVE-2014-2126
- RESERVED
+CVE-2014-2129 (The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2014-2128 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2014-2127 (Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), ...)
+ TODO: check
+CVE-2014-2126 (Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), ...)
+ TODO: check
CVE-2014-2125 (Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco ...)
NOT-FOR-US: Cisco Unity Connection Server
CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T ...)
@@ -1943,8 +2209,8 @@
NOT-FOR-US: Silex
CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...)
NOT-FOR-US: ES File Explorer File Manager for Android
-CVE-2014-1969
- RESERVED
+CVE-2014-1969 (Directory traversal vulnerability in the apps4u at android SD Card ...)
+ TODO: check
CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 ...)
NOT-FOR-US: XooNIps module for XOOPS
CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...)
@@ -2611,26 +2877,26 @@
RESERVED
CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
NOT-FOR-US: Microsoft Word
-CVE-2014-1760
- RESERVED
-CVE-2014-1759
- RESERVED
-CVE-2014-1758
- RESERVED
-CVE-2014-1757
- RESERVED
+CVE-2014-1760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1759 (pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote ...)
+ TODO: check
+CVE-2014-1758 (Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote ...)
+ TODO: check
+CVE-2014-1757 (Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility ...)
+ TODO: check
CVE-2014-1756
RESERVED
-CVE-2014-1755
- RESERVED
+CVE-2014-1755 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-1754
RESERVED
-CVE-2014-1753
- RESERVED
-CVE-2014-1752
- RESERVED
-CVE-2014-1751
- RESERVED
+CVE-2014-1753 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1752 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1751 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-1749
RESERVED
CVE-2014-1748
@@ -2671,64 +2937,50 @@
RESERVED
CVE-2014-1730
RESERVED
-CVE-2014-1729
- RESERVED
+CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1728
- RESERVED
+CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1727
- RESERVED
+CVE-2014-1727 (Use-after-free vulnerability in ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1726
- RESERVED
+CVE-2014-1726 (The drag implementation in Google Chrome before 34.0.1847.116 allows ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1725
- RESERVED
+CVE-2014-1725 (The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1724
- RESERVED
+CVE-2014-1724 (Use-after-free vulnerability in Free(b)soft Laboratory Speech ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1723
- RESERVED
+CVE-2014-1723 (The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1722
- RESERVED
+CVE-2014-1722 (Use-after-free vulnerability in the ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1721
- RESERVED
+CVE-2014-1721 (Google V8, as used in Google Chrome before 34.0.1847.116, does not ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1720
- RESERVED
+CVE-2014-1720 (Use-after-free vulnerability in the HTMLBodyElement::insertedInto ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1719
- RESERVED
+CVE-2014-1719 (Use-after-free vulnerability in the ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1718
- RESERVED
+CVE-2014-1718 (Integer overflow in the SoftwareFrameManager::SwapToNewFrame function ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1717
- RESERVED
+CVE-2014-1717 (Google V8, as used in Google Chrome before 34.0.1847.116, does not ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1716
- RESERVED
+CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
- chromium-browser 34.0.1847.116-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
@@ -3405,7 +3657,7 @@
NOTE: Only exploitable at build time
CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
- wordpress 3.2.1+dfsg-1
-CVE-2010-5298 [Use-after-free race condition, in OpenSSL's read buffer]
+CVE-2010-5298 (Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...)
- openssl <unfixed>
[squeeze] - openssl <not-affected> (Introduced in 1.0.0)
TODO: double check
@@ -3489,8 +3741,8 @@
RESERVED
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
NOT-FOR-US: Open Web Analytics
-CVE-2014-1455
- RESERVED
+CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in ...)
+ TODO: check
CVE-2014-1454
RESERVED
CVE-2014-1453 [nfsserver denial of service]
@@ -4023,11 +4275,9 @@
RESERVED
CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud ...)
NOT-FOR-US: VMWare
-CVE-2014-1210
- RESERVED
+CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does ...)
NOT-FOR-US: VMware vSphere Client
-CVE-2014-1209
- RESERVED
+CVE-2014-1209 (VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before ...)
NOT-FOR-US: VMware vSphere Client
CVE-2014-1208 (VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, ...)
NOT-FOR-US: VMWare
@@ -4076,12 +4326,14 @@
CVE-2014-0984
RESERVED
CVE-2014-0983 (Multiple array index errors in programs that are automatically ...)
+ {DSA-2904-1}
- virtualbox 4.3.10-dfsg-1 (bug #741602)
- virtualbox-ose <removed> (bug #741602)
NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0982
REJECTED
CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox 4.2.x through ...)
+ {DSA-2904-1}
- virtualbox 4.3.10-dfsg-1 (bug #741602)
- virtualbox-ose <removed> (bug #741602)
NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
@@ -4296,8 +4548,8 @@
RESERVED
CVE-2014-0921
RESERVED
-CVE-2014-0920
- RESERVED
+CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...)
+ TODO: check
CVE-2014-0919
RESERVED
CVE-2014-0918
@@ -4320,8 +4572,8 @@
RESERVED
CVE-2014-0909
RESERVED
-CVE-2014-0908
- RESERVED
+CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager ...)
+ TODO: check
CVE-2014-0907
RESERVED
CVE-2014-0906
@@ -4627,8 +4879,8 @@
NOT-FOR-US: OPC Automation 2.0 Server
CVE-2014-0788
RESERVED
-CVE-2014-0787
- RESERVED
+CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...)
+ TODO: check
CVE-2014-0786
RESERVED
CVE-2014-0785
@@ -4647,36 +4899,36 @@
NOT-FOR-US: Schneider Electric
CVE-2014-0778
RESERVED
-CVE-2014-0777
- RESERVED
+CVE-2014-0777 (The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and ...)
+ TODO: check
CVE-2014-0776
RESERVED
CVE-2014-0775
RESERVED
CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider ...)
NOT-FOR-US: Schneider Electric OPC Factory Server
-CVE-2014-0773
- RESERVED
-CVE-2014-0772
- RESERVED
-CVE-2014-0771
- RESERVED
-CVE-2014-0770
- RESERVED
+CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...)
+ TODO: check
+CVE-2014-0772 (The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ...)
+ TODO: check
+CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...)
+ TODO: check
+CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
+ TODO: check
CVE-2014-0769
RESERVED
-CVE-2014-0768
- RESERVED
-CVE-2014-0767
- RESERVED
-CVE-2014-0766
- RESERVED
-CVE-2014-0765
- RESERVED
-CVE-2014-0764
- RESERVED
-CVE-2014-0763
- RESERVED
+CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
+ TODO: check
+CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
+ TODO: check
+CVE-2014-0766 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
+ TODO: check
+CVE-2014-0765 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
+ TODO: check
+CVE-2014-0764 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
+ TODO: check
+CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech ...)
+ TODO: check
CVE-2014-0762
RESERVED
CVE-2014-0761
@@ -4930,8 +5182,8 @@
NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office ...)
NOT-FOR-US: RSA Adaptive Authentication
-CVE-2014-0636
- RESERVED
+CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x ...)
+ TODO: check
CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x ...)
NOT-FOR-US: EMC VPLEX
CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the ...)
@@ -4974,12 +5226,12 @@
NOT-FOR-US: Juniper JunOS
CVE-2014-0615 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before ...)
NOT-FOR-US: JunOS CLI
-CVE-2014-0614
- RESERVED
+CVE-2014-0614 (Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is ...)
+ TODO: check
CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 ...)
NOT-FOR-US: JunOS
-CVE-2014-0612
- RESERVED
+CVE-2014-0612 (Unspecified vulnerability in Juniper Jonos before 11.4R10-S1, before ...)
+ TODO: check
CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux ...)
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
@@ -5346,16 +5598,13 @@
NOT-FOR-US: Adobe Reader
CVE-2014-0510 (Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0509 [Adobe Flash Player cross site scripting vulnerability]
- RESERVED
+CVE-2014-0509 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0508 [Adobe Flash Player information disclosure]
- RESERVED
+CVE-2014-0508 (Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0507 [Adobe Flash Player buffer overflow vulnerability that could result in arbitrary code execution]
- RESERVED
+CVE-2014-0507 (Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player 12.0.0.77 on ...)
+CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 ...)
NOT-FOR-US: Adobe Flash Player
CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ...)
NOT-FOR-US: Adobe Shockwave Player
@@ -6217,32 +6466,32 @@
RESERVED
CVE-2014-0360
RESERVED
-CVE-2014-0359
- RESERVED
-CVE-2014-0358
- RESERVED
-CVE-2014-0357
- RESERVED
-CVE-2014-0356
- RESERVED
-CVE-2014-0355
- RESERVED
-CVE-2014-0354
- RESERVED
-CVE-2014-0353
- RESERVED
+CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...)
+ TODO: check
+CVE-2014-0357 (Amtelco miSecureMessages allows remote attackers to read the messages ...)
+ TODO: check
+CVE-2014-0356 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
+ TODO: check
+CVE-2014-0355 (Multiple stack-based buffer overflows on the ZyXEL Wireless N300 ...)
+ TODO: check
+CVE-2014-0354 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
+ TODO: check
+CVE-2014-0353 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
+ TODO: check
CVE-2014-0352
RESERVED
CVE-2014-0351
RESERVED
CVE-2014-0350
RESERVED
-CVE-2014-0349
- RESERVED
-CVE-2014-0348
- RESERVED
-CVE-2014-0347
- RESERVED
+CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote ...)
+ TODO: check
+CVE-2014-0348 (The Artiva Agency Single Sign-On (SSO) implementation in Artiva ...)
+ TODO: check
+CVE-2014-0347 (The Settings module in Websense Triton Unified Security Center 7.7.3 ...)
+ TODO: check
CVE-2014-0346
REJECTED
CVE-2014-0345
@@ -6251,10 +6500,10 @@
NOT-FOR-US: ZOHO ManageEngine OpStor
CVE-2014-0343 (The web interface on Virtual Access GW6110A routers with software 9.00 ...)
NOT-FOR-US: GW6110A routers
-CVE-2014-0342
- RESERVED
-CVE-2014-0341
- RESERVED
+CVE-2014-0342 (Multiple unrestricted file upload vulnerabilities in fileupload.php in ...)
+ TODO: check
+CVE-2014-0341 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX before ...)
+ TODO: check
CVE-2014-0340
RESERVED
CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before ...)
@@ -6274,8 +6523,7 @@
NOTE: Filed #740585 for src:libpng1.6 in experimental, fixed in 1.6.10-1
CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...)
NOT-FOR-US: Dell SonicWALL GMS
-CVE-2014-0331
- RESERVED
+CVE-2014-0331 (Cross-site scripting (XSS) vulnerability in the web administration ...)
NOT-FOR-US: Fortinet NGFW
CVE-2014-0330 (Cross-site scripting (XSS) vulnerability in adminui/user_list.php on ...)
NOT-FOR-US: Dell KACE K1000 management appliance
@@ -6614,8 +6862,8 @@
NOT-FOR-US: Microsoft
CVE-2014-0316
RESERVED
-CVE-2014-0315
- RESERVED
+CVE-2014-0315 (Untrusted search path vulnerability in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
@@ -6774,8 +7022,8 @@
RESERVED
CVE-2014-0236
RESERVED
-CVE-2014-0235
- RESERVED
+CVE-2014-0235 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-0234
RESERVED
CVE-2014-0233
@@ -6901,8 +7149,7 @@
NOT-FOR-US: Cumin
CVE-2014-0173
RESERVED
-CVE-2014-0172 [integer overflow, leading to a heap-based buffer overflow in libdw]
- RESERVED
+CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf.c in ...)
- elfutils <unfixed> (low; bug #744017)
[squeeze] - elfutils <no-dsa> (Minor issue)
[wheezy] - elfutils <no-dsa> (Minor issue)
@@ -6918,12 +7165,10 @@
CVE-2014-0167 [RBAC policy not properly enforced in Nova EC2 API]
RESERVED
- nova 2013.2.3-1 (bug #744051)
-CVE-2014-0166 [Wordpress potential authentication cookie forgery]
- RESERVED
+CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in ...)
{DSA-2901-1}
- wordpress 3.8.2+dfsg-1 (bug #744018)
-CVE-2014-0165 [Wordpress privilege escalation: prevent contributors from publishing posts]
- RESERVED
+CVE-2014-0165 (WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote ...)
{DSA-2901-1}
- wordpress 3.8.2+dfsg-1 (bug #744018)
CVE-2014-0164
@@ -6943,8 +7188,7 @@
NOTE: fix: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
NOTE: http://www.openssl.org/news/secadv_20140407.txt
NOTE: system reboot is recommended after the upgrade
-CVE-2014-0159 [OPENAFS-SA-2014-001]
- RESERVED
+CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call (RPC) in ...)
{DSA-2899-1}
- openafs 1.6.7-1
CVE-2014-0158
@@ -6955,8 +7199,7 @@
[wheezy] - horizon <not-affected> (Vulnerable code not present)
CVE-2014-0156
RESERVED
-CVE-2014-0155
- RESERVED
+CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel ...)
- linux <unfixed> (low)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60
@@ -7056,8 +7299,7 @@
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
-CVE-2014-0128 [Denial of Service in SSL-Bump]
- RESERVED
+CVE-2014-0128 (Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is ...)
- squid <not-affected> (All Squid-3.0 and older versions not vulnerable)
- squid3 <unfixed> (unimportant; bug #741312)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
@@ -7223,8 +7465,7 @@
NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0078
RESERVED
-CVE-2014-0077
- RESERVED
+CVE-2014-0077 (drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...)
- linux <unfixed>
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
@@ -8643,8 +8884,7 @@
CVE-2013-6469
RESERVED
NOT-FOR-US: JBoss SOA RTgov
-CVE-2013-6468
- RESERVED
+CVE-2013-6468 (JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM ...)
NOT-FOR-US: JBoss Drolls
CVE-2013-6467 (Libreswan 3.7 and earlier allows remote attackers to cause a denial of ...)
NOT-FOR-US: Libreswan
@@ -9032,8 +9272,7 @@
RESERVED
- json-c <unfixed> (bug #744008)
NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
-CVE-2013-6369 [stack-based buffer overflow flaw]
- RESERVED
+CVE-2013-6369 (Stack-based buffer overflow in the jbg_dec_in function in ...)
{DSA-2900-1}
- jbigkit <unfixed> (bug #743960)
CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local ...)
@@ -9387,8 +9626,7 @@
RESERVED
CVE-2013-6217
RESERVED
-CVE-2013-6216
- RESERVED
+CVE-2013-6216 (Unspecified vulnerability in HP Array Configuration Utility, Array ...)
NOT-FOR-US: HP
CVE-2013-6215
RESERVED
@@ -10590,14 +10828,12 @@
NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5706 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
NOT-FOR-US: Coursemill Learning Management System
-CVE-2013-5705 [bypass of intended rules via chunked requests]
- RESERVED
+CVE-2013-5705 (apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote ...)
- modsecurity-apache 2.7.7-1
- libapache-mod-security <removed>
NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
NOTE: http://martin.swende.se/blog/HTTPChunked.html
-CVE-2013-5704 [bypass of mod_headers rules via chunked requests]
- RESERVED
+CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
- apache2 <unfixed>
TODO: check
CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
@@ -12740,8 +12976,8 @@
NOT-FOR-US: HP LoadRunner
CVE-2013-4796
RESERVED
-CVE-2013-4795
- RESERVED
+CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list in ...)
+ TODO: check
CVE-2013-4794
RESERVED
CVE-2013-4793
@@ -16914,10 +17150,10 @@
NOT-FOR-US: WordPress plugin
CVE-2013-3253 (Cross-site request forgery (CSRF) vulnerability in admin/setting.php ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-3252
- RESERVED
-CVE-2013-3251
- RESERVED
+CVE-2013-3252 (Cross-site request forgery (CSRF) vulnerability in the options admin ...)
+ TODO: check
+CVE-2013-3251 (Cross-site request forgery (CSRF) vulnerability in the qTranslate ...)
+ TODO: check
CVE-2013-3250 (Cross-site request forgery (CSRF) vulnerability in the WP Maintenance ...)
NOT-FOR-US: WP Maintenance Mode plugin for Wordpress
CVE-2013-3249 (Stack-based buffer overflow in the "Add from text file" feature in the ...)
@@ -18004,8 +18240,8 @@
RESERVED
CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote ...)
NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server
-CVE-2013-2828
- RESERVED
+CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)
+ TODO: check
CVE-2013-2827 (An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, ...)
NOT-FOR-US: WellinTech KingSCADA
CVE-2013-2826 (WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and ...)
@@ -18042,8 +18278,8 @@
NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2810
RESERVED
-CVE-2013-2809
- RESERVED
+CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)
+ TODO: check
CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information ...)
NOT-FOR-US: Xper
CVE-2013-2807
@@ -18268,12 +18504,12 @@
RESERVED
CVE-2013-2709 (Cross-site request forgery (CSRF) vulnerability in the FourSquare ...)
NOT-FOR-US: WordPress plugin FourSquare Checkins
-CVE-2013-2708
- RESERVED
+CVE-2013-2708 (Cross-site request forgery (CSRF) vulnerability in the Content Slide ...)
+ TODO: check
CVE-2013-2707 (Cross-site request forgery (CSRF) vulnerability in the Login With Ajax ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-2706
- RESERVED
+CVE-2013-2706 (Cross-site request forgery (CSRF) vulnerability in the Stream Video ...)
+ TODO: check
CVE-2013-2705
RESERVED
CVE-2013-2704 (Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu ...)
@@ -18286,8 +18522,8 @@
NOT-FOR-US: social sharing toolkit plugin for wp
CVE-2013-2700
RESERVED
-CVE-2013-2699
- RESERVED
+CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the ...)
+ TODO: check
CVE-2013-2698
RESERVED
CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the ...)
@@ -18298,8 +18534,8 @@
NOT-FOR-US: WordPress plugin wp-symposium
CVE-2013-2694 (Open redirect vulnerability in invite.php in the WP Symposium plugin ...)
NOT-FOR-US: WordPress plugin wp-symposium
-CVE-2013-2693
- RESERVED
+CVE-2013-2693 (Cross-site request forgery (CSRF) vulnerability in the Options in the ...)
+ TODO: check
CVE-2013-2692
RESERVED
CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...)
@@ -20240,8 +20476,7 @@
CVE-2013-2034 [jenkins CSRF]
RESERVED
- jenkins 1.509.2+dfsg-1 (bug #706725)
-CVE-2013-2033 [jenkins XSS]
- RESERVED
+CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...)
- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2032 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow ...)
- mediawiki 1:1.19.6-1 (low; bug #706601)
@@ -24289,8 +24524,8 @@
NOT-FOR-US: Corel PDF Fusion
CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in ...)
NOT-FOR-US: Percipient Studios ImageGen
-CVE-2013-0740
- RESERVED
+CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator ...)
+ TODO: check
CVE-2013-0739
RESERVED
CVE-2013-0738
@@ -26675,15 +26910,12 @@
RESERVED
- roundup 1.4.20-1
NOTE: http://issues.roundup-tracker.org/issue2550724
-CVE-2012-6132 [XSS flaw with the otk parameter]
- RESERVED
+CVE-2012-6132 (Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 ...)
- roundup 1.4.20-1
-CVE-2012-6131 [XSS flaw in @action parameter]
- RESERVED
+CVE-2012-6131 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...)
- roundup 1.4.20-1
NOTE: http://issues.roundup-tracker.org/issue2550711
-CVE-2012-6130 [XSS vulnerability when usernames contain HTML]
- RESERVED
+CVE-2012-6130 (Cross-site scripting (XSS) vulnerability in the history display in ...)
- roundup 1.4.20-1
NOTE: http://issues.roundup-tracker.org/issue2550684
CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in ...)
@@ -30120,8 +30352,8 @@
CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and ...)
{DSA-2548-1}
- tor 0.2.3.22-rc-1
-CVE-2012-4921
- RESERVED
+CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS ...)
+ TODO: check
CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
TODO: check
CVE-2012-4919
@@ -39108,8 +39340,7 @@
CVE-2012-1562
RESERVED
- joomla <itp> (bug #571794)
-CVE-2012-1561
- RESERVED
+CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x ...)
NOT-FOR-US: Drupal Finder
CVE-2012-1560
RESERVED
@@ -42661,8 +42892,7 @@
CVE-2011-4959 (SQL injection vulnerability in the addslashes method in SilverStripe ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2011-4958 [silverstripe:XSS]
- RESERVED
+CVE-2011-4958 (Cross-site scripting (XSS) vulnerability in the process function in ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in WordPress ...)
@@ -43952,8 +44182,7 @@
[squeeze] - emacs23 <no-dsa> (Minor issue)
CVE-2012-0034 (The NonManagedConnectionFactory in JBoss Enterprise Application ...)
NOT-FOR-US: JBoss Enterprise Application Platform
-CVE-2012-0033 [znc bouncedcc DoS]
- RESERVED
+CVE-2012-0033 (The CBounceDCCMod::OnPrivCTCP funcion in bouncedcc.cpp in the ...)
- znc 0.202-2
[squeeze] - znc <not-affected> (Only affects 0.200 and 0.202)
[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
More information about the Secure-testing-commits
mailing list