[Secure-testing-commits] r26686 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Apr 23 21:14:10 UTC 2014
Author: joeyh
Date: 2014-04-23 21:14:10 +0000 (Wed, 23 Apr 2014)
New Revision: 26686
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-04-23 20:01:27 UTC (rev 26685)
+++ data/CVE/list 2014-04-23 21:14:10 UTC (rev 26686)
@@ -1,3 +1,185 @@
+CVE-2014-2985
+ RESERVED
+CVE-2014-2984
+ RESERVED
+CVE-2014-2982
+ RESERVED
+CVE-2014-2981
+ RESERVED
+CVE-2014-2979
+ RESERVED
+CVE-2014-2978
+ RESERVED
+CVE-2014-2977
+ RESERVED
+CVE-2014-2976
+ RESERVED
+CVE-2014-2975
+ RESERVED
+CVE-2014-2974
+ RESERVED
+CVE-2014-2973
+ RESERVED
+CVE-2014-2972
+ RESERVED
+CVE-2014-2971
+ RESERVED
+CVE-2014-2970
+ RESERVED
+CVE-2014-2969
+ RESERVED
+CVE-2014-2968
+ RESERVED
+CVE-2014-2967
+ RESERVED
+CVE-2014-2966
+ RESERVED
+CVE-2014-2965
+ RESERVED
+CVE-2014-2964
+ RESERVED
+CVE-2014-2963
+ RESERVED
+CVE-2014-2962
+ RESERVED
+CVE-2014-2961
+ RESERVED
+CVE-2014-2960
+ RESERVED
+CVE-2014-2959
+ RESERVED
+CVE-2014-2958
+ RESERVED
+CVE-2014-2957
+ RESERVED
+CVE-2014-2956
+ RESERVED
+CVE-2014-2955
+ RESERVED
+CVE-2014-2954
+ RESERVED
+CVE-2014-2953
+ RESERVED
+CVE-2014-2952
+ RESERVED
+CVE-2014-2951
+ RESERVED
+CVE-2014-2950
+ RESERVED
+CVE-2014-2949
+ RESERVED
+CVE-2014-2948
+ RESERVED
+CVE-2014-2947
+ RESERVED
+CVE-2014-2946
+ RESERVED
+CVE-2014-2945
+ RESERVED
+CVE-2014-2944
+ RESERVED
+CVE-2014-2943
+ RESERVED
+CVE-2014-2942
+ RESERVED
+CVE-2014-2941
+ RESERVED
+CVE-2014-2940
+ RESERVED
+CVE-2014-2939
+ RESERVED
+CVE-2014-2938
+ RESERVED
+CVE-2014-2937
+ RESERVED
+CVE-2014-2936
+ RESERVED
+CVE-2014-2935
+ RESERVED
+CVE-2014-2934
+ RESERVED
+CVE-2014-2933
+ RESERVED
+CVE-2014-2932
+ RESERVED
+CVE-2014-2931
+ RESERVED
+CVE-2014-2930
+ RESERVED
+CVE-2014-2929
+ RESERVED
+CVE-2014-2928
+ RESERVED
+CVE-2014-2927
+ RESERVED
+CVE-2014-2926
+ RESERVED
+CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-2924
+ RESERVED
+CVE-2014-2923
+ RESERVED
+CVE-2014-2922 (The getObjectByToken function in Newsletter.php in the ...)
+ TODO: check
+CVE-2014-2921 (The getObjectByToken function in Newsletter.php in the ...)
+ TODO: check
+CVE-2014-2920
+ RESERVED
+CVE-2014-2919
+ RESERVED
+CVE-2014-2918
+ RESERVED
+CVE-2014-2917
+ RESERVED
+CVE-2014-2916
+ RESERVED
+CVE-2014-2914
+ RESERVED
+CVE-2014-2912
+ RESERVED
+CVE-2014-2911
+ RESERVED
+CVE-2014-2910
+ RESERVED
+CVE-2014-2909
+ RESERVED
+CVE-2014-2908
+ RESERVED
+CVE-2014-2906
+ RESERVED
+CVE-2014-2905
+ RESERVED
+CVE-2014-2895
+ RESERVED
+CVE-2014-2891
+ RESERVED
+CVE-2014-2887
+ RESERVED
+CVE-2014-2886
+ RESERVED
+CVE-2014-2883
+ RESERVED
+CVE-2014-2882
+ RESERVED
+CVE-2014-2881
+ RESERVED
+CVE-2014-2880 (Open redirect vulnerability in Oracle Identity Manager 11g R2 SP1 ...)
+ TODO: check
+CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...)
+ TODO: check
+CVE-2014-2878
+ RESERVED
+CVE-2014-2877
+ RESERVED
+CVE-2014-2876
+ RESERVED
+CVE-2014-2875
+ RESERVED
+CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
+ TODO: check
+CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security ...)
+ TODO: check
CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
- virtualenvwrapper <unfixed> (bug #745580)
TODO: verify
@@ -2,2 +184,3 @@
CVE-2014-2907
+ RESERVED
- wireshark <unfixed> (bug #745595)
@@ -10,46 +193,60 @@
CVE-2014-2986 [XSA-94 ARM hypervisor crash on guest interrupt controller access]
- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2980 [DoS]
+ RESERVED
- gnustep-base <unfixed> (bug #745470)
[wheezy] - gnustep-base <no-dsa> (Minor issue)
[squeeze] - gnustep-base <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?41751
CVE-2014-2915 [XSA-93]
+ RESERVED
- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2913 [Remote command execution]
+ RESERVED
- nagios-nrpe <unfixed> (low; bug #745272)
[wheezy] - nagios-nrpe <no-dsa> (Minor issue)
[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
NOTE: http://seclists.org/fulldisclosure/2014/Apr/240
CVE-2014-2983 [information disclosure]
+ RESERVED
- drupal7 7.27-1
- drupal6 <removed>
NOTE: https://drupal.org/SA-CORE-2014-002
CVE-2014-2904
+ RESERVED
- cyassl <itp> (bug #598391)
CVE-2014-2903
+ RESERVED
- cyassl <itp> (bug #598391)
CVE-2014-2902
+ RESERVED
- cyassl <itp> (bug #598391)
CVE-2014-2901
+ RESERVED
- cyassl <itp> (bug #598391)
-CVE-2014-2900
+CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 ...)
- cyassl <itp> (bug #598391)
-CVE-2014-2899
+CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial ...)
- cyassl <itp> (bug #598391)
CVE-2014-2898
+ RESERVED
- cyassl <itp> (bug #598391)
CVE-2014-2897
+ RESERVED
- cyassl <itp> (bug #598391)
CVE-2014-2896
+ RESERVED
- cyassl <itp> (bug #598391)
-CVE-2014-2890
+CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in ...)
- phpmyid <itp> (bug #492325)
CVE-2014-2888
+ RESERVED
NOT-FOR-US: Ruby Gem sfpagent
CVE-2014-2885
+ RESERVED
- truecrypt <itp> (bug #364034)
CVE-2014-2884
+ RESERVED
- truecrypt <itp> (bug #364034)
CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
NOT-FOR-US: PaperThin CommonSpot
@@ -88,16 +285,19 @@
CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
- grails <itp> (bug #473213)
CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
+ RESERVED
- node-connect <not-affected> (Only applies when incomplete fix applied)
NOTE: CVE for incomplete fix for CVE-2013-7370, fixed in 2.8.2
CVE-2013-7370 [XSS in the Sencha Labs Connect middleware]
+ RESERVED
- node-connect <unfixed> (bug #744374)
CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 ...)
NOT-FOR-US: Gnew
-CVE-2014-2892 [heap-based buffer overflow]
+CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c in ...)
- libmms <unfixed> (bug #745301)
NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
CVE-2014-2893 [scan-build: insecure use of /tmp]
+ RESERVED
- llvm-toolchain-snapshot <unfixed> (bug #744817)
- llvm-toolchain-3.3 <unfixed>
- llvm-toolchain-3.4 <unfixed>
@@ -121,8 +321,8 @@
NOT-FOR-US: Arkeia Server Backup
CVE-2014-2845
RESERVED
-CVE-2014-2844
- RESERVED
+CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...)
+ TODO: check
CVE-2014-2843
RESERVED
CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a ...)
@@ -317,14 +517,13 @@
RESERVED
CVE-2014-2738
RESERVED
-CVE-2014-2737
- RESERVED
+CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the ...)
NOT-FOR-US: KnowledgeTree
CVE-2014-2736
RESERVED
NOT-FOR-US: MODX Revolution
-CVE-2014-2735
- RESERVED
+CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
+ TODO: check
CVE-2014-2734 [Ruby OpenSSL private key spoofing]
RESERVED
- ruby1.8 <unfixed>
@@ -333,12 +532,12 @@
- ruby2.1 <unfixed>
TODO: check
NOTE: https://gist.github.com/gdisneyleugers/10446549
-CVE-2014-2733
- RESERVED
-CVE-2014-2732
- RESERVED
-CVE-2014-2731
- RESERVED
+CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated web ...)
+ TODO: check
+CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web server in ...)
+ TODO: check
CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the ...)
NOT-FOR-US: SAP
CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain unspecified ...)
@@ -378,12 +577,14 @@
CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the ...)
NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2014-2889 [arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target]
+ RESERVED
- linux 3.2.1-1
- linux-2.6 3.2.1-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
NOTE: introduced by https://git.kernel.org/linus/0a14842f5a3c0e88a1e59fac5c3025db39721f74
NOTE: Upstrem fix in https://git.kernel.org/linus/a03ffcf873fe0f2565386ca8ef832144c42e67fa
CVE-2014-2894 [qemu: out of bounds buffer access, guest triggerable via IDE SMART]
+ RESERVED
- qemu 2.0.0+dfsg-1 (bug #745157)
[squeeze] - qemu <not-affected> (Vulnerable code not present)
- qemu-kvm <removed>
@@ -396,8 +597,7 @@
[squeeze] - rsync <not-affected> (Introduced in 3.1.0)
NOTE: Introduced with https://git.samba.org/?p=rsync.git;a=commitdiff;h=5ebe9a46d7f3c846a6d665cb8c6ab8b79508a6df
NOTE: Fix: https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a
-CVE-2014-2856 [cups: XSS in in web interface]
- RESERVED
+CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c in ...)
- cups 1.7.2-1
NOTE: http://www.cups.org/str.php?L4356
CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities]
@@ -471,8 +671,8 @@
RESERVED
CVE-2014-2720
RESERVED
-CVE-2014-2719
- RESERVED
+CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with ...)
+ TODO: check
CVE-2014-2718
RESERVED
CVE-2014-2717
@@ -562,8 +762,7 @@
NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
NOTE: CVE for all changes to graph_xport.php to ensure that data is numeric
-CVE-2014-2707 [cups-browsed remote exploit]
- RESERVED
+CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP ...)
- cups-filters 1.0.51-1 (bug #743470)
[wheezy] - cups-filters <not-affected> (vulnerable code not present)
NOTE: Introduced in at least 1.0.41
@@ -602,14 +801,14 @@
RESERVED
CVE-2014-2660
RESERVED
-CVE-2014-2659
- RESERVED
+CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in ...)
+ TODO: check
CVE-2014-2658
RESERVED
CVE-2014-2657
RESERVED
-CVE-2014-2654
- RESERVED
+CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and ...)
+ TODO: check
CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
NOT-FOR-US: Symphony CMS
CVE-2013-7351 [several XSS]
@@ -672,8 +871,7 @@
- python2.5 <not-affected> (Only affects Python 3.x)
- python2.6 <not-affected> (Only affects Python 3.x)
- python2.7 <not-affected> (Only affects Python 3.x)
-CVE-2014-2665 [Login csrf in Special:ChangePassword]
- RESERVED
+CVE-2014-2665 (includes/specials/SpecialChangePassword.php in MediaWiki before ...)
{DSA-2891-1}
- mediawiki 1:1.19.14+dfsg-1 (bug #742857)
[squeeze] - mediawiki <end-of-life>
@@ -797,8 +995,8 @@
NOT-FOR-US: HP
CVE-2014-2598
RESERVED
-CVE-2014-2597
- RESERVED
+CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a ...)
+ TODO: check
CVE-2014-2596
RESERVED
CVE-2014-2595
@@ -1086,8 +1284,7 @@
- linux 3.13.10-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
-CVE-2014-2522 [flaw in Windows SSL backend]
- RESERVED
+CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when runnning on Windows and ...)
- curl <not-affected> (Only present in code only running on Windows)
CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...)
- php5 <unfixed>
@@ -1151,8 +1348,8 @@
NOT-FOR-US: Oracle iLearning
CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2014-2469
- RESERVED
+CVE-2014-2469 (Unspecified vulnerability in Lighthttpd in Oracle Solaris 11.1 allows ...)
+ TODO: check
CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle Siebel CRM
CVE-2014-2467 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
@@ -1343,14 +1540,11 @@
RESERVED
CVE-2014-2394
RESERVED
-CVE-2014-2393
- RESERVED
+CVE-2014-2393 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite ...)
- open-xchange <itp> (bug #269329)
-CVE-2014-2392
- RESERVED
+CVE-2014-2392 (The E-Mail autoconfiguration feature in Open-Xchange AppSuite before ...)
- open-xchange <itp> (bug #269329)
-CVE-2014-2391
- RESERVED
+CVE-2014-2391 (The password recovery service in Open-Xchange AppSuite before ...)
- open-xchange <itp> (bug #269329)
CVE-2014-2390
RESERVED
@@ -1448,14 +1642,13 @@
RESERVED
CVE-2014-2342
RESERVED
-CVE-2014-2341
- RESERVED
+CVE-2014-2341 (Session fixation vulnerability in CubeCart before 5.2.9 allows remote ...)
+ TODO: check
CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin ...)
NOT-FOR-US: WordPress plugin xcloner-backup-and-restore
CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in ...)
NOT-FOR-US: GnuBoard
-CVE-2014-2338
- RESERVED
+CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to ...)
{DSA-2903-1}
- strongswan 5.1.2-4
CVE-2014-2337
@@ -1593,17 +1786,13 @@
NOT-FOR-US: Junos
CVE-2014-2290
RESERVED
-CVE-2014-2289
- RESERVED
+CVE-2014-2289 (res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk ...)
- asterisk <not-affected> (Only affects Asterisk 12.x)
-CVE-2014-2288
- RESERVED
+CVE-2014-2288 (The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, ...)
- asterisk <not-affected> (Only affects Asterisk 12.x)
-CVE-2014-2287
- RESERVED
+CVE-2014-2287 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, ...)
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
-CVE-2014-2286
- RESERVED
+CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x ...)
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...)
{DSA-2871-1}
@@ -1630,8 +1819,7 @@
- linux-2.6 <not-affected> (Introduced in v3.0)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0
NOTE: Fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
-CVE-2014-2310 [agentx: Oversized Object ID]
- RESERVED
+CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers ...)
- net-snmp 5.7.2~dfsg-3 (bug #684388)
[wheezy] - net-snmp <no-dsa> (Minor issue)
[squeeze] - net-snmp <no-dsa> (Minor issue)
@@ -1663,8 +1851,8 @@
RESERVED
CVE-2014-2271
RESERVED
-CVE-2014-2269
- RESERVED
+CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 ...)
+ TODO: check
CVE-2014-2268
RESERVED
CVE-2014-2267
@@ -1874,10 +2062,10 @@
RESERVED
CVE-2014-2156
RESERVED
-CVE-2014-2155
- RESERVED
-CVE-2014-2154
- RESERVED
+CVE-2014-2155 (The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows ...)
+ TODO: check
+CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security ...)
+ TODO: check
CVE-2014-2153
RESERVED
CVE-2014-2152
@@ -2333,8 +2521,8 @@
RESERVED
CVE-2014-1991
RESERVED
-CVE-2014-1990
- RESERVED
+CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
+ TODO: check
CVE-2014-1989
RESERVED
CVE-2014-1988
@@ -2343,10 +2531,10 @@
RESERVED
CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
NOT-FOR-US: KOKUYO CamiApp application
-CVE-2014-1984
- RESERVED
-CVE-2014-1983
- RESERVED
+CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu ...)
+ TODO: check
+CVE-2014-1983 (Unspecified vulnerability in Cybozu Remote Service Manager through ...)
+ TODO: check
CVE-2014-1982 (The administrative interface in Allied Telesis AT-RG634A ADSL ...)
NOT-FOR-US: Allied Telesis AT-RG634A ADSL Broadband router
CVE-2014-1981
@@ -2363,8 +2551,8 @@
NOT-FOR-US: Demaecan Android app
CVE-2014-1975 (Directory traversal vulnerability in the R-Company Unzipper ...)
NOT-FOR-US: Unzipper Android app
-CVE-2014-1974
- RESERVED
+CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer ...)
+ TODO: check
CVE-2014-1973
RESERVED
CVE-2014-1972
@@ -2480,8 +2668,7 @@
[squeeze] - freeradius <no-dsa> (Minor issue)
NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch
-CVE-2014-2014
- RESERVED
+CVE-2014-2014 (imapsync before 1.584, when running with the --tls option, attempts a ...)
- imapsync <removed>
CVE-2014-1959 (lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 ...)
{DSA-2866-1}
@@ -2652,11 +2839,9 @@
- eyed3 <unfixed> (low; bug #737062)
[squeeze] - eyed3 <no-dsa> (Minor issue)
[wheezy] - eyed3 <no-dsa> (Minor issue)
-CVE-2014-1933 [sensitive filename information on commandline visible]
- RESERVED
+CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...)
- pillow <unfixed> (bug #737059)
-CVE-2014-1932 [insecure use of /tmp]
- RESERVED
+CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript ...)
- pillow <unfixed> (bug #737059)
CVE-2014-1928 [Erroneous insertion of a \ character]
RESERVED
@@ -2868,8 +3053,7 @@
- devscripts <unfixed> (low; bug #737160)
[squeeze] - devscripts <no-dsa> (Minor issue)
[wheezy] - devscripts <no-dsa> (Minor issue)
-CVE-2013-7338 [python's zipfile infinite loop on malformed files]
- RESERVED
+CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial of ...)
- python2.5 <not-affected> (Only affects 3.x)
- python2.6 <not-affected> (Only affects 3.x)
- python2.7 <not-affected> (Only affects 3.x)
@@ -3350,8 +3534,8 @@
RESERVED
CVE-2014-1649
RESERVED
-CVE-2014-1648
- RESERVED
+CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2014-1647
RESERVED
CVE-2014-1646
@@ -3437,8 +3621,8 @@
RESERVED
CVE-2014-1616
RESERVED
-CVE-2014-1615
- RESERVED
+CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon ...)
+ TODO: check
CVE-2014-1614
RESERVED
CVE-2014-1613
@@ -3633,8 +3817,7 @@
RESERVED
CVE-2014-1518
RESERVED
-CVE-2014-1517 [Login form lacks CSRF protection]
- RESERVED
+CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
@@ -3931,8 +4114,7 @@
NOT-FOR-US: Pearson eSIS Enterprise Student Information System
CVE-2014-1454
RESERVED
-CVE-2014-1453 [nfsserver denial of service]
- RESERVED
+CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not ...)
- kfreebsd-8 <removed>
- kfreebsd-9 <unfixed> (bug #743984)
- kfreebsd-10 10.0-4
@@ -4239,24 +4421,24 @@
RESERVED
CVE-2014-1323
RESERVED
-CVE-2014-1322
- RESERVED
-CVE-2014-1321
- RESERVED
-CVE-2014-1320
- RESERVED
-CVE-2014-1319
- RESERVED
-CVE-2014-1318
- RESERVED
+CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into ...)
+ TODO: check
+CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically ...)
+ TODO: check
+CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple ...)
+ TODO: check
+CVE-2014-1319 (Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows ...)
+ TODO: check
+CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not ...)
+ TODO: check
CVE-2014-1317
RESERVED
-CVE-2014-1316
- RESERVED
-CVE-2014-1315
- RESERVED
-CVE-2014-1314
- RESERVED
+CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers ...)
+ TODO: check
+CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X ...)
+ TODO: check
+CVE-2014-1314 (WindowServer in Apple OS X through 10.9.2 does not prevent session ...)
+ TODO: check
CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
@@ -4291,10 +4473,10 @@
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1297 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1296
- RESERVED
-CVE-2014-1295
- RESERVED
+CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and ...)
+ TODO: check
+CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and ...)
+ TODO: check
CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
@@ -4450,8 +4632,7 @@
CVE-2014-1217
RESERVED
NOT-FOR-US: Livetecs Timelive
-CVE-2014-1216
- RESERVED
+CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...)
NOT-FOR-US: Fitnesse Wiki
CVE-2014-1215
RESERVED
@@ -4513,8 +4694,8 @@
RESERVED
CVE-2014-0985
RESERVED
-CVE-2014-0984
- RESERVED
+CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, ...)
+ TODO: check
CVE-2014-0983 (Multiple array index errors in programs that are automatically ...)
{DSA-2904-1}
- virtualbox 4.3.10-dfsg-1 (bug #741602)
@@ -4714,8 +4895,8 @@
RESERVED
CVE-2014-0933
RESERVED
-CVE-2014-0932
- RESERVED
+CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...)
+ TODO: check
CVE-2014-0931
RESERVED
CVE-2014-0930
@@ -5088,8 +5269,8 @@
RESERVED
CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 ...)
NOT-FOR-US: Schneider Electric
-CVE-2014-0778
- RESERVED
+CVE-2014-0778 (The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows ...)
+ TODO: check
CVE-2014-0777 (The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and ...)
NOT-FOR-US: IOServer OPC Server
CVE-2014-0776
@@ -5355,11 +5536,9 @@
NOT-FOR-US: Starbucks iOS application
CVE-2014-0646
RESERVED
-CVE-2014-0645
- RESERVED
+CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File ...)
NOT-FOR-US: EMC
-CVE-2014-0644
- RESERVED
+CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote ...)
NOT-FOR-US: EMC
CVE-2014-0643
RESERVED
@@ -5890,10 +6069,10 @@
CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when ...)
{DSA-2892-1}
- a2ps 1:4.14-1.3 (bug #742902)
-CVE-2013-7196
- RESERVED
-CVE-2013-7195
- RESERVED
+CVE-2013-7196 (static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote ...)
+ TODO: check
+CVE-2013-7195 (PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass ...)
+ TODO: check
CVE-2013-7194 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: eFront
CVE-2013-7193 (Multiple SQL injection vulnerabilities in C2C Forward Auction Creator ...)
@@ -6686,8 +6865,8 @@
RESERVED
CVE-2014-0362
RESERVED
-CVE-2014-0361
- RESERVED
+CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global ...)
+ TODO: check
CVE-2014-0360
RESERVED
CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to ...)
@@ -7377,8 +7556,8 @@
CVE-2014-0174
RESERVED
NOT-FOR-US: Cumin
-CVE-2014-0173
- RESERVED
+CVE-2014-0173 (The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x ...)
+ TODO: check
CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf.c in ...)
- elfutils 0.158-1 (low; bug #744017)
[squeeze] - elfutils <no-dsa> (Minor issue)
@@ -7443,8 +7622,7 @@
CVE-2014-0151
RESERVED
NOT-FOR-US: ovirt
-CVE-2014-0150 [guest-triggerable buffer overrun in virtio-net]
- RESERVED
+CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in ...)
{DSA-2910-1 DSA-2909-1}
- qemu 1.7.0+dfsg-8 (bug #744221)
- qemu-kvm <removed>
@@ -7571,8 +7749,7 @@
RESERVED
CVE-2014-0112
RESERVED
-CVE-2014-0111
- RESERVED
+CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote ...)
NOT-FOR-US: Apache Syncope
CVE-2014-0110
RESERVED
@@ -7656,8 +7833,7 @@
NOT-FOR-US: RichFaces
NOTE: https://github.com/richfaces/richfaces/commit/4115c103f74e7cb0af6d392e22866e52db2bc4e7
NOTE: https://issues.jboss.org/browse/RF-13250
-CVE-2014-0085
- RESERVED
+CVE-2014-0085 (Apache Zookeeper logs cleartext admin passwords, which allows local ...)
- zookeeper <unfixed>
TODO: check
CVE-2014-0084
@@ -7710,8 +7886,7 @@
CVE-2014-0072
RESERVED
NOT-FOR-US: Apache Cordova
-CVE-2014-0071 [Security Groups fail to block network traffic]
- RESERVED
+CVE-2014-0071 (PackStack in Red Hat OpenStack 4.0 does not enforce the default ...)
- neutron 2014.1-1
CVE-2014-0070
REJECTED
@@ -7788,8 +7963,7 @@
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
-CVE-2014-0054
- RESERVED
+CVE-2014-0054 (The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring ...)
{DSA-2890-1}
- libspring-java 3.0.6.RELEASE-13 (bug #741604)
CVE-2014-0053 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
@@ -7848,8 +8022,7 @@
CVE-2014-0037
RESERVED
NOT-FOR-US: Zarafa Collaboration Platform
-CVE-2014-0036
- RESERVED
+CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with ...)
NOT-FOR-US: rbovirt
CVE-2014-0035
RESERVED
@@ -9103,8 +9276,7 @@
RESERVED
CVE-2013-6470
RESERVED
-CVE-2013-6469
- RESERVED
+CVE-2013-6469 (JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows ...)
NOT-FOR-US: JBoss SOA RTgov
CVE-2013-6468 (JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM ...)
NOT-FOR-US: JBoss Drolls
@@ -9489,12 +9661,10 @@
CVE-2013-6372
RESERVED
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
-CVE-2013-6371 [hash collision DoS]
- RESERVED
+CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent ...)
- json-c 0.11-4 (bug #744008)
NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
-CVE-2013-6370 [buffer overflow if size_t is larger than int]
- RESERVED
+CVE-2013-6370 (Buffer overflow in the printbuf APIs in json-c before 0.12 allows ...)
- json-c 0.11-4 (bug #744008)
NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
CVE-2013-6369 (Stack-based buffer overflow in the jbg_dec_in function in ...)
@@ -9846,22 +10016,22 @@
RESERVED
CVE-2013-6220
RESERVED
-CVE-2013-6219
- RESERVED
-CVE-2013-6218
- RESERVED
+CVE-2013-6219 (Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before ...)
+ TODO: check
+CVE-2013-6218 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, ...)
+ TODO: check
CVE-2013-6217
RESERVED
CVE-2013-6216 (Unspecified vulnerability in HP Array Configuration Utility, Array ...)
NOT-FOR-US: HP
-CVE-2013-6215
- RESERVED
-CVE-2013-6214
- RESERVED
-CVE-2013-6213
- RESERVED
-CVE-2013-6212
- RESERVED
+CVE-2013-6215 (Unspecified vulnerability in the Integration Service in HP Universal ...)
+ TODO: check
+CVE-2013-6214 (Unspecified vulnerability in the Integration Service in HP Universal ...)
+ TODO: check
+CVE-2013-6213 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
+ TODO: check
+CVE-2013-6212 (Unspecified vulnerability in HP Database and Middleware Automation ...)
+ TODO: check
CVE-2013-6211 (Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance ...)
NOT-FOR-US: HP StoreOnce
CVE-2013-6210 (Unspecified vulnerability in HP Unified Functional Testing before 12.0 ...)
@@ -10431,8 +10601,8 @@
RESERVED
CVE-2013-5949
RESERVED
-CVE-2013-5948
- RESERVED
+CVE-2013-5948 (The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS ...)
+ TODO: check
CVE-2013-5947
RESERVED
CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with ...)
@@ -11790,8 +11960,8 @@
RESERVED
CVE-2013-5460
RESERVED
-CVE-2013-5459
- RESERVED
+CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) ...)
+ TODO: check
CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
NOT-FOR-US: IBM JDK
CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
@@ -13456,8 +13626,8 @@
NOT-FOR-US: Hitachi
CVE-2013-4695
RESERVED
-CVE-2013-4694
- RESERVED
+CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 ...)
+ TODO: check
CVE-2013-4693
RESERVED
CVE-2013-4692
@@ -14185,8 +14355,7 @@
- poppler 0.18.4-9 (low; bug #729064)
[squeeze] - poppler <not-affected> (pdfseparate not yet present)
[wheezy] - poppler <no-dsa> (Minor issue, cli tool)
-CVE-2013-4472 [Race condition on temporary file]
- RESERVED
+CVE-2013-4472 (The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...)
- poppler <unfixed> (unimportant)
- xpdf <unfixed> (unimportant)
NOTE: specific to non-*NIX systems
@@ -14811,12 +14980,10 @@
[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
[jessie] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=745aa55fbf3e076c4288d5ec3239f5a5d43508a6
-CVE-2013-4290 [stack-based buffer overflows]
- RESERVED
+CVE-2013-4290 (Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote ...)
- openjpeg <unfixed> (unimportant; bug #722540)
NOTE: JP3D code not built in the binary package, see #722540
-CVE-2013-4289 [heap-based buffer overflows]
- RESERVED
+CVE-2013-4289 (Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before ...)
- openjpeg <unfixed> (unimportant; bug #722540)
NOTE: JP3D code not built in the binary package, see #722540
CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to bypass ...)
@@ -14848,8 +15015,7 @@
RESERVED
CVE-2013-4280
RESERVED
-CVE-2013-4279
- RESERVED
+CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...)
- imapsync <removed>
CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, ...)
- nova 2013.1.3-1 (bug #720602)
@@ -15411,8 +15577,7 @@
NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt
CVE-2013-4117 (Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php ...)
NOT-FOR-US: WordPress plugin category-grid-view-gallery
-CVE-2013-4116 [npm: predictable temporary filenames when unpacking tarballs]
- RESERVED
+CVE-2013-4116 (lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local ...)
- npm 1.3.10~dfsg-1 (bug #715325)
NOTE: Upstream fix https://github.com/isaacs/npm/commit/f4d31693
NOTE: https://github.com/isaacs/npm/issues/3635
@@ -20189,8 +20354,7 @@
CVE-2013-2188 (A certain Red Hat patch to the do_filp_open function in fs/namei.c in ...)
- linux-2.6 <not-affected> (RHEL-specific issue)
- linux <not-affected> (RHEL-specific issue)
-CVE-2013-2187
- RESERVED
+CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through ...)
NOT-FOR-US: Apache Archiva
CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red ...)
{DSA-2827-1}
@@ -20332,8 +20496,7 @@
[squeeze] - libmodule-signature-perl 0.63-1+squeeze1
CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...)
NOT-FOR-US: RHEV Manager
-CVE-2013-2143
- RESERVED
+CVE-2013-2143 (The users controller in Katello 1.5.0-14 and earlier, and Red Hat ...)
NOT-FOR-US: Katello
CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME ...)
- libimobiledevice 1.1.5-0.1 (low; bug #710885)
@@ -20472,8 +20635,7 @@
CVE-2013-2106 [Authentication credential disclosure]
RESERVED
- webauth <not-affected> (vulnerable code only in 4.4.1 up to 4.5.2)
-CVE-2013-2105
- RESERVED
+CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local ...)
NOT-FOR-US: Show In Browser Ruby Gem
CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone ...)
- keystone <not-affected> (Vulnerable code only in experimental versions of keystone)
@@ -21624,8 +21786,7 @@
- libvirt 0.9.12-8 (bug #701649)
CVE-2013-1765
RESERVED
-CVE-2013-1764
- RESERVED
+CVE-2013-1764 (The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local ...)
- packagekit <not-affected> (Zypp backend specific to SuSE)
CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in ...)
- linux <not-affected> (Introduced in 3.3)
@@ -22902,8 +23063,8 @@
- fusionforge 5.2.1+20130227-1
CVE-2013-1422
RESERVED
-CVE-2013-1421
- RESERVED
+CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
+ TODO: check
CVE-2013-1420
RESERVED
CVE-2013-1419
@@ -29357,8 +29518,8 @@
NOT-FOR-US: Cisco VPN Client
CVE-2012-5428
RESERVED
-CVE-2012-5427
- RESERVED
+CVE-2012-5427 (Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T ...)
+ TODO: check
CVE-2012-5426
RESERVED
CVE-2012-5425
@@ -29367,8 +29528,8 @@
NOT-FOR-US: Cisco
CVE-2012-5423
RESERVED
-CVE-2012-5422
- RESERVED
+CVE-2012-5422 (Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 ...)
+ TODO: check
CVE-2012-5421
RESERVED
CVE-2012-5420
@@ -30282,8 +30443,8 @@
RESERVED
CVE-2012-5045
RESERVED
-CVE-2012-5044
- RESERVED
+CVE-2012-5044 (Cisco IOS before 15.3(1)T, when media flow-around is not used, allows ...)
+ TODO: check
CVE-2012-5043
RESERVED
CVE-2012-5042
@@ -30292,22 +30453,22 @@
RESERVED
CVE-2012-5040
RESERVED
-CVE-2012-5039
- RESERVED
+CVE-2012-5039 (The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote ...)
+ TODO: check
CVE-2012-5038
RESERVED
-CVE-2012-5037
- RESERVED
-CVE-2012-5036
- RESERVED
+CVE-2012-5037 (The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 ...)
+ TODO: check
+CVE-2012-5036 (Cisco IOS before 12.2(50)SY1 allows remote authenticated users to ...)
+ TODO: check
CVE-2012-5035
RESERVED
CVE-2012-5034
RESERVED
CVE-2012-5033
RESERVED
-CVE-2012-5032
- RESERVED
+CVE-2012-5032 (The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation ...)
+ TODO: check
CVE-2012-5031
RESERVED
CVE-2012-5030
@@ -30336,14 +30497,14 @@
RESERVED
CVE-2012-5018
RESERVED
-CVE-2012-5017
- RESERVED
+CVE-2012-5017 (Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause ...)
+ TODO: check
CVE-2012-5016
RESERVED
CVE-2012-5015
RESERVED
-CVE-2012-5014
- RESERVED
+CVE-2012-5014 (Cisco IOS before 15.1(2)SY allows remote authenticated users to cause ...)
+ TODO: check
CVE-2012-5013
RESERVED
CVE-2012-5012
@@ -31410,8 +31571,8 @@
NOT-FOR-US: Cisco
CVE-2012-4659 (The AAA functionality in the IPv4 SSL VPN implementations on Cisco ...)
NOT-FOR-US: Cisco
-CVE-2012-4658
- RESERVED
+CVE-2012-4658 (The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows ...)
+ TODO: check
CVE-2012-4657
RESERVED
CVE-2012-4656
@@ -31424,8 +31585,8 @@
RESERVED
CVE-2012-4652
RESERVED
-CVE-2012-4651
- RESERVED
+CVE-2012-4651 (Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote ...)
+ TODO: check
CVE-2012-4650
RESERVED
CVE-2012-4649
@@ -31450,8 +31611,8 @@
RESERVED
CVE-2012-4639
RESERVED
-CVE-2012-4638
- RESERVED
+CVE-2012-4638 (Cisco IOS before 15.1(1)SY allows local users to cause a denial of ...)
+ TODO: check
CVE-2012-4637
RESERVED
CVE-2012-4636
@@ -33635,8 +33796,8 @@
RESERVED
CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco ...)
NOT-FOR-US: Cisco Application Control Engine
-CVE-2012-3918
- RESERVED
+CVE-2012-3918 (Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a ...)
+ TODO: check
CVE-2012-3917
RESERVED
CVE-2012-3916
@@ -35699,8 +35860,8 @@
RESERVED
CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before ...)
NOT-FOR-US: Cisco
-CVE-2012-3062
- RESERVED
+CVE-2012-3062 (Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) ...)
+ TODO: check
CVE-2012-3061
RESERVED
CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers ...)
@@ -39990,8 +40151,8 @@
RESERVED
CVE-2012-1367 (The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and ...)
NOT-FOR-US: Cisco
-CVE-2012-1366
- RESERVED
+CVE-2012-1366 (Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast ...)
+ TODO: check
CVE-2012-1365 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote ...)
NOT-FOR-US: Cisco
CVE-2012-1364 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote ...)
@@ -40088,8 +40249,8 @@
RESERVED
CVE-2012-1318
RESERVED
-CVE-2012-1317
- RESERVED
+CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows ...)
+ TODO: check
CVE-2012-1316
RESERVED
CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall ...)
@@ -41213,8 +41374,7 @@
NOT-FOR-US: Boonex Dolphin
CVE-2012-0872 (Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 ...)
NOT-FOR-US: OxWall
-CVE-2012-0871
- RESERVED
+CVE-2012-0871 (The session_link_x11_socket function in login/logind-session.c in ...)
- systemd 43-1
CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...)
- samba 2:3.4.0~pre1-1
@@ -42612,8 +42772,8 @@
NOT-FOR-US: Cisco IOS
CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 ...)
NOT-FOR-US: Cisco
-CVE-2012-0360
- RESERVED
+CVE-2012-0360 (Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is ...)
+ TODO: check
CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...)
NOT-FOR-US: Cisco Cius
CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in ...)
@@ -45260,8 +45420,7 @@
[squeeze] - software-properties <not-affected> (Vulnerable code not present)
[lenny] - software-properties <not-affected> (Vulnerable code not present)
NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210/
-CVE-2011-4406
- RESERVED
+CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does ...)
- accountsservice 0.6.15-3
CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and ...)
- system-config-printer 1.3.7-1 (low; bug #651204)
@@ -45932,16 +46091,13 @@
NOTE: Path disclosure not an issue for Debian
CVE-2011-4196
RESERVED
-CVE-2011-4195
- RESERVED
+CVE-2011-4195 (kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 ...)
NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise ...)
NOT-FOR-US: Novell iPrint
-CVE-2011-4193
- RESERVED
+CVE-2011-4193 (Cross-site scripting (XSS) vulnerability in the overlay files tab in ...)
NOT-FOR-US: Suse kiwi (different from python-kiwi)
-CVE-2011-4192
- RESERVED
+CVE-2011-4192 (kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and ...)
NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in ...)
NOT-FOR-US: Novell NetWare
@@ -46224,8 +46380,7 @@
- serendipity <removed> (bug #650937)
[squeeze] - serendipity <no-dsa> (Minor issue)
NOTE: http://seclists.org/oss-sec/2011/q4/192
-CVE-2011-4089
- RESERVED
+CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed ...)
- bzip2 1.0.6-1 (low; bug #632862)
[squeeze] - bzip2 1.0.5-6+squeeze1
[lenny] - bzip2 <no-dsa> (Minor issue)
@@ -49045,8 +49200,7 @@
{DSA-2391-1}
- phpmyadmin 4:3.4.4-1
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-3180
- RESERVED
+CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 ...)
NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
NOT-FOR-US: Novell Messenger
@@ -49135,8 +49289,7 @@
NOT-FOR-US: HP Data Protector
CVE-2011-3155 (Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 ...)
NOT-FOR-US: HP Onboard Administrator
-CVE-2011-3154
- RESERVED
+CVE-2011-3154 (DistUpgrade/DistUpgradeViewKDE.py in Update Manager before ...)
- update-manager <not-affected> (ubuntu-specific issue)
NOTE: see bug #650307
CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows ...)
@@ -55558,8 +55711,8 @@
- ruby-sqlite3 <not-affected> (SuSE-specific packaging flaw)
CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
NOT-FOR-US: Novell File Reporter
-CVE-2011-0993
- RESERVED
+CVE-2011-0993 (SUSE Lifecycle Management Server before 1.1 uses world readable ...)
+ TODO: check
CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
@@ -57038,8 +57191,7 @@
NOT-FOR-US: openSUSE Build Service
CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 ...)
NOT-FOR-US: OpenSUSE aaa_base package
-CVE-2011-0460
- RESERVED
+CVE-2011-0460 (The init script in kbd, possibly 1.14.1 and earlier, allows local ...)
- kbd <not-affected> (SUSE-specific)
CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault ...)
NOT-FOR-US: Cyber-Ark
More information about the Secure-testing-commits
mailing list