[Secure-testing-commits] r25560 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri Feb 7 09:14:11 UTC 2014
Author: joeyh
Date: 2014-02-07 09:14:11 +0000 (Fri, 07 Feb 2014)
New Revision: 25560
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-07 07:44:05 UTC (rev 25559)
+++ data/CVE/list 2014-02-07 09:14:11 UTC (rev 25560)
@@ -1,3 +1,59 @@
+CVE-2014-1868
+ RESERVED
+CVE-2014-1867
+ RESERVED
+CVE-2014-1866
+ RESERVED
+CVE-2014-1865
+ RESERVED
+CVE-2014-1864
+ RESERVED
+CVE-2014-1863
+ RESERVED
+CVE-2014-1862
+ RESERVED
+CVE-2014-1861
+ RESERVED
+CVE-2014-1859
+ RESERVED
+CVE-2014-1858
+ RESERVED
+CVE-2014-1857
+ RESERVED
+CVE-2014-1856
+ RESERVED
+CVE-2014-1855
+ RESERVED
+CVE-2014-1854
+ RESERVED
+CVE-2014-1853
+ RESERVED
+CVE-2014-1852
+ RESERVED
+CVE-2014-1851
+ RESERVED
+CVE-2014-1850
+ RESERVED
+CVE-2014-1849
+ RESERVED
+CVE-2014-1848
+ RESERVED
+CVE-2014-1847
+ RESERVED
+CVE-2014-1844
+ RESERVED
+CVE-2014-1843
+ RESERVED
+CVE-2014-1842
+ RESERVED
+CVE-2014-1841
+ RESERVED
+CVE-2014-1840
+ RESERVED
+CVE-2014-1830
+ RESERVED
+CVE-2014-1829
+ RESERVED
CVE-2014-XXXX [buffer overflow in socket.recvfrom_into]
- python2.5 <removed> (low)
- python2.6 <removed> (low)
@@ -33,42 +89,53 @@
NOTE: Security fix in 0.3.5-1 is invalid
NOTE: https://code.google.com/p/python-gnupg/issues/detail?id=98
CVE-2014-1860 [PHP object insertion]
+ RESERVED
NOT-FOR-US: Contao CMS
CVE-2014-1832 [incomplete fix of CVE-2014-1831]
+ RESERVED
- ruby-passenger <not-affected> (incomplete patch never applied)
- passenger <not-affected> (incomplete patch never applied)
CVE-2014-1831 [insecure use of /tmp]
+ RESERVED
- ruby-passenger <unfixed> (low; bug #736958)
[wheezy] - ruby-passenger <no-dsa> (low; bug #736958)
- passenger <removed>
[squeeze] - passenger <no-dsa> (minor issue)
CVE-2001-1593 [insecure use of /tmp]
+ RESERVED
- a2ps <unfixed> (low; bug #737385)
[wheezy] - a2ps <no-dsa> (Minor issue)
[squeeze] - a2ps <no-dsa> (Minor issue)
CVE-2014-1845 [hardening to the defaults]
+ RESERVED
- e17 <unfixed> (bug #737705)
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
CVE-2014-1846 [hardening to the defaults]
+ RESERVED
- e17 <unfixed> (bug #737705)
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
CVE-2014-1839
+ RESERVED
- logilab-common <unfixed> (bug #737051)
CVE-2014-1838
+ RESERVED
- logilab-common <unfixed> (bug #737051)
-CVE-2014-1837
+CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento ...)
NOT-FOR-US: Joomla com_komento
CVE-2014-1836
+ RESERVED
NOT-FOR-US: ImpressCMS
CVE-2014-1835
+ RESERVED
NOT-FOR-US: Echor Ruby Gem
CVE-2014-1834
+ RESERVED
NOT-FOR-US: Echor Ruby Gem
-CVE-2014-1833 [uupdate (devscripts) directory traversal]
+CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 ...)
- devscripts <unfixed> (bug #737160)
CVE-2013-XXXX [python's zipfile infinite loop on malformed files]
- python2.5 <removed> (low)
@@ -383,8 +450,7 @@
CVE-2014-1750
RESERVED
NOT-FOR-US: WordPress plugin nokia-mapsplaces
-CVE-2014-1694
- RESERVED
+CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
- otrs2 3.3.4-1
NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
CVE-2014-1693
@@ -580,11 +646,9 @@
RESERVED
CVE-2014-1613
RESERVED
-CVE-2014-1612
- RESERVED
+CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web ...)
NOT-FOR-US: Mediatrix
-CVE-2014-1610
- RESERVED
+CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before ...)
- mediawiki 1:1.19.11+dfsg-1
CVE-2014-1609
RESERVED
@@ -824,80 +888,65 @@
RESERVED
CVE-2014-1492
RESERVED
-CVE-2014-1491
- RESERVED
+CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...)
- iceweasel <unfixed>
- icedove <unfixed>
- nss 2:3.15.4-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1490
- RESERVED
+CVE-2014-1490 (Race condition in libssl in Mozilla Network Security Services (NSS) ...)
- iceweasel <unfixed>
- icedove <unfixed>
- nss 2:3.15.4-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1489
- RESERVED
+CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to ...)
- iceweasel <not-affected> (Only affects Firefox 26)
- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1488
- RESERVED
+CVE-2014-1488 (The Web workers implementation in Mozilla Firefox before 27.0 and ...)
- iceweasel <not-affected> (Only affects Firefox 26)
- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1487
- RESERVED
+CVE-2014-1487 (The Web workers implementation in Mozilla Firefox before 27.0, Firefox ...)
- iceweasel 24.3.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1486
- RESERVED
+CVE-2014-1486 (Use-after-free vulnerability in the imgRequestProxy function in ...)
- iceweasel 24.3.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1485
- RESERVED
+CVE-2014-1485 (The Content Security Policy (CSP) implementation in Mozilla Firefox ...)
- iceweasel <not-affected> (Only affects Firefox 26)
- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1484
- RESERVED
+CVE-2014-1484 (Mozilla Firefox before 27.0 on Android 4.2 and earlier creates ...)
- iceweasel <not-affected> (Only affects Firefox for Android)
- icedove <not-affected> (Only affects Firefox for Android)
-CVE-2014-1483
- RESERVED
+CVE-2014-1483 (Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote ...)
- iceweasel <not-affected> (Only affects Firefox 26)
- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1482
- RESERVED
+CVE-2014-1482 (RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x ...)
- iceweasel 24.3.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1481
- RESERVED
+CVE-2014-1481 (Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird ...)
- iceweasel 24.3.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1480
- RESERVED
+CVE-2014-1480 (The file-download implementation in Mozilla Firefox before 27.0 and ...)
- iceweasel <not-affected> (Only affects Firefox 26)
- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1479
- RESERVED
+CVE-2014-1479 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
- iceweasel 24.3.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1478
- RESERVED
+CVE-2014-1478 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 26)
- icedove <not-affected> (Only affects Firefox 26)
-CVE-2014-1477
- RESERVED
+CVE-2014-1477 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel 24.3.0esr-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
@@ -964,8 +1013,7 @@
- pyxdg 0.25-4 (low; bug #736247)
[squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
[wheezy] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
-CVE-2014-1611
- RESERVED
+CVE-2014-1611 (Cross-site scripting (XSS) vulnerability in the Anonymous Posting ...)
NOT-FOR-US: Drupal contrib
CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka ...)
- python-rply 0.7.1-1
@@ -974,8 +1022,7 @@
NOT-FOR-US: McAfee Vulnerability Manager
CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise ...)
NOT-FOR-US: McAfee Vulnerability Manager
-CVE-2014-1471
- RESERVED
+CVE-2014-1471 (SQL injection vulnerability in the StateGetStatesByType function in ...)
- otrs2 3.3.4-1
NOTE: https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
CVE-2014-1470
@@ -1002,8 +1049,8 @@
RESERVED
CVE-2014-1459
RESERVED
-CVE-2014-1458
- RESERVED
+CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...)
+ TODO: check
CVE-2014-1457
RESERVED
CVE-2014-1456
@@ -1033,8 +1080,8 @@
NOT-FOR-US: Core FTP Server
CVE-2014-1440
RESERVED
-CVE-2014-1439
- RESERVED
+CVE-2014-1439 (The libxml_disable_entity_loader function in ...)
+ TODO: check
CVE-2014-1437
RESERVED
CVE-2014-1436
@@ -1091,20 +1138,17 @@
RESERVED
CVE-2014-1410
RESERVED
-CVE-2013-7303 [cross-site scripting]
- RESERVED
+CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- spip 3.0.13-1 (bug #736170)
[wheezy] - spip <no-dsa> (Minor issue)
[squeeze] - spip <no-dsa> (Minor issue)
CVE-2013-7302
RESERVED
NOT-FOR-US: Drupal contrib
-CVE-2013-7301 [external network interface is used with no access control for reading queued music files]
- RESERVED
+CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...)
- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
NOTE: https://code.google.com/p/cantata/issues/detail?id=356
-CVE-2013-7300 [absolute path traversal vulnerability]
- RESERVED
+CVE-2013-7300 (Absolute path traversal vulnerability in cantata before 1.2.2 allows ...)
- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...)
@@ -1161,8 +1205,7 @@
RESERVED
CVE-2014-1404
RESERVED
-CVE-2014-1403
- RESERVED
+CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM ...)
NOT-FOR-US: easyXDM
CVE-2014-1397
RESERVED
@@ -1545,8 +1588,8 @@
NOT-FOR-US: Open Web Analytics
CVE-2014-1205
RESERVED
-CVE-2014-1204
- RESERVED
+CVE-2014-1204 (SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and ...)
+ TODO: check
CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows ...)
NOT-FOR-US: SoapUI
CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
@@ -1972,16 +2015,16 @@
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0835 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
NOT-FOR-US: IBM Security QRadar SIEM
-CVE-2014-0834
- RESERVED
-CVE-2014-0833
- RESERVED
-CVE-2014-0832
- RESERVED
-CVE-2014-0831
- RESERVED
-CVE-2014-0830
- RESERVED
+CVE-2014-0834 (IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 ...)
+ TODO: check
+CVE-2014-0833 (The OAC component in IBM Financial Transaction Manager (FTM) 2.0 ...)
+ TODO: check
+CVE-2014-0832 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2014-0831 (Cross-site request forgery (CSRF) vulnerability in the OAC component ...)
+ TODO: check
+CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation ...)
+ TODO: check
CVE-2014-0829
RESERVED
CVE-2014-0828
@@ -2016,8 +2059,8 @@
RESERVED
CVE-2014-0813
RESERVED
-CVE-2014-0812
- RESERVED
+CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...)
+ TODO: check
CVE-2014-0811
RESERVED
CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...)
@@ -2054,8 +2097,7 @@
RESERVED
CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...)
NOT-FOR-US: JV Comment Joomla Extension
-CVE-2014-0793
- RESERVED
+CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...)
NOT-FOR-US: Komento Joomla Extension
CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to ...)
NOT-FOR-US: Sonatype Nexus
@@ -2191,12 +2233,11 @@
RESERVED
CVE-2014-0758
RESERVED
-CVE-2014-0757
- RESERVED
+CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...)
+ TODO: check
CVE-2014-0756
RESERVED
-CVE-2014-0755
- RESERVED
+CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not ...)
NOT-FOR-US: Rockwell Automation RSLogix
CVE-2014-0754
RESERVED
@@ -2334,8 +2375,7 @@
RESERVED
CVE-2014-0687
RESERVED
-CVE-2014-0686
- RESERVED
+CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0685
RESERVED
@@ -2506,8 +2546,8 @@
NOT-FOR-US: Franklin Fueling Systems TS-550
CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...)
NOT-FOR-US: Franklin Fueling Systems TS-550
-CVE-2013-7246
- RESERVED
+CVE-2013-7246 (Buffer overflow in the IconCreate method in an ActiveX control in the ...)
+ TODO: check
CVE-2013-7245
RESERVED
CVE-2013-7244
@@ -2864,8 +2904,7 @@
RESERVED
CVE-2014-0498
RESERVED
-CVE-2014-0497
- RESERVED
+CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...)
NOT-FOR-US: Flash plugin
CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
NOT-FOR-US: Adobe Reader
@@ -2947,27 +2986,22 @@
RESERVED
CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...)
NOT-FOR-US: Gretech GOM Media Player
-CVE-2013-7183
- RESERVED
-CVE-2013-7182
- RESERVED
+CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote ...)
+ TODO: check
+CVE-2013-7182 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Fortinet FortiOS
-CVE-2013-7181
- RESERVED
+CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add in ...)
NOT-FOR-US: FortiWeb
CVE-2013-7180
RESERVED
-CVE-2013-7179
- RESERVED
+CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech ...)
NOT-FOR-US: Seowon Intech SWC-9100 routers
CVE-2013-7178
RESERVED
-CVE-2013-7177
- RESERVED
+CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban ...)
- fail2ban 0.8.11-1
NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
-CVE-2013-7176
- RESERVED
+CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...)
- fail2ban 0.8.11-1
CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...)
NOT-FOR-US: Avanset Visual CertExam Manager
@@ -3770,8 +3804,8 @@
RESERVED
CVE-2014-0330
RESERVED
-CVE-2014-0329
- RESERVED
+CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded ...)
+ TODO: check
CVE-2014-0328
RESERVED
CVE-2014-0327
@@ -4718,8 +4752,7 @@
CVE-2014-0020
RESERVED
- pidgin 2.10.8-1
-CVE-2014-0019 [PROXY-CONNECT address overflow]
- RESERVED
+CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and ...)
- socat 1.7.2.3-1 (low; bug #736993)
[squeeze] - socat <no-dsa> (Minor issue)
[wheezy] - socat <no-dsa> (Minor issue)
@@ -4730,8 +4763,7 @@
RESERVED
CVE-2014-0016
RESERVED
-CVE-2014-0015
- RESERVED
+CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...)
{DSA-2849-1}
- curl 7.35.0-1
CVE-2014-0014
@@ -4770,8 +4802,7 @@
RESERVED
CVE-2014-0002
RESERVED
-CVE-2014-0001 [command-line tool buffer overflow via long server version string]
- RESERVED
+CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...)
- mysql-5.1 <removed>
- mysql-5.5 <unfixed> (bug #737596)
- mariadb-5.5 <unfixed> (bug #737597)
@@ -5208,15 +5239,14 @@
RESERVED
CVE-2013-6728
RESERVED
-CVE-2013-6727
- RESERVED
+CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
NOT-FOR-US: IBM Sametime
CVE-2013-6726
RESERVED
CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
NOT-FOR-US: IBM WebSphere
-CVE-2013-6724
- RESERVED
+CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...)
+ TODO: check
CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6722
@@ -5788,8 +5818,7 @@
CVE-2013-6492
RESERVED
NOT-FOR-US: Pirhana
-CVE-2013-6491
- RESERVED
+CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...)
- nova <unfixed>
CVE-2013-6490
RESERVED
@@ -6519,8 +6548,7 @@
CVE-2013-6236
RESERVED
NOT-FOR-US: Stem Innovations IZON
-CVE-2013-6235 [Multiple Reflected XSS vulnerabilities]
- RESERVED
+CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java ...)
- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
NOTE: http://seclists.org/bugtraq/2014/Jan/92
CVE-2013-6234
@@ -6711,8 +6739,8 @@
RESERVED
CVE-2013-6144
RESERVED
-CVE-2013-6143
- RESERVED
+CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware ...)
+ TODO: check
CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...)
NOT-FOR-US: Schneider Electric ClearSCADA
CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...)
@@ -6962,15 +6990,14 @@
RESERVED
CVE-2013-6036
RESERVED
-CVE-2013-6035
- RESERVED
-CVE-2013-6034
- RESERVED
-CVE-2013-6033
- RESERVED
+CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
+ TODO: check
+CVE-2013-6034 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
+ TODO: check
+CVE-2013-6033 (Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 ...)
NOT-FOR-US: Lexmark
-CVE-2013-6032
- RESERVED
+CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...)
+ TODO: check
CVE-2013-6031
RESERVED
CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
@@ -7224,7 +7251,7 @@
NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server
CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
NOT-FOR-US: Tenable SecurityCenter
-CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, and Java SE ...)
+CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE ...)
- openjdk-6 6b30-1.13.1-1
- openjdk-7 7u51-2.4.4-1
CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
@@ -7299,7 +7326,7 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
NOT-FOR-US: Oracle Solaris
-CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE Java SE 5.0u55, 6u65, and ...)
+CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 6b30-1.13.1-1
- openjdk-7 7u51-2.4.4-1
CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...)
@@ -8561,8 +8588,8 @@
NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...)
NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
-CVE-2013-5427
- RESERVED
+CVE-2013-5427 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
+ TODO: check
CVE-2013-5426 (Session fixation vulnerability in IBM InfoSphere Master Data ...)
NOT-FOR-US: IBM
CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
@@ -9464,11 +9491,9 @@
CVE-2013-4980
RESERVED
NOT-FOR-US: AVTECH DVR
-CVE-2013-4979 [Buffer Overflow]
- RESERVED
+CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and ...)
NOT-FOR-US: EPS Viewer
-CVE-2013-4978 [Buffer Overflow]
- RESERVED
+CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...)
NOT-FOR-US: Aloaha PDF Suite
CVE-2013-4977
RESERVED
@@ -10037,11 +10062,9 @@
RESERVED
CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
NOT-FOR-US: Goodix gt915 Android touchscreen driver
-CVE-2013-4739
- RESERVED
+CVE-2013-4739 (The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm ...)
- linux <not-affected> (Android-specific camera drivers)
-CVE-2013-4738
- RESERVED
+CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...)
- linux <not-affected> (Android-specific camera drivers)
CVE-2013-4737
RESERVED
@@ -10828,8 +10851,7 @@
NOT-FOR-US: Simple Machines Forum
CVE-2013-4464
RESERVED
-CVE-2013-4463 [Compressed disk image DoS]
- RESERVED
+CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...)
- nova 2013.2-3 (bug #728605)
CVE-2013-4462
RESERVED
@@ -10873,8 +10895,7 @@
- nodejs 0.10.21~dfsg1-1 (medium)
NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
-CVE-2013-4449 [slapd segfaults on certain queries with rwm overlay enabled]
- RESERVED
+CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not ...)
- openldap <unfixed> (low; bug #729367)
[wheezy] - openldap <no-dsa> (Minor issue)
[squeeze] - openldap <no-dsa> (Minor issue)
@@ -11097,8 +11118,7 @@
NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search module ...)
NOT-FOR-US: Drupal module
-CVE-2013-4383
- RESERVED
+CVE-2013-4383 (Cross-site scripting (XSS) vulnerability in the jQuery Countdown ...)
NOT-FOR-US: Drupal module
CVE-2013-4382
REJECTED
@@ -11290,8 +11310,7 @@
- eglibc 2.17-93 (bug #722536)
[wheezy] - eglibc <no-dsa> (Will be fixed in next point update)
[squeeze] - eglibc <no-dsa> (Will be fixed in next point update)
-CVE-2013-4331 [incorrect .Xauthority permissions]
- RESERVED
+CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...)
- lightdm 1.6.2-1 (bug #721744)
[wheezy] - lightdm <not-affected> (Introduced in 1.4)
CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, ...)
@@ -12226,8 +12245,8 @@
NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4044 (IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 ...)
NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
-CVE-2013-4043
- RESERVED
+CVE-2013-4043 (The server in IBM SPSS Collaboration and Deployment Services 4.x ...)
+ TODO: check
CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...)
@@ -13139,8 +13158,8 @@
NOT-FOR-US: The Pizza Hut Japan Official Order for Android
CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
NOT-FOR-US: FileMaker Pro
-CVE-2013-3639
- RESERVED
+CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...)
+ TODO: check
CVE-2013-3638
RESERVED
CVE-2013-3637
@@ -13742,8 +13761,8 @@
RESERVED
CVE-2013-3366
RESERVED
-CVE-2013-3365
- RESERVED
+CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to ...)
+ TODO: check
CVE-2013-3364
RESERVED
CVE-2013-3363 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
@@ -14332,8 +14351,8 @@
RESERVED
CVE-2013-3099
RESERVED
-CVE-2013-3098
- RESERVED
+CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...)
+ TODO: check
CVE-2013-3097
RESERVED
CVE-2013-3096
@@ -14348,21 +14367,20 @@
RESERVED
CVE-2013-3091
RESERVED
-CVE-2013-3090
- RESERVED
+CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 ...)
+ TODO: check
CVE-2013-3089
RESERVED
CVE-2013-3088
RESERVED
-CVE-2013-3087
- RESERVED
+CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 ...)
NOT-FOR-US: Belkin N900 router
CVE-2013-3086
RESERVED
CVE-2013-3085
RESERVED
-CVE-2013-3084
- RESERVED
+CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model ...)
+ TODO: check
CVE-2013-3083
RESERVED
CVE-2013-3082
@@ -15364,8 +15382,8 @@
RESERVED
CVE-2013-2692
RESERVED
-CVE-2013-2691
- RESERVED
+CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...)
+ TODO: check
CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology ...)
NOT-FOR-US: Synchroweb Technology SynConnect 2.0
CVE-2013-2689
@@ -17179,8 +17197,7 @@
CVE-2013-2075
RESERVED
- chicken <not-affected> (Incomplete fix was never applied)
-CVE-2013-2074 [prints passwords contained in HTTP URLs in error messages]
- RESERVED
+CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows ...)
- kde4libs 4:4.10.5-1 (low; bug #707776)
[squeeze] - kde4libs <no-dsa> (Minor issue)
[wheezy] - kde4libs <no-dsa> (Minor issue)
@@ -17544,8 +17561,7 @@
{DSA-2703-1}
- subversion 1.7.9-1+nmu2 (bug #711033)
NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
-CVE-2013-1967 [mediaelement flashmediaelement XSS]
- RESERVED
+CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in ...)
- owncloud <not-affected> (Vulnerable code not present)
NOTE: oC >= 4.5 only
CVE-2013-1966 (Apache Struts 2 before 2.3.14.1 allows remote attackers to execute ...)
@@ -17845,8 +17861,7 @@
CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary ...)
- librsvg 2.40.0-1 (bug #724741)
[wheezy] - librsvg 2.36.1-2
-CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application]
- RESERVED
+CVE-2013-1880 (Cross-site scripting (XSS) vulnerability in the Portfolio publisher ...)
- activemq <not-affected> (portfolio demo app not shipped in Debian package)
NOTE: https://issues.apache.org/jira/browse/AMQ-4398
CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ...)
@@ -17945,8 +17960,8 @@
- almanah 0.9.1-1 (bug #702905)
[squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
-CVE-2013-1852
- RESERVED
+CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager ...)
+ TODO: check
CVE-2013-1851 [user_migrate: Local file disclosure]
RESERVED
- owncloud 4.0.8debian-1.6 (bug #703094)
@@ -19348,8 +19363,7 @@
CVE-2013-1572 (The dissect_oampdu_event_notification function in ...)
- wireshark <unfixed> (unimportant)
NOTE: Not suitable for code injection
-CVE-2013-1470 [XSS in geeklog]
- RESERVED
+CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the ...)
NOTE: There was a RFP long time ago, bug #203818
NOTE: https://www.htbridge.com/advisory/HTB23143
NOT-FOR-US: Geeklog
@@ -19363,8 +19377,8 @@
NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1467
RESERVED
-CVE-2013-1466
- RESERVED
+CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion before ...)
+ TODO: check
CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
NOT-FOR-US: CubeCart
CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...)
@@ -19655,8 +19669,7 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ...)
NOT-FOR-US: Adobe Digital Editions
-CVE-2013-1376
- RESERVED
+CVE-2013-1376 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
NOT-FOR-US: Adobe Reader
CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...)
NOT-FOR-US: Adobe Flash Plugin
@@ -21420,8 +21433,8 @@
[wheezy] - moin 1.9.4-8+deb7u1
CVE-2012-6494
RESERVED
-CVE-2012-6493
- RESERVED
+CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose ...)
+ TODO: check
CVE-2012-6492
RESERVED
CVE-2012-6491
@@ -22947,8 +22960,7 @@
- wordpress 3.5.1+dfsg-1 (bug #698916)
NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7
-CVE-2013-0234
- RESERVED
+CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
- elgg <itp> (bug #526197)
CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
- ruby-devise <itp> (bug #691525)
@@ -23136,8 +23148,7 @@
[squeeze] - redis <no-dsa> (Minor issue)
[wheezy] - redis <no-dsa> (Minor issue)
NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6
-CVE-2013-0177
- RESERVED
+CVE-2013-0177 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: OFBiz
CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...)
- libssh 0.5.4-1 (low; bug #698963)
@@ -31414,8 +31425,7 @@
NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2012-3427
- RESERVED
+CVE-2012-3427 (EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
- keystone 2012.1.1-1
@@ -32449,8 +32459,7 @@
NOT-FOR-US: Foscam, Wansview IP cameras
CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...)
NOT-FOR-US: Mutiny Standard
-CVE-2012-3000
- RESERVED
+CVE-2012-3000 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: F5 BIG-IP
CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
NOT-FOR-US: Cerberus FTP
@@ -34481,12 +34490,10 @@
CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync ...)
{DSA-2578-1}
- rssh 2.3.3-6
-CVE-2012-2250
- RESERVED
+CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of ...)
- tor 0.2.3.24-rc-1 (low)
[squeeze] - tor <no-dsa> (Minor issue)
-CVE-2012-2249
- RESERVED
+CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of ...)
- tor 0.2.3.23-rc-1 (low)
[squeeze] - tor <no-dsa> (Minor issue)
CVE-2012-2248 [build-influenced PATH set in dhclient]
@@ -34859,16 +34866,13 @@
NOTE: http://www.openssl.org/news/secadv_20120419.txt
CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin ...)
NOT-FOR-US: wordpress buddypress plugin
-CVE-2012-2108
- RESERVED
+CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c ...)
- csound 1:5.17.6~dfsg-1 (low; bug #661197)
[squeeze] - csound <no-dsa> (Minor issue)
-CVE-2012-2107
- RESERVED
+CVE-2012-2107 (Integer overflow in the main function in util/lpci_main.c in Csound ...)
- csound 1:5.17.6~dfsg-1 (bug #661197)
[squeeze] - csound <no-dsa> (Minor issue)
-CVE-2012-2106
- RESERVED
+CVE-2012-2106 (Integer overflow in the pv_import function in util/pv_import.c in ...)
- csound 1:5.17.6~dfsg-1 (bug #661197)
[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...)
@@ -37839,8 +37843,7 @@
- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
- python2.6 <not-affected> (configured with --with-system-expat since 2.6.6-4)
-CVE-2012-0875 [systemtap invalid read leading to kernel DoS]
- RESERVED
+CVE-2012-0875 (SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged ...)
- systemtap 1.7-1 (low; bug #660929; bug #660886)
[squeeze] - systemtap <not-affected> (Vulnerable code not present)
[lenny] - systemtap <not-affected> (Vulnerable code not present)
@@ -40972,8 +40975,7 @@
CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which ...)
- rpm 4.9.1.3-1 (bug #667031)
[squeeze] - rpm <no-dsa> (Minor issue)
-CVE-2012-0059
- RESERVED
+CVE-2012-0059 (Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 ...)
NOT-FOR-US: RHN Satellite
CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before ...)
- linux-2.6 3.2.2-1
@@ -41330,8 +41332,7 @@
- typo3-src 4.5.9+dfsg1-1 (bug #652365)
[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
-CVE-2011-4613 [X launcher permission bypass]
- RESERVED
+CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...)
{DSA-2364-1}
- xorg 1:7.6+10 (low; bug #652249)
[lenny] - xorg <not-affected> (Introduced in 1:7.4~4)
@@ -42125,8 +42126,7 @@
CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ...)
{DSA-2435-1}
- gnash 0.8.10-1 (low; bug #649384)
-CVE-2011-4327
- RESERVED
+CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain ...)
- openssh <not-affected> (Only affects platforms w/o /dev/random)
NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel ...)
@@ -45175,8 +45175,7 @@
- rpm 4.9.1.2-1 (low; bug #645325)
[squeeze] - rpm 4.8.1-6+squeeze1
[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
-CVE-2011-3377 [IcedTea browser plugin Same Origin Policy suffix issue]
- RESERVED
+CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x ...)
{DSA-2420-1}
- openjdk-6 6b21~pre1-1
- icedtea-web 1.1.4-1
@@ -45289,8 +45288,7 @@
[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
- ofa-kernel <itp> (bug #541849)
-CVE-2011-3344
- RESERVED
+CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
{DSA-2386-1}
@@ -46584,8 +46582,7 @@
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
-CVE-2011-2927
- RESERVED
+CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
RESERVED
@@ -46605,11 +46602,9 @@
CVE-2011-2921
RESERVED
- ktsuss <removed>
-CVE-2011-2920
- RESERVED
+CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
NOT-FOR-US: Red Hat Network Satellite server
-CVE-2011-2919
- RESERVED
+CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does ...)
{DSA-2303-1}
@@ -47231,8 +47226,7 @@
CVE-2011-2726 [SA-CORE-2011-003]
RESERVED
- drupal7 7.6-1
-CVE-2011-2725 [ark directory traversal]
- RESERVED
+CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows ...)
- kdeutils 4:4.6.5-4 (low; bug #635541)
[lenny] - kdeutils <no-dsa> (Minor issue)
[squeeze] - kdeutils 4:4.4.5-1+squeeze1
@@ -50303,8 +50297,7 @@
- rdesktop 1.7.0-1 (low; bug #623552)
[squeeze] - rdesktop <no-dsa> (Minor issue)
[lenny] - rdesktop <no-dsa> (Minor issue)
-CVE-2011-1594
- RESERVED
+CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat ...)
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...)
{DSA-2264-1 DSA-2240-1}
More information about the Secure-testing-commits
mailing list