[Secure-testing-commits] r25816 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Feb 20 21:14:11 UTC 2014
Author: joeyh
Date: 2014-02-20 21:14:11 +0000 (Thu, 20 Feb 2014)
New Revision: 25816
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-02-20 19:19:49 UTC (rev 25815)
+++ data/CVE/list 2014-02-20 21:14:11 UTC (rev 25816)
@@ -1,36 +1,321 @@
+CVE-2014-2086
+ RESERVED
+CVE-2014-2085
+ RESERVED
+CVE-2014-2084
+ RESERVED
+CVE-2014-2083
+ RESERVED
+CVE-2014-2082
+ RESERVED
+CVE-2014-2081
+ RESERVED
+CVE-2014-2080
+ RESERVED
+CVE-2014-2079
+ RESERVED
+CVE-2014-2078
+ RESERVED
+CVE-2014-2077
+ RESERVED
+CVE-2014-2076
+ RESERVED
+CVE-2014-2075
+ RESERVED
+CVE-2014-2074
+ RESERVED
+CVE-2014-2073
+ RESERVED
+CVE-2014-2072
+ RESERVED
+CVE-2014-2071
+ RESERVED
+CVE-2014-2070
+ RESERVED
+CVE-2014-2069
+ RESERVED
+CVE-2014-2068
+ RESERVED
+CVE-2014-2067
+ RESERVED
+CVE-2014-2066
+ RESERVED
+CVE-2014-2065
+ RESERVED
+CVE-2014-2064
+ RESERVED
+CVE-2014-2063
+ RESERVED
+CVE-2014-2062
+ RESERVED
+CVE-2014-2061
+ RESERVED
+CVE-2014-2060
+ RESERVED
+CVE-2014-2059
+ RESERVED
+CVE-2014-2058
+ RESERVED
+CVE-2014-2057
+ RESERVED
+CVE-2014-2056
+ RESERVED
+CVE-2014-2055
+ RESERVED
+CVE-2014-2054
+ RESERVED
+CVE-2014-2053
+ RESERVED
+CVE-2014-2052
+ RESERVED
+CVE-2014-2051
+ RESERVED
+CVE-2014-2050
+ RESERVED
+CVE-2014-2049
+ RESERVED
+CVE-2014-2048
+ RESERVED
+CVE-2014-2047
+ RESERVED
+CVE-2014-2046
+ RESERVED
+CVE-2014-2045
+ RESERVED
+CVE-2014-2044
+ RESERVED
+CVE-2014-2043
+ RESERVED
+CVE-2014-2042
+ RESERVED
+CVE-2014-2041
+ RESERVED
+CVE-2014-2040
+ RESERVED
+CVE-2014-2038
+ RESERVED
+CVE-2014-2036
+ RESERVED
+CVE-2014-2035
+ RESERVED
+CVE-2014-2034
+ RESERVED
+CVE-2014-2033
+ RESERVED
+CVE-2014-2028
+ RESERVED
+CVE-2014-2026
+ RESERVED
+CVE-2014-2025
+ RESERVED
+CVE-2014-2024
+ RESERVED
+CVE-2014-2023
+ RESERVED
+CVE-2014-2022
+ RESERVED
+CVE-2014-2021
+ RESERVED
+CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...)
+ TODO: check
+CVE-2014-2019 (The iCloud subsystem in Apple iOS before 7.1 allows physically ...)
+ TODO: check
+CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...)
+ TODO: check
+CVE-2014-2017
+ RESERVED
+CVE-2014-2016
+ RESERVED
+CVE-2014-2012
+ RESERVED
+CVE-2014-2011
+ RESERVED
+CVE-2014-2010
+ RESERVED
+CVE-2014-2009
+ RESERVED
+CVE-2014-2008
+ RESERVED
+CVE-2014-2007
+ RESERVED
+CVE-2014-2006
+ RESERVED
+CVE-2014-2005
+ RESERVED
+CVE-2014-2004
+ RESERVED
+CVE-2014-2003
+ RESERVED
+CVE-2014-2002
+ RESERVED
+CVE-2014-2001
+ RESERVED
+CVE-2014-2000
+ RESERVED
+CVE-2014-1999
+ RESERVED
+CVE-2014-1998
+ RESERVED
+CVE-2014-1997
+ RESERVED
+CVE-2014-1996
+ RESERVED
+CVE-2014-1995
+ RESERVED
+CVE-2014-1994
+ RESERVED
+CVE-2014-1993
+ RESERVED
+CVE-2014-1992
+ RESERVED
+CVE-2014-1991
+ RESERVED
+CVE-2014-1990
+ RESERVED
+CVE-2014-1989
+ RESERVED
+CVE-2014-1988
+ RESERVED
+CVE-2014-1987
+ RESERVED
+CVE-2014-1986
+ RESERVED
+CVE-2014-1985
+ RESERVED
+CVE-2014-1984
+ RESERVED
+CVE-2014-1983
+ RESERVED
+CVE-2014-1982
+ RESERVED
+CVE-2014-1981
+ RESERVED
+CVE-2014-1980
+ RESERVED
+CVE-2014-1979
+ RESERVED
+CVE-2014-1978
+ RESERVED
+CVE-2014-1977
+ RESERVED
+CVE-2014-1976
+ RESERVED
+CVE-2014-1975
+ RESERVED
+CVE-2014-1974
+ RESERVED
+CVE-2014-1973
+ RESERVED
+CVE-2014-1972
+ RESERVED
+CVE-2014-1971
+ RESERVED
+CVE-2014-1970
+ RESERVED
+CVE-2014-1969
+ RESERVED
+CVE-2014-1968
+ RESERVED
+CVE-2014-1967
+ RESERVED
+CVE-2014-1966
+ RESERVED
+CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the ...)
+ TODO: check
+CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration Repository ...)
+ TODO: check
+CVE-2014-1963 (Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 ...)
+ TODO: check
+CVE-2014-1962 (Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2014-1961 (Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver ...)
+ TODO: check
+CVE-2014-1960 (The Solution Manager in SAP NetWeaver does not properly restrict ...)
+ TODO: check
+CVE-2014-1957
+ RESERVED
+CVE-2014-1956
+ RESERVED
+CVE-2014-1955
+ RESERVED
+CVE-2014-1954
+ RESERVED
+CVE-2014-1953
+ RESERVED
+CVE-2014-1952
+ RESERVED
+CVE-2014-1951
+ RESERVED
+CVE-2014-1946
+ RESERVED
+CVE-2014-1945
+ RESERVED
+CVE-2014-1944
+ RESERVED
+CVE-2014-1942
+ RESERVED
+CVE-2014-1941
+ RESERVED
+CVE-2014-1940
+ RESERVED
+CVE-2014-1931 (The user login page in Visibility Software Cyber Recruiter before ...)
+ TODO: check
+CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use the ...)
+ TODO: check
+CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ...)
+ TODO: check
+CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...)
+ TODO: check
+CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows ...)
+ TODO: check
+CVE-2013-7324
+ RESERVED
+CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the ...)
+ TODO: check
CVE-2014-2039 [Linux kernel: s390: crash due to linkage stack instruction]
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
CVE-2014-2037 [incomplete fix for CVE-2013-6466 DoS in openSwan]
+ RESERVED
- openswan <not-affected> (Incomplete fix was never applied)
CVE-2014-2032 [missing input validation]
+ RESERVED
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE: https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
CVE-2014-2031 [logic error]
+ RESERVED
- maradns <not-affected> (Deadwood resolver not enabled)
NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
CVE-2014-2030
+ RESERVED
- imagemagick <unfixed>
NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
TODO: check
CVE-2014-2029 [remote code execution / information leak]
+ RESERVED
- percona-toolkit <unfixed>
TODO: check and report to BTS
CVE-2014-2027 [remote code execution via php unserialize]
+ RESERVED
- egroupware <removed>
CVE-2014-2015 [denial of service in rlm_pap hash processing]
+ RESERVED
- freeradius <unfixed>
NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch
CVE-2014-2014
+ RESERVED
- imapsync <removed>
CVE-2014-1959 [GNUTLS-SA-2014-1]
+ RESERVED
- gnutls26 2.12.23-12
[squeeze] - gnutls26 <not-affected> (does not allow X.509 v1 certificates by default)
- gnutls28 3.2.11-1
NOTE: https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d18
CVE-2014-1958 [PSD Images Processing RLE Decoding Buffer Overflow Vulnerability]
+ RESERVED
- imagemagick <unfixed>
NOTE: http://secunia.com/advisories/56844/
NOTE: http://trac.imagemagick.org/changeset/14801
@@ -39,20 +324,22 @@
- phpbb3 <unfixed>
TODO: check
NOTE: http://seclists.org/bugtraq/2014/Feb/33
-CVE-2014-1950 [XSA-88]
+CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Xen 4.1 onwards affected)
CVE-2014-1949 [cinnamon-screensaver lock bypass]
+ RESERVED
- cinnamon <unfixed> (bug #738828)
NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7
-CVE-2014-1948 [Swift store backend password leak]
+CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 through ...)
- glance 2013.2.2-1 (bug #738924)
NOTE: https://launchpad.net/bugs/1275062
CVE-2014-1947 [Buffer overflow vulnerability]
+ RESERVED
- imagemagick <unfixed>
NOTE: http://trac.imagemagick.org/changeset/13736
TODO: check
-CVE-2014-1943
+CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause ...)
{DSA-2861-1}
- file 1:5.17-0.1 (bug #738832)
NOTE: http://mx.gw.com/pipermail/file/2014/001337.html
@@ -94,8 +381,7 @@
RESERVED
CVE-2014-1904
RESERVED
-CVE-2014-1903
- RESERVED
+CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
- freepbx <itp> (bug #464926)
CVE-2014-1902
RESERVED
@@ -117,8 +403,7 @@
RESERVED
CVE-2014-1880
RESERVED
-CVE-2014-1879 [phpmyadmin self-xss PMASA-2014-1]
- RESERVED
+CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
- phpmyadmin 4:4.1.7-1 (unimportant)
CVE-2014-1878
RESERVED
@@ -135,8 +420,10 @@
- db4o <unfixed> (unimportant)
NOTE: in -doc package
CVE-2013-7329 [information disclosure]
+ RESERVED
- libcgi-application-perl <unfixed> (bug #739505)
CVE-2013-7325
+ RESERVED
{DSA-2836-1}
- devscripts 2.13.9
CVE-2013-7321 (Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access ...)
@@ -156,28 +443,36 @@
NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
NOTE: possible patch: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/txtUm85v7Wqcy.txt
CVE-2014-1939
+ RESERVED
NOT-FOR-US: Android Jelly Bean
CVE-2014-1938 [insecure use of /tmp]
+ RESERVED
- python-rply <unfixed> (bug #737627)
NOTE: this CVE is for the insecure use of /tmp as followup for CVE-2014-1604
CVE-2014-1937 [insecure use of /tmp]
+ RESERVED
- gamera <unfixed> (low; bug #737324)
[squeeze] - gamera <no-dsa> (Minor issue)
[wheezy] - gamera <no-dsa> (Minor issue)
CVE-2014-1936 [insecure use of /tmp]
+ RESERVED
- rc 1.7.1-5 (unimportant; bug #737125)
NOTE: Only in the test suite, not part of the standard package
CVE-2014-1935 [insecure use of /tmp]
+ RESERVED
- 9base <unfixed> (low; bug #737206)
[squeeze] - 9base <no-dsa> (Minor issue)
[wheezy] - 9base <no-dsa> (Minor issue)
CVE-2014-1934 [insecure use of /tmp]
+ RESERVED
- eyed3 <unfixed> (low; bug #737062)
[squeeze] - eyed3 <no-dsa> (Minor issue)
[wheezy] - eyed3 <no-dsa> (Minor issue)
CVE-2014-1933 [sensitive filename information on commandline visible]
+ RESERVED
- pillow <unfixed> (bug #737059)
CVE-2014-1932 [insecure use of /tmp]
+ RESERVED
- pillow <unfixed> (bug #737059)
CVE-2014-1928 [Erroneous insertion of a \ character]
RESERVED
@@ -197,8 +492,7 @@
CVE-2014-1922 [path traversal]
RESERVED
- koha <itp> (bug #702134)
-CVE-2014-1921 [possible correlation between key fetches]
- RESERVED
+CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the ...)
{DSA-2860-1}
- parcimonie 0.8.1-1 (bug #738134)
CVE-2014-1909
@@ -270,8 +564,8 @@
RESERVED
CVE-2014-1862
RESERVED
-CVE-2014-1861
- RESERVED
+CVE-2014-1861 (The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 ...)
+ TODO: check
CVE-2014-1859 [insecure temporary file use]
RESERVED
- python-numpy <unfixed> (bug #737778)
@@ -331,8 +625,7 @@
CVE-2014-1877 [Multiple Stored XSS]
RESERVED
NOT-FOR-US: Dokeos
-CVE-2014-1876 [insecure temp file handling]
- RESERVED
+CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in ...)
- openjdk-7 <unfixed> (low; bug #737562)
- openjdk-6 <unfixed> (low)
CVE-2014-1875 [insecure use of /tmp]
@@ -414,6 +707,7 @@
- fookebox <unfixed> (low; bug #736821)
[wheezy] - fookebox <no-dsa> (Minor issue)
CVE-2014-2013 [Stack-based Buffer Overflow in xps_parse_color()]
+ RESERVED
- mupdf <unfixed> (bug #738857)
NOTE: http://www.hdwsec.fr/blog/mupdf.html
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
@@ -761,8 +1055,8 @@
{DSA-2811-1}
- chromium-browser 31.0.1650.63-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1680
- RESERVED
+CVE-2014-1680 (Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 ...)
+ TODO: check
CVE-2014-1679
RESERVED
- open-xchange <itp> (bug #269329)
@@ -1256,6 +1550,7 @@
NOTE: https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
NOTE: fixed upstream in 3.0.17
CVE-2011-5271 [configure creates temp files insecurely]
+ RESERVED
- pacemaker <unfixed> (unimportant; bug #633964)
NOTE: Only exploitable at build time
CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
@@ -1311,8 +1606,8 @@
RESERVED
CVE-2014-1468
RESERVED
-CVE-2014-1467
- RESERVED
+CVE-2014-1467 (BlackBerry Enterprise Service 10 before 10.2.1, Universal Device ...)
+ TODO: check
CVE-2014-1466 (SQL injection vulnerability in CSP MySQL User Manager 2.3 allows ...)
NOT-FOR-US: CSP MySQL User Manager
CVE-2014-1465
@@ -1327,8 +1622,8 @@
RESERVED
CVE-2014-1460
RESERVED
-CVE-2014-1459
- RESERVED
+CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 ...)
+ TODO: check
CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...)
NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1457
@@ -1778,8 +2073,7 @@
RESERVED
CVE-2014-1254
RESERVED
-CVE-2014-1253
- RESERVED
+CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to ...)
NOT-FOR-US: Apple Boot Camp
CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...)
NOT-FOR-US: Apple Pages
@@ -1812,8 +2106,7 @@
CVE-2014-1238
RESERVED
NOT-FOR-US: Q-Pulse
-CVE-2014-1237
- RESERVED
+CVE-2014-1237 (Cross-site scripting (XSS) vulnerability in synetics i-doit pro before ...)
NOT-FOR-US: i-doit
CVE-2014-1232 (Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG ...)
NOT-FOR-US: Foliopress
@@ -1843,8 +2136,7 @@
CVE-2014-1220
RESERVED
NOT-FOR-US: IT2 Workstation
-CVE-2014-1219
- RESERVED
+CVE-2014-1219 (CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID ...)
NOT-FOR-US: 2E Web Option
CVE-2014-1218
RESERVED
@@ -1858,8 +2150,7 @@
CVE-2014-1214
RESERVED
NOT-FOR-US: Projoom NovaSFH Plugin
-CVE-2014-1213
- RESERVED
+CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G ...)
NOT-FOR-US: Sophos Anti Virus
CVE-2014-1212
RESERVED
@@ -1921,8 +2212,7 @@
RESERVED
CVE-2014-0981
RESERVED
-CVE-2014-0980
- RESERVED
+CVE-2014-0980 (Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote ...)
NOT-FOR-US: Publish-It
CVE-2014-0976
RESERVED
@@ -1986,8 +2276,7 @@
RESERVED
- jinja2 2.7.2-1 (bug #734747)
NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
-CVE-2014-1401
- RESERVED
+CVE-2014-1401 (Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier ...)
NOT-FOR-US: AuraCMS
CVE-2014-1400
RESERVED
@@ -2262,8 +2551,8 @@
RESERVED
CVE-2014-0856
RESERVED
-CVE-2014-0855
- RESERVED
+CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...)
+ TODO: check
CVE-2014-0854
RESERVED
CVE-2014-0853
@@ -2344,10 +2633,10 @@
RESERVED
CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows ...)
NOT-FOR-US: Opera
-CVE-2014-0814
- RESERVED
-CVE-2014-0813
- RESERVED
+CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 ...)
+ TODO: check
+CVE-2014-0813 (Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before ...)
+ TODO: check
CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...)
NOT-FOR-US: KENT-WEB Joyful Note
CVE-2014-0811
@@ -2565,36 +2854,36 @@
RESERVED
CVE-2014-0737
RESERVED
-CVE-2014-0736
- RESERVED
-CVE-2014-0735
- RESERVED
-CVE-2014-0734
- RESERVED
-CVE-2014-0733
- RESERVED
-CVE-2014-0732
- RESERVED
+CVE-2014-0736 (Cross-site request forgery (CSRF) vulnerability in the Call Detail ...)
+ TODO: check
+CVE-2014-0735 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ...)
+ TODO: check
+CVE-2014-0734 (SQL injection vulnerability in the Certificate Authority Proxy ...)
+ TODO: check
+CVE-2014-0733 (The Enterprise License Manager (ELM) component in Cisco Unified ...)
+ TODO: check
+CVE-2014-0732 (The Real Time Monitoring Tool (RTMT) web application in Cisco Unified ...)
+ TODO: check
CVE-2014-0731
RESERVED
CVE-2014-0730
RESERVED
-CVE-2014-0729
- RESERVED
-CVE-2014-0728
- RESERVED
-CVE-2014-0727
- RESERVED
-CVE-2014-0726
- RESERVED
-CVE-2014-0725
- RESERVED
-CVE-2014-0724
- RESERVED
-CVE-2014-0723
- RESERVED
-CVE-2014-0722
- RESERVED
+CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility Application ...)
+ TODO: check
+CVE-2014-0728 (SQL injection vulnerability in the Java database interface in Cisco ...)
+ TODO: check
+CVE-2014-0727 (SQL injection vulnerability in the CallManager Interactive Voice ...)
+ TODO: check
+CVE-2014-0726 (SQL injection vulnerability in the IP Manager Assistant (IPMA) ...)
+ TODO: check
+CVE-2014-0725 (Cisco Unified Communications Manager (UCM) does not require ...)
+ TODO: check
+CVE-2014-0724 (The bulk administration interface in Cisco Unified Communications ...)
+ TODO: check
+CVE-2014-0723 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ...)
+ TODO: check
+CVE-2014-0722 (The log4jinit web application in Cisco Unified Communications Manager ...)
+ TODO: check
CVE-2014-0721
RESERVED
NOT-FOR-US: Cisco Unified SIP Phone 3905
@@ -2789,12 +3078,12 @@
RESERVED
CVE-2014-0628
RESERVED
-CVE-2014-0627
- RESERVED
-CVE-2014-0626
- RESERVED
-CVE-2014-0625
- RESERVED
+CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before ...)
+ TODO: check
+CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before ...)
+ TODO: check
+CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC ...)
+ TODO: check
CVE-2014-0624
RESERVED
CVE-2014-0623
@@ -2941,8 +3230,7 @@
RESERVED
CVE-2013-7227
RESERVED
-CVE-2013-7226 [Heap Overflow Vulnerability in imagecrop()]
- RESERVED
+CVE-2013-7226 (Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP ...)
- php5 5.5.9+dfsg-1
[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
@@ -3199,10 +3487,10 @@
RESERVED
CVE-2014-0502
RESERVED
-CVE-2014-0501
- RESERVED
-CVE-2014-0500
- RESERVED
+CVE-2014-0501 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0500 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ...)
+ TODO: check
CVE-2014-0499
RESERVED
CVE-2014-0498
@@ -3897,8 +4185,7 @@
CVE-2013-7033
RESERVED
NOT-FOR-US: LiveZilla
-CVE-2013-7032
- RESERVED
+CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
NOT-FOR-US: LiveZilla
CVE-2013-7031
RESERVED
@@ -4097,8 +4384,8 @@
RESERVED
CVE-2014-0333
RESERVED
-CVE-2014-0332
- RESERVED
+CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...)
+ TODO: check
CVE-2014-0331
RESERVED
CVE-2014-0330 (Cross-site scripting (XSS) vulnerability in adminui/user_list.php on ...)
@@ -4419,8 +4706,8 @@
RESERVED
CVE-2014-0323
RESERVED
-CVE-2014-0322
- RESERVED
+CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 10 allows ...)
+ TODO: check
CVE-2014-0321
RESERVED
CVE-2014-0320
@@ -4473,72 +4760,72 @@
RESERVED
CVE-2014-0296
RESERVED
-CVE-2014-0295
- RESERVED
-CVE-2014-0294
- RESERVED
-CVE-2014-0293
- RESERVED
+CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not ...)
+ TODO: check
+CVE-2014-0294 (Microsoft Forefront Protection 2010 for Exchange Server does not ...)
+ TODO: check
+CVE-2014-0293 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-0292
RESERVED
CVE-2014-0291
RESERVED
-CVE-2014-0290
- RESERVED
-CVE-2014-0289
- RESERVED
-CVE-2014-0288
- RESERVED
-CVE-2014-0287
- RESERVED
-CVE-2014-0286
- RESERVED
-CVE-2014-0285
- RESERVED
-CVE-2014-0284
- RESERVED
-CVE-2014-0283
- RESERVED
+CVE-2014-0290 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0289 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0288 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0287 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0286 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0285 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0284 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0283 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-0282
RESERVED
-CVE-2014-0281
- RESERVED
-CVE-2014-0280
- RESERVED
-CVE-2014-0279
- RESERVED
-CVE-2014-0278
- RESERVED
-CVE-2014-0277
- RESERVED
-CVE-2014-0276
- RESERVED
-CVE-2014-0275
- RESERVED
-CVE-2014-0274
- RESERVED
-CVE-2014-0273
- RESERVED
-CVE-2014-0272
- RESERVED
-CVE-2014-0271
- RESERVED
-CVE-2014-0270
- RESERVED
-CVE-2014-0269
- RESERVED
-CVE-2014-0268
- RESERVED
-CVE-2014-0267
- RESERVED
-CVE-2014-0266
- RESERVED
+CVE-2014-0281 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0280 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0279 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0278 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0277 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0276 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0275 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0274 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0273 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0272 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0271 (The VBScript engine in Microsoft Internet Explorer 6 through 11, and ...)
+ TODO: check
+CVE-2014-0270 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0269 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0268 (Microsoft Internet Explorer 8 through 11 does not properly restrict ...)
+ TODO: check
+CVE-2014-0267 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0266 (The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft ...)
+ TODO: check
CVE-2014-0265
RESERVED
CVE-2014-0264
RESERVED
-CVE-2014-0263
- RESERVED
+CVE-2014-0263 (The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server ...)
+ TODO: check
CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2014-0261 (Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows ...)
@@ -4549,16 +4836,16 @@
NOT-FOR-US: Microsoft Office
CVE-2014-0258 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, ...)
NOT-FOR-US: Microsoft Office
-CVE-2014-0257
- RESERVED
+CVE-2014-0257 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, ...)
+ TODO: check
CVE-2014-0256
RESERVED
CVE-2014-0255
RESERVED
-CVE-2014-0254
- RESERVED
-CVE-2014-0253
- RESERVED
+CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, ...)
+ TODO: check
+CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and ...)
+ TODO: check
CVE-2014-0252
RESERVED
CVE-2014-0251
@@ -4901,24 +5188,21 @@
RESERVED
- ruby-net-ldap <unfixed>
TODO: check
-CVE-2014-0082
- RESERVED
+CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...)
- rails-4.0 <not-affected> (only 3.2.x and earlier)
- ruby-actionpack-3.2 <unfixed>
- ruby-actionpack-2.3 <removed>
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
TODO: check
-CVE-2014-0081
- RESERVED
+CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- rails-4.0 <unfixed>
- ruby-actionpack-3.2 <unfixed>
- ruby-actionpack-2.3 <removed>
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
TODO: check
-CVE-2014-0080
- RESERVED
+CVE-2014-0080 (SQL injection vulnerability in ...)
- rails-4.0 <unfixed>
- ruby-activerecord-3.2 <not-affected> (affects only rails 4.0.x)
- ruby-activerecord-2.3 <not-affected> (affects only rails 4.0.x)
@@ -4955,41 +5239,49 @@
NOT-FOR-US: OpenShift
CVE-2014-0067
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0066
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0065
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0064
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0063
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0062
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0061
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
CVE-2014-0060
RESERVED
+ {DSA-2864-1}
- postgresql-9.1 <removed>
- postgresql-8.4 <removed>
- postgresql-9.1 9.3.3-1
@@ -5069,8 +5361,7 @@
RESERVED
CVE-2014-0033
RESERVED
-CVE-2014-0032 [mod_dav_svn crash when handling certain requests with SVNListParentPath on]
- RESERVED
+CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in ...)
- subversion <unfixed> (low; bug #737815)
[squeeze] - subversion <no-dsa> (Minor issue)
[wheezy] - subversion <no-dsa> (Minor issue)
@@ -5112,8 +5403,7 @@
- socat 1.7.2.3-1 (low; bug #736993)
[squeeze] - socat <no-dsa> (Minor issue)
[wheezy] - socat <no-dsa> (Minor issue)
-CVE-2014-0018
- RESERVED
+CVE-2014-0018 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2014-0017
RESERVED
@@ -5564,10 +5854,10 @@
NOT-FOR-US: IBM
CVE-2013-6744
RESERVED
-CVE-2013-6743
- RESERVED
-CVE-2013-6742
- RESERVED
+CVE-2013-6743 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...)
+ TODO: check
+CVE-2013-6742 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
+ TODO: check
CVE-2013-6741
RESERVED
CVE-2013-6740
@@ -5594,8 +5884,8 @@
RESERVED
CVE-2013-6729
RESERVED
-CVE-2013-6728
- RESERVED
+CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework (WDF) ...)
+ TODO: check
CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
NOT-FOR-US: IBM Sametime
CVE-2013-6726
@@ -5606,8 +5896,8 @@
NOT-FOR-US: IBM SPSS SamplePower
CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2013-6722
- RESERVED
+CVE-2013-6722 (Unrestricted file upload vulnerability in the Registration/Edit My ...)
+ TODO: check
CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service ...)
NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2013-6720
@@ -5704,8 +5994,7 @@
RESERVED
CVE-2013-6675
RESERVED
-CVE-2013-6674 [Script execution in HTML mail replies]
- RESERVED
+CVE-2013-6674 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...)
- icedove 24.2.0-1
[squeeze] - icedove <end-of-life>
NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-14.html
@@ -6203,8 +6492,7 @@
CVE-2013-6493 [insecure temporary directory use]
RESERVED
- icedtea-web 1.4.2-1
-CVE-2013-6492
- RESERVED
+CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly ...)
NOT-FOR-US: Pirhana
CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...)
- nova <unfixed>
@@ -6378,15 +6666,13 @@
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-6442
RESERVED
-CVE-2013-6441 [lxc: sshd template allow privilege escalation on host]
- RESERVED
+CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before ...)
- lxc <unfixed> (unimportant)
NOTE: getting root on host, if not using unprivileged containers or
NOTE: restricting the containers with apparmor or selinux.
NOTE: CVE is kept as no official documentation explicitly document this fact
NOTE: https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2
-CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter]
- RESERVED
+CVE-2013-6440 (The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, ...)
- opensaml2 <not-affected> (Debian provides the C-based Shibboleth implementation)
NOTE: http://shibboleth.net/community/advisories/secadv_20131213.txt
NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
@@ -6550,8 +6836,7 @@
CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...)
- lucene-solr 3.6.2+dfsg-2 (bug #731113)
NOTE: https://issues.apache.org/jira/browse/SOLR-4882
-CVE-2013-6396 [does not properly verify the server SSL certificates]
- RESERVED
+CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...)
- python-swiftclient 1:2.0.2-1 (bug #730626)
NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...)
@@ -6974,8 +7259,7 @@
CVE-2013-6230 (The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ...)
- bind9 <not-affected> (Affects only Windows systems)
NOTE: https://kb.isc.org/article/AA-01062
-CVE-2013-6229
- RESERVED
+CVE-2013-6229 (Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail ...)
NOT-FOR-US: AtMail
CVE-2013-6228
RESERVED
@@ -7320,12 +7604,10 @@
NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2
CVE-2013-6243 (SQL injection vulnerability in the Landing Pages plugin 1.2.3, before ...)
NOT-FOR-US: WordPress Landing Pages Plugin
-CVE-2013-6167
- RESERVED
+CVE-2013-6167 (Mozilla Firefox through 27 sends HTTP Cookie headers without first ...)
- iceweasel <unfixed> (unimportant)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
-CVE-2013-6166
- RESERVED
+CVE-2013-6166 (Google Chrome before 29 sends HTTP Cookie headers without first ...)
- chromium-browser 31.0.1650.57-1 (low)
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=238041
@@ -7424,8 +7706,8 @@
NOT-FOR-US: D-Link
CVE-2013-6025 (The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) ...)
NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
-CVE-2013-6024
- RESERVED
+CVE-2013-6024 (The Edge Client components in F5 BIG-IP APM 10.x through 10.2.4 and ...)
+ TODO: check
CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with ...)
NOT-FOR-US: TVT TD-2308SS-B DVR
CVE-2013-6022
@@ -9057,8 +9339,8 @@
NOT-FOR-US: IBM
CVE-2013-5401
RESERVED
-CVE-2013-5400
- RESERVED
+CVE-2013-5400 (An unspecified servlet in IBM Platform Symphony Developer Edition (DE) ...)
+ TODO: check
CVE-2013-5399
RESERVED
CVE-2013-5398 (Unspecified vulnerability in the Webservice Axis Gateway in IBM ...)
@@ -9155,8 +9437,8 @@
RESERVED
CVE-2013-5352
RESERVED
-CVE-2013-5351
- RESERVED
+CVE-2013-5351 (Heap-based buffer overflow in IrfanView before 4.37 allows remote ...)
+ TODO: check
CVE-2013-5350 (The "Remember me" feature in the ...)
NOT-FOR-US: OpenPNE
CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
@@ -9849,17 +10131,14 @@
RESERVED
CVE-2013-5016
RESERVED
-CVE-2013-5015
- RESERVED
+CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec ...)
NOT-FOR-US: Symantec Endpoint Protection
-CVE-2013-5014
- RESERVED
+CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
NOT-FOR-US: Symantec Endpoint Protection
-CVE-2013-5013
- RESERVED
+CVE-2013-5013 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
NOT-FOR-US: Symantec WEB Gateway
-CVE-2013-5012
- RESERVED
+CVE-2013-5012 (Multiple SQL injection vulnerabilities in the management console on ...)
+ TODO: check
CVE-2013-5011 (Unquoted Windows search path vulnerability in the client in Symantec ...)
NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5010 (The Application/Device Control (ADC) component in the client in ...)
@@ -10485,10 +10764,9 @@
- linux <not-affected> (Android-specific camera drivers)
CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...)
- linux <not-affected> (Android-specific camera drivers)
-CVE-2013-4737
- RESERVED
-CVE-2013-4736
- RESERVED
+CVE-2013-4737 (The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, ...)
+ TODO: check
+CVE-2013-4736 (Multiple integer overflows in the JPEG engine drivers in the MSM ...)
NOTE: https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736
NOT-FOR-US: camera JPEG engines on Android Linux kernels
CVE-2013-4735 (The Digital Alert Systems DASDEC EAS device before 2.0-2 and the ...)
@@ -11214,8 +11492,7 @@
CVE-2013-4500
RESERVED
NOT-FOR-US: Drupal contrib module
-CVE-2013-4499
- RESERVED
+CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x ...)
NOT-FOR-US: Drupal contrib module
CVE-2013-4498
RESERVED
@@ -11494,8 +11771,7 @@
REJECTED
CVE-2013-4416 (The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, ...)
- xen <not-affected> (ocaml version of the xenstore daemon not used in Debian)
-CVE-2013-4415
- RESERVED
+CVE-2013-4415 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
NOT-FOR-US: Red Hat Satellite
CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
NOT-FOR-US: Cumin
@@ -12861,8 +13137,8 @@
NOT-FOR-US: IBM
CVE-2013-3989 (IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext ...)
NOT-FOR-US: IBM Security AppScan Enterprise
-CVE-2013-3988
- RESERVED
+CVE-2013-3988 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
+ TODO: check
CVE-2013-3987
RESERVED
CVE-2013-3986 (IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause ...)
@@ -12871,8 +13147,8 @@
NOT-FOR-US: IBM
CVE-2013-3984
RESERVED
-CVE-2013-3983
- RESERVED
+CVE-2013-3983 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
+ TODO: check
CVE-2013-3982
RESERVED
CVE-2013-3981
@@ -12881,8 +13157,8 @@
RESERVED
CVE-2013-3979 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...)
NOT-FOR-US: IBM Cognos Command Center
-CVE-2013-3978
- RESERVED
+CVE-2013-3978 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
+ TODO: check
CVE-2013-3977
RESERVED
CVE-2013-3976
@@ -12974,8 +13250,8 @@
RESERVED
CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as ...)
NOT-FOR-US: Kingsoft Office 2013
-CVE-2013-3933
- RESERVED
+CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping ...)
+ TODO: check
CVE-2013-3932
RESERVED
CVE-2013-3931
@@ -14406,8 +14682,8 @@
RESERVED
CVE-2013-3295
RESERVED
-CVE-2013-3294
- RESERVED
+CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 ...)
+ TODO: check
CVE-2013-3293
RESERVED
CVE-2013-3292
@@ -15592,8 +15868,8 @@
RESERVED
CVE-2013-2830
RESERVED
-CVE-2013-2829
- RESERVED
+CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote ...)
+ TODO: check
CVE-2013-2828
RESERVED
CVE-2013-2827 (An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, ...)
@@ -15999,8 +16275,8 @@
RESERVED
CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress ...)
NOT-FOR-US: MailUp plugin for Wordpress
-CVE-2013-2639
- RESERVED
+CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS ...)
+ TODO: check
CVE-2013-2638
RESERVED
CVE-2013-2637
@@ -16126,8 +16402,8 @@
RESERVED
CVE-2013-2586
RESERVED
-CVE-2013-2585
- RESERVED
+CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server ...)
+ TODO: check
CVE-2013-2584
RESERVED
CVE-2013-2583 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
@@ -17216,8 +17492,7 @@
RESERVED
CVE-2013-2215
REJECTED
-CVE-2013-2214 [nagios3: information leak]
- RESERVED
+CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does ...)
- nagios3 3.4.1-4 (low)
[wheezy] - nagios3 3.4.1-3+deb7u1
[squeeze] - nagios3 <no-dsa> (disputed, minor issue)
@@ -17775,8 +18050,7 @@
NOT-FOR-US: YaBB
CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) ...)
NOT-FOR-US: RHN Satellite
-CVE-2013-2055
- RESERVED
+CVE-2013-2055 (Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x ...)
NOT-FOR-US: Apache Wicket
CVE-2013-2054 (Buffer overflow in the atodn function in strongSwan 2.0.0 through ...)
- strongswan 4.3.4-1
@@ -18032,8 +18306,7 @@
CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ...)
{DSA-2693-1}
- libx11 2:1.5.0-1+deb7u1
-CVE-2013-1980
- RESERVED
+CVE-2013-1980 (Buffer overflow in the get_dsmp function in loaders/masi_load.c in ...)
- xmp 3.4.0-3 (low; bug #706667)
[wheezy] - xmp <no-dsa> (Minor issue)
[squeeze] - xmp <no-dsa> (Minor issue)
@@ -18395,8 +18668,7 @@
{DSA-2704-1}
- mesa 8.0.5-7
[squeeze] - mesa <not-affected> (Vulnerable code not present)
-CVE-2013-1871
- RESERVED
+CVE-2013-1871 (Cross-site scripting (XSS) vulnerability in account/EditAddress.do in ...)
NOT-FOR-US: Red Hat Satellite
CVE-2013-1870
REJECTED
@@ -20104,8 +20376,8 @@
NOT-FOR-US: NinjaXplorer for Joomla!
CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2013-1413
- RESERVED
+CVE-2013-1413 (Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit ...)
+ TODO: check
CVE-2013-1412
RESERVED
CVE-2013-1411
@@ -20818,11 +21090,9 @@
RESERVED
CVE-2013-1071
RESERVED
-CVE-2013-1070
- RESERVED
+CVE-2013-1070 (Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as ...)
NOT-FOR-US: Ubuntu MAAS
-CVE-2013-1069
- RESERVED
+CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable ...)
NOT-FOR-US: Ubuntu MAAS
CVE-2013-1068
RESERVED
@@ -23115,8 +23385,7 @@
- webfs 1.21+ds1-9 (low; bug #701638)
[wheezy] - webfs <no-dsa> (Minor issue)
[squeeze] - webfs <no-dsa> (Minor issue)
-CVE-2013-0346 [tomcat world-readable logdir]
- RESERVED
+CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for ...)
- tomcat6 <not-affected> (Log files are owned by tomcat:tomcat)
CVE-2013-0345 [varnish world-readable logdir]
RESERVED
@@ -24232,8 +24501,7 @@
NOTE: introduced http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392
NOTE: fixed by http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=10300
-CVE-2012-6149
- RESERVED
+CVE-2012-6149 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Red Hat Satellite
CVE-2012-6148 (Cross-site scripting (XSS) vulnerability in the function menu API in ...)
- typo3-src 4.5.19+dfsg1-4 (bug #692775)
@@ -24388,8 +24656,7 @@
- librack-ruby <removed>
NOTE: https://github.com/rack/rack/commit/4fc44671b3cad569421f4f8b775c0590b86f575e
NOTE: https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
-CVE-2012-6108 [default permissions for /var/log/hp are too open]
- RESERVED
+CVE-2012-6108 (HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses ...)
- hplip <not-affected> (permissions are 755 on wheezy, sid and experimental)
CVE-2012-6107 [Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate]
RESERVED
@@ -26189,7 +26456,7 @@
CVE-2012-5547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5546
- RESERVED
+ REJECTED
CVE-2012-5545 (Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis ...)
NOT-FOR-US: Drupal contributed-module
CVE-2012-5544 (The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...)
@@ -32014,8 +32281,7 @@
NOT-FOR-US: plow
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
-CVE-2012-3406 [glibc formatted printing vulnerabilities]
- RESERVED
+CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
- eglibc <unfixed> (low; bug #681888)
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -32024,8 +32290,7 @@
NOTE: https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diff
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
-CVE-2012-3405 [glibc formatted printing vulnerabilities]
- RESERVED
+CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
- eglibc 2.13-35 (low; bug #681473)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
@@ -32033,8 +32298,7 @@
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
-CVE-2012-3404 [glibc formatted printing vulnerabilities]
- RESERVED
+CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
- eglibc 2.13-35 (low; bug #681473)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
@@ -33899,8 +34163,7 @@
NOTE: Since 3.3.0 openoffice.org is a transitional source package
CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29 does ...)
NOT-FOR-US: sosreport (Red Hat tool)
-CVE-2012-2663
- RESERVED
+CVE-2012-2663 (extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP ...)
- iptables <unfixed> (unimportant; bug #675445)
CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
NOT-FOR-US: Red Hat Certificate System
@@ -34820,8 +35083,7 @@
- php5 5.4.3-1
[squeeze] - php5 <not-affected> (Vulnerable code not present)
NOTE: 5.4.x only
-CVE-2012-2328
- RESERVED
+CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux ...)
NOT-FOR-US: sblim
CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
@@ -37583,8 +37845,7 @@
CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...)
{DSA-2465-1}
- php5 5.4.0-1 (bug #663760)
-CVE-2012-1171 [safemode bypass after RSHUTDOWN]
- RESERVED
+CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...)
- php5 <unfixed> (unimportant)
NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant
CVE-2012-1170
@@ -37810,8 +38071,7 @@
CVE-2012-1101
RESERVED
- systemd 43-1 (bug #662029)
-CVE-2012-1100
- RESERVED
+CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and ...)
NOT-FOR-US: JBoss Operations Network
CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in ...)
{DSA-2466-1}
@@ -37850,8 +38110,7 @@
- linux-2.6 3.2.10-1
CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 ...)
NOT-FOR-US: Apache Wicket
-CVE-2012-1088
- RESERVED
+CVE-2012-1088 (iproute2 before 3.3.0 allows local users to overwrite arbitrary files ...)
- iproute 20120319-1 (unimportant)
NOTE: 1st issue only exploitable at build time / 2nd issue just example script in iproute-doc
CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to ...)
@@ -40060,8 +40319,7 @@
NOT-FOR-US: Novell GroupWise
CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise ...)
NOT-FOR-US: Novell GroupWise
-CVE-2012-0270 [csound buffer overflows]
- RESERVED
+CVE-2012-0270 (Multiple stack-based buffer overflows in Csound before 5.16.6 allow ...)
- csound 1:5.16.6~dfsg-1 (low; bug #661197)
[squeeze] - csound <no-dsa> (Minor issue)
NOTE: http://secunia.com/secunia_research/2012-3/
@@ -40373,8 +40631,7 @@
RESERVED
- gpw <unfixed> (unimportant; bug #651510)
NOTE: This has only marginal security impact
-CVE-2011-4930
- RESERVED
+CVE-2011-4930 (Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, ...)
- condor <not-affected> (Fixed before initial release)
CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
{DSA-2261-1}
@@ -41476,8 +41733,7 @@
- usbmuxd 1.0.7-2 (medium; bug #656581)
[lenny] - usbmuxd <not-affected> (introduced in 1.0.7)
[squeeze] - usbmuxd <not-affected> (introduced in 1.0.7)
-CVE-2012-0064 [xorg screen lockers bypassed via key combo]
- RESERVED
+CVE-2012-0064 (xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB ...)
- xorg-server 2:1.11.3.901-2 (high; bug #656410)
[squeeze] - xorg-server <not-affected> (introduced in 1.11)
[lenny] - xorg-server <not-affected> (introduced in 1.11)
@@ -41486,8 +41742,7 @@
RESERVED
- tucan <unfixed> (bug #656388)
[squeeze] - tucan <no-dsa> (Minor issue)
-CVE-2012-0062
- RESERVED
+CVE-2012-0062 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before ...)
NOT-FOR-US: JBoss Operations Network
CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...)
- rpm 4.9.1.3-1 (bug #667031)
@@ -41518,8 +41773,7 @@
CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not ...)
{DSA-2405-1}
- apache2 2.2.22-1 (low)
-CVE-2012-0052
- RESERVED
+CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before ...)
NOT-FOR-US: JBoss Operations Network
CVE-2012-0051
RESERVED
@@ -41869,8 +42123,7 @@
CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in ...)
{DSA-2389-1}
- linux-2.6 3.0.0-1
-CVE-2011-4610
- RESERVED
+CVE-2011-4610 (JBoss Web, as used in Red Hat JBoss Communications Platform before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 ...)
- eglibc 2.13-33 (low; bug #671478)
@@ -43379,19 +43632,16 @@
CVE-2011-4094
RESERVED
NOT-FOR-US: Jara
-CVE-2011-4093
- RESERVED
+CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...)
- net6 1:1.3.14-1 (low; bug #647318)
[squeeze] - net6 <no-dsa> (Minor issue)
[lenny] - net6 <no-dsa> (Minor issue)
-CVE-2011-4092
- RESERVED
+CVE-2011-4092 (obby (aka libobby) does not verify SSL server certificates, which ...)
- obby <unfixed> (low; bug #647317)
[wheezy] - obby <no-dsa> (Minor design limitation)
[lenny] - obby <no-dsa> (Minor design limitation)
[squeeze] - obby <no-dsa> (Minor design limitation)
-CVE-2011-4091
- RESERVED
+CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before ...)
[squeeze] - net6 <no-dsa> (Minor issue)
[lenny] - net6 <no-dsa> (Minor issue)
- net6 1:1.3.14-1 (low; bug #647318)
@@ -43419,8 +43669,7 @@
NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
REJECTED
-CVE-2011-4083
- RESERVED
+CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x ...)
NOT-FOR-US: RedHat sos
CVE-2011-4082
RESERVED
@@ -45003,13 +45252,11 @@
CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console]
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2011-3605
- RESERVED
+CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) ...)
{DSA-2323-1}
- radvd 1:1.8-1.1 (bug #644614)
NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3604
- RESERVED
+CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) ...)
{DSA-2323-1}
- radvd 1:1.8-1.1 (bug #644614)
NOTE: http://seclists.org/oss-sec/2011/q4/30
@@ -45022,8 +45269,7 @@
{DSA-2323-1}
- radvd 1:1.8-1.1 (bug #644614)
NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3601
- RESERVED
+CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement ...)
{DSA-2323-1}
- radvd 1:1.8-1.2 (bug #644614)
[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
@@ -45072,16 +45318,13 @@
- phpmyadmin 4:3.4.5-1
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-3590 [mkdumprd utility created the final initial ramdisk image with...]
- RESERVED
+CVE-2011-3590 (The Red Hat mkdumprd script for kexec-tools, as distributed in the ...)
- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
-CVE-2011-3589 [mkdumprd utility copied content of certain directories into newly...]
- RESERVED
+CVE-2011-3589 (The Red Hat mkdumprd script for kexec-tools, as distributed in the ...)
- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
-CVE-2011-3588 [kdump/mkdumprd: the default value of "StrictHostKeyChecking=no"]
- RESERVED
+CVE-2011-3588 (The SSH configuration in the Red Hat mkdumprd script for kexec-tools, ...)
- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone ...)
@@ -47157,8 +47400,7 @@
- ax25-tools 0.0.8-13.2 (low; bug #638198)
[lenny] - ax25-tools <no-dsa> (Minor issue)
[squeeze] - ax25-tools <no-dsa> (Minor issue)
-CVE-2011-2909
- RESERVED
+CVE-2011-2909 (The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c ...)
{DSA-2303-1}
- linux-2.6 3.0.0-2
CVE-2011-2908 (Cross-site request forgery (CSRF) vulnerability in the JMX Console ...)
@@ -48377,8 +48619,7 @@
CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x before ...)
{DSA-2287-1}
- libpng 1.2.44-3 (bug #632786)
-CVE-2011-2500
- RESERVED
+CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c in ...)
- nfs-utils 1:1.2.4-1 (bug #633155)
[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
@@ -50099,21 +50340,17 @@
NOT-FOR-US: IBM Rational Build Forge 7.1.0
CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: TWiki
-CVE-2011-1837
- RESERVED
+CVE-2011-1837 (The lock-counter implementation in utils/mount.ecryptfs_private.c in ...)
{DSA-2382-1}
- ecryptfs-utils 92-1
-CVE-2011-1836
- RESERVED
+CVE-2011-1836 (utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not ...)
- ecryptfs-utils 92-1
[squeeze] - ecryptfs-utils <not-affected> (Vulnerable code not present)
[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
-CVE-2011-1835
- RESERVED
+CVE-2011-1835 (The encrypted private-directory setup process in ...)
{DSA-2382-1}
- ecryptfs-utils 92-1
-CVE-2011-1834
- RESERVED
+CVE-2011-1834 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not ...)
{DSA-2382-1}
- ecryptfs-utils 92-1
CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in ...)
@@ -50122,12 +50359,10 @@
[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
- linux-2.6 3.1.1-1
NOTE: cannot be fixed in ecryptfs-utils (squeeze, lenny) until kernel fix is in place
-CVE-2011-1832
- RESERVED
+CVE-2011-1832 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not ...)
{DSA-2382-1}
- ecryptfs-utils 92-1
-CVE-2011-1831
- RESERVED
+CVE-2011-1831 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not ...)
{DSA-2382-1}
- ecryptfs-utils 92-1
CVE-2011-1830
@@ -51058,8 +51293,7 @@
CVE-2011-1522 (Multiple SQL injection vulnerabilities in the ...)
{DSA-2223-1}
- doctrine 1.2.4-1 (bug #622674)
-CVE-2010-4777
- RESERVED
+CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, ...)
- perl <unfixed> (unimportant; bug #628836)
NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug
CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c in ...)
@@ -54035,8 +54269,7 @@
CVE-2011-0529
RESERVED
- weborf 0.12.5-1
-CVE-2011-0528
- RESERVED
+CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node ...)
- puppet 2.6.2-3
[lenny] - puppet <not-affected> (Only affects 2.6.x)
CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before ...)
@@ -59992,7 +60225,7 @@
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090 [mailman, will be rejected]
- RESERVED
+ REJECTED
NOT-FOR-US: ** REJECT ** mailman
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
{DSA-2170-1}
More information about the Secure-testing-commits
mailing list