[Secure-testing-commits] r25038 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri Jan 3 21:14:11 UTC 2014
Author: joeyh
Date: 2014-01-03 21:14:11 +0000 (Fri, 03 Jan 2014)
New Revision: 25038
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-03 21:10:48 UTC (rev 25037)
+++ data/CVE/list 2014-01-03 21:14:11 UTC (rev 25038)
@@ -1,3 +1,383 @@
+CVE-2014-0789
+ RESERVED
+CVE-2014-0788
+ RESERVED
+CVE-2014-0787
+ RESERVED
+CVE-2014-0786
+ RESERVED
+CVE-2014-0785
+ RESERVED
+CVE-2014-0784
+ RESERVED
+CVE-2014-0783
+ RESERVED
+CVE-2014-0782
+ RESERVED
+CVE-2014-0781
+ RESERVED
+CVE-2014-0780
+ RESERVED
+CVE-2014-0779
+ RESERVED
+CVE-2014-0778
+ RESERVED
+CVE-2014-0777
+ RESERVED
+CVE-2014-0776
+ RESERVED
+CVE-2014-0775
+ RESERVED
+CVE-2014-0774
+ RESERVED
+CVE-2014-0773
+ RESERVED
+CVE-2014-0772
+ RESERVED
+CVE-2014-0771
+ RESERVED
+CVE-2014-0770
+ RESERVED
+CVE-2014-0769
+ RESERVED
+CVE-2014-0768
+ RESERVED
+CVE-2014-0767
+ RESERVED
+CVE-2014-0766
+ RESERVED
+CVE-2014-0765
+ RESERVED
+CVE-2014-0764
+ RESERVED
+CVE-2014-0763
+ RESERVED
+CVE-2014-0762
+ RESERVED
+CVE-2014-0761
+ RESERVED
+CVE-2014-0760
+ RESERVED
+CVE-2014-0759
+ RESERVED
+CVE-2014-0758
+ RESERVED
+CVE-2014-0757
+ RESERVED
+CVE-2014-0756
+ RESERVED
+CVE-2014-0755
+ RESERVED
+CVE-2014-0754
+ RESERVED
+CVE-2014-0753
+ RESERVED
+CVE-2014-0752
+ RESERVED
+CVE-2014-0751
+ RESERVED
+CVE-2014-0750
+ RESERVED
+CVE-2014-0749
+ RESERVED
+CVE-2014-0748
+ RESERVED
+CVE-2014-0747
+ RESERVED
+CVE-2014-0746
+ RESERVED
+CVE-2014-0745
+ RESERVED
+CVE-2014-0744
+ RESERVED
+CVE-2014-0743
+ RESERVED
+CVE-2014-0742
+ RESERVED
+CVE-2014-0741
+ RESERVED
+CVE-2014-0740
+ RESERVED
+CVE-2014-0739
+ RESERVED
+CVE-2014-0738
+ RESERVED
+CVE-2014-0737
+ RESERVED
+CVE-2014-0736
+ RESERVED
+CVE-2014-0735
+ RESERVED
+CVE-2014-0734
+ RESERVED
+CVE-2014-0733
+ RESERVED
+CVE-2014-0732
+ RESERVED
+CVE-2014-0731
+ RESERVED
+CVE-2014-0730
+ RESERVED
+CVE-2014-0729
+ RESERVED
+CVE-2014-0728
+ RESERVED
+CVE-2014-0727
+ RESERVED
+CVE-2014-0726
+ RESERVED
+CVE-2014-0725
+ RESERVED
+CVE-2014-0724
+ RESERVED
+CVE-2014-0723
+ RESERVED
+CVE-2014-0722
+ RESERVED
+CVE-2014-0721
+ RESERVED
+CVE-2014-0720
+ RESERVED
+CVE-2014-0719
+ RESERVED
+CVE-2014-0718
+ RESERVED
+CVE-2014-0717
+ RESERVED
+CVE-2014-0716
+ RESERVED
+CVE-2014-0715
+ RESERVED
+CVE-2014-0714
+ RESERVED
+CVE-2014-0713
+ RESERVED
+CVE-2014-0712
+ RESERVED
+CVE-2014-0711
+ RESERVED
+CVE-2014-0710
+ RESERVED
+CVE-2014-0709
+ RESERVED
+CVE-2014-0708
+ RESERVED
+CVE-2014-0707
+ RESERVED
+CVE-2014-0706
+ RESERVED
+CVE-2014-0705
+ RESERVED
+CVE-2014-0704
+ RESERVED
+CVE-2014-0703
+ RESERVED
+CVE-2014-0702
+ RESERVED
+CVE-2014-0701
+ RESERVED
+CVE-2014-0700
+ RESERVED
+CVE-2014-0699
+ RESERVED
+CVE-2014-0698
+ RESERVED
+CVE-2014-0697
+ RESERVED
+CVE-2014-0696
+ RESERVED
+CVE-2014-0695
+ RESERVED
+CVE-2014-0694
+ RESERVED
+CVE-2014-0693
+ RESERVED
+CVE-2014-0692
+ RESERVED
+CVE-2014-0691
+ RESERVED
+CVE-2014-0690
+ RESERVED
+CVE-2014-0689
+ RESERVED
+CVE-2014-0688
+ RESERVED
+CVE-2014-0687
+ RESERVED
+CVE-2014-0686
+ RESERVED
+CVE-2014-0685
+ RESERVED
+CVE-2014-0684
+ RESERVED
+CVE-2014-0683
+ RESERVED
+CVE-2014-0682
+ RESERVED
+CVE-2014-0681
+ RESERVED
+CVE-2014-0680
+ RESERVED
+CVE-2014-0679
+ RESERVED
+CVE-2014-0678
+ RESERVED
+CVE-2014-0677
+ RESERVED
+CVE-2014-0676
+ RESERVED
+CVE-2014-0675
+ RESERVED
+CVE-2014-0674
+ RESERVED
+CVE-2014-0673
+ RESERVED
+CVE-2014-0672
+ RESERVED
+CVE-2014-0671
+ RESERVED
+CVE-2014-0670
+ RESERVED
+CVE-2014-0669
+ RESERVED
+CVE-2014-0668
+ RESERVED
+CVE-2014-0667
+ RESERVED
+CVE-2014-0666
+ RESERVED
+CVE-2014-0665
+ RESERVED
+CVE-2014-0664
+ RESERVED
+CVE-2014-0663
+ RESERVED
+CVE-2014-0662
+ RESERVED
+CVE-2014-0661
+ RESERVED
+CVE-2014-0660
+ RESERVED
+CVE-2014-0659
+ RESERVED
+CVE-2014-0658
+ RESERVED
+CVE-2014-0657
+ RESERVED
+CVE-2014-0656
+ RESERVED
+CVE-2014-0655
+ RESERVED
+CVE-2014-0654
+ RESERVED
+CVE-2014-0653
+ RESERVED
+CVE-2014-0652
+ RESERVED
+CVE-2014-0651
+ RESERVED
+CVE-2014-0650
+ RESERVED
+CVE-2014-0649
+ RESERVED
+CVE-2014-0648
+ RESERVED
+CVE-2014-0647
+ RESERVED
+CVE-2014-0646
+ RESERVED
+CVE-2014-0645
+ RESERVED
+CVE-2014-0644
+ RESERVED
+CVE-2014-0643
+ RESERVED
+CVE-2014-0642
+ RESERVED
+CVE-2014-0641
+ RESERVED
+CVE-2014-0640
+ RESERVED
+CVE-2014-0639
+ RESERVED
+CVE-2014-0638
+ RESERVED
+CVE-2014-0637
+ RESERVED
+CVE-2014-0636
+ RESERVED
+CVE-2014-0635
+ RESERVED
+CVE-2014-0634
+ RESERVED
+CVE-2014-0633
+ RESERVED
+CVE-2014-0632
+ RESERVED
+CVE-2014-0631
+ RESERVED
+CVE-2014-0630
+ RESERVED
+CVE-2014-0629
+ RESERVED
+CVE-2014-0628
+ RESERVED
+CVE-2014-0627
+ RESERVED
+CVE-2014-0626
+ RESERVED
+CVE-2014-0625
+ RESERVED
+CVE-2014-0624
+ RESERVED
+CVE-2014-0623
+ RESERVED
+CVE-2014-0622
+ RESERVED
+CVE-2014-0621
+ RESERVED
+CVE-2014-0620
+ RESERVED
+CVE-2014-0619
+ RESERVED
+CVE-2014-0618
+ RESERVED
+CVE-2014-0617
+ RESERVED
+CVE-2014-0616
+ RESERVED
+CVE-2014-0615
+ RESERVED
+CVE-2014-0614
+ RESERVED
+CVE-2014-0613
+ RESERVED
+CVE-2014-0612
+ RESERVED
+CVE-2013-7251 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2013-7250 (Cross-site scripting (XSS) vulnerability in the JsonBuilder ...)
+ TODO: check
+CVE-2013-7248
+ RESERVED
+CVE-2013-7247
+ RESERVED
+CVE-2013-7246
+ RESERVED
+CVE-2013-7245
+ RESERVED
+CVE-2013-7244
+ RESERVED
+CVE-2013-7243
+ RESERVED
+CVE-2013-7238
+ RESERVED
+CVE-2013-7237
+ RESERVED
+CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 ...)
+ TODO: check
+CVE-2009-5137 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...)
+ TODO: check
CVE-2014-0611
RESERVED
CVE-2014-0610
@@ -43,13 +423,20 @@
CVE-2013-7259
TODO: check
NOTE: http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
-CVE-2013-7258
-CVE-2013-7257
-CVE-2013-7256
-CVE-2013-7255
-CVE-2013-7254
+CVE-2013-7258 (Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before ...)
+ TODO: check
+CVE-2013-7257 (Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote ...)
+ TODO: check
+CVE-2013-7256 (Cross-site request forgery (CSRF) vulnerability in Opsview before ...)
+ TODO: check
+CVE-2013-7255 (Open redirect vulnerability in Opsview before 4.4.2 allows remote ...)
+ TODO: check
+CVE-2013-7254 (Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 ...)
+ TODO: check
CVE-2013-7253
+ RESERVED
CVE-2013-7252 [crypto misuse]
+ RESERVED
- kde-runtime <unfixed>
- kdebase-runtime <removed>
NOTE: http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
@@ -90,8 +477,8 @@
RESERVED
CVE-2013-7210
RESERVED
-CVE-2013-7209
- RESERVED
+CVE-2013-7209 (Cross-site request forgery (CSRF) vulnerability in admBase/login.page ...)
+ TODO: check
CVE-2013-7208
RESERVED
CVE-2013-7207
@@ -674,15 +1061,16 @@
RESERVED
CVE-2014-0366
RESERVED
-CVE-2013-7249
+CVE-2013-7249 (Fat Free CRM before 0.12.1 does not restrict XML serialization, which ...)
NOT-FOR-US: Fat Free CRM
-CVE-2013-7242
+CVE-2013-7242 (SQL injection vulnerability in ...)
NOT-FOR-US: Zenphoto
-CVE-2013-7241
+CVE-2013-7241 (Cross-site scripting (XSS) vulnerability in the export function in ...)
NOT-FOR-US: Zenphoto
-CVE-2013-7240
+CVE-2013-7240 (Directory traversal vulnerability in download-file.php in the Advanced ...)
NOT-FOR-US: Dewplayer
CVE-2013-7239 [SASL authentication allows wrong credentials to access memcache]
+ RESERVED
{DSA-2832-1}
- memcached 1.4.13-0.3 (bug #733643)
[squeeze] - memcached <not-affected> (vulnerable code present, but SASL authentication support not enabled)
@@ -698,17 +1086,13 @@
CVE-2013-7234
RESERVED
NOT-FOR-US: Simple Machines Forum
-CVE-2013-7225
- RESERVED
+CVE-2013-7225 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: Fat Free CRM
-CVE-2013-7224
- RESERVED
+CVE-2013-7224 (Fat Free CRM before 0.12.1 does not restrict JSON serialization, which ...)
NOT-FOR-US: Fat Free CRM
-CVE-2013-7223
- RESERVED
+CVE-2013-7223 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free ...)
NOT-FOR-US: Fat Free CRM
-CVE-2013-7222
- RESERVED
+CVE-2013-7222 (config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has ...)
NOT-FOR-US: Fat Free CRM
CVE-2013-7221 [run command dialog visible above screen locker]
RESERVED
@@ -1310,26 +1694,26 @@
REJECTED
CVE-2013-6994
RESERVED
-CVE-2013-6993
- RESERVED
-CVE-2013-6992
- RESERVED
-CVE-2013-6991
- RESERVED
+CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 ...)
+ TODO: check
+CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard ...)
+ TODO: check
CVE-2013-6990
RESERVED
CVE-2013-6989
RESERVED
CVE-2013-6988
RESERVED
-CVE-2013-6987
- RESERVED
+CVE-2013-6987 (Multiple directory traversal vulnerabilities in the FileBrowser ...)
+ TODO: check
CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...)
NOT-FOR-US: ZippyYum
CVE-2013-6984
RESERVED
-CVE-2013-6983
- RESERVED
+CVE-2013-6983 (SQL injection vulnerability in the web interface in Cisco Unified ...)
+ TODO: check
CVE-2013-6982
RESERVED
CVE-2013-6981 (Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a ...)
@@ -1391,8 +1775,8 @@
- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561
NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
-CVE-2013-6953
- RESERVED
+CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read ...)
+ TODO: check
CVE-2013-6952
RESERVED
CVE-2013-6951
@@ -3199,8 +3583,7 @@
- libnokogiri-ruby <removed>
NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
TODO: check
-CVE-2013-6459 [XSS vulnerabilities]
- RESERVED
+CVE-2013-6459 (Cross-site scripting (XSS) vulnerability in the will_paginate gem ...)
- ruby-will-paginate <unfixed> (low; bug #733209)
[wheezy] - ruby-will-paginate <no-dsa> (Minor issue)
- libwill-paginate-ruby <removed>
@@ -3225,8 +3608,7 @@
RESERVED
CVE-2013-6451
RESERVED
-CVE-2013-6450 [DTLS retransmission from previous session]
- RESERVED
+CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL through 0.9.8y and ...)
{DSA-2833-1}
- openssl 1.0.1e-5 (low)
[squeeze] - openssl <no-dsa> (Minor issue, limited DTLS support in 0.9.8 branch)
@@ -3921,15 +4303,15 @@
CVE-2013-6188
RESERVED
CVE-2013-6187
- RESERVED
+ REJECTED
CVE-2013-6186
- RESERVED
+ REJECTED
CVE-2013-6185
- RESERVED
+ REJECTED
CVE-2013-6184
- RESERVED
+ REJECTED
CVE-2013-6183
- RESERVED
+ REJECTED
CVE-2013-6182 (Unquoted Windows search path vulnerability in EMC Replication Manager ...)
NOT-FOR-US: EMC Replication Manager
CVE-2013-6181 (EMC Watch4Net before 6.3 stores cleartext polled-device passwords in ...)
@@ -3937,7 +4319,7 @@
CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness ...)
NOT-FOR-US: RSA Security Analytics
CVE-2013-6179
- RESERVED
+ REJECTED
CVE-2013-6178 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
NOT-FOR-US: EMC RSA Archer GRC
CVE-2013-6177 (Directory traversal vulnerability in EMC Document Sciences xPression ...)
@@ -5464,8 +5846,7 @@
RESERVED
CVE-2013-5574
RESERVED
-CVE-2013-5573 [Default markup formatter permits offsite-bound forms]
- RESERVED
+CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup ...)
- jenkins <unfixed> (bug #732708)
NOTE: http://seclists.org/fulldisclosure/2013/Dec/159
CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the LDAP ...)
@@ -5884,8 +6265,8 @@
NOT-FOR-US: IBM
CVE-2013-5386
RESERVED
-CVE-2013-5385
- RESERVED
+CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries ...)
+ TODO: check
CVE-2013-5384
RESERVED
CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
@@ -6233,8 +6614,7 @@
CVE-2013-5212
RESERVED
NOT-FOR-US: easyXDM
-CVE-2013-5211 [ntp monlist DDoS]
- RESERVED
+CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 ...)
- ntp <unfixed> (bug #733940)
NOTE: http://bugs.ntp.org/show_bug.cgi?id=1532
NOTE: mitigated if noquery used. Only a problem for (public) ntp servers allowing
@@ -10290,8 +10670,8 @@
RESERVED
CVE-2013-3668
RESERVED
-CVE-2013-3667
- RESERVED
+CVE-2013-3667 (The software update mechanism as used in Bare Bones Software Yojimbo ...)
+ TODO: check
CVE-2013-3666 (The LG Hidden Menu component for Android on the LG Optimus G E973 ...)
NOT-FOR-US: LG Hidden Menu
CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT ...)
@@ -10508,8 +10888,8 @@
NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3573 (HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct ...)
NOT-FOR-US: HP Insight Diagnostics
-CVE-2013-3572
- RESERVED
+CVE-2013-3572 (Cross-site scripting (XSS) vulnerability in the administer interface ...)
+ TODO: check
CVE-2013-3571 [FD leak]
RESERVED
- socat 1.7.1.3-1.5 (low; bug #709931)
@@ -11127,7 +11507,7 @@
CVE-2013-3290
RESERVED
CVE-2013-3289
- RESERVED
+ REJECTED
CVE-2013-3288 (Cross-site scripting (XSS) vulnerability on the EMC RSA Data ...)
NOT-FOR-US: EMC
CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...)
@@ -11137,11 +11517,11 @@
CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before ...)
NOT-FOR-US: EMC NetWorker
CVE-2013-3284
- RESERVED
+ REJECTED
CVE-2013-3283
- RESERVED
+ REJECTED
CVE-2013-3282
- RESERVED
+ REJECTED
CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop ...)
NOT-FOR-US: EMC Documentum
CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet ...)
@@ -14264,8 +14644,7 @@
[wheezy] - kdeplasma-addons <no-dsa> (Minor issue)
[squeeze] - kdeplasma-addons <no-dsa> (Minor issue)
NOTE: Original fix https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce not sufficient
-CVE-2013-2119
- RESERVED
+CVE-2013-2119 (Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby ...)
- ruby-passenger 3.0.13debian-1.1 (low; bug #710351)
[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...)
@@ -37235,14 +37614,14 @@
RESERVED
{DSA-2289-1}
- typo3-src 4.5.4+dfsg1-1 (bug #635937)
-CVE-2012-0264
- RESERVED
-CVE-2012-0263
- RESERVED
-CVE-2012-0262
- RESERVED
-CVE-2012-0261
- RESERVED
+CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly manage ...)
+ TODO: check
+CVE-2012-0263 (monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows ...)
+ TODO: check
+CVE-2012-0262 (op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and ...)
+ TODO: check
+CVE-2012-0261 (license.php in system-portal before 1.6.2 in op5 Monitor and op5 ...)
+ TODO: check
CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ...)
{DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
More information about the Secure-testing-commits
mailing list