[Secure-testing-commits] r25184 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Mon Jan 13 21:14:14 UTC 2014
Author: joeyh
Date: 2014-01-13 21:14:14 +0000 (Mon, 13 Jan 2014)
New Revision: 25184
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-13 18:21:00 UTC (rev 25183)
+++ data/CVE/list 2014-01-13 21:14:14 UTC (rev 25184)
@@ -1,3 +1,475 @@
+CVE-2014-1409
+ RESERVED
+CVE-2014-1404
+ RESERVED
+CVE-2014-1403
+ RESERVED
+CVE-2014-1397
+ RESERVED
+CVE-2014-1396
+ RESERVED
+CVE-2014-1395
+ RESERVED
+CVE-2014-1394
+ RESERVED
+CVE-2014-1393
+ RESERVED
+CVE-2014-1392
+ RESERVED
+CVE-2014-1391
+ RESERVED
+CVE-2014-1390
+ RESERVED
+CVE-2014-1389
+ RESERVED
+CVE-2014-1388
+ RESERVED
+CVE-2014-1387
+ RESERVED
+CVE-2014-1386
+ RESERVED
+CVE-2014-1385
+ RESERVED
+CVE-2014-1384
+ RESERVED
+CVE-2014-1383
+ RESERVED
+CVE-2014-1382
+ RESERVED
+CVE-2014-1381
+ RESERVED
+CVE-2014-1380
+ RESERVED
+CVE-2014-1379
+ RESERVED
+CVE-2014-1378
+ RESERVED
+CVE-2014-1377
+ RESERVED
+CVE-2014-1376
+ RESERVED
+CVE-2014-1375
+ RESERVED
+CVE-2014-1374
+ RESERVED
+CVE-2014-1373
+ RESERVED
+CVE-2014-1372
+ RESERVED
+CVE-2014-1371
+ RESERVED
+CVE-2014-1370
+ RESERVED
+CVE-2014-1369
+ RESERVED
+CVE-2014-1368
+ RESERVED
+CVE-2014-1367
+ RESERVED
+CVE-2014-1366
+ RESERVED
+CVE-2014-1365
+ RESERVED
+CVE-2014-1364
+ RESERVED
+CVE-2014-1363
+ RESERVED
+CVE-2014-1362
+ RESERVED
+CVE-2014-1361
+ RESERVED
+CVE-2014-1360
+ RESERVED
+CVE-2014-1359
+ RESERVED
+CVE-2014-1358
+ RESERVED
+CVE-2014-1357
+ RESERVED
+CVE-2014-1356
+ RESERVED
+CVE-2014-1355
+ RESERVED
+CVE-2014-1354
+ RESERVED
+CVE-2014-1353
+ RESERVED
+CVE-2014-1352
+ RESERVED
+CVE-2014-1351
+ RESERVED
+CVE-2014-1350
+ RESERVED
+CVE-2014-1349
+ RESERVED
+CVE-2014-1348
+ RESERVED
+CVE-2014-1347
+ RESERVED
+CVE-2014-1346
+ RESERVED
+CVE-2014-1345
+ RESERVED
+CVE-2014-1344
+ RESERVED
+CVE-2014-1343
+ RESERVED
+CVE-2014-1342
+ RESERVED
+CVE-2014-1341
+ RESERVED
+CVE-2014-1340
+ RESERVED
+CVE-2014-1339
+ RESERVED
+CVE-2014-1338
+ RESERVED
+CVE-2014-1337
+ RESERVED
+CVE-2014-1336
+ RESERVED
+CVE-2014-1335
+ RESERVED
+CVE-2014-1334
+ RESERVED
+CVE-2014-1333
+ RESERVED
+CVE-2014-1332
+ RESERVED
+CVE-2014-1331
+ RESERVED
+CVE-2014-1330
+ RESERVED
+CVE-2014-1329
+ RESERVED
+CVE-2014-1328
+ RESERVED
+CVE-2014-1327
+ RESERVED
+CVE-2014-1326
+ RESERVED
+CVE-2014-1325
+ RESERVED
+CVE-2014-1324
+ RESERVED
+CVE-2014-1323
+ RESERVED
+CVE-2014-1322
+ RESERVED
+CVE-2014-1321
+ RESERVED
+CVE-2014-1320
+ RESERVED
+CVE-2014-1319
+ RESERVED
+CVE-2014-1318
+ RESERVED
+CVE-2014-1317
+ RESERVED
+CVE-2014-1316
+ RESERVED
+CVE-2014-1315
+ RESERVED
+CVE-2014-1314
+ RESERVED
+CVE-2014-1313
+ RESERVED
+CVE-2014-1312
+ RESERVED
+CVE-2014-1311
+ RESERVED
+CVE-2014-1310
+ RESERVED
+CVE-2014-1309
+ RESERVED
+CVE-2014-1308
+ RESERVED
+CVE-2014-1307
+ RESERVED
+CVE-2014-1306
+ RESERVED
+CVE-2014-1305
+ RESERVED
+CVE-2014-1304
+ RESERVED
+CVE-2014-1303
+ RESERVED
+CVE-2014-1302
+ RESERVED
+CVE-2014-1301
+ RESERVED
+CVE-2014-1300
+ RESERVED
+CVE-2014-1299
+ RESERVED
+CVE-2014-1298
+ RESERVED
+CVE-2014-1297
+ RESERVED
+CVE-2014-1296
+ RESERVED
+CVE-2014-1295
+ RESERVED
+CVE-2014-1294
+ RESERVED
+CVE-2014-1293
+ RESERVED
+CVE-2014-1292
+ RESERVED
+CVE-2014-1291
+ RESERVED
+CVE-2014-1290
+ RESERVED
+CVE-2014-1289
+ RESERVED
+CVE-2014-1288
+ RESERVED
+CVE-2014-1287
+ RESERVED
+CVE-2014-1286
+ RESERVED
+CVE-2014-1285
+ RESERVED
+CVE-2014-1284
+ RESERVED
+CVE-2014-1283
+ RESERVED
+CVE-2014-1282
+ RESERVED
+CVE-2014-1281
+ RESERVED
+CVE-2014-1280
+ RESERVED
+CVE-2014-1279
+ RESERVED
+CVE-2014-1278
+ RESERVED
+CVE-2014-1277
+ RESERVED
+CVE-2014-1276
+ RESERVED
+CVE-2014-1275
+ RESERVED
+CVE-2014-1274
+ RESERVED
+CVE-2014-1273
+ RESERVED
+CVE-2014-1272
+ RESERVED
+CVE-2014-1271
+ RESERVED
+CVE-2014-1270
+ RESERVED
+CVE-2014-1269
+ RESERVED
+CVE-2014-1268
+ RESERVED
+CVE-2014-1267
+ RESERVED
+CVE-2014-1266
+ RESERVED
+CVE-2014-1265
+ RESERVED
+CVE-2014-1264
+ RESERVED
+CVE-2014-1263
+ RESERVED
+CVE-2014-1262
+ RESERVED
+CVE-2014-1261
+ RESERVED
+CVE-2014-1260
+ RESERVED
+CVE-2014-1259
+ RESERVED
+CVE-2014-1258
+ RESERVED
+CVE-2014-1257
+ RESERVED
+CVE-2014-1256
+ RESERVED
+CVE-2014-1255
+ RESERVED
+CVE-2014-1254
+ RESERVED
+CVE-2014-1253
+ RESERVED
+CVE-2014-1252
+ RESERVED
+CVE-2014-1251
+ RESERVED
+CVE-2014-1250
+ RESERVED
+CVE-2014-1249
+ RESERVED
+CVE-2014-1248
+ RESERVED
+CVE-2014-1247
+ RESERVED
+CVE-2014-1246
+ RESERVED
+CVE-2014-1245
+ RESERVED
+CVE-2014-1244
+ RESERVED
+CVE-2014-1243
+ RESERVED
+CVE-2014-1242
+ RESERVED
+CVE-2014-1241
+ RESERVED
+CVE-2014-1240
+ RESERVED
+CVE-2014-1239
+ RESERVED
+CVE-2014-1238
+ RESERVED
+CVE-2014-1237
+ RESERVED
+CVE-2014-1232 (Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG ...)
+ TODO: check
+CVE-2014-1231
+ RESERVED
+CVE-2014-1230
+ RESERVED
+CVE-2014-1229
+ RESERVED
+CVE-2014-1228
+ RESERVED
+CVE-2014-1227
+ RESERVED
+CVE-2014-1226
+ RESERVED
+CVE-2014-1225
+ RESERVED
+CVE-2014-1224
+ RESERVED
+CVE-2014-1223
+ RESERVED
+CVE-2014-1222
+ RESERVED
+CVE-2014-1221
+ RESERVED
+CVE-2014-1220
+ RESERVED
+CVE-2014-1219
+ RESERVED
+CVE-2014-1218
+ RESERVED
+CVE-2014-1217
+ RESERVED
+CVE-2014-1216
+ RESERVED
+CVE-2014-1215
+ RESERVED
+CVE-2014-1214
+ RESERVED
+CVE-2014-1213
+ RESERVED
+CVE-2014-1212
+ RESERVED
+CVE-2014-1211
+ RESERVED
+CVE-2014-1210
+ RESERVED
+CVE-2014-1209
+ RESERVED
+CVE-2014-1208
+ RESERVED
+CVE-2014-1207
+ RESERVED
+CVE-2014-1206
+ RESERVED
+CVE-2014-1205
+ RESERVED
+CVE-2014-1204
+ RESERVED
+CVE-2014-1202
+ RESERVED
+CVE-2014-1201
+ RESERVED
+CVE-2014-0999
+ RESERVED
+CVE-2014-0998
+ RESERVED
+CVE-2014-0997
+ RESERVED
+CVE-2014-0996
+ RESERVED
+CVE-2014-0995
+ RESERVED
+CVE-2014-0994
+ RESERVED
+CVE-2014-0993
+ RESERVED
+CVE-2014-0992
+ RESERVED
+CVE-2014-0991
+ RESERVED
+CVE-2014-0990
+ RESERVED
+CVE-2014-0989
+ RESERVED
+CVE-2014-0988
+ RESERVED
+CVE-2014-0987
+ RESERVED
+CVE-2014-0986
+ RESERVED
+CVE-2014-0985
+ RESERVED
+CVE-2014-0984
+ RESERVED
+CVE-2014-0983
+ RESERVED
+CVE-2014-0982
+ RESERVED
+CVE-2014-0981
+ RESERVED
+CVE-2014-0980
+ RESERVED
+CVE-2014-0976
+ RESERVED
+CVE-2014-0975
+ RESERVED
+CVE-2014-0974
+ RESERVED
+CVE-2014-0973
+ RESERVED
+CVE-2014-0972
+ RESERVED
+CVE-2013-7291
+ RESERVED
+CVE-2013-7290
+ RESERVED
+CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
+ TODO: check
+CVE-2013-7287
+ RESERVED
+CVE-2013-7286
+ RESERVED
+CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise ...)
+ TODO: check
+CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with ...)
+ TODO: check
+CVE-2013-7280 (Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier ...)
+ TODO: check
+CVE-2013-7279 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2013-7278 (SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote ...)
+ TODO: check
+CVE-2013-7277 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...)
+ TODO: check
+CVE-2013-7276 (Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the ...)
+ TODO: check
+CVE-2013-7275 (Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka ...)
+ TODO: check
+CVE-2013-7274 (Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 ...)
+ TODO: check
+CVE-2013-7272
+ RESERVED
+CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance ...)
+ TODO: check
CVE-2013-XXXX [drop privileges when effective uid != uid]
- dash <unfixed> (unimportant; bug #734869)
- bash <unfixed> (unimportant; bug #734866)
@@ -2,25 +474,31 @@
NOTE: Hardening, not a vulnerability
-CVE-2014-1408
+CVE-2014-1408 (The Conceptronic C54APM access point with runtime code 1.26 has a ...)
NOT-FOR-US: Conceptronic C54APM access point
-CVE-2014-1407
+CVE-2014-1407 (Multiple cross-site scripting (XSS) vulnerabilities on the ...)
NOT-FOR-US: Conceptronic C54APM access point
-CVE-2014-1406
+CVE-2014-1406 (CRLF injection vulnerability in goform/formWlSiteSurvey on the ...)
NOT-FOR-US: Conceptronic C54APM access point
-CVE-2014-1405
+CVE-2014-1405 (Multiple open redirect vulnerabilities on the Conceptronic C54APM ...)
NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1402 [jinja2.bccache.FileSystemBytecodeCache: insecure default directory]
+ RESERVED
- jinja2 2.7.2-1 (bug #734747)
NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
CVE-2014-1401
+ RESERVED
NOT-FOR-US: CamScanner
CVE-2014-1400
+ RESERVED
NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1399
+ RESERVED
NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1398
+ RESERVED
NOT-FOR-US: Drupal 7 Entity module
-CVE-2014-1236 [buffer overflow]
+CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in ...)
- graphviz <unfixed> (bug #734745)
NOTE: fix: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
CVE-2014-1235
+ RESERVED
- graphviz <unfixed> (bug #734745)
@@ -30,23 +508,25 @@
[squeeze] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
NOTE: CVE is for buffer overflow introduced by applying only 7aaddf52cd98589fb0c3ab72a393f8411838438a
NOTE: fix: https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
-CVE-2014-1234
+CVE-2014-1234 (The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to ...)
NOT-FOR-US: Paratrooper Newrelic Ruby Gem
-CVE-2014-1233
+CVE-2014-1233 (The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to ...)
NOT-FOR-US: Paratrooper Pingdom Ruby Gem
CVE-2014-1203
+ RESERVED
NOT-FOR-US: Eyou Mail System
CVE-2014-0979 [greeter crashes on empty username]
+ RESERVED
- lightdm-gtk-greeter 1.6.1-5 (bug #734472)
NOTE: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=857303
[wheezy] - lightdm-gtk-greeter <not-affected> (in Wheezy, lightdm restarts when the greeter crashes, so there's no DoS)
-CVE-2014-0978 [stack-based buffer overflow in yyerror()]
+CVE-2014-0978 (Stack-based buffer overflow in the yyerror function in ...)
- graphviz 2.26.3-16 (bug #734745)
NOTE: https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
NOTE: additional commit required (new CVE-2014-1235): https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
NOTE: see: https://bugzilla.redhat.com/show_bug.cgi?id=1049165#c6
-CVE-2014-0977 [XSS]
+CVE-2014-0977 (Cross-site scripting (XSS) vulnerability in the Rich Text Editor in ...)
{DSA-2841-1}
- movabletype-opensource 5.2.9+dfsg-1 (bug #734304)
CVE-2014-0971
@@ -381,14 +861,13 @@
RESERVED
CVE-2014-0806
RESERVED
-CVE-2014-0805
- RESERVED
-CVE-2014-0804
- RESERVED
-CVE-2014-0803
- RESERVED
-CVE-2014-0802
- RESERVED
+CVE-2014-0805 (Directory traversal vulnerability in the NeoFiler application 5.4.3 ...)
+ TODO: check
+CVE-2014-0804 (Directory traversal vulnerability in the CGENE Security File Manager ...)
+ TODO: check
+CVE-2014-0803 (Directory traversal vulnerability in the tetra filer application 2.3.1 ...)
+ TODO: check
+CVE-2014-0802 (Directory traversal vulnerability in the aokitaka ZIP with Pass ...)
NOT-FOR-US: aokitaka ZIP with Pass
CVE-2014-0801
RESERVED
@@ -412,17 +891,20 @@
RESERVED
CVE-2014-0790
RESERVED
-CVE-2013-7288
+CVE-2013-7288 (Cross-site scripting (XSS) vulnerability in the mycode_parse_video ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2013-7285 [remote code execution via deserialization in XStream]
+ RESERVED
- libxstream-java <unfixed> (bug #734821)
NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
CVE-2013-7284 [libplrpc-perl remote code execution due to Storable]
+ RESERVED
- libplrpc-perl <unfixed> (high; bug #734789)
NOTE: Upstream appears dead.
CVE-2013-7273 [no prompt anymore after login cancel using disable_user_list]
+ RESERVED
- gdm3 <unfixed> (low; bug #683338)
[wheezy] - gdm3 <no-dsa> (Minor issue)
[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
@@ -549,8 +1031,7 @@
RESERVED
CVE-2014-0753
RESERVED
-CVE-2014-0752
- RESERVED
+CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2014-0751
RESERVED
@@ -726,39 +1207,34 @@
RESERVED
CVE-2014-0665
RESERVED
-CVE-2014-0664
- RESERVED
+CVE-2014-0664 (The server in Cisco Unity Connection allows remote authenticated users ...)
NOT-FOR-US: Cisco Unity Connection
-CVE-2014-0663
- RESERVED
+CVE-2014-0663 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
+ TODO: check
CVE-2014-0662
RESERVED
CVE-2014-0661
RESERVED
CVE-2014-0660
RESERVED
-CVE-2014-0659
- RESERVED
+CVE-2014-0659 (The Cisco WAP4410N access point with firmware through 2.0.6.1, ...)
NOT-FOR-US: Cisco Small Business Devices
-CVE-2014-0658
- RESERVED
+CVE-2014-0658 (Cisco 9900 Unified IP phones allow remote attackers to cause a denial ...)
NOT-FOR-US: Cisco 9900 Unified IP phones
-CVE-2014-0657
- RESERVED
+CVE-2014-0657 (The administration portal in Cisco Unified Communications Manager ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-0656
- RESERVED
-CVE-2014-0655
- RESERVED
-CVE-2014-0654
- RESERVED
-CVE-2014-0653
- RESERVED
+CVE-2014-0656 (Cisco Context Directory Agent (CDA) allows remote authenticated users ...)
+ TODO: check
+CVE-2014-0655 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security ...)
+ TODO: check
+CVE-2014-0654 (Cisco Context Directory Agent (CDA) allows remote attackers to modify ...)
+ TODO: check
+CVE-2014-0653 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2014-0652
- RESERVED
-CVE-2014-0651
- RESERVED
+CVE-2014-0652 (Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco ...)
+ TODO: check
+CVE-2014-0651 (The administrative interface in Cisco Context Directory Agent (CDA) ...)
+ TODO: check
CVE-2014-0650
RESERVED
CVE-2014-0649
@@ -817,14 +1293,13 @@
RESERVED
CVE-2014-0622
RESERVED
-CVE-2014-0621
- RESERVED
-CVE-2014-0620
- RESERVED
+CVE-2014-0621 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2014-0620 (Multiple cross-site scripting (XSS) vulnerabilities in Technicolor ...)
+ TODO: check
CVE-2014-0619
RESERVED
-CVE-2014-0618
- RESERVED
+CVE-2014-0618 (Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R ...)
NOT-FOR-US: SRX Services Gateways
CVE-2014-0617
RESERVED
@@ -842,7 +1317,7 @@
NOT-FOR-US: JunOS
CVE-2014-0612
RESERVED
-CVE-2013-7281
+CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux ...)
- linux-2.6 <removed> (low)
- linux 3.12.6-1 (low)
CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel ...)
@@ -1005,6 +1480,7 @@
CVE-2013-7197
RESERVED
CVE-2012-6619 [MongoDB memory over-read via incorrect BSON object length]
+ RESERVED
- mongodb 1:2.4.1-1
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/11822
NOTE: https://jira.mongodb.org/browse/SERVER-7769
@@ -1313,8 +1789,7 @@
RESERVED
CVE-2013-7175
RESERVED
-CVE-2013-7174
- RESERVED
+CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS ...)
NOT-FOR-US: QNAP QTS
CVE-2013-7173
RESERVED
@@ -1655,11 +2130,9 @@
RESERVED
CVE-2013-7140
RESERVED
-CVE-2013-7139
- RESERVED
+CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content ...)
NOT-FOR-US: Horizon CMS
-CVE-2013-7138
- RESERVED
+CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in ...)
NOT-FOR-US: Horizon CMS
CVE-2013-7137
RESERVED
@@ -1733,8 +2206,7 @@
RESERVED
CVE-2013-7098
RESERVED
-CVE-2013-7097
- RESERVED
+CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac ...)
NOT-FOR-US: eduTrac
CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...)
NOT-FOR-US: Sap EMR
@@ -2206,8 +2678,7 @@
NOT-FOR-US: Microsoft Windows Server 2008 SP2
CVE-2013-6998
RESERVED
-CVE-2013-6997
- RESERVED
+CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
- open-xchange <itp> (bug #269329)
CVE-2013-6996
RESERVED
@@ -2235,8 +2706,7 @@
RESERVED
CVE-2013-6983 (SQL injection vulnerability in the web interface in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Presence Server
-CVE-2013-6982
- RESERVED
+CVE-2013-6982 (The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not ...)
NOT-FOR-US: Cisco NX-OS
CVE-2013-6981 (Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS XE
@@ -2252,8 +2722,7 @@
NOT-FOR-US: Cisco
CVE-2013-6975
RESERVED
-CVE-2013-6974
- RESERVED
+CVE-2013-6974 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-6973 (Cisco WebEx Training Center allows remote attackers to discover ...)
NOT-FOR-US: Cisco
@@ -2291,10 +2760,9 @@
NOT-FOR-US: Juniper
CVE-2013-6956 (Cross-site scripting (XSS) vulnerability in the Secure Access Service ...)
NOT-FOR-US: Juniper Junos Pulse Secure Access Service
-CVE-2013-6955
- RESERVED
-CVE-2013-6954 [unhandled zero-length PLTE chunk or NULL palette]
- RESERVED
+CVE-2013-6955 (webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 ...)
+ TODO: check
+CVE-2013-6954 (The png_do_expand_palette function in libpng before 1.6.8 allows ...)
- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561
NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
@@ -2358,8 +2826,7 @@
NOT-FOR-US: Siemens
CVE-2013-6924
RESERVED
-CVE-2013-6923
- RESERVED
+CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate ...)
NOT-FOR-US: Seagate BlackArmor NAS 220 devices
CVE-2013-6922
RESERVED
@@ -3098,8 +3565,7 @@
RESERVED
- rush <unfixed> (bug #733505)
[wheezy] - rush <no-dsa> (Minor issue, can be fixed through a point release update)
-CVE-2013-6888
- RESERVED
+CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
{DSA-2836-1}
- devscripts 2.13.9
CVE-2013-6887
@@ -3107,15 +3573,13 @@
- openjpeg <not-affected> (only affects 1.5, in experimental, see #731237)
CVE-2013-6886 (RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to ...)
- vnc4 <not-affected> (Only affects 5.0.6, binaries in Debian version are not setuid root)
-CVE-2013-6884
- RESERVED
+CVE-2013-6884 (The write-blocker in CRU Ditto Forensic FieldStation with firmware ...)
NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6883 (Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic ...)
NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6882 (Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto ...)
NOT-FOR-US: Ditto Forensic FieldStation
-CVE-2013-6881
- RESERVED
+CVE-2013-6881 (CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows ...)
NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6880
RESERVED
@@ -4063,8 +4527,7 @@
RESERVED
CVE-2013-6481
RESERVED
-CVE-2013-6480 [doesn't send scrub_data query parameter when destroying a DigitalOcean node]
- RESERVED
+CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter ...)
- python-libcloud <not-affected> (affects 0.12.3 to 0.13.3)
NOTE: version prior to 0.12.3 don't include a DigitalOcean driver
CVE-2013-6479
@@ -4101,8 +4564,7 @@
RESERVED
CVE-2013-6463
REJECTED
-CVE-2013-6462
- RESERVED
+CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in ...)
{DSA-2838-1}
- libxfont 1:1.4.7-1
CVE-2013-6461 [DoS while parsing XML entities]
@@ -4189,8 +4651,7 @@
CVE-2013-6437 [DoS through ephemeral disk backing files]
RESERVED
- nova <unfixed>
-CVE-2013-6436
- RESERVED
+CVE-2013-6436 (The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...)
- libvirt 1.2.0-1
[squeeze] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
[wheezy] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
@@ -4246,8 +4707,7 @@
{DSA-2816-1}
- php5 5.5.6+dfsg-2 (bug #731895)
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
-CVE-2013-6419 [Metadata queries from Neutron to Nova are not restricted by tenant]
- RESERVED
+CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...)
- neutron 2013.2.1-1
- nova 2013.2.1-1
NOTE: https://launchpad.net/bugs/1235450
@@ -4530,8 +4990,8 @@
NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
CVE-2013-6335
RESERVED
-CVE-2013-6334
- RESERVED
+CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, ...)
+ TODO: check
CVE-2013-6333
RESERVED
CVE-2013-6332
@@ -4556,8 +5016,7 @@
RESERVED
CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
-CVE-2013-6321
- RESERVED
+CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...)
NOT-FOR-US: IBM Atlas eDiscovery Process Management
CVE-2013-6320
RESERVED
@@ -5192,8 +5651,8 @@
RESERVED
CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant ...)
NOT-FOR-US: AT&T Connect Participant Application
-CVE-2013-6028
- RESERVED
+CVE-2013-6028 (Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail ...)
+ TODO: check
CVE-2013-6027 (Stack-based buffer overflow in the RuntimeDiagnosticPing function in ...)
NOT-FOR-US: D-Link
CVE-2013-6026 (The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, ...)
@@ -5214,8 +5673,7 @@
NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6018 (Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler ...)
NOT-FOR-US: Tyler Technologies TaxWeb
-CVE-2013-6017
- RESERVED
+CVE-2013-6017 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server ...)
NOT-FOR-US: Atmail Webmail Server
CVE-2013-6016 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, ...)
NOT-FOR-US: F5
@@ -6410,7 +6868,7 @@
NOT-FOR-US: MYRE Realty Manager
CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu module ...)
NOT-FOR-US: Imagemenu Drupal contributed module
-CVE-2010-5291
+CVE-2010-5291 (Amberdms Billing System (ABS) before 1.4.1 does not properly implement ...)
NOT-FOR-US: Amberdms Billing System
CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...)
NOT-FOR-US: IncrediMail
@@ -6856,12 +7314,12 @@
RESERVED
CVE-2013-5360
RESERVED
-CVE-2013-5359
- RESERVED
-CVE-2013-5358
- RESERVED
-CVE-2013-5357
- RESERVED
+CVE-2013-5359 (Stack-based buffer overflow in Picasa3.exe in Google Picasa before ...)
+ TODO: check
+CVE-2013-5358 (Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote ...)
+ TODO: check
+CVE-2013-5357 (Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
+ TODO: check
CVE-2013-5356
RESERVED
CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
@@ -6876,8 +7334,8 @@
RESERVED
CVE-2013-5350
RESERVED
-CVE-2013-5349
- RESERVED
+CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
+ TODO: check
CVE-2013-5348
RESERVED
CVE-2013-5347
@@ -7526,17 +7984,13 @@
RESERVED
CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-5034
- RESERVED
+CVE-2013-5034 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
NOT-FOR-US: Atmail
-CVE-2013-5033
- RESERVED
+CVE-2013-5033 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
NOT-FOR-US: Atmail
-CVE-2013-5032
- RESERVED
+CVE-2013-5032 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
NOT-FOR-US: Atmail
-CVE-2013-5031
- RESERVED
+CVE-2013-5031 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
NOT-FOR-US: Atmail
CVE-2013-5030 (Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow ...)
NOT-FOR-US: Ruckus Wireless Zoneflex
@@ -7581,13 +8035,12 @@
RESERVED
CVE-2013-5012
RESERVED
-CVE-2013-5011
- RESERVED
-CVE-2013-5010
- RESERVED
+CVE-2013-5011 (Unquoted Windows search path vulnerability in the client in Symantec ...)
+ TODO: check
+CVE-2013-5010 (The Application/Device Control (ADC) component in the client in ...)
NOT-FOR-US: Symantec Endpoint Protection
-CVE-2013-5009
- RESERVED
+CVE-2013-5009 (The Management Console in Symantec Endpoint Protection (SEP) 11.x ...)
+ TODO: check
CVE-2013-5008 (The agent and task-agent components in Symantec Management Platform ...)
NOT-FOR-US: Symantec
CVE-2013-5007
@@ -7654,8 +8107,7 @@
RESERVED
CVE-2013-4970
RESERVED
-CVE-2013-4969 [Unsafe use of temp files in File type]
- RESERVED
+CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) ...)
{DSA-2831-1}
- puppet 3.4.1-1
NOTE: http://puppetlabs.com/security/cve/cve-2013-4969
@@ -8654,8 +9106,7 @@
CVE-2013-4565 [heap-based buffer overflow]
RESERVED
- xlhtml <unfixed> (bug #729279)
-CVE-2013-4564
- RESERVED
+CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: libreswan
CVE-2013-4563 (The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux ...)
- linux-2.6 <not-affected> (Introduced in v3.10-rc5)
@@ -8787,8 +9238,7 @@
- reviewboard <itp> (bug #653113)
CVE-2013-4518
RESERVED
-CVE-2013-4517 [Java XML Signature DoS Attack]
- RESERVED
+CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying ...)
- libxml-security-java <unfixed> (bug #733938)
NOTE: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc
CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the ...)
@@ -9001,8 +9451,7 @@
NOT-FOR-US: WordPress plugin
CVE-2013-4461 (SQL injection vulnerability in the web interface for cumin in Red Hat ...)
NOT-FOR-US: Cumin
-CVE-2013-4460 [XSS in account_sponsor_page.php project names]
- RESERVED
+CVE-2013-4460 (Cross-site scripting (XSS) vulnerability in account_sponsor_page.php ...)
- mantis <removed> (low; bug #727180)
[squeeze] - mantis <no-dsa> (Minor issue)
[wheezy] - mantis <no-dsa> (Minor issue)
@@ -9365,8 +9814,7 @@
- glance <unfixed>
NOTE: https://bugs.launchpad.net/glance/+bug/1226078
NOTE: according to upstream bug there will probably not be a patch for this issue
-CVE-2013-4353 [TLS record tampering]
- RESERVED
+CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before ...)
{DSA-2837-1}
- openssl 1.0.1f-1
[squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e)
@@ -10057,6 +10505,7 @@
NOTE: http://openwall.com/lists/oss-security/2013/07/19/11
CVE-2013-4152 [XML External Entity (XXE) injection flaw]
RESERVED
+ {DSA-2842-1}
- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
CVE-2013-4151
RESERVED
@@ -11125,8 +11574,8 @@
RESERVED
CVE-2013-3714
RESERVED
-CVE-2013-3713
- RESERVED
+CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for ...)
+ TODO: check
CVE-2013-3712
RESERVED
CVE-2013-3711
@@ -15445,8 +15894,7 @@
CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat ...)
- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)
-CVE-2013-2050
- RESERVED
+CVE-2013-2050 (SQL injection vulnerability in the miq_policy controller in Red Hat ...)
NOT-FOR-US: CloudForms Management Engine
CVE-2013-2049
RESERVED
@@ -47516,8 +47964,7 @@
[lenny] - php5 <not-affected> (The Lenny version doesn't use memcpy)
CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier ...)
NOT-FOR-US: Webmin
-CVE-2011-1936
- RESERVED
+CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization ...)
- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1935 [packet truncation in libpcap]
RESERVED
@@ -48024,8 +48471,7 @@
[squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
[lenny] - systemtap <not-affected> (Only affects version 1.4.x)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
-CVE-2011-1780
- RESERVED
+CVE-2011-1780 (The instruction emulation in Xen 3.0.3 allows local SMP guest users to ...)
- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 ...)
- libarchive 3.0.4-2 (bug #669197)
@@ -48077,8 +48523,7 @@
{DSA-2232-1}
- exim4 4.75-3 (high; bug #624670)
[lenny] - exim4 <not-affected> (vulnerable code not present)
-CVE-2011-1763
- RESERVED
+CVE-2011-1763 (The get_free_port function in Xen allows local authenticated DomU ...)
- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1762
RESERVED
@@ -49816,8 +50261,7 @@
{DSA-2210-1}
- tiff 3.9.4-9 (bug #619614)
- tiff3 <not-affected> (fixed before initial upload)
-CVE-2011-1166
- RESERVED
+CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a ...)
{DSA-2337-1}
- xen 4.1.0-1
- xen-3 <removed>
More information about the Secure-testing-commits
mailing list