[Secure-testing-commits] r25341 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu Jan 23 21:14:11 UTC 2014
Author: joeyh
Date: 2014-01-23 21:14:11 +0000 (Thu, 23 Jan 2014)
New Revision: 25341
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-23 20:21:39 UTC (rev 25340)
+++ data/CVE/list 2014-01-23 21:14:11 UTC (rev 25341)
@@ -1,3 +1,351 @@
+CVE-2014-1641
+ RESERVED
+CVE-2014-1637 (Command School Student Management System 1.06.01 does not properly ...)
+ TODO: check
+CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student ...)
+ TODO: check
+CVE-2014-1635
+ RESERVED
+CVE-2014-1634
+ RESERVED
+CVE-2014-1633
+ RESERVED
+CVE-2014-1632
+ RESERVED
+CVE-2014-1631
+ RESERVED
+CVE-2014-1630
+ RESERVED
+CVE-2014-1629
+ RESERVED
+CVE-2014-1628
+ RESERVED
+CVE-2014-1627
+ RESERVED
+CVE-2014-1625
+ RESERVED
+CVE-2014-1623
+ RESERVED
+CVE-2014-1622
+ RESERVED
+CVE-2014-1621
+ RESERVED
+CVE-2014-1620 (Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX ...)
+ TODO: check
+CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and ...)
+ TODO: check
+CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script ...)
+ TODO: check
+CVE-2014-1617
+ RESERVED
+CVE-2014-1616
+ RESERVED
+CVE-2014-1615
+ RESERVED
+CVE-2014-1614
+ RESERVED
+CVE-2014-1613
+ RESERVED
+CVE-2014-1612
+ RESERVED
+CVE-2014-1610
+ RESERVED
+CVE-2014-1609
+ RESERVED
+CVE-2014-1608
+ RESERVED
+CVE-2014-1607
+ RESERVED
+CVE-2014-1606
+ RESERVED
+CVE-2014-1605
+ RESERVED
+CVE-2014-1603
+ RESERVED
+CVE-2014-1602
+ RESERVED
+CVE-2014-1601
+ RESERVED
+CVE-2014-1600
+ RESERVED
+CVE-2014-1599
+ RESERVED
+CVE-2014-1598
+ RESERVED
+CVE-2014-1597
+ RESERVED
+CVE-2014-1596
+ RESERVED
+CVE-2014-1595
+ RESERVED
+CVE-2014-1594
+ RESERVED
+CVE-2014-1593
+ RESERVED
+CVE-2014-1592
+ RESERVED
+CVE-2014-1591
+ RESERVED
+CVE-2014-1590
+ RESERVED
+CVE-2014-1589
+ RESERVED
+CVE-2014-1588
+ RESERVED
+CVE-2014-1587
+ RESERVED
+CVE-2014-1586
+ RESERVED
+CVE-2014-1585
+ RESERVED
+CVE-2014-1584
+ RESERVED
+CVE-2014-1583
+ RESERVED
+CVE-2014-1582
+ RESERVED
+CVE-2014-1581
+ RESERVED
+CVE-2014-1580
+ RESERVED
+CVE-2014-1579
+ RESERVED
+CVE-2014-1578
+ RESERVED
+CVE-2014-1577
+ RESERVED
+CVE-2014-1576
+ RESERVED
+CVE-2014-1575
+ RESERVED
+CVE-2014-1574
+ RESERVED
+CVE-2014-1573
+ RESERVED
+CVE-2014-1572
+ RESERVED
+CVE-2014-1571
+ RESERVED
+CVE-2014-1570
+ RESERVED
+CVE-2014-1569
+ RESERVED
+CVE-2014-1568
+ RESERVED
+CVE-2014-1567
+ RESERVED
+CVE-2014-1566
+ RESERVED
+CVE-2014-1565
+ RESERVED
+CVE-2014-1564
+ RESERVED
+CVE-2014-1563
+ RESERVED
+CVE-2014-1562
+ RESERVED
+CVE-2014-1561
+ RESERVED
+CVE-2014-1560
+ RESERVED
+CVE-2014-1559
+ RESERVED
+CVE-2014-1558
+ RESERVED
+CVE-2014-1557
+ RESERVED
+CVE-2014-1556
+ RESERVED
+CVE-2014-1555
+ RESERVED
+CVE-2014-1554
+ RESERVED
+CVE-2014-1553
+ RESERVED
+CVE-2014-1552
+ RESERVED
+CVE-2014-1551
+ RESERVED
+CVE-2014-1550
+ RESERVED
+CVE-2014-1549
+ RESERVED
+CVE-2014-1548
+ RESERVED
+CVE-2014-1547
+ RESERVED
+CVE-2014-1546
+ RESERVED
+CVE-2014-1545
+ RESERVED
+CVE-2014-1544
+ RESERVED
+CVE-2014-1543
+ RESERVED
+CVE-2014-1542
+ RESERVED
+CVE-2014-1541
+ RESERVED
+CVE-2014-1540
+ RESERVED
+CVE-2014-1539
+ RESERVED
+CVE-2014-1538
+ RESERVED
+CVE-2014-1537
+ RESERVED
+CVE-2014-1536
+ RESERVED
+CVE-2014-1535
+ RESERVED
+CVE-2014-1534
+ RESERVED
+CVE-2014-1533
+ RESERVED
+CVE-2014-1532
+ RESERVED
+CVE-2014-1531
+ RESERVED
+CVE-2014-1530
+ RESERVED
+CVE-2014-1529
+ RESERVED
+CVE-2014-1528
+ RESERVED
+CVE-2014-1527
+ RESERVED
+CVE-2014-1526
+ RESERVED
+CVE-2014-1525
+ RESERVED
+CVE-2014-1524
+ RESERVED
+CVE-2014-1523
+ RESERVED
+CVE-2014-1522
+ RESERVED
+CVE-2014-1521
+ RESERVED
+CVE-2014-1520
+ RESERVED
+CVE-2014-1519
+ RESERVED
+CVE-2014-1518
+ RESERVED
+CVE-2014-1517
+ RESERVED
+CVE-2014-1516
+ RESERVED
+CVE-2014-1515
+ RESERVED
+CVE-2014-1514
+ RESERVED
+CVE-2014-1513
+ RESERVED
+CVE-2014-1512
+ RESERVED
+CVE-2014-1511
+ RESERVED
+CVE-2014-1510
+ RESERVED
+CVE-2014-1509
+ RESERVED
+CVE-2014-1508
+ RESERVED
+CVE-2014-1507
+ RESERVED
+CVE-2014-1506
+ RESERVED
+CVE-2014-1505
+ RESERVED
+CVE-2014-1504
+ RESERVED
+CVE-2014-1503
+ RESERVED
+CVE-2014-1502
+ RESERVED
+CVE-2014-1501
+ RESERVED
+CVE-2014-1500
+ RESERVED
+CVE-2014-1499
+ RESERVED
+CVE-2014-1498
+ RESERVED
+CVE-2014-1497
+ RESERVED
+CVE-2014-1496
+ RESERVED
+CVE-2014-1495
+ RESERVED
+CVE-2014-1494
+ RESERVED
+CVE-2014-1493
+ RESERVED
+CVE-2014-1492
+ RESERVED
+CVE-2014-1491
+ RESERVED
+CVE-2014-1490
+ RESERVED
+CVE-2014-1489
+ RESERVED
+CVE-2014-1488
+ RESERVED
+CVE-2014-1487
+ RESERVED
+CVE-2014-1486
+ RESERVED
+CVE-2014-1485
+ RESERVED
+CVE-2014-1484
+ RESERVED
+CVE-2014-1483
+ RESERVED
+CVE-2014-1482
+ RESERVED
+CVE-2014-1481
+ RESERVED
+CVE-2014-1480
+ RESERVED
+CVE-2014-1479
+ RESERVED
+CVE-2014-1478
+ RESERVED
+CVE-2014-1477
+ RESERVED
+CVE-2014-1474
+ RESERVED
+CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...)
+ TODO: check
+CVE-2013-7304 (Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does ...)
+ TODO: check
+CVE-2013-7297
+ RESERVED
+CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a ...)
+ TODO: check
+CVE-2012-6635 (wp-admin/includes/class-wp-posts-list-table.php in WordPress before ...)
+ TODO: check
+CVE-2012-6634 (wp-admin/media-upload.php in WordPress before 3.3.3 allows remote ...)
+ TODO: check
+CVE-2012-6633 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-6621 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
+ TODO: check
+CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks ...)
+ TODO: check
+CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
+ TODO: check
+CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, ...)
+ TODO: check
+CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a ...)
+ TODO: check
+CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in ...)
+ TODO: check
+CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...)
+ TODO: check
CVE-2014-XXXX [Possible remote code execution on horde3]
- horde3 <unfixed>
CVE-2014-1642 [xen: XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup]
@@ -6,26 +354,33 @@
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
CVE-2014-1640
+ RESERVED
- axiom <unfixed> (low; bug #736358)
[squeeze] - axiom <no-dsa> (Minor issue)
[wheezy] - axiom <no-dsa> (Minor issue)
CVE-2014-1639
+ RESERVED
- syncevolution <unfixed> (unimportant; bug #736357)
NOTE: Only exploitable during build time
CVE-2014-1638
+ RESERVED
- localepurge <unfixed> (bug #736359)
[squeeze] - localepurge <no-dsa> (Minor issue)
[wheezy] - localepurge <no-dsa> (Minor issue)
CVE-2014-1626 [XXE vulnerability]
+ RESERVED
- libmarc-xml-perl 1.0.2-1 (bug #736275)
NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
CVE-2014-1624 [insecure use of /tmp]
+ RESERVED
- pyxdg <unfixed> (low; bug #736247)
[squeeze] - pyxdg <no-dsa> (Minor issue)
[wheezy] - pyxdg <no-dsa> (Minor issue)
CVE-2014-1611
+ RESERVED
NOT-FOR-US: Drupal contrib
CVE-2014-1604 [insecure use of /tmp]
+ RESERVED
- python-rply 0.7.1-1
NOTE: https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand
CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -70,8 +425,8 @@
RESERVED
CVE-2014-1453
RESERVED
-CVE-2014-1452
- RESERVED
+CVE-2014-1452 (Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in ...)
+ TODO: check
CVE-2014-1451
RESERVED
CVE-2014-1450
@@ -145,26 +500,33 @@
CVE-2014-1410
RESERVED
CVE-2013-7303 [cross-site scripting]
+ RESERVED
- spip 3.0.13-1 (bug #736170)
[wheezy] - spip <no-dsa> (Minor issue)
[squeeze] - spip <no-dsa> (Minor issue)
CVE-2013-7302
+ RESERVED
NOT-FOR-US: Drupal contrib
CVE-2013-7301 [external network interface is used with no access control for reading queued music files]
+ RESERVED
- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7300 [absolute path traversal vulnerability]
+ RESERVED
- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7299 [tntnet: denial of service]
+ RESERVED
- tntnet <unfixed> (low; bug #735881)
[wheezy] - tntnet <no-dsa> (Minor issue)
[squeeze] - tntnet <no-dsa> (Minor issue)
CVE-2013-7298 [cxxtools: denial of service]
+ RESERVED
- cxxtools 2.2.1-1 (low; bug #735880)
[wheezy] - cxxtools <no-dsa> (Minor issue)
[squeeze] - cxxtools <no-dsa> (Minor issue)
CVE-2013-7296 [DoS]
+ RESERVED
- poppler <not-affected> (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41)
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee
NOTE: https://bugs.kde.org/show_bug.cgi?id=328511
@@ -173,31 +535,29 @@
CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on ...)
NOT-FOR-US: ASUS router
CVE-2014-1476 [Access bypass in Taxonomy module]
+ RESERVED
{DSA-2847-1}
- drupal6 <unfixed>
- drupal7 7.26-1
CVE-2014-1475 [Impersonation]
+ RESERVED
{DSA-2847-1}
- drupal6 <unfixed>
- drupal7 7.26-1
-CVE-2014-1446
- RESERVED
+CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux ...)
- linux 3.12.8-1 (low)
- linux-2.6 <removed> (low)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed
NOTE: Fix contained in v3.13-rc7
-CVE-2014-1445
- RESERVED
+CVE-2014-1445 (The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux ...)
- linux 3.12.6-1 (low)
- linux-2.6 <removed> (low)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1
-CVE-2014-1444
- RESERVED
+CVE-2014-1444 (The fst_get_iface function in drivers/net/wan/farsync.c in the Linux ...)
- linux 3.12.6-1 (low)
- linux-2.6 <removed> (low)
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=96b340406724d87e4621284ebac5e059d67b2194
-CVE-2014-1438 [missing CPU-state sanitation during task-switch causes DOS / privilege escalation]
- RESERVED
+CVE-2014-1438 (The restore_fpu_checking function in ...)
- linux 3.12.8-1 (bug #733551)
- linux-2.6 <removed>
NOTE: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
@@ -582,18 +942,15 @@
RESERVED
CVE-2014-1212
RESERVED
-CVE-2014-1211
- RESERVED
+CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud ...)
NOT-FOR-US: VMWare
CVE-2014-1210
RESERVED
CVE-2014-1209
RESERVED
-CVE-2014-1208
- RESERVED
+CVE-2014-1208 (VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, ...)
NOT-FOR-US: VMWare
-CVE-2014-1207
- RESERVED
+CVE-2014-1207 (VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers ...)
NOT-FOR-US: VMWare
CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open Web ...)
TODO: check
@@ -741,8 +1098,7 @@
CVE-2014-1203
RESERVED
NOT-FOR-US: Eyou Mail System
-CVE-2014-0979 [greeter crashes on empty username]
- RESERVED
+CVE-2014-0979 (The start_authentication function in lightdm-gtk-greeter.c in LightDM ...)
- lightdm-gtk-greeter 1.6.1-5 (bug #734472)
NOTE: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=857303
@@ -1082,12 +1438,12 @@
RESERVED
CVE-2014-0809
RESERVED
-CVE-2014-0808
- RESERVED
-CVE-2014-0807
- RESERVED
-CVE-2014-0806
- RESERVED
+CVE-2014-0808 (The lfCheckError function in ...)
+ TODO: check
+CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
+ TODO: check
+CVE-2014-0806 (The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile ...)
+ TODO: check
CVE-2014-0805 (Directory traversal vulnerability in the NeoFiler application 5.4.3 ...)
NOT-FOR-US: NeoFiler
CVE-2014-0804 (Directory traversal vulnerability in the CGENE Security File Manager ...)
@@ -1114,8 +1470,8 @@
RESERVED
CVE-2014-0793
RESERVED
-CVE-2014-0792
- RESERVED
+CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to ...)
+ TODO: check
CVE-2014-0790
RESERVED
CVE-2013-7288 (Cross-site scripting (XSS) vulnerability in the mycode_parse_video ...)
@@ -1256,8 +1612,8 @@
RESERVED
CVE-2014-0754
RESERVED
-CVE-2014-0753
- RESERVED
+CVE-2014-0753 (Stack-based buffer overflow in the SCADA server in Ecava IntegraXor ...)
+ TODO: check
CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2014-0751
@@ -1408,32 +1764,29 @@
RESERVED
CVE-2014-0678
RESERVED
-CVE-2014-0677
- RESERVED
-CVE-2014-0676
- RESERVED
-CVE-2014-0675
- RESERVED
+CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS ...)
+ TODO: check
+CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command ...)
+ TODO: check
+CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication ...)
+ TODO: check
CVE-2014-0674
RESERVED
CVE-2014-0673
RESERVED
-CVE-2014-0672
- RESERVED
-CVE-2014-0671
- RESERVED
-CVE-2014-0670
- RESERVED
-CVE-2014-0669
- RESERVED
-CVE-2014-0668
- RESERVED
+CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly ...)
+ TODO: check
+CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote ...)
+ TODO: check
+CVE-2014-0670 (Cross-site scripting (XSS) vulnerability in the Search and Play ...)
+ TODO: check
+CVE-2014-0669 (The Wireless Session Protocol (WSP) feature in the Gateway GPRS ...)
+ TODO: check
+CVE-2014-0668 (Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure ...)
NOT-FOR-US: Cisco Secure Access Control System
-CVE-2014-0667
- RESERVED
+CVE-2014-0667 (The RMI interface in Cisco Secure Access Control System (ACS) does not ...)
NOT-FOR-US: Cisco Secure Access Control System
-CVE-2014-0666
- RESERVED
+CVE-2014-0666 (Directory traversal vulnerability in the Send Screen Capture ...)
NOT-FOR-US: Cisco Jabber
CVE-2014-0665 (The RBAC implementation in Cisco Identity Services Engine (ISE) ...)
NOT-FOR-US: Cisco Identity Services Engine
@@ -1441,14 +1794,11 @@
NOT-FOR-US: Cisco Unity Connection
CVE-2014-0663 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
NOT-FOR-US: Cisco Secure Access Control System
-CVE-2014-0662
- RESERVED
+CVE-2014-0662 (The SIP module in Cisco TelePresence Video Communication Server (VCS) ...)
NOT-FOR-US: Cisco TelePresence
-CVE-2014-0661
- RESERVED
+CVE-2014-0661 (The System Status Collection Daemon (SSCD) in Cisco TelePresence ...)
NOT-FOR-US: Cisco TelePresence
-CVE-2014-0660
- RESERVED
+CVE-2014-0660 (Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows ...)
NOT-FOR-US: Cisco TelePresence
CVE-2014-0659 (The Cisco WAP4410N access point with firmware through 2.0.6.1, ...)
NOT-FOR-US: Cisco Small Business Devices
@@ -1468,14 +1818,11 @@
NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0651 (The administrative interface in Cisco Context Directory Agent (CDA) ...)
NOT-FOR-US: Cisco Context Directory Agent
-CVE-2014-0650
- RESERVED
+CVE-2014-0650 (The web interface in Cisco Secure Access Control System (ACS) 5.x ...)
NOT-FOR-US: Cisco Secure ACS RMI
-CVE-2014-0649
- RESERVED
+CVE-2014-0649 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x ...)
NOT-FOR-US: Cisco Secure ACS RMI
-CVE-2014-0648
- RESERVED
+CVE-2014-0648 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x ...)
NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0647
RESERVED
@@ -1576,8 +1923,7 @@
RESERVED
CVE-2013-7244
RESERVED
-CVE-2013-7243
- RESERVED
+CVE-2013-7243 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
NOT-FOR-US: GetSimple CMS
CVE-2013-7238
RESERVED
@@ -1673,8 +2019,8 @@
RESERVED
CVE-2013-7226
RESERVED
-CVE-2013-7219
- RESERVED
+CVE-2013-7219 (SQL injection vulnerability in vote.php in the 2Glux Sexy Polling ...)
+ TODO: check
CVE-2013-7218
RESERVED
CVE-2013-7217 (Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and ...)
@@ -1701,8 +2047,8 @@
RESERVED
CVE-2013-7206
RESERVED
-CVE-2013-7204
- RESERVED
+CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in set_users.cgi in ...)
+ TODO: check
CVE-2013-7202
RESERVED
CVE-2013-7201
@@ -2143,7 +2489,7 @@
CVE-2014-0438 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0437 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mariadb-5.5 <unfixed>
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
@@ -2166,7 +2512,7 @@
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0429
RESERVED
-CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
+CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2014-0427 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -2182,12 +2528,13 @@
CVE-2014-0423 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
-CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
+CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2014-0421
RESERVED
CVE-2014-0420 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
+ {DSA-2848-1}
- mariadb-5.5 <unfixed>
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
@@ -2199,7 +2546,7 @@
CVE-2014-0417 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2014-0416 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
+CVE-2014-0416 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2014-0415 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
@@ -2210,7 +2557,7 @@
CVE-2014-0413
RESERVED
CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mariadb-5.5 <unfixed>
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
@@ -2243,11 +2590,11 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0402 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
CVE-2014-0401 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mariadb-5.5 <unfixed>
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
@@ -2266,7 +2613,7 @@
CVE-2014-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0393 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
CVE-2014-0392 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
@@ -2283,7 +2630,7 @@
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0386 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
CVE-2014-0385 (Unspecified vulnerability in Oracle Java SE 7u45, when installing on ...)
@@ -2306,7 +2653,7 @@
NOT-FOR-US: Oracle Database Server
CVE-2014-0377 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
NOT-FOR-US: Oracle Database Server
-CVE-2014-0376 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
+CVE-2014-0376 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2014-0375 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
@@ -2314,7 +2661,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0374 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2014-0373 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 ...)
+CVE-2014-0373 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2014-0372 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
@@ -2671,8 +3018,7 @@
{DSA-2834-1}
- typo3-src 4.5.32+dfsg1-1 (bug #731999)
NOTE: https://review.typo3.org/#/c/26179/
-CVE-2013-7078 [Cross-Site Scripting]
- RESERVED
+CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...)
{DSA-2834-1}
- typo3-src 4.5.32+dfsg1-1 (bug #731999)
NOTE: https://review.typo3.org/#/c/26176/
@@ -3115,8 +3461,8 @@
RESERVED
CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate ...)
NOT-FOR-US: Seagate BlackArmor NAS 220 devices
-CVE-2013-6922
- RESERVED
+CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2013-6921
RESERVED
CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in ...)
@@ -3765,25 +4111,21 @@
NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
CVE-2014-0011
RESERVED
-CVE-2014-0010 [Cross-site request forgery vulnerability in profile fields]
- RESERVED
+CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- moodle 2.5.4-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
TODO: check which versions affected, sesskey seems checked in oldstable?
-CVE-2014-0009 [Group constraints lacking in "login as"]
- RESERVED
+CVE-2014-0009 (course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, ...)
- moodle 2.5.4-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
-CVE-2014-0008 [Config passwords visibility issue]
- RESERVED
+CVE-2014-0008 (lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x ...)
- moodle 2.5.4-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
CVE-2014-0007
RESERVED
-CVE-2014-0006 [Use constant time comparison in tempURL]
- RESERVED
+CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 ...)
- swift 1.11.0-2 (bug #735582)
CVE-2014-0005
RESERVED
@@ -3903,8 +4245,8 @@
NOT-FOR-US: Vortex Light Alloy
CVE-2013-6873 (SQL injection vulnerability in Testa Online Test Management System ...)
NOT-FOR-US: Testa Online Test Management System
-CVE-2013-6872
- RESERVED
+CVE-2013-6872 (SQL injection vulnerability in managetimetracker.php in Collabtive ...)
+ TODO: check
CVE-2013-6871
RESERVED
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
@@ -4039,7 +4381,7 @@
NOT-FOR-US: Tftpd32
CVE-2013-6808 (Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ...)
NOT-FOR-US: ZendTo
-CVE-2012-6607 (The transform_save function in transform_save in Augeas before 1.0.0 ...)
+CVE-2012-6607 (The transform_save function in transform.c in Augeas before 1.0.0 ...)
- augeas 1.0.0-1 (low)
[squeeze] - augeas <no-dsa> (Minor issue)
[wheezy] - augeas <no-dsa> (Minor issue)
@@ -4114,8 +4456,8 @@
NOT-FOR-US: Bitrix Site Manager
CVE-2013-6787 (SQL injection vulnerability in the check_user_password function in ...)
NOT-FOR-US: Chamilo LMS
-CVE-2013-6786
- RESERVED
+CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before ...)
+ TODO: check
CVE-2013-6785
RESERVED
CVE-2013-6784
@@ -4193,8 +4535,8 @@
RESERVED
CVE-2013-6747
RESERVED
-CVE-2013-6746
- RESERVED
+CVE-2013-6746 (Cross-site scripting (XSS) vulnerability in FileNet P8 Platform ...)
+ TODO: check
CVE-2013-6745 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
NOT-FOR-US: IBM
CVE-2013-6744
@@ -4235,8 +4577,7 @@
RESERVED
CVE-2013-6726
RESERVED
-CVE-2013-6725
- RESERVED
+CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-6724
RESERVED
@@ -4314,8 +4655,7 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6688 (Directory traversal vulnerability in the license-upload interface in ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2013-6687
- RESERVED
+CVE-2013-6687 (The web portal in the Enterprise License Manager component in Cisco ...)
NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows ...)
NOT-FOR-US: Cisco IOS
@@ -4824,7 +5164,7 @@
CVE-2013-6489
RESERVED
CVE-2013-6488
- RESERVED
+ REJECTED
NOTE: duplicate of CVE-2013-0328
CVE-2013-6487
RESERVED
@@ -4949,11 +5289,9 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045363
NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ca98926
NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2b
-CVE-2013-6448
- RESERVED
+CVE-2013-6448 (The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 ...)
NOT-FOR-US: JBoss Seam
-CVE-2013-6447
- RESERVED
+CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) ...)
NOT-FOR-US: JBoss Seam
CVE-2013-6446
RESERVED
@@ -4965,8 +5303,7 @@
[squeeze] - pywbem <no-dsa> (Minor issue)
[wheezy] - pywbem <no-dsa> (Minor issue)
NOTE: Fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
-CVE-2013-6443
- RESERVED
+CVE-2013-6443 (CloudForms 3.0 Management Engine before 5.2.1.6 allows remote ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-6442
RESERVED
@@ -5027,12 +5364,10 @@
CVE-2013-6426 (The cloudformation-compatible API in OpenStack Orchestration API ...)
- heat 2013.2.1-1 (bug #732033)
NOTE: https://launchpad.net/bugs/1256049
-CVE-2013-6425
- RESERVED
+CVE-2013-6425 (Integer underflow in the pixman_trapezoid_valid macro in pixman.h in ...)
{DSA-2823-1}
- pixman 0.30.2-2
-CVE-2013-6424
- RESERVED
+CVE-2013-6424 (Integer underflow in the xTrapezoidValid macro in render/picture.h in ...)
{DSA-2822-1}
- xorg-server <unfixed>
CVE-2013-6423
@@ -5086,8 +5421,7 @@
RESERVED
- unrealircd <itp> (bug #515130)
NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221
-CVE-2013-6412 [incorrect permissions set on newly created files]
- RESERVED
+CVE-2013-6412 (The transform_save function in transform.c in Augeas 1.0.0 through ...)
- augeas <unfixed> (bug #731111)
[wheezy] - augeas <not-affected> (Affected patch not present/applied)
[squeeze] - augeas <not-affected> (Affected patch not present/applied)
@@ -5283,8 +5617,8 @@
NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6344 (The ZCC page in Novell ZENworks Configuration Management (ZCM) before ...)
NOT-FOR-US: Novell ZENworks Configuration Management
-CVE-2013-6343
- RESERVED
+CVE-2013-6343 (Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and ...)
+ TODO: check
CVE-2013-6342 (Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin ...)
NOT-FOR-US: Tweet Blender plugin for WP
CVE-2013-6341 (SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows ...)
@@ -5340,8 +5674,7 @@
RESERVED
CVE-2013-6331
RESERVED
-CVE-2013-6330
- RESERVED
+CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager ...)
NOT-FOR-US: IBM Global Security Kit
@@ -5351,8 +5684,8 @@
NOT-FOR-US: IBM
CVE-2013-6326
RESERVED
-CVE-2013-6325
- RESERVED
+CVE-2013-6325 (IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before ...)
+ TODO: check
CVE-2013-6324
RESERVED
CVE-2013-6323
@@ -5391,8 +5724,8 @@
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-6306
RESERVED
-CVE-2013-6305
- RESERVED
+CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
+ TODO: check
CVE-2013-6304
RESERVED
CVE-2013-6303
@@ -5970,8 +6303,7 @@
NOT-FOR-US: Softaculous Webuzo
CVE-2013-6041
RESERVED
-CVE-2013-6040
- RESERVED
+CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...)
NOT-FOR-US: MW6 Technologies
CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...)
NOT-FOR-US: NagiosQL
@@ -6077,13 +6409,12 @@
RESERVED
CVE-2013-5988
RESERVED
-CVE-2013-5987 [NVIDIA Graphics Drivers Unspecified Local Privilege Escalation]
- RESERVED
+CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
- nvidia-graphics-drivers 319.72-1
[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
-CVE-2013-5986
- RESERVED
+CVE-2013-5986 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
+ TODO: check
CVE-2013-5985
RESERVED
CVE-2013-5984
@@ -6247,7 +6578,7 @@
CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5908 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- {DSA-2845-1}
+ {DSA-2848-1 DSA-2845-1}
- mariadb-5.5 <unfixed>
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <removed>
@@ -6296,6 +6627,7 @@
- virtualbox-ose <removed>
- virtualbox <unfixed> (bug #735410)
CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
+ {DSA-2848-1}
- mysql-5.5 5.5.35+dfsg-1
- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
CVE-2013-5890 (Unspecified vulnerability in the Oracle Payroll component in Oracle ...)
@@ -6328,7 +6660,7 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5879 (Unspecified vulnerability in the Oracle Outside In Technology ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-5878 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, and Java SE ...)
+CVE-2013-5878 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 7u51-2.4.4-1
CVE-2013-5877 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
@@ -6872,27 +7204,27 @@
RESERVED
CVE-2013-5656
RESERVED
-CVE-2012-6632
+CVE-2012-6632 (Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill ...)
NOT-FOR-US: Vessio NetBill
-CVE-2012-6631
+CVE-2012-6631 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
-CVE-2012-6630
+CVE-2012-6630 (Multiple cross-site scripting (XSS) vulnerabilities in the Media ...)
NOT-FOR-US: WordPress plugin Media Library Categories
-CVE-2012-6629
+CVE-2012-6629 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
TODO: check
-CVE-2012-6628
+CVE-2012-6628 (Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter ...)
NOT-FOR-US: WordPress plugin Newsletter Manager
-CVE-2012-6627
+CVE-2012-6627 (Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the ...)
TODO: check
-CVE-2012-6626
+CVE-2012-6626 (SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows ...)
NOT-FOR-US: b2ePMS
-CVE-2012-6625
+CVE-2012-6625 (SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress ...)
TODO: check
-CVE-2012-6624
+CVE-2012-6624 (Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold ...)
NOT-FOR-US: WordPress plugin SoundCloud Is Gold
-CVE-2012-6623
+CVE-2012-6623 (Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php ...)
TODO: check
-CVE-2012-6622
+CVE-2012-6622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: WordPress plugin ForumPress WP Forum Server
CVE-2012-6606 (Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does ...)
NOT-FOR-US: alo Alto Networks GlobalProtect
@@ -7571,8 +7903,8 @@
NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-5430 (The Jazz Team Server component in IBM Security AppScan Enterprise 8.x ...)
NOT-FOR-US: IBM Security AppScan Enterprise
-CVE-2013-5429
- RESERVED
+CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Identity ...)
+ TODO: check
CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...)
NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
CVE-2013-5427
@@ -8736,8 +9068,8 @@
- nmap 6.40-0.1 (low; bug #719289)
[squeeze] - nmap <not-affected> (Vulnerable code not present)
[wheezy] - nmap 6.00-0.3+deb7u1
-CVE-2013-4884
- RESERVED
+CVE-2013-4884 (Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 ...)
+ TODO: check
CVE-2013-5217
REJECTED
CVE-2013-4890 (The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote ...)
@@ -10139,8 +10471,7 @@
NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...)
- x2goserver <itp> (bug #465821)
-CVE-2013-4375 [qemu disk backend (qdisk) resource leak]
- RESERVED
+CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before ...)
- xen 4.2
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
@@ -10652,8 +10983,7 @@
{DSA-2744-1}
- tiff 4.0.3-2 (bug #719303)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
-CVE-2013-4231 [Stack-based buffer overflow]
- RESERVED
+CVE-2013-4231 (Multiple buffer overflows in libtiff before 4.0.3 allow remote ...)
{DSA-2744-1}
- tiff 4.0.3-2 (bug #719303)
- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
@@ -10759,8 +11089,7 @@
CVE-2013-4201 [Katello: CLI - user without access can call "system remove_deletion" command]
RESERVED
NOT-FOR-US: Katello
-CVE-2013-4200 [plone: Forwarding of cookie data (session hijack) in certain browsers (in_portal.py)]
- RESERVED
+CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone ...)
NOT-FOR-US: Plone
CVE-2013-4199 [plone: DoS by decompressing large zip archives (cb_decode.py, linkintegrity.py)]
RESERVED
@@ -10877,8 +11206,7 @@
CVE-2013-4161
RESERVED
- gksu-polkit <not-affected> (CVE for improperly applied fix for CVE-2012-5617 on Red Hat)
-CVE-2013-4160
- RESERVED
+CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...)
- lcms <unfixed> (low; bug #728208)
[squeeze] - lcms <no-dsa> (Minor issue)
[wheezy] - lcms <no-dsa> (Minor issue)
@@ -11277,8 +11605,8 @@
NOT-FOR-US: IBM
CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
NOT-FOR-US: IBM BladeCenter
-CVE-2013-4030
- RESERVED
+CVE-2013-4030 (Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X ...)
+ TODO: check
CVE-2013-4029
RESERVED
CVE-2013-4028
@@ -12007,15 +12335,15 @@
RESERVED
NOT-FOR-US: Open Build Service
CVE-2013-3702
- RESERVED
+ REJECTED
CVE-2013-3701
- RESERVED
+ REJECTED
CVE-2013-3700
RESERVED
CVE-2013-3699
- RESERVED
+ REJECTED
CVE-2013-3698
- RESERVED
+ REJECTED
CVE-2013-3697 (Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell ...)
NOT-FOR-US: Novell Client on Windows
CVE-2013-3696
@@ -12234,8 +12562,8 @@
NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3607 (Multiple stack-based buffer overflows in the web interface in the ...)
NOT-FOR-US: Intelligent Platform Management Interface
-CVE-2013-3606
- RESERVED
+CVE-2013-3606 (The login page in the GoAhead web server on Dell PowerConnect 3348 ...)
+ TODO: check
CVE-2013-3605 (Cross-site request forgery (CSRF) vulnerability in Coursemill Learning ...)
NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3604 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
@@ -12256,10 +12584,10 @@
NOT-FOR-US: SearchBlox
CVE-2013-3596 (AdvancePro Advanceware allows remote authenticated users to obtain ...)
NOT-FOR-US: AdvancePro Advanceware
-CVE-2013-3595
- RESERVED
-CVE-2013-3594
- RESERVED
+CVE-2013-3595 (The OpenManage web application 2.5 build 1.19 on Dell PowerConnect ...)
+ TODO: check
+CVE-2013-3594 (The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and ...)
+ TODO: check
CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) ...)
NOT-FOR-US: Baramundi Management Suite
CVE-2013-3592
@@ -12517,10 +12845,10 @@
NOT-FOR-US: Soda PDF
CVE-2013-3484
RESERVED
-CVE-2013-3483
- RESERVED
-CVE-2013-3482
- RESERVED
+CVE-2013-3483 (Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER ...)
+ TODO: check
+CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ...)
+ TODO: check
CVE-2013-3481
RESERVED
CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers ...)
@@ -14268,8 +14596,8 @@
NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the ...)
NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
-CVE-2013-2750
- RESERVED
+CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2013-2749
REJECTED
CVE-2013-2748
@@ -14616,8 +14944,8 @@
CVE-2013-2595
RESERVED
NOT-FOR-US: Qualcomm MSM Camera driver
-CVE-2013-2594
- RESERVED
+CVE-2013-2594 (SQL injection vulnerability in reports/calldiary.php in Hornbill ...)
+ TODO: check
CVE-2013-2593
RESERVED
CVE-2013-2592
@@ -15821,8 +16149,7 @@
CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red ...)
{DSA-2827-1}
- libcommons-fileupload-java 1.3-2.1 (bug #726601)
-CVE-2013-2185 [tomcat: arbitrary file upload via deserialization]
- RESERVED
+CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
@@ -15874,9 +16201,9 @@
- kfreebsd-9 9.0-12 (bug #712664)
- kfreebsd-8 <not-affected> (Only affects 9.x)
CVE-2013-2170
- RESERVED
+ REJECTED
CVE-2013-2169
- RESERVED
+ REJECTED
CVE-2013-2168 (The _dbus_printf_string_upper_bound function in ...)
{DSA-2707-1}
- dbus 1.6.12-1
@@ -15930,11 +16257,9 @@
CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ...)
{DSA-2710-1}
- xml-security-c 1.6.1-6
-CVE-2013-2152 [rhevm: spice service unquoted search path]
- RESERVED
+CVE-2013-2152 (Unquoted Windows search path vulnerability in the SPICE service, as ...)
NOT-FOR-US: Spice service for Windows
-CVE-2013-2151 [rhevm: rhev agent service unquoted search path]
- RESERVED
+CVE-2013-2151 (Unquoted Windows search path vulnerability in Red Hat Enterprise ...)
NOT-FOR-US: RHEV Agent for Windows
CVE-2013-2150 [XSS vulnerability in js/viewer.js]
RESERVED
@@ -15962,8 +16287,7 @@
NOT-FOR-US: RHEV Manager
CVE-2013-2143
RESERVED
-CVE-2013-2142 [libimobiledevice: insecure tmp use]
- RESERVED
+CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME ...)
- libimobiledevice 1.1.5-0.1 (low; bug #710885)
[squeeze] - libimobiledevice <no-dsa> (Minor issue)
[wheezy] - libimobiledevice <no-dsa> (Minor issue)
@@ -16103,8 +16427,7 @@
CVE-2013-2105
RESERVED
NOT-FOR-US: Show In Browser Ruby Gem
-CVE-2013-2104 [Missing expiration check in Keystone PKI tokens validation]
- RESERVED
+CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone ...)
- keystone <not-affected> (Vulnerable code only in experimental versions of keystone)
[wheezy] - keystone <not-affected> (PKI token support not yet present)
- python-keystoneclient 1:0.2.5-1
@@ -16344,8 +16667,7 @@
[wheezy] - gpsd 3.6-4+deb7u1
[squeeze] - gpsd <no-dsa> (Minor issue)
NOTE: http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
-CVE-2013-2037 [httplib2: SSL cert incorrect error handling]
- RESERVED
+CVE-2013-2037 (httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, ...)
- python-httplib2 0.8-2 (low; bug #706602)
[squeeze] - python-httplib2 <no-dsa> (Minor issue)
[wheezy] - python-httplib2 0.7.4-2+deb7u1
@@ -16740,8 +17062,7 @@
CVE-2013-1924
RESERVED
NOT-FOR-US: Commerce Skrill Drupal module
-CVE-2013-1923 [rpc.gssd is vulnerable to DNS spoofing]
- RESERVED
+CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...)
- nfs-utils 1:1.2.8-1 (low; bug #707401)
[squeeze] - nfs-utils <no-dsa> (Minor issue)
[wheezy] - nfs-utils 1:1.2.6-4
@@ -17261,8 +17582,7 @@
- ganglia-web 3.5.8-3 (bug #700159)
NOTE: ganglia-web only in experimental, security-tracker does not handle experimental versions
NOTE: Upstream non-verified fix https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6
-CVE-2013-1769 [Crashes when trying to hash caps containing pathological data forms]
- RESERVED
+CVE-2013-1769 (A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 ...)
- telepathy-gabble 0.16.5-1 (low; bug #702252)
[squeeze] - telepathy-gabble <no-dsa> (Minor issue)
CVE-2013-1768 (The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and ...)
@@ -17368,8 +17688,7 @@
CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...)
- nss 2:3.15.3-1 (bug #735105)
NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
-CVE-2013-1740 [false start PR_Recv information disclosure security issue]
- RESERVED
+CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla ...)
- nss 2:3.15.4-1
NOTE: oldstable might not be affected, introduced in 3.12.9?
NOTE: See: https://bugzilla.redhat.com/show_bug.cgi?id=1053725#c8
@@ -18483,8 +18802,7 @@
[wheezy] - libkdcraw <no-dsa> (Minor issue)
- darktable 1.2.2-2 (bug #721339)
[wheezy] - darktable 1.0.4-1+deb7u2
-CVE-2013-1438 [dcraw: multiple DoS]
- RESERVED
+CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...)
{DSA-2748-1}
- libraw 0.15.4-1 (bug #721231)
[wheezy] - libraw <no-dsa> (Minor issue)
@@ -18743,8 +19061,8 @@
CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In ...)
- nagios-nrpe 2.13-3 (low; bug #701227)
[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
-CVE-2013-1361
- RESERVED
+CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with ...)
+ TODO: check
CVE-2013-1360
RESERVED
CVE-2013-1359
@@ -21084,8 +21402,8 @@
NOT-FOR-US: IBM Domino
CVE-2013-0486 (Memory leak in the HTTP server in IBM Domino 8.5.x allows remote ...)
NOT-FOR-US: IBM Domino
-CVE-2013-0485
- RESERVED
+CVE-2013-0485 (Unspecified vulnerability in IBM Java SDK before 7 before SR4-FP1, 6 ...)
+ TODO: check
CVE-2013-0484 (The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows ...)
NOT-FOR-US: IBM Cognos TM1
CVE-2013-0483 (The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, ...)
@@ -21662,12 +21980,10 @@
REJECTED
- expat <unfixed> (unimportant)
NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
-CVE-2013-0340 [internal entity expansion]
- RESERVED
+CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion ...)
- expat <unfixed> (unimportant)
NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
-CVE-2013-0339 [CPU consumption DoS when performing string substitutions during external entities expansion]
- RESERVED
+CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities ...)
{DSA-2652-1}
- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...)
@@ -21964,8 +22280,7 @@
- drupal6 <removed> (bug #698333)
- drupal7 7.14-1.3 (bug #698334)
NOTE: https://drupal.org/SA-CORE-2013-001
-CVE-2013-0244 [Cross-site scripting (Various core and contributed modules - Drupal 6 and 7)]
- RESERVED
+CVE-2013-0244 (Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...)
{DSA-2776-1}
- drupal6 <removed> (bug #698333)
- drupal7 7.14-1.3 (bug #698334)
@@ -22261,8 +22576,7 @@
CVE-2013-0158 (Unspecified vulnerability in CloudBees Jenkins before 1.498, Jenkins ...)
- jenkins 1.480.2+dfsg-1~exp1 (bug #697617)
NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
-CVE-2013-0157 [mount discloses information about existence of folders]
- RESERVED
+CVE-2013-0157 ((a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably ...)
- util-linux 2.20.1-5.5 (bug #697464; low)
[squeeze] - util-linux <no-dsa> (Minor issue)
[wheezy] - util-linux <no-dsa> (Minor issue)
@@ -31511,8 +31825,8 @@
NOT-FOR-US: Cerberus FTP
CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...)
NOT-FOR-US: Trend Micro Control Manager
-CVE-2012-2997
- RESERVED
+CVE-2012-2997 (XML External Entity (XXE) vulnerability in ...)
+ TODO: check
CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Trend Micro
CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
@@ -37168,7 +37482,7 @@
- augeas 1.0.0-1 (low; bug #731132)
[squeeze] - augeas <no-dsa> (Minor issue)
[wheezy] - augeas <no-dsa> (Minor issue)
-CVE-2012-0786 (The transform_save function in transform_save in Augeas before 1.0.0 ...)
+CVE-2012-0786 (The transform_save function in transform.c in Augeas before 1.0.0 ...)
- augeas 1.0.0-1 (low; bug #731132)
[squeeze] - augeas <no-dsa> (Minor issue)
[wheezy] - augeas <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list