[Secure-testing-commits] r25385 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Jan 28 05:25:32 UTC 2014
Author: carnil
Date: 2014-01-28 05:25:32 +0000 (Tue, 28 Jan 2014)
New Revision: 25385
Modified:
data/CVE/list
Log:
Update data/CVE/list with current data
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-01-28 05:21:14 UTC (rev 25384)
+++ data/CVE/list 2014-01-28 05:25:32 UTC (rev 25385)
@@ -1,3 +1,99 @@
+CVE-2014-1680
+ RESERVED
+CVE-2014-1679
+ RESERVED
+CVE-2014-1678
+ RESERVED
+CVE-2014-1677
+ RESERVED
+CVE-2014-1676
+ RESERVED
+CVE-2014-1675
+ RESERVED
+CVE-2014-1674
+ RESERVED
+CVE-2014-1673 (Check Point Session Authentication Agent allows remote attackers to ...)
+ NOT-FOR-US: Check Point Session Authentication Agent
+CVE-2014-1672 (Check Point R75.47 Security Gateway and Management Server does not ...)
+ TODO: check
+CVE-2014-1671 (Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 ...)
+ TODO: check
+CVE-2014-1670 (The Microsoft Bing application before 4.2.1 for Android allows remote ...)
+ TODO: check
+CVE-2014-1669
+ RESERVED
+CVE-2014-1668
+ RESERVED
+CVE-2014-1667
+ RESERVED
+CVE-2014-1665
+ RESERVED
+CVE-2014-1663
+ RESERVED
+CVE-2014-1662
+ RESERVED
+CVE-2014-1661
+ RESERVED
+CVE-2014-1660
+ RESERVED
+CVE-2014-1659
+ RESERVED
+CVE-2014-1658
+ RESERVED
+CVE-2014-1657
+ RESERVED
+CVE-2014-1656
+ RESERVED
+CVE-2014-1655
+ RESERVED
+CVE-2014-1654
+ RESERVED
+CVE-2014-1653
+ RESERVED
+CVE-2014-1652
+ RESERVED
+CVE-2014-1651
+ RESERVED
+CVE-2014-1650
+ RESERVED
+CVE-2014-1649
+ RESERVED
+CVE-2014-1648
+ RESERVED
+CVE-2014-1647
+ RESERVED
+CVE-2014-1646
+ RESERVED
+CVE-2014-1645
+ RESERVED
+CVE-2014-1644
+ RESERVED
+CVE-2014-1643
+ RESERVED
+CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...)
+ TODO: check
+CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 allows remote ...)
+ TODO: check
+CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through ...)
+ TODO: check
+CVE-2013-7314 (The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 ...)
+ TODO: check
+CVE-2013-7313 (The OSPF implementation in Juniper Junos through 13.x, JunosE, and ...)
+ TODO: check
+CVE-2013-7312 (The OSPF implementation on Enterasys switches and routers does not ...)
+ TODO: check
+CVE-2013-7311 (The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO ...)
+ TODO: check
+CVE-2013-7310 (The OSPF implementation on Yamaha routers does not consider the ...)
+ TODO: check
+CVE-2013-7309 (The OSPF implementation in Extreme Networks EXOS does not consider the ...)
+ TODO: check
+CVE-2013-7308 (The OSPF implementation on the D-Link DES-3810-28 switch with firmware ...)
+ TODO: check
+CVE-2013-7307 (The OSPF implementation on the Brocade Vyatta vRouter with software ...)
+ TODO: check
+CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the ...)
+ TODO: check
CVE-2013-XXXX
- mupdf <unfixed>
TODO: check
@@ -2,10 +98,7 @@
NOTE: http://www.hdwsec.fr/blog/mupdf.html
-CVE-2014-1673
- RESERVED
- NOT-FOR-US: Check Point Session Authentication agent
-CVE-2014-1666 [xen: XSA-87]
+CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code not present)
[squeeze] - xen <not-affected> (Vulnerable code not present)
-CVE-2014-1664
+CVE-2014-1664 (The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP ...)
NOT-FOR-US: GoToMeeting in Android
@@ -68,8 +161,7 @@
RESERVED
CVE-2014-1608
RESERVED
-CVE-2014-1607
- RESERVED
+CVE-2014-1607 (Cross-site scripting (XSS) vulnerability in the EventCalendar module ...)
NOT-FOR-US: Drupal EventCalendar
CVE-2014-1606
RESERVED
@@ -371,7 +463,7 @@
TODO: check
CVE-2014-XXXX [Possible remote code execution on horde3]
- horde3 <unfixed>
-CVE-2014-1642 [xen: XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup]
+CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.2 and later)
[wheezy] - xen <not-affected> (Only affects 4.2 and later)
@@ -390,8 +482,7 @@
- localepurge 0.7.3.2 (bug #736359)
[squeeze] - localepurge <no-dsa> (Minor issue)
[wheezy] - localepurge <no-dsa> (Minor issue)
-CVE-2014-1626 [XXE vulnerability]
- RESERVED
+CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module ...)
- libmarc-xml-perl 1.0.2-1 (bug #736275)
NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
CVE-2014-1624 [insecure use of /tmp]
@@ -538,18 +629,15 @@
RESERVED
- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
NOTE: https://code.google.com/p/cantata/issues/detail?id=356
-CVE-2013-7299 [tntnet: denial of service]
- RESERVED
+CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...)
- tntnet <unfixed> (low; bug #735881)
[wheezy] - tntnet <no-dsa> (Minor issue)
[squeeze] - tntnet <no-dsa> (Minor issue)
-CVE-2013-7298 [cxxtools: denial of service]
- RESERVED
+CVE-2013-7298 (query_params.cpp in cxxtools before 2.2.1 allows remote attackers to ...)
- cxxtools 2.2.1-1 (low; bug #735880)
[wheezy] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
[squeeze] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
-CVE-2013-7296 [DoS]
- RESERVED
+CVE-2013-7296 (The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler ...)
- poppler <not-affected> (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41)
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee
NOTE: https://bugs.kde.org/show_bug.cgi?id=328511
@@ -557,13 +645,11 @@
NOT-FOR-US: libreswan, strongSwan not affected (pluto never supported ikev2)
CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on ...)
NOT-FOR-US: ASUS router
-CVE-2014-1476 [Access bypass in Taxonomy module]
- RESERVED
+CVE-2014-1476 (The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an ...)
{DSA-2847-1}
- drupal6 <unfixed>
- drupal7 7.26-1
-CVE-2014-1475 [Impersonation]
- RESERVED
+CVE-2014-1475 (The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...)
{DSA-2847-1}
- drupal6 <unfixed>
- drupal7 7.26-1
@@ -587,8 +673,7 @@
NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0
CVE-2014-1448
REJECTED
-CVE-2014-1447 [libvirt: denial of service with keepalive]
- RESERVED
+CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in ...)
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #735676)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
@@ -890,8 +975,8 @@
RESERVED
CVE-2014-1253
RESERVED
-CVE-2014-1252
- RESERVED
+CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...)
+ TODO: check
CVE-2014-1251
RESERVED
CVE-2014-1250
@@ -910,8 +995,8 @@
RESERVED
CVE-2014-1243
RESERVED
-CVE-2014-1242
- RESERVED
+CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, ...)
+ TODO: check
CVE-2014-1241
RESERVED
CVE-2014-1240
@@ -981,8 +1066,8 @@
RESERVED
CVE-2014-1204
RESERVED
-CVE-2014-1202
- RESERVED
+CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows ...)
+ TODO: check
CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
NOT-FOR-US: Lorex
CVE-2014-0999
@@ -1459,8 +1544,8 @@
RESERVED
CVE-2014-0810
RESERVED
-CVE-2014-0809
- RESERVED
+CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka ...)
+ TODO: check
CVE-2014-0808 (The lfCheckError function in ...)
NOT-FOR-US: LOCKON EC-CUBE
CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
@@ -1489,8 +1574,7 @@
RESERVED
CVE-2014-0795
RESERVED
-CVE-2014-0794
- RESERVED
+CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...)
NOT-FOR-US: JV Comment Joomla Extension
CVE-2014-0793
RESERVED
@@ -1641,10 +1725,10 @@
TODO: check
CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote ...)
NOT-FOR-US: Ecava IntegraXor
-CVE-2014-0751
- RESERVED
-CVE-2014-0750
- RESERVED
+CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the WebView ...)
+ TODO: check
+CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb ...)
+ TODO: check
CVE-2014-0749
RESERVED
CVE-2014-0748
@@ -1787,18 +1871,18 @@
RESERVED
CVE-2014-0679
RESERVED
-CVE-2014-0678
- RESERVED
+CVE-2014-0678 (The portal interface in Cisco Secure Access Control System (ACS) does ...)
+ TODO: check
CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS ...)
NOT-FOR-US: Cisco NX-OS
CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command ...)
NOT-FOR-US: Cisco NX-OS
CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication ...)
NOT-FOR-US: Cisco
-CVE-2014-0674
- RESERVED
-CVE-2014-0673
- RESERVED
+CVE-2014-0674 (Cisco Video Surveillance Operations Manager (VSOM) does not require ...)
+ TODO: check
+CVE-2014-0673 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly ...)
NOT-FOR-US: Cisco MediaSense
CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote ...)
@@ -1938,10 +2022,10 @@
NOT-FOR-US: ProjectForge
CVE-2013-7250 (Cross-site scripting (XSS) vulnerability in the JsonBuilder ...)
NOT-FOR-US: ProjectForge
-CVE-2013-7248
- RESERVED
-CVE-2013-7247
- RESERVED
+CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other ...)
+ TODO: check
+CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...)
+ TODO: check
CVE-2013-7246
RESERVED
CVE-2013-7245
@@ -2305,8 +2389,8 @@
NOT-FOR-US: Adobe Reader
CVE-2014-0495 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
NOT-FOR-US: Adobe Reader
-CVE-2014-0494
- RESERVED
+CVE-2014-0494 (Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary ...)
+ TODO: check
CVE-2014-0493 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
NOT-FOR-US: Adobe Reader
CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
@@ -2379,8 +2463,8 @@
NOT-FOR-US: Steinberg MyMp3PRO
CVE-2013-7185
RESERVED
-CVE-2013-7184
- RESERVED
+CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...)
+ TODO: check
CVE-2013-7183
RESERVED
CVE-2013-7182
@@ -2397,8 +2481,8 @@
RESERVED
CVE-2013-7176
RESERVED
-CVE-2013-7175
- RESERVED
+CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...)
+ TODO: check
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS ...)
NOT-FOR-US: QNAP QTS
CVE-2013-7173
@@ -2777,24 +2861,19 @@
RESERVED
CVE-2013-7144
RESERVED
-CVE-2013-7143
- RESERVED
+CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-7142
- RESERVED
+CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-7141
- RESERVED
+CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-7140
- RESERVED
+CVE-2013-7140 (XML External Entity (XXE) vulnerability in the CalDAV interface in ...)
- open-xchange <itp> (bug #269329)
CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content ...)
NOT-FOR-US: Horizon CMS
CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in ...)
NOT-FOR-US: Horizon CMS
-CVE-2013-7137
- RESERVED
+CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 ...)
NOT-FOR-US: Burden
CVE-2013-7136 (The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have ...)
NOT-FOR-US: Cisco
@@ -3090,8 +3169,7 @@
NOTE: vulnerable code not found in Debian
NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
-CVE-2013-7048 [Nova live snapshots use an insecure local directory]
- RESERVED
+CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and ...)
- nova 2013.2.1-1 (bug #732022)
[wheezy] - nova <not-affected> (Support for live snapshots added later)
NOTE: https://bugs.launchpad.net/nova/+bug/1227027
@@ -3461,10 +3539,10 @@
NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
NOT-FOR-US: VideoCharge
-CVE-2013-6934
- RESERVED
-CVE-2013-6933
- RESERVED
+CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
+ TODO: check
+CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
+ TODO: check
CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
NOT-FOR-US: IrfanView
CVE-2013-6931
@@ -4085,14 +4163,12 @@
RESERVED
CVE-2014-0029
RESERVED
-CVE-2014-0028 [event registration bypasses domain:getattr ACL]
- RESERVED
+CVE-2014-0028 (libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to ...)
- libvirt 1.2.1-1
[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
NOTE: https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html
-CVE-2014-0027
- RESERVED
+CVE-2014-0027 (The play_wave_from_socket function in audio/auserver.c in Flite 1.4 ...)
- flite 1.4-release-8 (low; bug #734746)
[wheezy] - flite <no-dsa> (Minor issue)
[squeeze] - flite <no-dsa> (Minor issue)
@@ -4104,8 +4180,7 @@
RESERVED
CVE-2014-0023
RESERVED
-CVE-2014-0022
- RESERVED
+CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and ...)
NOT-FOR-US: yum cron
CVE-2014-0021 [traffic amplification in cmdmon protocol]
RESERVED
@@ -4222,8 +4297,7 @@
RESERVED
CVE-2013-6892
RESERVED
-CVE-2013-6891 [lppasswd vulnerability]
- RESERVED
+CVE-2013-6891 (lppasswd in CUPS before 1.7.1, when running with setuid privileges, ...)
- cups 1.7.1-1
[wheezy] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
[squeeze] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
@@ -4298,8 +4372,8 @@
RESERVED
CVE-2013-6854
RESERVED
-CVE-2013-6853
- RESERVED
+CVE-2013-6853 (Cross-site scripting (XSS) vulnerability in clickstream.js in Y! ...)
+ TODO: check
CVE-2013-6852 (Cross-site request forgery (CSRF) vulnerability in html/json.html on ...)
NOT-FOR-US: Hewlett-Packard network equipment
CVE-2013-6851
@@ -5229,10 +5303,10 @@
RESERVED
CVE-2013-6468
RESERVED
-CVE-2013-6467
- RESERVED
-CVE-2013-6466
- RESERVED
+CVE-2013-6467 (Libreswan 3.7 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2013-6465
RESERVED
CVE-2013-6464
@@ -5258,14 +5332,12 @@
- libwill-paginate-ruby <removed>
[squeeze] - libwill-paginate-ruby <no-dsa> (Minor issue)
NOTE: https://github.com/mislav/will_paginate/releases/tag/v3.0.5
-CVE-2013-6458 [job usage issue in several APIs leading to libvirtd crash]
- RESERVED
+CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) ...)
{DSA-2846-1}
- libvirt 1.2.1-1 (bug #734556)
NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
-CVE-2013-6457 [avoid crashing if calling `virsh numatune' on inactive domain]
- RESERVED
+CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver ...)
- libvirt 1.2.1-1
[wheezy] - libvirt <not-affected> (Vulnerable code not present)
[squeeze] - libvirt <not-affected> (Vulnerable code not present)
@@ -5352,8 +5424,8 @@
[wheezy] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
CVE-2013-6435
RESERVED
-CVE-2013-6434
- RESERVED
+CVE-2013-6434 (The remote-viewer in Red Hat Enterprise Virtualization Manager ...)
+ TODO: check
CVE-2013-6433
RESERVED
CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...)
@@ -5370,8 +5442,7 @@
CVE-2013-6430
RESERVED
- libspring-java 3.0.6.RELEASE-11 (bug #735420)
-CVE-2013-6429
- RESERVED
+CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring Framework ...)
- libspring-java 3.0.6.RELEASE-11 (bug #735420)
CVE-2013-6428 (The ReST API in OpenStack Orchestration API (Heat) before Havana ...)
- heat 2013.2.1-1 (bug #732033)
@@ -6346,8 +6417,7 @@
RESERVED
CVE-2013-6031
RESERVED
-CVE-2013-6030
- RESERVED
+CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
NOT-FOR-US: Emerson Network Power
CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant ...)
NOT-FOR-US: AT&T Connect Participant Application
@@ -7199,12 +7269,12 @@
CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not properly ...)
- moodle 2.5.2-1
[squeeze] - moodle <not-affected> (Only affects 2.5.x)
-CVE-2013-5669
- RESERVED
-CVE-2013-5668
- RESERVED
-CVE-2013-5667
- RESERVED
+CVE-2013-5669 (The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext ...)
+ TODO: check
+CVE-2013-5668 (The ADS/NT Support page on the Thecus NAS server N8800 with firmware ...)
+ TODO: check
+CVE-2013-5667 (The Thecus NAS server N8800 with firmware 5.03.01 allows remote ...)
+ TODO: check
CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...)
- kfreebsd-9 9.2~svn255465-1 (bug #722336)
[wheezy] - kfreebsd-9 <not-affected> (Only affects 9.2.x)
@@ -8018,7 +8088,7 @@
NOT-FOR-US: IBM
CVE-2013-5386
RESERVED
-CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries ...)
+CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries ...)
NOT-FOR-US: IBM
CVE-2013-5384
RESERVED
@@ -8046,8 +8116,8 @@
NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5372 (The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, ...)
NOT-FOR-US: IBM
-CVE-2013-5371
- RESERVED
+CVE-2013-5371 (The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on ...)
+ TODO: check
CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before ...)
@@ -8060,8 +8130,8 @@
RESERVED
CVE-2013-5365
RESERVED
-CVE-2013-5364
- RESERVED
+CVE-2013-5364 (Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and ...)
+ TODO: check
CVE-2013-5363
RESERVED
CVE-2013-5362
@@ -8088,8 +8158,7 @@
RESERVED
CVE-2013-5351
RESERVED
-CVE-2013-5350
- RESERVED
+CVE-2013-5350 (The "Remember me" feature in the ...)
NOT-FOR-US: OpenPNE
CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
NOT-FOR-US: Google Picasa
@@ -10744,8 +10813,7 @@
- mediawiki-extensions <unfixed> (low)
[wheezy] - mediawiki-extensions <no-dsa> (Minor issue)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
-CVE-2013-4304 [mediawiki CentralAuth auth bypass]
- RESERVED
+CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x ...)
NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-4303 [mediawiki XSS with IE6]
RESERVED
@@ -11267,8 +11335,7 @@
[squeeze] - libvirt <not-affected> (Introduced in 1.0.6)
[wheezy] - libvirt <not-affected> (Introduced in 1.0.6)
NOTE: http://openwall.com/lists/oss-security/2013/07/19/11
-CVE-2013-4152 [XML External Entity (XXE) injection flaw]
- RESERVED
+CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...)
{DSA-2842-1}
- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
CVE-2013-4151
@@ -16150,8 +16217,7 @@
RESERVED
NOT-FOR-US: Apache HBase
NOTE: There was the package in unstable, but never in a release, see #630821
-CVE-2013-2192 [Apache Hadoop Man in the Middle Vulnerability]
- RESERVED
+CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before ...)
NOT-FOR-US: Apache Hadoop
NOTE: There was the package in unstable, but never in a release, see 630820
CVE-2013-2191
@@ -17215,11 +17281,9 @@
CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
- drupal6 <not-affected> (only affects 7.x-3.x to 7.x-3.6)
- drupal7 <not-affected> (views module not packaged)
-CVE-2013-1886
- RESERVED
+CVE-2013-1886 (Format string vulnerability in the token processing system (pki-tps) ...)
NOT-FOR-US: Red Hat Certificate System
-CVE-2013-1885
- RESERVED
+CVE-2013-1885 (Multiple cross-site scripting (XSS) vulnerabilities in the token ...)
NOT-FOR-US: Red Hat Certificate System
CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
- subversion 1.7.9-1 (bug #704940)
@@ -17332,8 +17396,7 @@
- ruby-activesupport-2.3 2.3.14-7
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-1853 [Almanah doesn't encrypt the database]
- RESERVED
+CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when ...)
- almanah 0.9.1-1 (bug #702905)
[squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
@@ -20950,8 +21013,8 @@
RESERVED
CVE-2012-6448
RESERVED
-CVE-2012-6447
- RESERVED
+CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...)
+ TODO: check
CVE-2012-6446
RESERVED
CVE-2012-6445
More information about the Secure-testing-commits
mailing list