[Secure-testing-commits] r25385 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Jan 28 05:25:32 UTC 2014


Author: carnil
Date: 2014-01-28 05:25:32 +0000 (Tue, 28 Jan 2014)
New Revision: 25385

Modified:
   data/CVE/list
Log:
Update data/CVE/list with current data

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-01-28 05:21:14 UTC (rev 25384)
+++ data/CVE/list	2014-01-28 05:25:32 UTC (rev 25385)
@@ -1,3 +1,99 @@
+CVE-2014-1680
+	RESERVED
+CVE-2014-1679
+	RESERVED
+CVE-2014-1678
+	RESERVED
+CVE-2014-1677
+	RESERVED
+CVE-2014-1676
+	RESERVED
+CVE-2014-1675
+	RESERVED
+CVE-2014-1674
+	RESERVED
+CVE-2014-1673 (Check Point Session Authentication Agent allows remote attackers to ...)
+	NOT-FOR-US: Check Point Session Authentication Agent
+CVE-2014-1672 (Check Point R75.47 Security Gateway and Management Server does not ...)
+	TODO: check
+CVE-2014-1671 (Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 ...)
+	TODO: check
+CVE-2014-1670 (The Microsoft Bing application before 4.2.1 for Android allows remote ...)
+	TODO: check
+CVE-2014-1669
+	RESERVED
+CVE-2014-1668
+	RESERVED
+CVE-2014-1667
+	RESERVED
+CVE-2014-1665
+	RESERVED
+CVE-2014-1663
+	RESERVED
+CVE-2014-1662
+	RESERVED
+CVE-2014-1661
+	RESERVED
+CVE-2014-1660
+	RESERVED
+CVE-2014-1659
+	RESERVED
+CVE-2014-1658
+	RESERVED
+CVE-2014-1657
+	RESERVED
+CVE-2014-1656
+	RESERVED
+CVE-2014-1655
+	RESERVED
+CVE-2014-1654
+	RESERVED
+CVE-2014-1653
+	RESERVED
+CVE-2014-1652
+	RESERVED
+CVE-2014-1651
+	RESERVED
+CVE-2014-1650
+	RESERVED
+CVE-2014-1649
+	RESERVED
+CVE-2014-1648
+	RESERVED
+CVE-2014-1647
+	RESERVED
+CVE-2014-1646
+	RESERVED
+CVE-2014-1645
+	RESERVED
+CVE-2014-1644
+	RESERVED
+CVE-2014-1643
+	RESERVED
+CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...)
+	TODO: check
+CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 allows remote ...)
+	TODO: check
+CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through ...)
+	TODO: check
+CVE-2013-7314 (The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 ...)
+	TODO: check
+CVE-2013-7313 (The OSPF implementation in Juniper Junos through 13.x, JunosE, and ...)
+	TODO: check
+CVE-2013-7312 (The OSPF implementation on Enterasys switches and routers does not ...)
+	TODO: check
+CVE-2013-7311 (The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO ...)
+	TODO: check
+CVE-2013-7310 (The OSPF implementation on Yamaha routers does not consider the ...)
+	TODO: check
+CVE-2013-7309 (The OSPF implementation in Extreme Networks EXOS does not consider the ...)
+	TODO: check
+CVE-2013-7308 (The OSPF implementation on the D-Link DES-3810-28 switch with firmware ...)
+	TODO: check
+CVE-2013-7307 (The OSPF implementation on the Brocade Vyatta vRouter with software ...)
+	TODO: check
+CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the ...)
+	TODO: check
 CVE-2013-XXXX
 	- mupdf <unfixed>
 	TODO: check
@@ -2,10 +98,7 @@
 	NOTE: http://www.hdwsec.fr/blog/mupdf.html
-CVE-2014-1673
-	RESERVED
-	NOT-FOR-US: Check Point Session Authentication agent
-CVE-2014-1666 [xen: XSA-87]
+CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
 	- xen <unfixed>
 	[wheezy] - xen <not-affected> (Vulnerable code not present)
 	[squeeze] - xen <not-affected> (Vulnerable code not present)
-CVE-2014-1664
+CVE-2014-1664 (The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP ...)
 	NOT-FOR-US: GoToMeeting in Android
@@ -68,8 +161,7 @@
 	RESERVED
 CVE-2014-1608
 	RESERVED
-CVE-2014-1607
-	RESERVED
+CVE-2014-1607 (Cross-site scripting (XSS) vulnerability in the EventCalendar module ...)
 	NOT-FOR-US: Drupal EventCalendar
 CVE-2014-1606
 	RESERVED
@@ -371,7 +463,7 @@
 	TODO: check
 CVE-2014-XXXX [Possible remote code execution on horde3]
 	- horde3 <unfixed>
-CVE-2014-1642 [xen: XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup]
+CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
 	- xen <unfixed>
 	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
 	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
@@ -390,8 +482,7 @@
 	- localepurge 0.7.3.2 (bug #736359)
 	[squeeze] - localepurge <no-dsa> (Minor issue)
 	[wheezy] - localepurge <no-dsa> (Minor issue)
-CVE-2014-1626 [XXE vulnerability]
-	RESERVED
+CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module ...)
 	- libmarc-xml-perl 1.0.2-1 (bug #736275)
 	NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
 CVE-2014-1624 [insecure use of /tmp]
@@ -538,18 +629,15 @@
 	RESERVED
 	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
 	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
-CVE-2013-7299 [tntnet: denial of service]
-	RESERVED
+CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...)
 	- tntnet <unfixed> (low; bug #735881)
 	[wheezy] - tntnet <no-dsa> (Minor issue)
 	[squeeze] - tntnet <no-dsa> (Minor issue)
-CVE-2013-7298 [cxxtools: denial of service]
-	RESERVED
+CVE-2013-7298 (query_params.cpp in cxxtools before 2.2.1 allows remote attackers to ...)
 	- cxxtools 2.2.1-1 (low; bug #735880)
 	[wheezy] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
 	[squeeze] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
-CVE-2013-7296 [DoS]
-	RESERVED
+CVE-2013-7296 (The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler ...)
 	- poppler <not-affected> (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee
 	NOTE: https://bugs.kde.org/show_bug.cgi?id=328511
@@ -557,13 +645,11 @@
 	NOT-FOR-US: libreswan, strongSwan not affected (pluto never supported ikev2)
 CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on ...)
 	NOT-FOR-US: ASUS router
-CVE-2014-1476 [Access bypass in Taxonomy module]
-	RESERVED
+CVE-2014-1476 (The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an ...)
 	{DSA-2847-1}
 	- drupal6 <unfixed>
 	- drupal7 7.26-1
-CVE-2014-1475 [Impersonation]
-	RESERVED
+CVE-2014-1475 (The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...)
 	{DSA-2847-1}
 	- drupal6 <unfixed>
 	- drupal7 7.26-1
@@ -587,8 +673,7 @@
 	NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0
 CVE-2014-1448
 	REJECTED
-CVE-2014-1447 [libvirt: denial of service with keepalive]
-	RESERVED
+CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in ...)
 	{DSA-2846-1}
 	- libvirt 1.2.1-1 (bug #735676)
 	NOTE:  https://bugzilla.redhat.com/show_bug.cgi?id=1047577
@@ -890,8 +975,8 @@
 	RESERVED
 CVE-2014-1253
 	RESERVED
-CVE-2014-1252
-	RESERVED
+CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...)
+	TODO: check
 CVE-2014-1251
 	RESERVED
 CVE-2014-1250
@@ -910,8 +995,8 @@
 	RESERVED
 CVE-2014-1243
 	RESERVED
-CVE-2014-1242
-	RESERVED
+CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, ...)
+	TODO: check
 CVE-2014-1241
 	RESERVED
 CVE-2014-1240
@@ -981,8 +1066,8 @@
 	RESERVED
 CVE-2014-1204
 	RESERVED
-CVE-2014-1202
-	RESERVED
+CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows ...)
+	TODO: check
 CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
 	NOT-FOR-US: Lorex
 CVE-2014-0999
@@ -1459,8 +1544,8 @@
 	RESERVED
 CVE-2014-0810
 	RESERVED
-CVE-2014-0809
-	RESERVED
+CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka ...)
+	TODO: check
 CVE-2014-0808 (The lfCheckError function in ...)
 	NOT-FOR-US: LOCKON EC-CUBE
 CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
@@ -1489,8 +1574,7 @@
 	RESERVED
 CVE-2014-0795
 	RESERVED
-CVE-2014-0794
-	RESERVED
+CVE-2014-0794 (Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) ...)
 	NOT-FOR-US: JV Comment Joomla Extension
 CVE-2014-0793
 	RESERVED
@@ -1641,10 +1725,10 @@
 	TODO: check
 CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote ...)
 	NOT-FOR-US: Ecava IntegraXor
-CVE-2014-0751
-	RESERVED
-CVE-2014-0750
-	RESERVED
+CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the WebView ...)
+	TODO: check
+CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb ...)
+	TODO: check
 CVE-2014-0749
 	RESERVED
 CVE-2014-0748
@@ -1787,18 +1871,18 @@
 	RESERVED
 CVE-2014-0679
 	RESERVED
-CVE-2014-0678
-	RESERVED
+CVE-2014-0678 (The portal interface in Cisco Secure Access Control System (ACS) does ...)
+	TODO: check
 CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS ...)
 	NOT-FOR-US: Cisco NX-OS
 CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command ...)
 	NOT-FOR-US: Cisco NX-OS
 CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication ...)
 	NOT-FOR-US: Cisco
-CVE-2014-0674
-	RESERVED
-CVE-2014-0673
-	RESERVED
+CVE-2014-0674 (Cisco Video Surveillance Operations Manager (VSOM) does not require ...)
+	TODO: check
+CVE-2014-0673 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+	TODO: check
 CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly ...)
 	NOT-FOR-US: Cisco MediaSense
 CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote ...)
@@ -1938,10 +2022,10 @@
 	NOT-FOR-US: ProjectForge
 CVE-2013-7250 (Cross-site scripting (XSS) vulnerability in the JsonBuilder ...)
 	NOT-FOR-US: ProjectForge
-CVE-2013-7248
-	RESERVED
-CVE-2013-7247
-	RESERVED
+CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other ...)
+	TODO: check
+CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...)
+	TODO: check
 CVE-2013-7246
 	RESERVED
 CVE-2013-7245
@@ -2305,8 +2389,8 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2014-0495 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2014-0494
-	RESERVED
+CVE-2014-0494 (Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary ...)
+	TODO: check
 CVE-2014-0493 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
@@ -2379,8 +2463,8 @@
 	NOT-FOR-US: Steinberg MyMp3PRO
 CVE-2013-7185
 	RESERVED
-CVE-2013-7184
-	RESERVED
+CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...)
+	TODO: check
 CVE-2013-7183
 	RESERVED
 CVE-2013-7182
@@ -2397,8 +2481,8 @@
 	RESERVED
 CVE-2013-7176
 	RESERVED
-CVE-2013-7175
-	RESERVED
+CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...)
+	TODO: check
 CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS ...)
 	NOT-FOR-US: QNAP QTS
 CVE-2013-7173
@@ -2777,24 +2861,19 @@
 	RESERVED
 CVE-2013-7144
 	RESERVED
-CVE-2013-7143
-	RESERVED
+CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
 	- open-xchange <itp> (bug #269329)
-CVE-2013-7142
-	RESERVED
+CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
 	- open-xchange <itp> (bug #269329)
-CVE-2013-7141
-	RESERVED
+CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
 	- open-xchange <itp> (bug #269329)
-CVE-2013-7140
-	RESERVED
+CVE-2013-7140 (XML External Entity (XXE) vulnerability in the CalDAV interface in ...)
 	- open-xchange <itp> (bug #269329)
 CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content ...)
 	NOT-FOR-US: Horizon CMS
 CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in ...)
 	NOT-FOR-US: Horizon CMS
-CVE-2013-7137
-	RESERVED
+CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 ...)
 	NOT-FOR-US: Burden
 CVE-2013-7136 (The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have ...)
 	NOT-FOR-US: Cisco
@@ -3090,8 +3169,7 @@
 	NOTE: vulnerable code not found in Debian
 	NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
 	NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
-CVE-2013-7048 [Nova live snapshots use an insecure local directory]
-	RESERVED
+CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and ...)
 	- nova 2013.2.1-1 (bug #732022)
 	[wheezy] - nova <not-affected> (Support for live snapshots added later)
 	NOTE: https://bugs.launchpad.net/nova/+bug/1227027
@@ -3461,10 +3539,10 @@
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
 	NOT-FOR-US: VideoCharge
-CVE-2013-6934
-	RESERVED
-CVE-2013-6933
-	RESERVED
+CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
+	TODO: check
+CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
+	TODO: check
 CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
 	NOT-FOR-US: IrfanView
 CVE-2013-6931
@@ -4085,14 +4163,12 @@
 	RESERVED
 CVE-2014-0029
 	RESERVED
-CVE-2014-0028 [event registration bypasses domain:getattr ACL]
-	RESERVED
+CVE-2014-0028 (libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to ...)
 	- libvirt 1.2.1-1
 	[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
 	[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
 	NOTE: https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html
-CVE-2014-0027
-	RESERVED
+CVE-2014-0027 (The play_wave_from_socket function in audio/auserver.c in Flite 1.4 ...)
 	- flite 1.4-release-8 (low; bug #734746)
 	[wheezy] - flite <no-dsa> (Minor issue)
 	[squeeze] - flite <no-dsa> (Minor issue)
@@ -4104,8 +4180,7 @@
 	RESERVED
 CVE-2014-0023
 	RESERVED
-CVE-2014-0022
-	RESERVED
+CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and ...)
 	NOT-FOR-US: yum cron
 CVE-2014-0021 [traffic amplification in cmdmon protocol]
 	RESERVED
@@ -4222,8 +4297,7 @@
 	RESERVED
 CVE-2013-6892
 	RESERVED
-CVE-2013-6891 [lppasswd vulnerability]
-	RESERVED
+CVE-2013-6891 (lppasswd in CUPS before 1.7.1, when running with setuid privileges, ...)
 	- cups 1.7.1-1
 	[wheezy] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
 	[squeeze] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
@@ -4298,8 +4372,8 @@
 	RESERVED
 CVE-2013-6854
 	RESERVED
-CVE-2013-6853
-	RESERVED
+CVE-2013-6853 (Cross-site scripting (XSS) vulnerability in clickstream.js in Y! ...)
+	TODO: check
 CVE-2013-6852 (Cross-site request forgery (CSRF) vulnerability in html/json.html on ...)
 	NOT-FOR-US: Hewlett-Packard network equipment
 CVE-2013-6851
@@ -5229,10 +5303,10 @@
 	RESERVED
 CVE-2013-6468
 	RESERVED
-CVE-2013-6467
-	RESERVED
-CVE-2013-6466
-	RESERVED
+CVE-2013-6467 (Libreswan 3.7 and earlier allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial ...)
+	TODO: check
 CVE-2013-6465
 	RESERVED
 CVE-2013-6464
@@ -5258,14 +5332,12 @@
 	- libwill-paginate-ruby <removed>
 	[squeeze] - libwill-paginate-ruby <no-dsa> (Minor issue)
 	NOTE: https://github.com/mislav/will_paginate/releases/tag/v3.0.5
-CVE-2013-6458 [job usage issue in several APIs leading to libvirtd crash]
-	RESERVED
+CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) ...)
 	{DSA-2846-1}
 	- libvirt 1.2.1-1 (bug #734556)
 	NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
 	NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
-CVE-2013-6457 [avoid crashing if calling `virsh numatune' on inactive domain]
-	RESERVED
+CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver ...)
 	- libvirt 1.2.1-1
 	[wheezy] - libvirt <not-affected> (Vulnerable code not present)
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
@@ -5352,8 +5424,8 @@
 	[wheezy] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
 CVE-2013-6435
 	RESERVED
-CVE-2013-6434
-	RESERVED
+CVE-2013-6434 (The remote-viewer in Red Hat Enterprise Virtualization Manager ...)
+	TODO: check
 CVE-2013-6433
 	RESERVED
 CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...)
@@ -5370,8 +5442,7 @@
 CVE-2013-6430
 	RESERVED
 	- libspring-java 3.0.6.RELEASE-11 (bug #735420)
-CVE-2013-6429
-	RESERVED
+CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring Framework ...)
 	- libspring-java 3.0.6.RELEASE-11 (bug #735420)
 CVE-2013-6428 (The ReST API in OpenStack Orchestration API (Heat) before Havana ...)
 	- heat 2013.2.1-1 (bug #732033)
@@ -6346,8 +6417,7 @@
 	RESERVED
 CVE-2013-6031
 	RESERVED
-CVE-2013-6030
-	RESERVED
+CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
 	NOT-FOR-US: Emerson Network Power
 CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant ...)
 	NOT-FOR-US: AT&T Connect Participant Application
@@ -7199,12 +7269,12 @@
 CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not properly ...)
 	- moodle 2.5.2-1
 	[squeeze] - moodle <not-affected> (Only affects 2.5.x)
-CVE-2013-5669
-	RESERVED
-CVE-2013-5668
-	RESERVED
-CVE-2013-5667
-	RESERVED
+CVE-2013-5669 (The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext ...)
+	TODO: check
+CVE-2013-5668 (The ADS/NT Support page on the Thecus NAS server N8800 with firmware ...)
+	TODO: check
+CVE-2013-5667 (The Thecus NAS server N8800 with firmware 5.03.01 allows remote ...)
+	TODO: check
 CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...)
 	- kfreebsd-9 9.2~svn255465-1 (bug #722336)
 	[wheezy] - kfreebsd-9 <not-affected> (Only affects 9.2.x)
@@ -8018,7 +8088,7 @@
 	NOT-FOR-US: IBM
 CVE-2013-5386
 	RESERVED
-CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, and in z/OS on zSeries ...)
+CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries ...)
 	NOT-FOR-US: IBM
 CVE-2013-5384
 	RESERVED
@@ -8046,8 +8116,8 @@
 	NOT-FOR-US: IBM Rational ClearCase
 CVE-2013-5372 (The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, ...)
 	NOT-FOR-US: IBM
-CVE-2013-5371
-	RESERVED
+CVE-2013-5371 (The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on ...)
+	TODO: check
 CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
 	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
 CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before ...)
@@ -8060,8 +8130,8 @@
 	RESERVED
 CVE-2013-5365
 	RESERVED
-CVE-2013-5364
-	RESERVED
+CVE-2013-5364 (Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and ...)
+	TODO: check
 CVE-2013-5363
 	RESERVED
 CVE-2013-5362
@@ -8088,8 +8158,7 @@
 	RESERVED
 CVE-2013-5351
 	RESERVED
-CVE-2013-5350
-	RESERVED
+CVE-2013-5350 (The "Remember me" feature in the ...)
 	NOT-FOR-US: OpenPNE
 CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
 	NOT-FOR-US: Google Picasa
@@ -10744,8 +10813,7 @@
 	- mediawiki-extensions <unfixed> (low)
 	[wheezy] - mediawiki-extensions <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
-CVE-2013-4304 [mediawiki CentralAuth auth bypass]
-	RESERVED
+CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x ...)
 	NOT-FOR-US: Mediawiki CentralAuth extension
 CVE-2013-4303 [mediawiki XSS with IE6]
 	RESERVED
@@ -11267,8 +11335,7 @@
 	[squeeze] - libvirt <not-affected> (Introduced in 1.0.6)
 	[wheezy] - libvirt <not-affected> (Introduced in 1.0.6)
 	NOTE: http://openwall.com/lists/oss-security/2013/07/19/11
-CVE-2013-4152 [XML External Entity (XXE) injection flaw]
-	RESERVED
+CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...)
 	{DSA-2842-1}
 	- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
 CVE-2013-4151
@@ -16150,8 +16217,7 @@
 	RESERVED
 	NOT-FOR-US: Apache HBase
 	NOTE: There was the package in unstable, but never in a release, see #630821
-CVE-2013-2192 [Apache Hadoop Man in the Middle Vulnerability]
-	RESERVED
+CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before ...)
 	NOT-FOR-US: Apache Hadoop
 	NOTE: There was the package in unstable, but never in a release, see 630820
 CVE-2013-2191
@@ -17215,11 +17281,9 @@
 CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
 	- drupal6 <not-affected> (only affects 7.x-3.x to 7.x-3.6)
 	- drupal7 <not-affected> (views module not packaged)
-CVE-2013-1886
-	RESERVED
+CVE-2013-1886 (Format string vulnerability in the token processing system (pki-tps) ...)
 	NOT-FOR-US: Red Hat Certificate System
-CVE-2013-1885
-	RESERVED
+CVE-2013-1885 (Multiple cross-site scripting (XSS) vulnerabilities in the token ...)
 	NOT-FOR-US: Red Hat Certificate System
 CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
 	- subversion 1.7.9-1 (bug #704940)
@@ -17332,8 +17396,7 @@
 	- ruby-activesupport-2.3 2.3.14-7
 	- rails 2.3.14.1
 	NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-1853 [Almanah doesn't encrypt the database]
-	RESERVED
+CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when ...)
 	- almanah 0.9.1-1 (bug #702905)
 	[squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
@@ -20950,8 +21013,8 @@
 	RESERVED
 CVE-2012-6448
 	RESERVED
-CVE-2012-6447
-	RESERVED
+CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...)
+	TODO: check
 CVE-2012-6446
 	RESERVED
 CVE-2012-6445




More information about the Secure-testing-commits mailing list