[Secure-testing-commits] r27224 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed Jun 11 21:14:13 UTC 2014
Author: joeyh
Date: 2014-06-11 21:14:12 +0000 (Wed, 11 Jun 2014)
New Revision: 27224
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-06-11 20:38:27 UTC (rev 27223)
+++ data/CVE/list 2014-06-11 21:14:12 UTC (rev 27224)
@@ -1,3 +1,61 @@
+CVE-2014-4017 (Cross-site scripting (XSS) vulnerability in the Conversion Ninja ...)
+ TODO: check
+CVE-2014-4016
+ RESERVED
+CVE-2014-4015
+ RESERVED
+CVE-2014-4013
+ RESERVED
+CVE-2014-4012 (SAP Open Hub Service has hardcoded credentials, which makes it easier ...)
+ TODO: check
+CVE-2014-4011 (SAP Capacity Leveling has hardcoded credentials, which makes it easier ...)
+ TODO: check
+CVE-2014-4010 (SAP Transaction Data Pool has hardcoded credentials, which makes it ...)
+ TODO: check
+CVE-2014-4009 (SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which ...)
+ TODO: check
+CVE-2014-4008 (SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which ...)
+ TODO: check
+CVE-2014-4007 (The SAP Upgrade tools for ABAP has hardcoded credentials, which makes ...)
+ TODO: check
+CVE-2014-4006 (The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has ...)
+ TODO: check
+CVE-2014-4005 (SAP Brazil add-on has hardcoded credentials, which makes it easier for ...)
+ TODO: check
+CVE-2014-4004 (The (1) Structures and (2) Project-Oriented Procurement components in ...)
+ TODO: check
+CVE-2014-4003 (The System Landscape Directory (SLD) in SAP NetWeaver allows remote ...)
+ TODO: check
+CVE-2014-4002
+ RESERVED
+CVE-2014-4001
+ RESERVED
+CVE-2014-4000
+ RESERVED
+CVE-2014-3999
+ RESERVED
+CVE-2014-3998
+ RESERVED
+CVE-2014-3997
+ RESERVED
+CVE-2014-3996
+ RESERVED
+CVE-2014-3993
+ RESERVED
+CVE-2014-3992
+ RESERVED
+CVE-2014-3991
+ RESERVED
+CVE-2014-3990
+ RESERVED
+CVE-2014-3989
+ RESERVED
+CVE-2014-3988
+ RESERVED
+CVE-2014-3987
+ RESERVED
+CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow ...)
+ TODO: check
CVE-2014-XXXX [Insecure use of temporary file]
- scheme48 1.9-4
[wheezy] - scheme48 <no-dsa> (Minor issue)
@@ -8,24 +66,25 @@
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.38)
NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
CVE-2014-4014
+ RESERVED
- linux <unfixed>
- linux-2.6 <removed>
NOTE: fixing commit https://git.kernel.org/linus/fc8ad6759de122ee180a02c16518c2e252cc9d48
-CVE-2014-3986
+CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to ...)
- lynis 1.5.5-1 (bug #751083)
[squeeze] - lynis <no-dsa> (Minor issue)
[wheezy] - lynis <no-dsa> (Minor issue)
CVE-2014-3995
+ RESERVED
NOT-FOR-US: Djblets
CVE-2014-3994
+ RESERVED
NOT-FOR-US: Djblets
CVE-2014-3983
RESERVED
-CVE-2014-3982
- RESERVED
+CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local ...)
- lynis <not-affected> (Specific to AIX)
-CVE-2014-3981
- RESERVED
+CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and ...)
- php5 <unfixed> (unimportant)
NOTE: Only exploitable during package build
CVE-2014-3979
@@ -33,8 +92,8 @@
NOT-FOR-US: Bytemark Symbiosis
CVE-2014-3978
RESERVED
-CVE-2014-3977
- RESERVED
+CVE-2014-3977 (libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to ...)
+ TODO: check
CVE-2014-3976 (Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) ...)
TODO: check
CVE-2014-3975 (Absolute path traversal vulnerability in filemanager.php in AuraCMS ...)
@@ -142,8 +201,7 @@
- xen <unfixed>
[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
-CVE-2014-3966 [mediawiki Javascript inject by anonymous users on private wikis with $wgRawHtml enabled]
- RESERVED
+CVE-2014-3966 (Cross-site scripting (XSS) vulnerability in Special:PasswordReset in ...)
- mediawiki 1:1.19.16+dfsg-1 (low; bug #750527)
[wheezy] - mediawiki <no-dsa> (Minor issue)
[squeeze] - mediawiki <end-of-life>
@@ -240,9 +298,9 @@
RESERVED
CVE-2014-3881
RESERVED
-CVE-2014-3880
- RESERVED
+CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...)
{DSA-2952-1}
+ TODO: check
CVE-2014-3879
RESERVED
CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
@@ -264,8 +322,7 @@
NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3874
RESERVED
-CVE-2014-3873
- RESERVED
+CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before ...)
- kfreebsd-8 <removed>
- kfreebsd-9 <unfixed> (bug #750493)
[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
@@ -1118,8 +1175,7 @@
- gnutls28 3.2.15-1
[squeeze] - gnutls26 2.8.6-1+squeeze4
NOTE: http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
-CVE-2014-3465
- RESERVED
+CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS ...)
- gnutls26 <not-affected> (Affected code was introduced in 3.0)
- gnutls28 3.2.10-1
CVE-2014-3464
@@ -1315,7 +1371,7 @@
RESERVED
CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...)
NOT-FOR-US: Juniper Junos Space
-CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in NSM before ...)
+CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...)
NOT-FOR-US: Juniper NSM
CVE-2014-3410
RESERVED
@@ -1549,24 +1605,24 @@
RESERVED
CVE-2014-3295
RESERVED
-CVE-2014-3294
- RESERVED
+CVE-2014-3294 (Cisco WebEx Meeting Server does not properly restrict the content of ...)
+ TODO: check
CVE-2014-3293
RESERVED
-CVE-2014-3292
- RESERVED
-CVE-2014-3291
- RESERVED
+CVE-2014-3292 (The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified ...)
+ TODO: check
+CVE-2014-3291 (Cisco Wireless LAN Controller (WLC) devices allow remote attackers to ...)
+ TODO: check
CVE-2014-3290
RESERVED
-CVE-2014-3289
- RESERVED
+CVE-2014-3289 (Cross-site scripting (XSS) vulnerability in the web management ...)
+ TODO: check
CVE-2014-3288
RESERVED
-CVE-2014-3287
- RESERVED
-CVE-2014-3286
- RESERVED
+CVE-2014-3287 (SQL injection vulnerability in BulkViewFileContentsAction.java in the ...)
+ TODO: check
+CVE-2014-3286 (The web framework in Cisco WebEx Meeting Server does not properly ...)
+ TODO: check
CVE-2014-3285 (Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when ...)
NOT-FOR-US: Cisco Wide Area Application Services
CVE-2014-3284 (Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, ...)
@@ -1575,14 +1631,14 @@
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3282 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
-CVE-2014-3281
- RESERVED
+CVE-2014-3281 (The web framework in VOSS in Cisco Unified Communications Domain ...)
+ TODO: check
CVE-2014-3280 (The web framework in VOSS in Cisco Unified Communications Domain ...)
TODO: check
CVE-2014-3279 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
-CVE-2014-3278
- RESERVED
+CVE-2014-3278 (The web framework in VOSS in Cisco Unified Communications Domain ...)
+ TODO: check
CVE-2014-3277 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3276 (Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does ...)
@@ -1789,8 +1845,8 @@
RESERVED
CVE-2014-3217
RESERVED
-CVE-2014-3216
- RESERVED
+CVE-2014-3216 (GOM Media Player 2.2.57.5189 and earlier allows remote attackers to ...)
+ TODO: check
CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 ...)
- policycoreutils <not-affected> (seunshare not enabled/built in Debian)
CVE-2014-3214 (The prefetch implementation in named in ISC BIND 9.10.0, when a ...)
@@ -1904,24 +1960,19 @@
RESERVED
CVE-2014-3158
RESERVED
-CVE-2014-3157
- RESERVED
+CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer ...)
- chromium-browser 35.0.1916.153-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3156
- RESERVED
+CVE-2014-3156 (Buffer overflow in the clipboard implementation in Google Chrome ...)
- chromium-browser 35.0.1916.153-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3155
- RESERVED
+CVE-2014-3155 (net/spdy/spdy_write_queue.cc in the SPDY implementation in Google ...)
- chromium-browser 35.0.1916.153-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3154
- RESERVED
+CVE-2014-3154 (Use-after-free vulnerability in the ChildThread::Shutdown function in ...)
- chromium-browser 35.0.1916.153-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3153
- RESERVED
+CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel ...)
{DSA-2949-1}
- linux 3.14.5-1
- linux-2.6 <removed>
@@ -2159,8 +2210,8 @@
RESERVED
CVE-2014-3049
RESERVED
-CVE-2014-3048
- RESERVED
+CVE-2014-3048 (Unspecified vulnerability on the IBM System Storage Virtualization ...)
+ TODO: check
CVE-2014-3047
RESERVED
CVE-2014-3046
@@ -2171,20 +2222,20 @@
RESERVED
CVE-2014-3043
RESERVED
-CVE-2014-3042
- RESERVED
+CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does ...)
+ TODO: check
CVE-2014-3041
RESERVED
CVE-2014-3040
RESERVED
CVE-2014-3039
RESERVED
-CVE-2014-3038
- RESERVED
+CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop ...)
+ TODO: check
CVE-2014-3037
RESERVED
-CVE-2014-3036
- RESERVED
+CVE-2014-3036 (Unspecified vulnerability in IBM API Management 3.0.0.0, when basic ...)
+ TODO: check
CVE-2014-3035
RESERVED
CVE-2014-3034
@@ -2305,6 +2356,7 @@
NOTE: Introduced by https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233
NOTE: Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1)
CVE-2014-3985 [buffer overflow in miniupnpc]
+ RESERVED
- miniupnpc 1.6-4 (low; bug #748913)
[wheezy] - miniupnpc <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
@@ -2793,58 +2845,58 @@
RESERVED
CVE-2014-2779
RESERVED
-CVE-2014-2778
- RESERVED
-CVE-2014-2777
- RESERVED
-CVE-2014-2776
- RESERVED
-CVE-2014-2775
- RESERVED
+CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
+ TODO: check
+CVE-2014-2777 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2776 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2775 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2774
RESERVED
-CVE-2014-2773
- RESERVED
-CVE-2014-2772
- RESERVED
-CVE-2014-2771
- RESERVED
-CVE-2014-2770
- RESERVED
-CVE-2014-2769
- RESERVED
-CVE-2014-2768
- RESERVED
-CVE-2014-2767
- RESERVED
-CVE-2014-2766
- RESERVED
-CVE-2014-2765
- RESERVED
-CVE-2014-2764
- RESERVED
-CVE-2014-2763
- RESERVED
+CVE-2014-2773 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2772 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2771 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2770 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2769 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2768 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2767 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2764 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2763 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-2762
RESERVED
-CVE-2014-2761
- RESERVED
-CVE-2014-2760
- RESERVED
-CVE-2014-2759
- RESERVED
-CVE-2014-2758
- RESERVED
-CVE-2014-2757
- RESERVED
-CVE-2014-2756
- RESERVED
-CVE-2014-2755
- RESERVED
-CVE-2014-2754
- RESERVED
-CVE-2014-2753
- RESERVED
+CVE-2014-2761 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2759 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2758 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2757 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2756 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2755 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2754 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-2753 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-2752 (SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded ...)
NOT-FOR-US: SAP
CVE-2014-2751 (SAP Print and Output Management has hardcoded credentials, which makes ...)
@@ -3379,8 +3431,8 @@
NOT-FOR-US: Splunk Web
CVE-2014-2577 (Multiple cross-site scripting (XSS) vulnerabilities in the Transform ...)
NOT-FOR-US: Transform Foundation server
-CVE-2014-2575
- RESERVED
+CVE-2014-2575 (Directory traversal vulnerability in the File Manager component in ...)
+ TODO: check
CVE-2014-2574
RESERVED
CVE-2014-2570
@@ -3498,14 +3550,11 @@
RESERVED
CVE-2014-2509
RESERVED
-CVE-2014-2508
- RESERVED
+CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2507
- RESERVED
+CVE-2014-2507 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
NOT-FOR-US: EMC Documentum Content Server
-CVE-2014-2506
- RESERVED
+CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2505
RESERVED
@@ -4092,6 +4141,7 @@
[squeeze] - pen <no-dsa> (Minor issue)
[wheezy] - pen <no-dsa> (Minor issue)
CVE-2014-2386 (Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, ...)
+ {DSA-2956-1}
- icinga 1.11.0-1
CVE-2014-2325 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail ...)
NOT-FOR-US: Proxmox Mail Gateway
@@ -5148,6 +5198,7 @@
CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
- phpmyadmin 4:4.1.7-1 (unimportant)
CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...)
+ {DSA-2956-1}
- icinga 1.10.3-1
CVE-2014-1873
RESERVED
@@ -5478,8 +5529,8 @@
RESERVED
CVE-2014-1824
RESERVED
-CVE-2014-1823
- RESERVED
+CVE-2014-1823 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...)
+ TODO: check
CVE-2014-1822
RESERVED
CVE-2014-1821
@@ -5488,12 +5539,12 @@
RESERVED
CVE-2014-1819
RESERVED
-CVE-2014-1818
- RESERVED
-CVE-2014-1817
- RESERVED
-CVE-2014-1816
- RESERVED
+CVE-2014-1818 (GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
+ TODO: check
+CVE-2014-1817 (usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft ...)
+ TODO: check
+CVE-2014-1816 (Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly ...)
+ TODO: check
CVE-2014-1815 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1814
@@ -5502,8 +5553,8 @@
NOT-FOR-US: Microsoft
CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, ...)
NOT-FOR-US: Microsoft
-CVE-2014-1811
- RESERVED
+CVE-2014-1811 (The TCP implementation in Microsoft Windows Vista SP2, Windows Server ...)
+ TODO: check
CVE-2014-1810
RESERVED
CVE-2014-1809 (The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, ...)
@@ -5514,93 +5565,93 @@
NOT-FOR-US: Microsoft
CVE-2014-1806 (The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, ...)
NOT-FOR-US: Microsoft
-CVE-2014-1805
- RESERVED
-CVE-2014-1804
- RESERVED
-CVE-2014-1803
- RESERVED
-CVE-2014-1802
- RESERVED
+CVE-2014-1805 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1804 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1803 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1802 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-1801
RESERVED
-CVE-2014-1800
- RESERVED
-CVE-2014-1799
- RESERVED
+CVE-2014-1800 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-1798
RESERVED
-CVE-2014-1797
- RESERVED
-CVE-2014-1796
- RESERVED
-CVE-2014-1795
- RESERVED
-CVE-2014-1794
- RESERVED
+CVE-2014-1797 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1796 (Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers ...)
+ TODO: check
+CVE-2014-1795 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1794 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-1793
RESERVED
-CVE-2014-1792
- RESERVED
-CVE-2014-1791
- RESERVED
-CVE-2014-1790
- RESERVED
-CVE-2014-1789
- RESERVED
-CVE-2014-1788
- RESERVED
+CVE-2014-1792 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1791 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1790 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1789 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1788 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-1787
RESERVED
-CVE-2014-1786
- RESERVED
-CVE-2014-1785
- RESERVED
-CVE-2014-1784
- RESERVED
-CVE-2014-1783
- RESERVED
-CVE-2014-1782
- RESERVED
-CVE-2014-1781
- RESERVED
-CVE-2014-1780
- RESERVED
-CVE-2014-1779
- RESERVED
-CVE-2014-1778
- RESERVED
-CVE-2014-1777
- RESERVED
+CVE-2014-1786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1785 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1784 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1783 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1782 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1781 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1780 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1779 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1778 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1777 (Microsoft Internet Explorer 10 and 11 allows remote attackers to read ...)
+ TODO: check
CVE-2014-1776 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1775
- RESERVED
-CVE-2014-1774
- RESERVED
-CVE-2014-1773
- RESERVED
-CVE-2014-1772
- RESERVED
-CVE-2014-1771
- RESERVED
-CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+CVE-2014-1775 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1774 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-1773 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1772 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-1771 (SChannel in Microsoft Internet Explorer 6 through 11 does not ensure ...)
+ TODO: check
+CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1769
- RESERVED
+CVE-2014-1769 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
CVE-2014-1768
RESERVED
CVE-2014-1767
RESERVED
-CVE-2014-1766 (Unspecified vulnerability in the kernel in Microsoft Windows 8.1 ...)
+CVE-2014-1766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Windows
CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1764 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+CVE-2014-1764 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 11 allows ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 11 allows ...)
+CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
NOT-FOR-US: Microsoft Word
@@ -5857,8 +5908,7 @@
[wheezy] - otrs2 <no-dsa> (Minor issue)
[squeeze] - otrs2 <no-dsa> (Minor issue)
NOTE: https://www.otrs.com/security-advisory-2014-03-xss-issue/
-CVE-2013-7323 [Unrestricted use of unquoted strings in a shell]
- RESERVED
+CVE-2013-7323 (python-gnupg before 0.3.5 allows context-dependent attackers to ...)
{DSA-2946-1}
- python-gnupg 0.3.6-1 (bug #738509)
CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in ...)
@@ -6205,8 +6255,8 @@
RESERVED
CVE-2014-1546
RESERVED
-CVE-2014-1545
- RESERVED
+CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote ...)
+ {DSA-2955-1}
- nspr <unfixed>
- iceweasel 30.0-1
- icedove <unfixed>
@@ -6215,52 +6265,46 @@
NOTE: Only the Wheezy builds use the bundled nspr
CVE-2014-1544
RESERVED
-CVE-2014-1543
- RESERVED
+CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads ...)
- iceweasel <not-affected> (Only affects Windows 8)
- icedove <not-affected> (Only affects Windows 8)
-CVE-2014-1542
- RESERVED
+CVE-2014-1542 (Buffer overflow in the Speex resampler in the Web Audio subsystem in ...)
- iceweasel 30.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
[squeeze] - icedove <end-of-life>
-CVE-2014-1541
- RESERVED
+CVE-2014-1541 (Use-after-free vulnerability in the RefreshDriverTimer::TickDriver ...)
+ {DSA-2955-1}
- iceweasel 30.0-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1540
- RESERVED
+CVE-2014-1540 (Use-after-free vulnerability in the ...)
- iceweasel 30.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
[squeeze] - icedove <end-of-life>
-CVE-2014-1539
- RESERVED
+CVE-2014-1539 (Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do ...)
- iceweasel <not-affected> (Only affects Mac OS X)
- icedove <not-affected> (Only affects Mac OS X)
-CVE-2014-1538
- RESERVED
+CVE-2014-1538 (Use-after-free vulnerability in the nsTextEditRules::CreateMozBR ...)
+ {DSA-2955-1}
- iceweasel 30.0-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1537
- RESERVED
+CVE-2014-1537 (Use-after-free vulnerability in the ...)
- iceweasel 30.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
[squeeze] - icedove <end-of-life>
-CVE-2014-1536
- RESERVED
+CVE-2014-1536 (The PropertyProvider::FindJustificationRange function in Mozilla ...)
- iceweasel 30.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
@@ -6269,16 +6313,15 @@
[squeeze] - icedove <end-of-life>
CVE-2014-1535
RESERVED
-CVE-2014-1534
- RESERVED
+CVE-2014-1534 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel 30.0-1
- icedove <unfixed>
[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
[squeeze] - iceweasel <end-of-life>
[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
[squeeze] - icedove <end-of-life>
-CVE-2014-1533
- RESERVED
+CVE-2014-1533 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
+ {DSA-2955-1}
- iceweasel 30.0-1
- icedove <unfixed>
[squeeze] - iceweasel <end-of-life>
@@ -7371,8 +7414,8 @@
NOT-FOR-US: IBM Global Security Kit
CVE-2014-0962
RESERVED
-CVE-2014-0961
- RESERVED
+CVE-2014-0961 (Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity ...)
+ TODO: check
CVE-2014-0960
RESERVED
CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
@@ -7421,8 +7464,8 @@
RESERVED
CVE-2014-0937
RESERVED
-CVE-2014-0936
- RESERVED
+CVE-2014-0936 (IBM Security AppScan Source 8.0 through 9.0, when the ...)
+ TODO: check
CVE-2014-0935 (Unspecified vulnerability in IBM Smart Analytics System 7700 before FP ...)
TODO: check
CVE-2014-0934
@@ -7435,8 +7478,8 @@
RESERVED
CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, ...)
NOT-FOR-US: IBM AIX
-CVE-2014-0929
- RESERVED
+CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles ...)
+ TODO: check
CVE-2014-0928
RESERVED
CVE-2014-0927
@@ -8461,23 +8504,17 @@
RESERVED
CVE-2014-0537
RESERVED
-CVE-2014-0536
- RESERVED
+CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-0535
- RESERVED
+CVE-2014-0535 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-0534
- RESERVED
+CVE-2014-0534 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-0533
- RESERVED
+CVE-2014-0533 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-0532
- RESERVED
+CVE-2014-0532 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash
-CVE-2014-0531
- RESERVED
+CVE-2014-0531 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
NOT-FOR-US: Adobe Flash
CVE-2014-0530
RESERVED
@@ -9213,6 +9250,7 @@
NOTE: https://github.com/transifex/transifex-client/issues/42
NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, ...)
+ {DSA-2956-1}
- icinga 1.10.2-1 (low)
- nagios3 <unfixed> (low)
[squeeze] - nagios3 <no-dsa> (Minor issue)
@@ -9220,12 +9258,14 @@
NOTE: https://dev.icinga.org/issues/5251
NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga ...)
+ {DSA-2956-1}
- icinga 1.10.2-1 (low)
- nagios3 <unfixed> (low)
[squeeze] - nagios3 <no-dsa> (Minor issue)
[wheezy] - nagios3 <no-dsa> (Minor issue)
NOTE: https://dev.icinga.org/issues/5346
CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 ...)
+ {DSA-2956-1}
- icinga 1.10.2-1
NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7083
@@ -9863,8 +9903,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-0296
- RESERVED
+CVE-2014-0296 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
+ TODO: check
CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0294 (Microsoft Forefront Protection 2010 for Exchange Server does not ...)
@@ -9891,8 +9931,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0283 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-0282
- RESERVED
+CVE-2014-0282 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-0281 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0280 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
@@ -10052,8 +10092,7 @@
{DSA-2950-1}
- openssl 1.0.1h-1 (bug #750665)
[squeeze] - openssl 0.9.8o-4squeeze15
-CVE-2014-0220
- RESERVED
+CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote ...)
NOT-FOR-US: Cloudera Manager
CVE-2014-0219
RESERVED
@@ -11023,8 +11062,7 @@
NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6826 (cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet ...)
NOT-FOR-US: Fortinet FortiAnalyzer
-CVE-2013-6825
- RESERVED
+CVE-2013-6825 ((1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) ...)
- dcmtk <unfixed> (unimportant)
NOTE: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
NOTE: Not running with elevated privileges in Debian packaging
@@ -12717,8 +12755,7 @@
RESERVED
CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...)
NOT-FOR-US: Livezilla
-CVE-2013-6223
- RESERVED
+CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and ...)
NOT-FOR-US: Livezilla
CVE-2013-6222
RESERVED
@@ -13795,8 +13832,8 @@
NOT-FOR-US: Oracle Siebel
CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
NOT-FOR-US: Oracle Siebel
-CVE-2013-5760
- RESERVED
+CVE-2013-5760 (QNAP Photo Station before firmware 4.0.3 build0912 allows remote ...)
+ TODO: check
CVE-2013-5759
RESERVED
CVE-2013-5758
@@ -14141,7 +14178,7 @@
CVE-2013-5644
RESERVED
CVE-2013-5643
- RESERVED
+ REJECTED
CVE-2013-5640 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote ...)
NOT-FOR-US: Gnew
CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 ...)
@@ -16231,16 +16268,16 @@
- phpmyadmin 4:4.0.4.1-1
[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
-CVE-2013-4728
- RESERVED
-CVE-2013-4727
- RESERVED
+CVE-2013-4728 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
+ TODO: check
+CVE-2013-4727 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
+ TODO: check
CVE-2013-4726 (Cross-site request forgery (CSRF) vulnerability in DDSN Interactive ...)
NOT-FOR-US: Acroa CMS
-CVE-2013-4725
- RESERVED
-CVE-2013-4724
- RESERVED
+CVE-2013-4725 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
+ TODO: check
+CVE-2013-4724 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
+ TODO: check
CVE-2013-4723 (Open redirect vulnerability in DDSN Interactive cm3 Acora CMS ...)
NOT-FOR-US: Acora CMS
CVE-2013-4722 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -16552,16 +16589,16 @@
RESERVED
CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
NOT-FOR-US: Alkacon OpenCms
-CVE-2013-4599
- RESERVED
+CVE-2013-4599 (The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 ...)
+ TODO: check
CVE-2013-4598 (The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for ...)
NOT-FOR-US: Drupal module GCC
-CVE-2013-4597
- RESERVED
+CVE-2013-4597 (The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not ...)
+ TODO: check
CVE-2013-4596 (The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not ...)
TODO: check
-CVE-2013-4595
- RESERVED
+CVE-2013-4595 (The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not ...)
+ TODO: check
CVE-2013-4594
RESERVED
CVE-2013-4593
@@ -20658,10 +20695,10 @@
NOT-FOR-US: Belkin router
CVE-2013-3083
RESERVED
-CVE-2013-3082
- RESERVED
-CVE-2013-3081
- RESERVED
+CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in ...)
+ TODO: check
CVE-2013-3080 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows ...)
NOT-FOR-US: vCenter
CVE-2013-3079 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows ...)
@@ -21866,8 +21903,8 @@
RESERVED
CVE-2013-2603
RESERVED
-CVE-2013-2602
- RESERVED
+CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX ...)
+ TODO: check
CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 ...)
NOT-FOR-US: Citrix XenClient XT
CVE-2013-2600 [MiniUPnPd information disclosure]
@@ -22010,14 +22047,11 @@
CVE-2013-2565
RESERVED
NOT-FOR-US: Mambo CMS
-CVE-2013-2564
- RESERVED
+CVE-2013-2564 (Mambo CMS 4.6.5 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Mambo CMS
-CVE-2013-2563
- RESERVED
+CVE-2013-2563 (Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, ...)
NOT-FOR-US: Mambo CMS
-CVE-2013-2562
- RESERVED
+CVE-2013-2562 (Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the ...)
NOT-FOR-US: Mambo CMS
CVE-2013-2561 (OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary ...)
- ibutils <unfixed> (low; bug #704063)
@@ -23811,8 +23845,7 @@
RESERVED
CVE-2013-1974
RESERVED
-CVE-2013-1973
- RESERVED
+CVE-2013-1973 (The autocomplete callback in Autocomplete Widgets for Text and Number ...)
NOT-FOR-US: Drupal contributed module
CVE-2013-1972 (Cross-site request forgery (CSRF) vulnerability in the elFinder file ...)
NOT-FOR-US: Drupal contributed module
@@ -24525,8 +24558,8 @@
NOT-FOR-US: WordPress plugin marekkis-watermark
CVE-2013-1757
RESERVED
-CVE-2013-1756
- RESERVED
+CVE-2013-1756 (The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, ...)
+ TODO: check
CVE-2013-1755
RESERVED
CVE-2013-1754
@@ -29160,8 +29193,7 @@
CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through ...)
- latd 1.31 (low; bug #699625)
[squeeze] - latd <no-dsa> (Minor issue)
-CVE-2013-0250 [corosync: Remote DoS due improper HMAC initialization]
- RESERVED
+CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 ...)
- corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615)
NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407
NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1
@@ -31804,8 +31836,7 @@
NOT-FOR-US: Drupal Mixpanel module
CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does ...)
NOT-FOR-US: Drupal Table of Contents module
-CVE-2012-5583 [phpcas curl usage]
- RESERVED
+CVE-2012-5583 (phpCAS before 1.3.2 does not verify that the server hostname matches a ...)
- php-cas 1.3.1-2
- moodle 2.2.7.dfsg-1
[squeeze] - moodle <no-dsa> (Minor issue)
@@ -32310,8 +32341,7 @@
CVE-2012-5391 (Session fixation vulnerability in Special:UserLogin in MediaWiki ...)
- mediawiki 1:1.19.3-1 (bug #694998)
[squeeze] - mediawiki 1:1.15.5-2squeeze5
-CVE-2012-5390 [Possible privilege escalation]
- RESERVED
+CVE-2012-5390 (The standard universe shadow (condor_shadow.std) component in Condor ...)
- condor <not-affected> (standard universe is disabled in the Debian package, see bug #697936)
NOTE: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html
CVE-2012-5389
@@ -61661,8 +61691,7 @@
CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb ...)
{DSA-2563-1}
- viewvc 1.1.5-1.3 (bug #671482)
-CVE-2009-5023 [fail2ban: Insecure creating/writing to tmpfile]
- RESERVED
+CVE-2009-5023 (The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, ...)
- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
[lenny] - fail2ban <no-dsa> (Minor issue)
[squeeze] - fail2ban 0.8.4-3+squeeze1
More information about the Secure-testing-commits
mailing list