[Secure-testing-commits] r26123 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri Mar 14 21:14:14 UTC 2014
Author: joeyh
Date: 2014-03-14 21:14:14 +0000 (Fri, 14 Mar 2014)
New Revision: 26123
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-14 14:23:19 UTC (rev 26122)
+++ data/CVE/list 2014-03-14 21:14:14 UTC (rev 26123)
@@ -1,3 +1,357 @@
+CVE-2014-2496
+ RESERVED
+CVE-2014-2495
+ RESERVED
+CVE-2014-2494
+ RESERVED
+CVE-2014-2493
+ RESERVED
+CVE-2014-2492
+ RESERVED
+CVE-2014-2491
+ RESERVED
+CVE-2014-2490
+ RESERVED
+CVE-2014-2489
+ RESERVED
+CVE-2014-2488
+ RESERVED
+CVE-2014-2487
+ RESERVED
+CVE-2014-2486
+ RESERVED
+CVE-2014-2485
+ RESERVED
+CVE-2014-2484
+ RESERVED
+CVE-2014-2483
+ RESERVED
+CVE-2014-2482
+ RESERVED
+CVE-2014-2481
+ RESERVED
+CVE-2014-2480
+ RESERVED
+CVE-2014-2479
+ RESERVED
+CVE-2014-2478
+ RESERVED
+CVE-2014-2477
+ RESERVED
+CVE-2014-2476
+ RESERVED
+CVE-2014-2475
+ RESERVED
+CVE-2014-2474
+ RESERVED
+CVE-2014-2473
+ RESERVED
+CVE-2014-2472
+ RESERVED
+CVE-2014-2471
+ RESERVED
+CVE-2014-2470
+ RESERVED
+CVE-2014-2469
+ RESERVED
+CVE-2014-2468
+ RESERVED
+CVE-2014-2467
+ RESERVED
+CVE-2014-2466
+ RESERVED
+CVE-2014-2465
+ RESERVED
+CVE-2014-2464
+ RESERVED
+CVE-2014-2463
+ RESERVED
+CVE-2014-2462
+ RESERVED
+CVE-2014-2461
+ RESERVED
+CVE-2014-2460
+ RESERVED
+CVE-2014-2459
+ RESERVED
+CVE-2014-2458
+ RESERVED
+CVE-2014-2457
+ RESERVED
+CVE-2014-2456
+ RESERVED
+CVE-2014-2455
+ RESERVED
+CVE-2014-2454
+ RESERVED
+CVE-2014-2453
+ RESERVED
+CVE-2014-2452
+ RESERVED
+CVE-2014-2451
+ RESERVED
+CVE-2014-2450
+ RESERVED
+CVE-2014-2449
+ RESERVED
+CVE-2014-2448
+ RESERVED
+CVE-2014-2447
+ RESERVED
+CVE-2014-2446
+ RESERVED
+CVE-2014-2445
+ RESERVED
+CVE-2014-2444
+ RESERVED
+CVE-2014-2443
+ RESERVED
+CVE-2014-2442
+ RESERVED
+CVE-2014-2441
+ RESERVED
+CVE-2014-2440
+ RESERVED
+CVE-2014-2439
+ RESERVED
+CVE-2014-2438
+ RESERVED
+CVE-2014-2437
+ RESERVED
+CVE-2014-2436
+ RESERVED
+CVE-2014-2435
+ RESERVED
+CVE-2014-2434
+ RESERVED
+CVE-2014-2433
+ RESERVED
+CVE-2014-2432
+ RESERVED
+CVE-2014-2431
+ RESERVED
+CVE-2014-2430
+ RESERVED
+CVE-2014-2429
+ RESERVED
+CVE-2014-2428
+ RESERVED
+CVE-2014-2427
+ RESERVED
+CVE-2014-2426
+ RESERVED
+CVE-2014-2425
+ RESERVED
+CVE-2014-2424
+ RESERVED
+CVE-2014-2423
+ RESERVED
+CVE-2014-2422
+ RESERVED
+CVE-2014-2421
+ RESERVED
+CVE-2014-2420
+ RESERVED
+CVE-2014-2419
+ RESERVED
+CVE-2014-2418
+ RESERVED
+CVE-2014-2417
+ RESERVED
+CVE-2014-2416
+ RESERVED
+CVE-2014-2415
+ RESERVED
+CVE-2014-2414
+ RESERVED
+CVE-2014-2413
+ RESERVED
+CVE-2014-2412
+ RESERVED
+CVE-2014-2411
+ RESERVED
+CVE-2014-2410
+ RESERVED
+CVE-2014-2409
+ RESERVED
+CVE-2014-2408
+ RESERVED
+CVE-2014-2407
+ RESERVED
+CVE-2014-2406
+ RESERVED
+CVE-2014-2405
+ RESERVED
+CVE-2014-2404
+ RESERVED
+CVE-2014-2403
+ RESERVED
+CVE-2014-2402
+ RESERVED
+CVE-2014-2401
+ RESERVED
+CVE-2014-2400
+ RESERVED
+CVE-2014-2399
+ RESERVED
+CVE-2014-2398
+ RESERVED
+CVE-2014-2397
+ RESERVED
+CVE-2014-2396
+ RESERVED
+CVE-2014-2395
+ RESERVED
+CVE-2014-2394
+ RESERVED
+CVE-2014-2393
+ RESERVED
+CVE-2014-2392
+ RESERVED
+CVE-2014-2391
+ RESERVED
+CVE-2014-2390
+ RESERVED
+CVE-2014-2389
+ RESERVED
+CVE-2014-2388
+ RESERVED
+CVE-2014-2385
+ RESERVED
+CVE-2014-2384
+ RESERVED
+CVE-2014-2383
+ RESERVED
+CVE-2014-2382
+ RESERVED
+CVE-2014-2381
+ RESERVED
+CVE-2014-2380
+ RESERVED
+CVE-2014-2379
+ RESERVED
+CVE-2014-2378
+ RESERVED
+CVE-2014-2377
+ RESERVED
+CVE-2014-2376
+ RESERVED
+CVE-2014-2375
+ RESERVED
+CVE-2014-2374
+ RESERVED
+CVE-2014-2373
+ RESERVED
+CVE-2014-2372
+ RESERVED
+CVE-2014-2371
+ RESERVED
+CVE-2014-2370
+ RESERVED
+CVE-2014-2369
+ RESERVED
+CVE-2014-2368
+ RESERVED
+CVE-2014-2367
+ RESERVED
+CVE-2014-2366
+ RESERVED
+CVE-2014-2365
+ RESERVED
+CVE-2014-2364
+ RESERVED
+CVE-2014-2363
+ RESERVED
+CVE-2014-2362
+ RESERVED
+CVE-2014-2361
+ RESERVED
+CVE-2014-2360
+ RESERVED
+CVE-2014-2359
+ RESERVED
+CVE-2014-2358
+ RESERVED
+CVE-2014-2357
+ RESERVED
+CVE-2014-2356
+ RESERVED
+CVE-2014-2355
+ RESERVED
+CVE-2014-2354
+ RESERVED
+CVE-2014-2353
+ RESERVED
+CVE-2014-2352
+ RESERVED
+CVE-2014-2351
+ RESERVED
+CVE-2014-2350
+ RESERVED
+CVE-2014-2349
+ RESERVED
+CVE-2014-2348
+ RESERVED
+CVE-2014-2347
+ RESERVED
+CVE-2014-2346
+ RESERVED
+CVE-2014-2345
+ RESERVED
+CVE-2014-2344
+ RESERVED
+CVE-2014-2343
+ RESERVED
+CVE-2014-2342
+ RESERVED
+CVE-2014-2341
+ RESERVED
+CVE-2014-2340
+ RESERVED
+CVE-2014-2339
+ RESERVED
+CVE-2014-2338
+ RESERVED
+CVE-2014-2337
+ RESERVED
+CVE-2014-2336
+ RESERVED
+CVE-2014-2335
+ RESERVED
+CVE-2014-2334
+ RESERVED
+CVE-2014-2333
+ RESERVED
+CVE-2014-2332
+ RESERVED
+CVE-2014-2331
+ RESERVED
+CVE-2014-2330
+ RESERVED
+CVE-2014-2329
+ RESERVED
+CVE-2014-2328
+ RESERVED
+CVE-2014-2327
+ RESERVED
+CVE-2014-2326
+ RESERVED
+CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
+ TODO: check
+CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
+ TODO: check
+CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search ...)
+ TODO: check
+CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You ...)
+ TODO: check
+CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in ...)
+ TODO: check
+CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
+ TODO: check
+CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x ...)
+ TODO: check
+CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
+ TODO: check
CVE-2014-XXXX [claws-mail vcalendar plugin stores user/password in cleartext]
- claws-mail <unfixed> (unimportant)
NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099
@@ -3,31 +357,37 @@
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12338
CVE-2014-2387 [pen: insecure temporary filename]
+ RESERVED
- pen <unfixed> (low; bug #741370)
[squeeze] - pen <no-dsa> (Minor issue)
[wheezy] - pen <no-dsa> (Minor issue)
CVE-2014-2386 [icinga: small buffer overflows when checking strlen against MAX_INPUT_BUFFER]
+ RESERVED
- icinga 1.11.0-1
CVE-2014-2325
+ RESERVED
NOT-FOR-US: Proxmox Mail Gateway
CVE-2014-2324
+ RESERVED
{DSA-2877-1}
- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2323
+ RESERVED
{DSA-2877-1}
- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2322
+ RESERVED
NOT-FOR-US: Ruby Gem Arabic Prawn
-CVE-2014-2321
+CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote ...)
TODO: check
CVE-2014-2320
+ RESERVED
TODO: check
-CVE-2014-2319 [unknown vendor: use of "legacy" ZIP encryption even when AES is requested]
+CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 ...)
NOTE: Non issue
NOTE: http://seclists.org/oss-sec/2014/q1/550
CVE-2014-2312 [thermald: insecure tmp file]
RESERVED
- thermald <not-affected> (android_main.cpp not used for Debian build)
-CVE-2014-2311
- RESERVED
+CVE-2014-2311 (SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 ...)
NOT-FOR-US: MODx Revolution
CVE-2014-2308
@@ -49,8 +409,7 @@
RESERVED
CVE-2014-2300
RESERVED
-CVE-2014-2299 [buffer overflow in MPEG file parser (wnpa-sec-2014-04)]
- RESERVED
+CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the ...)
{DSA-2871-1}
- wireshark 1.10.6-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843
@@ -85,22 +444,19 @@
CVE-2014-2286
RESERVED
- asterisk 1:11.8.1~dfsg-1 (bug #741313)
-CVE-2014-2283 [RLC dissector crash (wnpa-sec-2014-03)]
- RESERVED
+CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...)
{DSA-2871-1}
- wireshark 1.10.6-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-03.html
-CVE-2014-2282 [M3UA dissector crash (wnpa-sec-2014-02)]
- RESERVED
+CVE-2014-2282 (The dissect_protocol_data_parameter function in ...)
- wireshark 1.10.6-1
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-02.html
-CVE-2014-2281 [NFS dissector crash (wnpa-sec-2014-01)]
- RESERVED
+CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c ...)
{DSA-2871-1}
- wireshark 1.10.6-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
@@ -108,8 +464,7 @@
NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html
CVE-2013-7333
RESERVED
-CVE-2014-2309 [IPv6: crash due to router advertisement flooding]
- RESERVED
+CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel ...)
- linux <unfixed>
- linux-2.6 <not-affected> (Introduced in v3.0)
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0
@@ -153,8 +508,8 @@
RESERVED
CVE-2014-2266
RESERVED
-CVE-2014-2265
- RESERVED
+CVE-2014-2265 (Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to ...)
+ TODO: check
CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
NOT-FOR-US: Synology DiskStation Manager
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
@@ -201,8 +556,7 @@
[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
NOTE: https://savannah.nongnu.org/bugs/?41697#comment2 if I understood it right
-CVE-2014-2240
- RESERVED
+CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in ...)
- freetype <unfixed> (bug #741299)
[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
@@ -698,8 +1052,7 @@
CVE-2014-2044 [owncloud: autenticated remote code execution]
RESERVED
- owncloud <not-affected> (Windows-specific)
-CVE-2014-2043
- RESERVED
+CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
NOT-FOR-US: Procentia IntelliPen
CVE-2014-2042
RESERVED
@@ -871,10 +1224,9 @@
RESERVED
CVE-2014-1946
RESERVED
-CVE-2014-1945
- RESERVED
-CVE-2014-1944
- RESERVED
+CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
+ TODO: check
+CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)
NOT-FOR-US: Ilch CMS
CVE-2014-1942
RESERVED
@@ -1073,8 +1425,7 @@
NOT-FOR-US: Apache Cordova
CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
NOT-FOR-US: Android
-CVE-2013-7322 [OTP token invalidation]
- RESERVED
+CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly ...)
- oath-toolkit <unfixed> (low; bug #738515)
[wheezy] - oath-toolkit <no-dsa> (Minor issue)
NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
@@ -1251,8 +1602,7 @@
- python3.4 <unfixed> (low)
NOTE: http://bugs.python.org/issue20246
NOTE: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
-CVE-2014-1877 [Multiple Stored XSS]
- RESERVED
+CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 ...)
NOT-FOR-US: Dokeos
CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in ...)
- openjdk-7 <unfixed> (low; bug #737562)
@@ -1297,13 +1647,11 @@
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
-CVE-2014-1839
- RESERVED
+CVE-2014-1839 (The Execute class in shellutils in logilab-commons before 0.61.0 uses ...)
- logilab-common 0.61.0-1 (low; bug #737051)
[squeeze] - logilab-common <no-dsa> (Minor issue)
[wheezy] - logilab-common <no-dsa> (Minor issue)
-CVE-2014-1838
- RESERVED
+CVE-2014-1838 (The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py ...)
- logilab-common 0.61.0-1 (low; bug #737051)
[squeeze] - logilab-common <no-dsa> (Minor issue)
[wheezy] - logilab-common <no-dsa> (Minor issue)
@@ -1874,8 +2222,8 @@
RESERVED
CVE-2014-1600
RESERVED
-CVE-2014-1599
- RESERVED
+CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box ...)
+ TODO: check
CVE-2014-1598
RESERVED
CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics ...)
@@ -2632,63 +2980,62 @@
RESERVED
CVE-2014-1295
RESERVED
-CVE-2014-1294
- RESERVED
-CVE-2014-1293
- RESERVED
-CVE-2014-1292
- RESERVED
-CVE-2014-1291
- RESERVED
-CVE-2014-1290
- RESERVED
-CVE-2014-1289
- RESERVED
+CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+ TODO: check
+CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+ TODO: check
+CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+ TODO: check
+CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+ TODO: check
+CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+ TODO: check
+CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
+ TODO: check
CVE-2014-1288
RESERVED
-CVE-2014-1287
- RESERVED
-CVE-2014-1286
- RESERVED
-CVE-2014-1285
- RESERVED
+CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
+ TODO: check
+CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote ...)
+ TODO: check
+CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate ...)
+ TODO: check
CVE-2014-1284
- RESERVED
+ REJECTED
CVE-2014-1283
RESERVED
-CVE-2014-1282
- RESERVED
-CVE-2014-1281
- RESERVED
-CVE-2014-1280
- RESERVED
-CVE-2014-1279
- RESERVED
+CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...)
+ TODO: check
+CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the ...)
+ TODO: check
+CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
+ TODO: check
+CVE-2014-1279 (Apple TV before 6.1 does not properly restrict logging, which allows ...)
NOT-FOR-US: Apple TV
-CVE-2014-1278
- RESERVED
+CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 ...)
+ TODO: check
CVE-2014-1277
- RESERVED
-CVE-2014-1276
- RESERVED
-CVE-2014-1275
- RESERVED
-CVE-2014-1274
- RESERVED
-CVE-2014-1273
- RESERVED
-CVE-2014-1272
- RESERVED
-CVE-2014-1271
- RESERVED
+ REJECTED
+CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct ...)
+ TODO: check
+CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before ...)
+ TODO: check
+CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers ...)
+ TODO: check
+CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers ...)
+ TODO: check
+CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple ...)
+ TODO: check
+CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not ...)
+ TODO: check
CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2014-1267
- RESERVED
+CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple ...)
+ TODO: check
CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
NOT-FOR-US: Apple
CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X ...)
@@ -3116,8 +3463,8 @@
RESERVED
CVE-2014-0900
RESERVED
-CVE-2014-0899
- RESERVED
+CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a ...)
+ TODO: check
CVE-2014-0898
RESERVED
CVE-2014-0897
@@ -3410,18 +3757,18 @@
RESERVED
CVE-2014-0785
RESERVED
-CVE-2014-0784
- RESERVED
-CVE-2014-0783
- RESERVED
+CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...)
+ TODO: check
+CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 ...)
+ TODO: check
CVE-2014-0782
RESERVED
-CVE-2014-0781
- RESERVED
+CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
+ TODO: check
CVE-2014-0780
RESERVED
-CVE-2014-0779
- RESERVED
+CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 ...)
+ TODO: check
CVE-2014-0778
RESERVED
CVE-2014-0777
@@ -3591,8 +3938,8 @@
RESERVED
CVE-2014-0695
RESERVED
-CVE-2014-0694
- RESERVED
+CVE-2014-0694 (Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and ...)
+ TODO: check
CVE-2014-0693
RESERVED
CVE-2014-0692
@@ -4131,13 +4478,11 @@
RESERVED
CVE-2014-0506
RESERVED
-CVE-2014-0505
- RESERVED
-CVE-2014-0504
- RESERVED
+CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0503
- RESERVED
+CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
NOT-FOR-US: Flash plugin
CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 ...)
NOT-FOR-US: Flash plugin
@@ -5302,20 +5647,20 @@
RESERVED
CVE-2013-6945 (The M2M Broker in OSEHRA VistA, as distributed before September 30, ...)
- vista <itp> (bug #541242)
-CVE-2013-6944
- RESERVED
-CVE-2013-6943
- RESERVED
-CVE-2013-6942
- RESERVED
-CVE-2013-6941
- RESERVED
-CVE-2013-6940
- RESERVED
-CVE-2013-6939
- RESERVED
-CVE-2013-6938
- RESERVED
+CVE-2013-6944 (Cross-site scripting (XSS) vulnerability in the user interface in the ...)
+ TODO: check
+CVE-2013-6943 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
+ TODO: check
+CVE-2013-6942 (Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler ...)
+ TODO: check
+CVE-2013-6941 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
+ TODO: check
+CVE-2013-6940 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
+ TODO: check
+CVE-2013-6939 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
+ TODO: check
+CVE-2013-6938 (Unspecified vulnerability in the Service VM in Citrix NetScaler SDX ...)
+ TODO: check
CVE-2013-6937 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
NOT-FOR-US: VideoCharge
CVE-2013-6936 (Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum ...)
@@ -5364,62 +5709,62 @@
- lucene-solr <unfixed> (bug #731113)
CVE-2014-0325
RESERVED
-CVE-2014-0324
- RESERVED
-CVE-2014-0323
- RESERVED
+CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
NOT-FOR-US: Microsoft Internet Explorer 10
-CVE-2014-0321
- RESERVED
+CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-0320
RESERVED
-CVE-2014-0319
- RESERVED
+CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...)
+ TODO: check
CVE-2014-0318
RESERVED
-CVE-2014-0317
- RESERVED
+CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in ...)
+ TODO: check
CVE-2014-0316
RESERVED
CVE-2014-0315
RESERVED
-CVE-2014-0314
- RESERVED
-CVE-2014-0313
- RESERVED
-CVE-2014-0312
- RESERVED
-CVE-2014-0311
- RESERVED
+CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-0310
RESERVED
-CVE-2014-0309
- RESERVED
-CVE-2014-0308
- RESERVED
-CVE-2014-0307
- RESERVED
-CVE-2014-0306
- RESERVED
-CVE-2014-0305
- RESERVED
-CVE-2014-0304
- RESERVED
-CVE-2014-0303
- RESERVED
-CVE-2014-0302
- RESERVED
-CVE-2014-0301
- RESERVED
-CVE-2014-0300
- RESERVED
-CVE-2014-0299
- RESERVED
-CVE-2014-0298
- RESERVED
-CVE-2014-0297
- RESERVED
+CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0307 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
+ TODO: check
+CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft ...)
+ TODO: check
+CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
+CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
+ TODO: check
+CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-0296
RESERVED
CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not ...)
@@ -5808,8 +6153,7 @@
RESERVED
CVE-2014-0107
RESERVED
-CVE-2014-0106
- RESERVED
+CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...)
- sudo 1.8.5p2-1 (low)
[squeeze] - sudo <no-dsa> (environment sanitising is enabled by default and turning it off in insecure anyway)
NOTE: http://www.sudo.ws/sudo/alerts/env_add.html
@@ -5819,21 +6163,18 @@
RESERVED
CVE-2014-0103
RESERVED
-CVE-2014-0102
- RESERVED
+CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyring.c ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in v3.13)
- linux-2.6 <not-affected> (Introduced in v3.13)
NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
NOTE: patch: http://www.kernelhub.org/?msg=425013&p=2
-CVE-2014-0101
- RESERVED
+CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e
NOTE: http://patchwork.ozlabs.org/patch/325898/
-CVE-2014-0100
- RESERVED
+CVE-2014-0100 (Race condition in the inet_frag_intern function in ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in v3.9)
- linux-2.6 <not-affected> (Introduced in v3.9)
@@ -5850,8 +6191,7 @@
RESERVED
CVE-2014-0095
RESERVED
-CVE-2014-0094 [ClassLoader manipulation via request parameters]
- RESERVED
+CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.1 allows ...)
- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
CVE-2014-0093
RESERVED
@@ -6019,8 +6359,7 @@
- tomcat6 <not-affected> (access to Manager application limited to authenticated administrators)
NOTE: http://svn.apache.org/viewvc?view=revision&revision=1565169
NOTE: CVE might be splitted
-CVE-2014-0049
- RESERVED
+CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.5)
- linux-2.6 <not-affected> (Introduced in 3.5)
@@ -6157,8 +6496,7 @@
- swift 1.11.0-2 (bug #735582)
CVE-2014-0005
RESERVED
-CVE-2014-0004
- RESERVED
+CVE-2014-0004 (Stack-based buffer overflow in udisks before 1.0.5 and 2.x before ...)
{DSA-2872-1}
- udisks2 2.1.3-1
- udisks 1.0.5-1
@@ -6349,8 +6687,7 @@
[squeeze] - gnumeric <no-dsa> (Minor issue)
NOTE: https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=712772
-CVE-2013-6835
- RESERVED
+CVE-2013-6835 (TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, ...)
NOT-FOR-US: iOS
CVE-2013-6834 (The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in ...)
- kfreebsd-9 <not-affected> (Only affects 10.x)
@@ -7406,8 +7743,7 @@
NOTE: Fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
CVE-2013-6443 (CloudForms 3.0 Management Engine before 5.2.1.6 allows remote ...)
NOT-FOR-US: RedHat CloudForms Management Engine
-CVE-2013-6442
- RESERVED
+CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before ...)
- samba <unfixed> (low)
[squeeze] - samba <not-affected> (Only affects 4.x and later)
[wheezy] - samba <not-affected> (Only affects 4.x and later)
@@ -8000,11 +8336,9 @@
CVE-2013-6234
RESERVED
NOT-FOR-US: SpagoBI
-CVE-2013-6233
- RESERVED
+CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
NOT-FOR-US: SpagoBI
-CVE-2013-6232
- RESERVED
+CVE-2013-6232 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
NOT-FOR-US: SpagoBI
CVE-2013-6231
RESERVED
@@ -8054,16 +8388,16 @@
CVE-2013-6210
RESERVED
NOT-FOR-US: HP Unified Functional Testing
-CVE-2013-6209
- RESERVED
+CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP ...)
+ TODO: check
CVE-2013-6208
RESERVED
-CVE-2013-6207
- RESERVED
-CVE-2013-6206
- RESERVED
-CVE-2013-6205
- RESERVED
+CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...)
+ TODO: check
+CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
+ TODO: check
+CVE-2013-6205 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
+ TODO: check
CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP ...)
NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP ...)
@@ -8072,8 +8406,7 @@
NOT-FOR-US: HP Service Manager
CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, ...)
NOT-FOR-US: HP Security Management System
-CVE-2013-6200
- RESERVED
+CVE-2013-6200 (Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows ...)
NOT-FOR-US: HP-UX
CVE-2013-6199
RESERVED
@@ -8097,8 +8430,8 @@
RESERVED
CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP ...)
NOT-FOR-US: HP Application Information Optimizer
-CVE-2013-6188
- RESERVED
+CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
+ TODO: check
CVE-2013-6187
REJECTED
CVE-2013-6186
@@ -8434,8 +8767,8 @@
NOT-FOR-US: NagiosQL
CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 ...)
NOT-FOR-US: Trimble SketchUp Viewer
-CVE-2013-6037
- RESERVED
+CVE-2013-6037 (Cross-site scripting (XSS) vulnerability in index.php in Aker Secure ...)
+ TODO: check
CVE-2013-6036
RESERVED
CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
@@ -8446,8 +8779,8 @@
NOT-FOR-US: Lexmark
CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...)
NOT-FOR-US: Lexmark
-CVE-2013-6031
- RESERVED
+CVE-2013-6031 (The Huawei E355 adapter with firmware 21.157.37.01.910 does not ...)
+ TODO: check
CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
NOT-FOR-US: Emerson Network Power
CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant ...)
@@ -9449,8 +9782,7 @@
CVE-2013-5640
RESERVED
NOT-FOR-US: Gnew
-CVE-2013-5639
- RESERVED
+CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 ...)
NOT-FOR-US: Gnew
CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile ...)
- libdigidoc <itp> (bug #658300)
@@ -10637,8 +10969,8 @@
NOT-FOR-US: Apple Mac OS X
CVE-2013-5134
REJECTED
-CVE-2013-5133
- RESERVED
+CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, ...)
+ TODO: check
CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly ...)
NOT-FOR-US: Apple AirPort
CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
@@ -10674,8 +11006,8 @@
NOT-FOR-US: Zimbra Collaboration Suite
CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ...)
NOT-FOR-US: Good for Enterprise app for iOS
-CVE-2013-5117
- RESERVED
+CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in ...)
+ TODO: check
CVE-2013-5116
RESERVED
CVE-2013-5115
@@ -10956,8 +11288,7 @@
NOT-FOR-US: RealPlayer
CVE-2013-4972
RESERVED
-CVE-2013-4971
- RESERVED
+CVE-2013-4971 (Puppet Enterprise before 3.2.0 does not properly restrict access to ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4970
RESERVED
@@ -10970,8 +11301,7 @@
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to obtain the ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2013-4966
- RESERVED
+CVE-2013-4966 (The master external node classification script in Puppet Enterprise ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4965 (Puppet Enterprise before 3.1.0 does not properly restrict the number ...)
NOT-FOR-US: Puppet Enterprise
@@ -11285,8 +11615,8 @@
RESERVED
CVE-2013-4847
RESERVED
-CVE-2013-4846
- RESERVED
+CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
+ TODO: check
CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka ...)
NOT-FOR-US: HP Officejet Pro
CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, ...)
@@ -11735,8 +12065,8 @@
- mongodb 1:2.4.5-1 (bug #715007)
[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
-CVE-2013-4649
- RESERVED
+CVE-2013-4649 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
+ TODO: check
CVE-2013-4648
RESERVED
CVE-2013-4647
@@ -12261,8 +12591,7 @@
NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
NOTE: https://bugs.launchpad.net/nova/+bug/1202266
NOTE: https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
-CVE-2013-4496
- RESERVED
+CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 ...)
- samba <unfixed> (low)
[wheezy] - samba <no-dsa> (Minor issue)
[squeeze] - samba <no-dsa> (Minor issue)
@@ -12370,8 +12699,7 @@
CVE-2013-4468
RESERVED
NOT-FOR-US: VICIDIAL
-CVE-2013-4467
- RESERVED
+CVE-2013-4467 (Multiple SQL injection vulnerabilities in the agent interface (agc/) ...)
NOT-FOR-US: VICIDIAL
CVE-2013-4466 (Buffer overflow in the dane_query_tlsa function in the DANE library ...)
- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
@@ -12471,8 +12799,7 @@
- dropbear 2012.55-1.4 (low; bug #726118)
[squeeze] - dropbear <no-dsa> (Minor issue)
[wheezy] - dropbear <no-dsa> (Minor issue)
-CVE-2013-4433 [xhprof: unspecified XSS]
- RESERVED
+CVE-2013-4433 (Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows ...)
- xhprof 0.9.4-1 (bug #726284)
CVE-2013-4432 [a group member with no access rights to folder can still view it]
RESERVED
@@ -12538,8 +12865,7 @@
NOT-FOR-US: Red Hat Satellite
CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
NOT-FOR-US: Cumin
-CVE-2013-4413 [arbitrary files read]
- RESERVED
+CVE-2013-4413 (Directory traversal vulnerability in ...)
NOT-FOR-US: Wicked Ruby Gem
CVE-2013-4412 [NULL ptr dereference]
RESERVED
@@ -13298,41 +13624,29 @@
NOT-FOR-US: Katello
CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone ...)
NOT-FOR-US: Plone
-CVE-2013-4199 [plone: DoS by decompressing large zip archives (cb_decode.py, linkintegrity.py)]
- RESERVED
+CVE-2013-4199 ((1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, ...)
NOT-FOR-US: Plone
-CVE-2013-4198 [plone: Authenticated users able to alter their password despite of policy definition / setting prohibiting it (mail_password.py)]
- RESERVED
+CVE-2013-4198 (mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
NOT-FOR-US: Plone
-CVE-2013-4197 [plone: Authenticated users able to modify / delete portraits of other users (member_portrait.py)]
- RESERVED
+CVE-2013-4197 (member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
NOT-FOR-US: Plone
-CVE-2013-4196 [plone: Multiple information exposure flaws via certain object methods (objectmanager.py)]
- RESERVED
+CVE-2013-4196 (The object manager implementation (objectmanager.py) in Plone 2.1 ...)
NOT-FOR-US: Plone
-CVE-2013-4195 [plone: Open redirect in the HTTP server implementation (marmoset_patch.py, publish.py, principiaredirect.py)]
- RESERVED
+CVE-2013-4195 (Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) ...)
NOT-FOR-US: Plone
-CVE-2013-4194 [plone: File system path exposure (wysiwyg.py)]
- RESERVED
+CVE-2013-4194 (The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x ...)
NOT-FOR-US: Plone
-CVE-2013-4193 [plone: Anonymous users capable to hide certain fields from content edit forms (typeswidget.py)]
- RESERVED
+CVE-2013-4193 (typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
NOT-FOR-US: Plone
-CVE-2013-4192 [plone: Ability to spoof emails (sendto.py)]
- RESERVED
+CVE-2013-4192 (sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
NOT-FOR-US: Plone
-CVE-2013-4191 [plone: Information exposure due improper access control enforcement when generating zip archives (zip.py)]
- RESERVED
+CVE-2013-4191 (zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
NOT-FOR-US: Plone
-CVE-2013-4190 [plone: Multiple cross-site scripting (XSS) flaws (spamProtect.py, pts.py, request.py)]
- RESERVED
+CVE-2013-4190 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Plone
-CVE-2013-4189 [plone: Privilege escalation due improper authorization (dataitems.py, get.py, traverseName.py)]
- RESERVED
+CVE-2013-4189 (Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, ...)
NOT-FOR-US: Plone
-CVE-2013-4188 [plone: DoS (infinite loop) by administrator privilege users when retrieving information for certain resources (traverser.py)]
- RESERVED
+CVE-2013-4188 (traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
NOT-FOR-US: Plone
CVE-2013-4187 [Access Bypass]
RESERVED
@@ -13970,8 +14284,8 @@
NOT-FOR-US: Grandstream
CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, ...)
NOT-FOR-US: Grandstream
-CVE-2013-3961
- RESERVED
+CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda ...)
+ TODO: check
CVE-2013-3960
RESERVED
CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in ...)
@@ -14006,8 +14320,8 @@
RESERVED
CVE-2013-3944
RESERVED
-CVE-2013-3943
- RESERVED
+CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
+ TODO: check
CVE-2013-3942
RESERVED
CVE-2013-3941
@@ -14036,8 +14350,8 @@
RESERVED
CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
NOT-FOR-US: CMS Made Simple
-CVE-2013-3928
- RESERVED
+CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...)
+ TODO: check
CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
NOT-FOR-US: Siemens COMOS
CVE-2013-3926 (** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to ...)
@@ -14493,14 +14807,11 @@
RESERVED
CVE-2013-3730
RESERVED
-CVE-2013-3729
- RESERVED
+CVE-2013-3729 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler ...)
NOT-FOR-US: Kasseler CMS
-CVE-2013-3728
- RESERVED
+CVE-2013-3728 (Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 ...)
NOT-FOR-US: Kasseler CMS
-CVE-2013-3727
- RESERVED
+CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows ...)
NOT-FOR-US: Kasseler CMS
CVE-2013-3726
REJECTED
@@ -16805,8 +17116,8 @@
NOT-FOR-US: CloudStack
CVE-2013-2755
RESERVED
-CVE-2013-2754
- RESERVED
+CVE-2013-2754 (Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS ...)
+ TODO: check
CVE-2013-2753
RESERVED
CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -18045,8 +18356,8 @@
RESERVED
CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of the ...)
NOT-FOR-US: Aruba Networks ArubaOS
-CVE-2013-2289
- RESERVED
+CVE-2013-2289 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2013-2288
RESERVED
CVE-2013-2287
@@ -18088,8 +18399,8 @@
- bitcoin 0.8.1-2 (bug #705266)
CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active ...)
NOT-FOR-US: D-Link DSL-2740B Gateway
-CVE-2013-2270
- RESERVED
+CVE-2013-2270 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
+ TODO: check
CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
NOT-FOR-US: Aruba Networks ClearPass
CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
@@ -18851,11 +19162,9 @@
CVE-2013-2047 [owncloud: oC-SA-2013-023]
RESERVED
- owncloud <not-affected> (Only 5.0.x)
-CVE-2013-2046 [owncloud: oC-SA-2013-019]
- RESERVED
+CVE-2013-2046 (SQL injection vulnerability in lib/bookmarks.php in ownCloud Server ...)
- owncloud <not-affected> (Only affects 4.5.x)
-CVE-2013-2045 [owncloud: oC-SA-2013-019]
- RESERVED
+CVE-2013-2045 (SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x ...)
- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2044 [owncloud: oC-SA-2013-022]
RESERVED
@@ -19374,8 +19683,7 @@
NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558
CVE-2013-1894
REJECTED
-CVE-2013-1893
- RESERVED
+CVE-2013-1893 (SQL injection vulnerability in addressbookprovider.php in ownCloud ...)
- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...)
- mongodb 1:2.4.1-1 (bug #704042)
@@ -19384,8 +19692,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
CVE-2013-1891
RESERVED
-CVE-2013-1890
- RESERVED
+CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1889
RESERVED
@@ -20440,8 +20747,8 @@
NOT-FOR-US: Opera
CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Opera
-CVE-2013-1636
- RESERVED
+CVE-2013-1636 (Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in ...)
+ TODO: check
CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...)
{DSA-2639-1}
- php5 5.4.4-14 (unimportant; bug #702221)
@@ -24985,8 +25292,8 @@
RESERVED
CVE-2012-6291
RESERVED
-CVE-2012-6290
- RESERVED
+CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote ...)
+ TODO: check
CVE-2012-6289
RESERVED
CVE-2012-6288
More information about the Secure-testing-commits
mailing list