[Secure-testing-commits] r26245 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Tue Mar 25 21:14:17 UTC 2014
Author: joeyh
Date: 2014-03-25 21:14:17 +0000 (Tue, 25 Mar 2014)
New Revision: 26245
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-25 19:42:50 UTC (rev 26244)
+++ data/CVE/list 2014-03-25 21:14:17 UTC (rev 26245)
@@ -1,65 +1,375 @@
+CVE-2014-2652
+ RESERVED
+CVE-2014-2651
+ RESERVED
+CVE-2014-2650
+ RESERVED
+CVE-2014-2649
+ RESERVED
+CVE-2014-2648
+ RESERVED
+CVE-2014-2647
+ RESERVED
+CVE-2014-2646
+ RESERVED
+CVE-2014-2645
+ RESERVED
+CVE-2014-2644
+ RESERVED
+CVE-2014-2643
+ RESERVED
+CVE-2014-2642
+ RESERVED
+CVE-2014-2641
+ RESERVED
+CVE-2014-2640
+ RESERVED
+CVE-2014-2639
+ RESERVED
+CVE-2014-2638
+ RESERVED
+CVE-2014-2637
+ RESERVED
+CVE-2014-2636
+ RESERVED
+CVE-2014-2635
+ RESERVED
+CVE-2014-2634
+ RESERVED
+CVE-2014-2633
+ RESERVED
+CVE-2014-2632
+ RESERVED
+CVE-2014-2631
+ RESERVED
+CVE-2014-2630
+ RESERVED
+CVE-2014-2629
+ RESERVED
+CVE-2014-2628
+ RESERVED
+CVE-2014-2627
+ RESERVED
+CVE-2014-2626
+ RESERVED
+CVE-2014-2625
+ RESERVED
+CVE-2014-2624
+ RESERVED
+CVE-2014-2623
+ RESERVED
+CVE-2014-2622
+ RESERVED
+CVE-2014-2621
+ RESERVED
+CVE-2014-2620
+ RESERVED
+CVE-2014-2619
+ RESERVED
+CVE-2014-2618
+ RESERVED
+CVE-2014-2617
+ RESERVED
+CVE-2014-2616
+ RESERVED
+CVE-2014-2615
+ RESERVED
+CVE-2014-2614
+ RESERVED
+CVE-2014-2613
+ RESERVED
+CVE-2014-2612
+ RESERVED
+CVE-2014-2611
+ RESERVED
+CVE-2014-2610
+ RESERVED
+CVE-2014-2609
+ RESERVED
+CVE-2014-2608
+ RESERVED
+CVE-2014-2607
+ RESERVED
+CVE-2014-2606
+ RESERVED
+CVE-2014-2605
+ RESERVED
+CVE-2014-2604
+ RESERVED
+CVE-2014-2603
+ RESERVED
+CVE-2014-2602
+ RESERVED
+CVE-2014-2601
+ RESERVED
+CVE-2014-2600
+ RESERVED
+CVE-2014-2598
+ RESERVED
+CVE-2014-2597
+ RESERVED
+CVE-2014-2596
+ RESERVED
+CVE-2014-2595
+ RESERVED
+CVE-2014-2594
+ RESERVED
+CVE-2014-2593
+ RESERVED
+CVE-2014-2592
+ RESERVED
+CVE-2014-2591
+ RESERVED
+CVE-2014-2590
+ RESERVED
+CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend ...)
+ TODO: check
+CVE-2014-2588 (Directory traversal vulnerability in servlet/downloadReport in McAfee ...)
+ TODO: check
+CVE-2014-2587 (SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee ...)
+ TODO: check
+CVE-2014-2586 (Cross-site scripting (XSS) vulnerability in the login audit form in ...)
+ TODO: check
+CVE-2014-2584
+ RESERVED
+CVE-2014-2583
+ RESERVED
+CVE-2014-2582
+ RESERVED
+CVE-2014-2579
+ RESERVED
+CVE-2014-2578
+ RESERVED
+CVE-2014-2577
+ RESERVED
+CVE-2014-2575
+ RESERVED
+CVE-2014-2574
+ RESERVED
+CVE-2014-2570
+ RESERVED
+CVE-2014-2569
+ RESERVED
+CVE-2014-2566
+ RESERVED
+CVE-2014-2565
+ RESERVED
+CVE-2014-2564
+ RESERVED
+CVE-2014-2563
+ RESERVED
+CVE-2014-2562
+ RESERVED
+CVE-2014-2561
+ RESERVED
+CVE-2014-2560
+ RESERVED
+CVE-2014-2559
+ RESERVED
+CVE-2014-2558
+ RESERVED
+CVE-2014-2557
+ RESERVED
+CVE-2014-2556
+ RESERVED
+CVE-2014-2555
+ RESERVED
+CVE-2014-2554
+ RESERVED
+CVE-2014-2553
+ RESERVED
+CVE-2014-2552
+ RESERVED
+CVE-2014-2551
+ RESERVED
+CVE-2014-2550
+ RESERVED
+CVE-2014-2549
+ RESERVED
+CVE-2014-2548
+ RESERVED
+CVE-2014-2547
+ RESERVED
+CVE-2014-2546
+ RESERVED
+CVE-2014-2545
+ RESERVED
+CVE-2014-2544
+ RESERVED
+CVE-2014-2543
+ RESERVED
+CVE-2014-2542
+ RESERVED
+CVE-2014-2541
+ RESERVED
+CVE-2014-2540
+ RESERVED
+CVE-2014-2539
+ RESERVED
+CVE-2014-2537 (Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 ...)
+ TODO: check
+CVE-2014-2536 (Directory traversal vulnerability in McAfee Cloud Identity Manager ...)
+ TODO: check
+CVE-2014-2535 (Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x ...)
+ TODO: check
+CVE-2014-2534 (/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...)
+ TODO: check
+CVE-2014-2533 (/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...)
+ TODO: check
+CVE-2014-2531
+ RESERVED
+CVE-2014-2530
+ RESERVED
+CVE-2014-2529
+ RESERVED
+CVE-2014-2526
+ RESERVED
+CVE-2014-2525
+ RESERVED
+CVE-2014-2521
+ RESERVED
+CVE-2014-2520
+ RESERVED
+CVE-2014-2519
+ RESERVED
+CVE-2014-2518
+ RESERVED
+CVE-2014-2517
+ RESERVED
+CVE-2014-2516
+ RESERVED
+CVE-2014-2515
+ RESERVED
+CVE-2014-2514
+ RESERVED
+CVE-2014-2513
+ RESERVED
+CVE-2014-2512
+ RESERVED
+CVE-2014-2511
+ RESERVED
+CVE-2014-2510
+ RESERVED
+CVE-2014-2509
+ RESERVED
+CVE-2014-2508
+ RESERVED
+CVE-2014-2507
+ RESERVED
+CVE-2014-2506
+ RESERVED
+CVE-2014-2505
+ RESERVED
+CVE-2014-2504
+ RESERVED
+CVE-2014-2503
+ RESERVED
+CVE-2014-2502
+ RESERVED
+CVE-2014-2501
+ RESERVED
+CVE-2014-2500
+ RESERVED
+CVE-2014-2499
+ RESERVED
+CVE-2014-2498
+ RESERVED
+CVE-2013-7344 (Unspecified vulnerability in core/settings.php in ownCloud before ...)
+ TODO: check
+CVE-2013-7343 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the ...)
+ TODO: check
+CVE-2013-7342 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the ...)
+ TODO: check
+CVE-2013-7340 (VideoLAN VLC Media Player before 2.0.7 allows remote attackers to ...)
+ TODO: check
+CVE-2013-7337
+ RESERVED
+CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller ...)
+ TODO: check
+CVE-2011-5275 (The install script in Domain Technologie Control (DTC) before 0.34.1 ...)
+ TODO: check
+CVE-2011-5274 (The drawAdminTools_PackageInstaller function in ...)
+ TODO: check
+CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in ...)
+ TODO: check
+CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
+ TODO: check
+CVE-2009-5140
+ RESERVED
+CVE-2009-5139
+ RESERVED
CVE-2014-2599 [Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible]
+ RESERVED
- xen <unfixed>
[squeeze] - xen <not-affected> (Only affects 4.1 and later)
-CVE-2014-2585 [users can mount the local file system]
+CVE-2014-2585 (ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external ...)
- owncloud <unfixed>
CVE-2014-2580 [Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet]
+ RESERVED
- xen <unfixed>
[wheezy] - xen <not-affected> (Only exploitable with Linux >= 3.12)
[squeeze] - xen <not-affected> (Only exploitable with Linux >= 3.12)
-CVE-2014-2532 [openssh: AcceptEnv environment restriction bypass flaw]
+CVE-2014-2532 (sshd in OpenSSH before 6.6 does not properly support wildcards on ...)
- openssh <unfixed>
TODO: check
NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
CVE-2014-2581 [credentials cache leak]
+ RESERVED
- smb4k <unfixed>
NOTE: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/
CVE-2014-2576 [claws-mail rssyl plugin does not verify SSL peer at all]
+ RESERVED
- claws-mail <unfixed>
NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
CVE-2014-2573 [nova: VMWare driver leaks rescued images]
+ RESERVED
- nova <unfixed>
[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
NOTE: https://bugs.launchpad.net/nova/+bug/1269418
-CVE-2014-2568 [linux: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied]
+CVE-2014-2568 (Use-after-free vulnerability in the nfqnl_zcopy function in ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: Upstream path: https://lkml.org/lkml/2014/3/20/421
-CVE-2014-2567 [SSL stripping vulnerability]
+CVE-2014-2567 (The OpenConnectionTask::handleStateHelper function in ...)
NOT-FOR-US: Trojita
CVE-2014-2538 [XSS in error page]
+ RESERVED
- ruby-rack-ssl <unfixed> (low; bug #742186)
[wheezy] - ruby-rack-ssl <no-dsa> (Minor issue)
NOTE: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
CVE-2014-2528 [Apostrophes not properly escaped]
+ RESERVED
- k4dirstat 2.7.5-1 (bug #741659)
[wheezy] - k4dirstat <no-dsa> (Minor issue)
- kdirstat <removed>
[squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-2527 [double quotes not proberly escaped]
+ RESERVED
- k4dirstat <not-affected> (Uses single quotes for affected code)
- kdirstat <removed> (low)
[squeeze] - kdirstat <no-dsa> (Minor issue)
-CVE-2014-2571 [MSA-14-0004: Incorrect filtering in Quiz]
+CVE-2014-2571 (Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-7341 [MSA-14-0008: Cross site scripting potential in Flowplayer]
+CVE-2013-7341 (Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2014-2572 [MSA-14-0013: Unfiltered data used in Assignment web services]
+CVE-2014-2572 (mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2014-2524 [Insecure usage of temporary files]
+ RESERVED
- readline6 <unfixed> (low; bug #741953)
[wheezy] - readline6 <no-dsa> (Minor issue)
[squeeze] - readline6 <no-dsa> (Minor issue)
-CVE-2014-2523 [remote memory corruption in nf_conntrack_proto_dccp.c]
+CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through ...)
- linux 3.13-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
CVE-2014-2522 [flaw in Windows SSL backend]
+ RESERVED
- curl <not-affected> (Only present in code only running on Windows)
-CVE-2014-2497 [gd: NULL pointer dereference may cause denial of service]
+CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...)
- php5 <unfixed>
[wheezy] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
[squeeze] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
@@ -377,8 +687,8 @@
RESERVED
CVE-2014-2340
RESERVED
-CVE-2014-2339
- RESERVED
+CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in ...)
+ TODO: check
CVE-2014-2338
RESERVED
CVE-2014-2337
@@ -417,11 +727,12 @@
NOT-FOR-US: Atlassian JIRA
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
NOT-FOR-US: Atlassian JIRA
-CVE-2013-7339 [rds: prevent dereference of a NULL device]
+CVE-2013-7339 (The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel ...)
- linux 3.13-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
CVE-2013-7336 [libvirt: unprivileged user can crash libvirtd during spice migration]
+ RESERVED
- libvirt 1.1.4-1
NOTE: http://www.redhat.com/archives/libvir-list/2013-September/msg01208.html
CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x ...)
@@ -436,15 +747,12 @@
CVE-2014-2386 [icinga: small buffer overflows when checking strlen against MAX_INPUT_BUFFER]
RESERVED
- icinga 1.11.0-1
-CVE-2014-2325
- RESERVED
+CVE-2014-2325 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail ...)
NOT-FOR-US: Proxmox Mail Gateway
-CVE-2014-2324
- RESERVED
+CVE-2014-2324 (Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ...)
{DSA-2877-1}
- lighttpd 1.4.33-1+nmu3 (bug #741493)
-CVE-2014-2323
- RESERVED
+CVE-2014-2323 (SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before ...)
{DSA-2877-1}
- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2322
@@ -497,11 +805,10 @@
RESERVED
CVE-2014-2293
RESERVED
-CVE-2014-2292
- RESERVED
+CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in ...)
NOT-FOR-US: Junos Pulse Secure Access Service
-CVE-2014-2291
- RESERVED
+CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration ...)
+ TODO: check
CVE-2014-2290
RESERVED
CVE-2014-2289
@@ -551,8 +858,8 @@
RESERVED
- cloud-init 0.7.1-1
NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299
-CVE-2014-2280
- RESERVED
+CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
+ TODO: check
CVE-2014-2279
RESERVED
CVE-2014-2278
@@ -562,8 +869,7 @@
- perltidy 20130922-1 (bug #740670)
[wheezy] - perltidy <no-dsa> (Minor issue)
[squeeze] - perltidy <no-dsa> (Minor issue)
-CVE-2014-2276
- RESERVED
+CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Converged ...)
NOT-FOR-US: EMC
CVE-2014-2275
RESERVED
@@ -596,36 +902,35 @@
RESERVED
CVE-2014-2260
RESERVED
-CVE-2014-2259
- RESERVED
-CVE-2014-2258
- RESERVED
-CVE-2014-2257
- RESERVED
-CVE-2014-2256
- RESERVED
-CVE-2014-2255
- RESERVED
-CVE-2014-2254
- RESERVED
-CVE-2014-2253
- RESERVED
-CVE-2014-2252
- RESERVED
-CVE-2014-2251
- RESERVED
-CVE-2014-2250
- RESERVED
-CVE-2014-2249
- RESERVED
-CVE-2014-2248
- RESERVED
-CVE-2014-2247
- RESERVED
-CVE-2014-2246
- RESERVED
-CVE-2014-2241
- RESERVED
+CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
+ TODO: check
+CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
+ TODO: check
+CVE-2014-2257 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
+ TODO: check
+CVE-2014-2256 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
+ TODO: check
+CVE-2014-2255 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
+ TODO: check
+CVE-2014-2254 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
+ TODO: check
+CVE-2014-2253 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
+ TODO: check
+CVE-2014-2252 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
+ TODO: check
+CVE-2014-2251 (The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices ...)
+ TODO: check
+CVE-2014-2250 (The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices ...)
+ TODO: check
+CVE-2014-2249 (Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC ...)
+ TODO: check
+CVE-2014-2248 (Open redirect vulnerability in the integrated web server on Siemens ...)
+ TODO: check
+CVE-2014-2247 (The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices ...)
+ TODO: check
+CVE-2014-2246 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
+ TODO: check
+CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer ...)
- freetype <unfixed> (bug #741299)
[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
@@ -669,8 +974,8 @@
RESERVED
CVE-2014-2220
RESERVED
-CVE-2014-2219
- RESERVED
+CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in ...)
+ TODO: check
CVE-2014-2218
RESERVED
CVE-2014-2217
@@ -849,19 +1154,17 @@
RESERVED
CVE-2014-2125
RESERVED
-CVE-2014-2124
- RESERVED
+CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T ...)
+ TODO: check
CVE-2014-2123
RESERVED
-CVE-2014-2122
- RESERVED
-CVE-2014-2121
- RESERVED
-CVE-2014-2120
- RESERVED
+CVE-2014-2122 (Memory leak in the GUI in the Impact server in Cisco Hosted ...)
+ TODO: check
+CVE-2014-2121 (The Java-based software in Cisco Hosted Collaboration Solution (HCS) ...)
+ TODO: check
+CVE-2014-2120 (Cross-site scripting (XSS) vulnerability in the WebVPN login page in ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2014-2119
- RESERVED
+CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS ...)
NOT-FOR-US: Cisco AsyncOS
CVE-2014-2118
RESERVED
@@ -922,8 +1225,7 @@
NOT-FOR-US: ILIAS
CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 ...)
NOT-FOR-US: ILIAS
-CVE-2014-2087
- RESERVED
+CVE-2014-2087 (Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload ...)
NOT-FOR-US: Free Download Manager
CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
NOT-FOR-US: Microsoft Windows
@@ -938,8 +1240,7 @@
NOTE: unimportant since it only segfaults with older Perl version
NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html
NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ddfa59c
-CVE-2014-2284 [denial of service flaw in Linux implementation of ICMP-MIB]
- RESERVED
+CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before ...)
- net-snmp <unfixed>
[wheezy] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
[squeeze] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
@@ -950,15 +1251,14 @@
[squeeze] - mp3gain <no-dsa> (Minor issue)
[wheezy] - mp3gain <no-dsa> (Minor issue)
NOTE: http://sourceforge.net/p/mp3gain/bugs/36/
-CVE-2014-2270 [crashes when checking softmagic for some corrupt PE executables]
- RESERVED
+CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent ...)
{DSA-2873-1}
- file 1:5.17-1
NOTE: http://bugs.gw.com/view.php?id=313
NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
- php5 <unfixed> (bug #740960)
NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f
-CVE-2013-7345 [possible DoS in awk magic]
+CVE-2013-7345 (The BEGIN regular expression in the awk script detector in ...)
{DSA-2873-1}
- file 1:5.17-0.1 (bug #703993)
NOTE: http://bugs.gw.com/view.php?id=164
@@ -1042,8 +1342,7 @@
CVE-2014-2078
RESERVED
- open-xchange <itp> (bug #269329)
-CVE-2014-2077
- RESERVED
+CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in ...)
- open-xchange <itp> (bug #269329)
CVE-2014-2076
RESERVED
@@ -1105,8 +1404,7 @@
RESERVED
- jenkins <unfixed> (bug #739067)
NOTE: https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e
-CVE-2014-2057 [Multiple XSS]
- RESERVED
+CVE-2014-2057 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 6.0.2+dfsg-1
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-007/
CVE-2014-2056
@@ -1141,12 +1439,12 @@
RESERVED
CVE-2014-2050
RESERVED
-CVE-2014-2049
- RESERVED
+CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...)
+ TODO: check
CVE-2014-2048
RESERVED
-CVE-2014-2047
- RESERVED
+CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is ...)
+ TODO: check
CVE-2014-2046
RESERVED
CVE-2014-2045
@@ -1182,8 +1480,7 @@
RESERVED
CVE-2014-2025
RESERVED
-CVE-2014-2024
- RESERVED
+CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Open Classifieds
CVE-2014-2023
RESERVED
@@ -1270,26 +1567,26 @@
RESERVED
CVE-2014-1980
RESERVED
-CVE-2014-1979
- RESERVED
-CVE-2014-1978
- RESERVED
-CVE-2014-1977
- RESERVED
-CVE-2014-1976
- RESERVED
-CVE-2014-1975
- RESERVED
+CVE-2014-1979 (The NTT DOCOMO sp mode mail application 5900 through 6300 for Android ...)
+ TODO: check
+CVE-2014-1978 (The application link interface in the NTT DOCOMO sp mode mail ...)
+ TODO: check
+CVE-2014-1977 (The NTT DOCOMO sp mode mail application 6300 and earlier for Android ...)
+ TODO: check
+CVE-2014-1976 (The Demaecan application 2.1.0 and earlier for Android does not verify ...)
+ TODO: check
+CVE-2014-1975 (Directory traversal vulnerability in the R-Company Unzipper ...)
+ TODO: check
CVE-2014-1974
RESERVED
CVE-2014-1973
RESERVED
CVE-2014-1972
RESERVED
-CVE-2014-1971
- RESERVED
-CVE-2014-1970
- RESERVED
+CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...)
+ TODO: check
+CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...)
+ TODO: check
CVE-2014-1969
RESERVED
CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 ...)
@@ -1468,8 +1765,7 @@
NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1905
RESERVED
-CVE-2014-1904
- RESERVED
+CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in ...)
- libspring-java 3.0.6.RELEASE-13 (bug #741604)
NOTE: http://www.gopivotal.com/security/cve-2014-1904
CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
@@ -1776,6 +2072,7 @@
[squeeze] - devscripts <no-dsa> (Minor issue)
[wheezy] - devscripts <no-dsa> (Minor issue)
CVE-2013-7338 [python's zipfile infinite loop on malformed files]
+ RESERVED
- python2.5 <not-affected> (Only affects 3.x)
- python2.6 <not-affected> (Only affects 3.x)
- python2.7 <not-affected> (Only affects 3.x)
@@ -1946,8 +2243,8 @@
RESERVED
CVE-2014-1762
RESERVED
-CVE-2014-1761
- RESERVED
+CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
+ TODO: check
CVE-2014-1760
RESERVED
CVE-2014-1759
@@ -2036,64 +2333,55 @@
RESERVED
CVE-2014-1716
RESERVED
-CVE-2014-1715
- RESERVED
+CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1714
- RESERVED
+CVE-2014-1714 (The ScopedClipboardWriter::WritePickledData function in ...)
- chromium-browser <not-affected> (Windows-specific)
-CVE-2014-1713
- RESERVED
+CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-1712
RESERVED
-CVE-2014-1711
- RESERVED
-CVE-2014-1710
- RESERVED
+CVE-2014-1711 (The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 ...)
+ TODO: check
+CVE-2014-1710 (The AsyncPixelTransfersCompletedQuery::End function in ...)
+ TODO: check
CVE-2014-1709
RESERVED
-CVE-2014-1708
- RESERVED
-CVE-2014-1707
- RESERVED
-CVE-2014-1706
- RESERVED
-CVE-2014-1705
- RESERVED
+CVE-2014-1708 (The boot implementation in Google Chrome OS before 33.0.1750.152 does ...)
+ TODO: check
+CVE-2014-1707 (Directory traversal vulnerability in CrosDisks in Google Chrome OS ...)
+ TODO: check
+CVE-2014-1706 (crosh in Google Chrome OS before 33.0.1750.152 allows attackers to ...)
+ TODO: check
+CVE-2014-1705 (Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1704
- RESERVED
+CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2014-1703
- RESERVED
+CVE-2014-1703 (Use-after-free vulnerability in the ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1702
- RESERVED
+CVE-2014-1702 (Use-after-free vulnerability in the ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1701
- RESERVED
+CVE-2014-1701 (The GenerateFunction function in bindings/scripts/code_generator_v8.pm ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-1700
- RESERVED
+CVE-2014-1700 (Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
[squeeze] - chromium-browser <end-of-life>
@@ -2326,12 +2614,10 @@
NOT-FOR-US: Mediatrix
CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before ...)
- mediawiki 1:1.19.11+dfsg-1
-CVE-2014-1609
- RESERVED
+CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...)
- mantis <removed>
NOTE: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
-CVE-2014-1608
- RESERVED
+CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in ...)
- mantis <removed>
NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the ...)
@@ -2516,123 +2802,102 @@
RESERVED
CVE-2014-1516
RESERVED
-CVE-2014-1515
- RESERVED
-CVE-2014-1514
- RESERVED
+CVE-2014-1515 (Mozilla Firefox before 28.0.1 on Android processes a file: URL by ...)
+ TODO: check
+CVE-2014-1514 (vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1513
- RESERVED
+CVE-2014-1513 (TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1512
- RESERVED
+CVE-2014-1512 (Use-after-free vulnerability in the TypeObject class in the JavaScript ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1511
- RESERVED
+CVE-2014-1511 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1510
- RESERVED
+CVE-2014-1510 (The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1509
- RESERVED
+CVE-2014-1509 (Buffer overflow in the _cairo_truetype_index_to_ucs4 function in ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1508
- RESERVED
+CVE-2014-1508 (The libxul.so!gfxContext::Polygon function in Mozilla Firefox before ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1507
- RESERVED
+CVE-2014-1507 (Directory traversal vulnerability in the DeviceStorage API in Mozilla ...)
NOT-FOR-US: Firefox OS
-CVE-2014-1506
- RESERVED
+CVE-2014-1506 (Directory traversal vulnerability in Android Crash Reporter in Mozilla ...)
- iceweasel <not-affected> (Android-specific)
- icedove <not-affected> (Android-specific)
-CVE-2014-1505
- RESERVED
+CVE-2014-1505 (The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1504
- RESERVED
+CVE-2014-1504 (The session-restore feature in Mozilla Firefox before 28.0 and ...)
- iceweasel <not-affected> (Only affects Firefox 27)
- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1503
RESERVED
-CVE-2014-1502
- RESERVED
+CVE-2014-1502 (The (1) WebGL.compressedTexImage2D and (2) ...)
- iceweasel <not-affected> (Only affects Firefox 27)
- icedove <not-affected> (Only affects Firefox 27)
-CVE-2014-1501
- RESERVED
+CVE-2014-1501 (Mozilla Firefox before 28.0 on Android allows remote attackers to ...)
- iceweasel <not-affected> (Android-specific)
- icedove <not-affected> (Android-specific)
-CVE-2014-1500
- RESERVED
+CVE-2014-1500 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote ...)
- iceweasel <not-affected> (Only affects Firefox 27)
- icedove <not-affected> (Only affects Firefox 27)
-CVE-2014-1499
- RESERVED
+CVE-2014-1499 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote ...)
- iceweasel <not-affected> (Only affects Firefox 27)
- icedove <not-affected> (Only affects Firefox 27)
-CVE-2014-1498
- RESERVED
+CVE-2014-1498 (The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 ...)
- iceweasel <not-affected> (Only affects Firefox 27)
- icedove <not-affected> (Only affects Firefox 27)
-CVE-2014-1497
- RESERVED
+CVE-2014-1497 (The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1496
- RESERVED
+CVE-2014-1496 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...)
- iceweasel <not-affected> (Online update not used in Debian)
- icedove <not-affected> (Online update not used in Debian)
CVE-2014-1495
RESERVED
-CVE-2014-1494
- RESERVED
+CVE-2014-1494 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 27)
- icedove <not-affected> (Only affects Firefox 27)
-CVE-2014-1493
- RESERVED
+CVE-2014-1493 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2881-1}
- iceweasel 24.4.0esr-1
- icedove 24.4.0-1
[squeeze] - iceweasel <end-of-life>
[squeeze] - icedove <end-of-life>
-CVE-2014-1492
- RESERVED
+CVE-2014-1492 (The cert_TestHostName function in lib/certdb/certdb.c in the ...)
- nss 2:3.16-1
CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...)
{DSA-2858-1}
@@ -3667,8 +3932,8 @@
RESERVED
CVE-2014-0896
RESERVED
-CVE-2014-0895
- RESERVED
+CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
+ TODO: check
CVE-2014-0894
RESERVED
CVE-2014-0893
@@ -3699,8 +3964,8 @@
RESERVED
CVE-2014-0880
RESERVED
-CVE-2014-0879
- RESERVED
+CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX control ...)
+ TODO: check
CVE-2014-0878
RESERVED
CVE-2014-0877
@@ -3711,8 +3976,8 @@
RESERVED
CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x ...)
NOT-FOR-US: IBM Content Navigator
-CVE-2014-0873
- RESERVED
+CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
+ TODO: check
CVE-2014-0872
RESERVED
CVE-2014-0871
@@ -3757,8 +4022,8 @@
RESERVED
CVE-2014-0851
RESERVED
-CVE-2014-0850
- RESERVED
+CVE-2014-0850 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
+ TODO: check
CVE-2014-0849
RESERVED
CVE-2014-0848
@@ -3799,8 +4064,8 @@
NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation ...)
NOT-FOR-US: IBM Financial Transaction Manager
-CVE-2014-0829
- RESERVED
+CVE-2014-0829 (Multiple buffer overflows in IBM Rational ClearCase 7.x before ...)
+ TODO: check
CVE-2014-0828
RESERVED
CVE-2014-0827
@@ -4107,8 +4372,7 @@
NOT-FOR-US: Cisco Firewall Services Module
CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded ...)
NOT-FOR-US: Cisco UCS Director
-CVE-2014-0708
- RESERVED
+CVE-2014-0708 (WebEx Meeting Center in Cisco WebEx Business Suite does not properly ...)
NOT-FOR-US: Cisco WebEx Business Suite
CVE-2014-0707 (Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before ...)
NOT-FOR-US: Cisco Wireless LAN Controller
@@ -4268,8 +4532,8 @@
NOT-FOR-US: EMC
CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
NOT-FOR-US: EMC
-CVE-2014-0628
- RESERVED
+CVE-2014-0628 (The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before ...)
+ TODO: check
CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before ...)
NOT-FOR-US: EMC RSA
CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before ...)
@@ -4752,8 +5016,7 @@
RESERVED
CVE-2014-0468
RESERVED
-CVE-2014-0467 [buffer overrun]
- RESERVED
+CVE-2014-0467 (Buffer overflow in copy.c in Mutt before 1.5.23 allows remote ...)
{DSA-2874-1}
- mutt 1.5.22-2 (bug #708731)
CVE-2014-0466
@@ -5572,11 +5835,9 @@
RESERVED
CVE-2014-0340
RESERVED
-CVE-2014-0339
- RESERVED
+CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before ...)
NOT-FOR-US: Webmin
-CVE-2014-0338
- RESERVED
+CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall ...)
NOT-FOR-US: WatchGuard Fireware XTM
CVE-2014-0337
RESERVED
@@ -5942,7 +6203,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-0307 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+CVE-2014-0307 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -6297,18 +6558,15 @@
[squeeze] - nginx <not-affected> (Vulnerable code not present)
NOTE: ngx_http_spdy_module introduced in 1.3.15
NOTE: Debian compiles with --with-http_spdy_module, but also with --with-debug
-CVE-2014-0132 [flaw in parsing authzid can lead to privilege escalation]
- RESERVED
+CVE-2014-0132 (The SASL authentication functionality in 389 Directory Server before ...)
- 389-ds-base <unfixed> (bug #741600)
-CVE-2014-0131
- RESERVED
+CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in ...)
- linux 3.13.6-1
- linux-2.6 <removed>
NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2
CVE-2014-0130
RESERVED
-CVE-2014-0129
- RESERVED
+CVE-2014-0129 (badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
@@ -6318,32 +6576,26 @@
- squid3 <unfixed> (unimportant; bug #741312)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
NOTE: only affects package rebuilds with --enable-ssl by users
-CVE-2014-0127
- RESERVED
+CVE-2014-0127 (The time-validation implementation in (1) mod/feedback/complete.php ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
-CVE-2014-0126
- RESERVED
+CVE-2014-0126 (Cross-site request forgery (CSRF) vulnerability in ...)
- moodle 2.6.2-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
-CVE-2014-0125
- RESERVED
+CVE-2014-0125 (repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409
-CVE-2014-0124
- RESERVED
+CVE-2014-0124 (The identity-reporting implementations in mod/forum/renderer.php and ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
-CVE-2014-0123
- RESERVED
+CVE-2014-0123 (The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...)
- moodle 2.6.2-1
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
NOTE: squeeze version unaffected due to lack of fine-grained access control?
-CVE-2014-0122
- RESERVED
+CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, ...)
- moodle 2.6.2-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
@@ -6410,8 +6662,7 @@
NOTE: http://patchwork.ozlabs.org/patch/325844/
CVE-2014-0099
RESERVED
-CVE-2014-0098 [Segfaults with truncated cookie logging]
- RESERVED
+CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config ...)
- apache2 <unfixed>
CVE-2014-0097
RESERVED
@@ -6485,8 +6736,7 @@
RESERVED
CVE-2014-0077
RESERVED
-CVE-2014-0076 [Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack]
- RESERVED
+CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does ...)
- openssl <unfixed>
NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c
CVE-2014-0075
@@ -6568,8 +6818,7 @@
RESERVED
CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise ...)
NOT-FOR-US: JBoss EAP
-CVE-2014-0057
- RESERVED
+CVE-2014-0057 (The x_button method in the ServiceController ...)
NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0056
RESERVED
@@ -6688,13 +6937,11 @@
[wheezy] - socat <no-dsa> (Minor issue)
CVE-2014-0018 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss ...)
NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
-CVE-2014-0017 [PRNG vulnerability]
- RESERVED
+CVE-2014-0017 (The RAND_bytes function in libssh before 0.6.3, when forking is ...)
{DSA-2879-1}
- libssh 0.5.4-3
NOTE: http://git.libssh.org/projects/libssh.git/commit/?id=e99246246b4061f7e71463f8806b9dcad65affa0
-CVE-2014-0016 [PRNG vulnerability]
- RESERVED
+CVE-2014-0016 (stunnel before 5.00, when using fork threading, does not properly ...)
- stunnel4 <not-affected> (Debian package compiled with --with-threads=pthread)
CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...)
{DSA-2849-1}
@@ -6738,11 +6985,9 @@
{DSA-2872-1}
- udisks2 2.1.3-1
- udisks 1.0.5-1
-CVE-2014-0003
- RESERVED
+CVE-2014-0003 (The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before ...)
NOT-FOR-US: Apache Camel
-CVE-2014-0002
- RESERVED
+CVE-2014-0002 (The XSLT component in Apache Camel before 2.11.4 and 2.12.x before ...)
NOT-FOR-US: Apache Camel
CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...)
- mysql-5.1 <removed> (low)
@@ -7180,8 +7425,8 @@
NOT-FOR-US: IBM Netezza
CVE-2013-6730 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2013-6729
- RESERVED
+CVE-2013-6729 (Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 ...)
+ TODO: check
CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework (WDF) ...)
NOT-FOR-US: IBM WebSphere Dashboard Framework
CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
@@ -7856,32 +8101,28 @@
CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before ...)
{DSA-2859-1}
- pidgin 2.10.8-1
-CVE-2013-6476
- RESERVED
+CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the ...)
{DSA-2876-1 DSA-2875-1}
- cups-filters 1.0.47-1 (bug #741318)
- cups 1.5.0-16 (bug #741333)
NOTE: cups moved filters to separate package in 1.5.0-16
NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
-CVE-2013-6475
- RESERVED
+CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) ...)
{DSA-2876-1 DSA-2875-1}
- cups-filters 1.0.47-1 (bug #741318)
- cups 1.5.0-16 (bug #741333)
NOTE: cups moved filters to separate package in 1.5.0-16
NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
-CVE-2013-6474
- RESERVED
+CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and ...)
{DSA-2876-1 DSA-2875-1}
- cups-filters 1.0.47-1 (bug #741318)
- cups 1.5.0-16 (bug #741333)
NOTE: cups moved filters to separate package in 1.5.0-16
NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
-CVE-2013-6473
- RESERVED
+CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in ...)
- cups-filters 1.0.47-1 (bug #741318)
[wheezy] - cups-filters <not-affected> (does not contain urftopdf filter)
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
@@ -8012,8 +8253,7 @@
NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
CVE-2013-6439 (Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a ...)
NOT-FOR-US: Candlepin
-CVE-2013-6438 [mod_dav: Keep track of length of cdata properly when removing leading spaces]
- RESERVED
+CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...)
- apache2 <unfixed>
CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ...)
- nova 2013.2.2
@@ -8155,8 +8395,7 @@
{DSA-2829-1}
- hplip 3.13.11-2.1 (bug #725876)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=852368
-CVE-2013-6401 [jansson: hash collision issue]
- RESERVED
+CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restricting the ability to ...)
- jansson 2.6-1 (bug #738647)
CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been ...)
- xen <unfixed>
@@ -8631,13 +8870,12 @@
RESERVED
CVE-2013-6211
RESERVED
-CVE-2013-6210
- RESERVED
+CVE-2013-6210 (Unspecified vulnerability in HP Unified Functional Testing before 12.0 ...)
NOT-FOR-US: HP Unified Functional Testing
CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP ...)
NOT-FOR-US: NFS subsystem in HP HP-UX
-CVE-2013-6208
- RESERVED
+CVE-2013-6208 (Unspecified vulnerability in HP Smart Update Manager 5.3.5 before ...)
+ TODO: check
CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...)
NOT-FOR-US: HP SiteScope
CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
@@ -9182,16 +9420,14 @@
NOT-FOR-US: CiviCRM
CVE-2013-5956
RESERVED
-CVE-2013-5955
- RESERVED
+CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the ...)
+ TODO: check
CVE-2013-5954
RESERVED
NOT-FOR-US: OpenX
-CVE-2013-5953
- RESERVED
+CVE-2013-5953 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Joomla component multi calendar
-CVE-2013-5952
- RESERVED
+CVE-2013-5952 (Multiple cross-site scripting (XSS) vulnerabilities in the Freichat ...)
NOT-FOR-US: Joomla component Freichat
CVE-2013-5951
RESERVED
@@ -10674,8 +10910,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2013-5402 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
NOT-FOR-US: IBM
-CVE-2013-5401
- RESERVED
+CVE-2013-5401 (The command-port listener in IBM WebSphere MQ Internet Pass-Thru ...)
+ TODO: check
CVE-2013-5400 (An unspecified servlet in IBM Platform Symphony Developer Edition (DE) ...)
NOT-FOR-US: IBM Platform Symphony Developer Edition
CVE-2013-5399
@@ -11559,8 +11795,8 @@
NOT-FOR-US: Puppet Enterprise
CVE-2013-4964 (Puppet Enterprise before 3.0.1 does not set the secure flag for the ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2013-4963
- RESERVED
+CVE-2013-4963 (Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet ...)
+ TODO: check
CVE-2013-4962 (The reset password page in Puppet Enterprise before 3.0.1 does not ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4961 (Puppet Enterprise before 3.0.1 includes version information for the ...)
@@ -13664,7 +13900,6 @@
- nas 1.9.3-6 (bug #720287)
CVE-2013-4257 [Heap Overflow]
REJECTED
- {DSA-2771-1}
CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio ...)
{DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
@@ -14333,12 +14568,12 @@
NOT-FOR-US: IBM
CVE-2013-4060
RESERVED
-CVE-2013-4059
- RESERVED
-CVE-2013-4058
- RESERVED
-CVE-2013-4057
- RESERVED
+CVE-2013-4059 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
+ TODO: check
+CVE-2013-4058 (Multiple SQL injection vulnerabilities in IBM InfoSphere Information ...)
+ TODO: check
+CVE-2013-4057 (Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM ...)
+ TODO: check
CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality ...)
NOT-FOR-US: IBM
CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
@@ -14579,8 +14814,8 @@
NOT-FOR-US: Microsoft
CVE-2013-3939
RESERVED
-CVE-2013-3938
- RESERVED
+CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attackers ...)
+ TODO: check
CVE-2013-3937
RESERVED
CVE-2013-3936
@@ -16122,8 +16357,8 @@
RESERVED
CVE-2013-3250 (Cross-site request forgery (CSRF) vulnerability in the WP Maintenance ...)
NOT-FOR-US: WP Maintenance Mode plugin for Wordpress
-CVE-2013-3249
- RESERVED
+CVE-2013-3249 (Stack-based buffer overflow in the "Add from text file" feature in the ...)
+ TODO: check
CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows ...)
NOT-FOR-US: Corel PDF Fusion
CVE-2013-3247
@@ -17547,10 +17782,10 @@
RESERVED
CVE-2013-2672
RESERVED
-CVE-2013-2671
- RESERVED
-CVE-2013-2670
- RESERVED
+CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother ...)
+ TODO: check
+CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW ...)
+ TODO: check
CVE-2013-2669
RESERVED
CVE-2013-2668
@@ -17603,12 +17838,12 @@
RESERVED
CVE-2013-2644
RESERVED
-CVE-2013-2643
- RESERVED
-CVE-2013-2642
- RESERVED
-CVE-2013-2641
- RESERVED
+CVE-2013-2643 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web ...)
+ TODO: check
+CVE-2013-2642 (Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to ...)
+ TODO: check
+CVE-2013-2641 (Directory traversal vulnerability in patience.cgi in Sophos Web ...)
+ TODO: check
CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress ...)
NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS ...)
@@ -17664,8 +17899,8 @@
NOT-FOR-US: Uebimiau Webmail
CVE-2013-2620
RESERVED
-CVE-2013-2619
- RESERVED
+CVE-2013-2619 (Directory traversal vulnerability in Aspen before 0.22 allows remote ...)
+ TODO: check
CVE-2013-2618
RESERVED
CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to ...)
@@ -17964,8 +18199,8 @@
RESERVED
CVE-2013-2508
RESERVED
-CVE-2013-2507
- RESERVED
+CVE-2013-2507 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother ...)
+ TODO: check
CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before ...)
NOT-FOR-US: Spree
CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, ...)
@@ -18481,7 +18716,7 @@
NOT-FOR-US: Data Protector
CVE-2013-2348 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
NOT-FOR-US: Data Protector
-CVE-2013-2347 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
+CVE-2013-2347 (The Backup Client Service (OmniInet.exe) in HP Storage Data Protector ...)
NOT-FOR-US: Data Protector
CVE-2013-2346 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
NOT-FOR-US: Data Protector
@@ -19034,11 +19269,9 @@
NOT-FOR-US: Spice service for Windows
CVE-2013-2151 (Unquoted Windows search path vulnerability in Red Hat Enterprise ...)
NOT-FOR-US: RHEV Agent for Windows
-CVE-2013-2150 [XSS vulnerability in js/viewer.js]
- RESERVED
+CVE-2013-2150 (Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ...)
- owncloud <not-affected> (affects only experimental version)
-CVE-2013-2149 [XSS vulnerability in core/js/oc-dialogs.js]
- RESERVED
+CVE-2013-2149 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.16debian-1 (bug #711517)
CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c ...)
{DSA-2745-1}
@@ -19267,8 +19500,7 @@
CVE-2013-2090 [Remote command Injection]
RESERVED
NOT-FOR-US: Creme Fraiche Ruby Gem
-CVE-2013-2089 [owncloud: oC-SA-2013-026]
- RESERVED
+CVE-2013-2089 (Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows ...)
- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...)
- subversion <unfixed> (unimportant)
@@ -19276,11 +19508,9 @@
CVE-2013-2087 [gallery: multiple xss]
RESERVED
- gallery <not-affected> (Vulnerable code not present)
-CVE-2013-2086 [owncloud: oC-SA-2013-027]
- RESERVED
+CVE-2013-2086 (The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote ...)
- owncloud <not-affected> (Only owncloud 5.0.x)
-CVE-2013-2085 [owncloud: oC-SA-2013-020]
- RESERVED
+CVE-2013-2085 (Directory traversal vulnerability in apps/files_trashbin/index.php in ...)
- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2084
RESERVED
@@ -19402,33 +19632,25 @@
CVE-2013-2049
RESERVED
NOT-FOR-US: CloudForms Management Engine
-CVE-2013-2048 [owncloud: oC-SA-2013-025]
- RESERVED
+CVE-2013-2048 (ownCloud before 5.0.6 does not properly check permissions, which ...)
- owncloud <not-affected> (Only affects 5.0.x)
-CVE-2013-2047 [owncloud: oC-SA-2013-023]
- RESERVED
+CVE-2013-2047 (The login page (aka index.php) in ownCloud before 5.0.6 does not ...)
- owncloud <not-affected> (Only 5.0.x)
CVE-2013-2046 (SQL injection vulnerability in lib/bookmarks.php in ownCloud Server ...)
- owncloud <not-affected> (Only affects 4.5.x)
CVE-2013-2045 (SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x ...)
- owncloud <not-affected> (Only affects 5.0.x)
-CVE-2013-2044 [owncloud: oC-SA-2013-022]
- RESERVED
+CVE-2013-2044 (Open redirect vulnerability in the Login Page (index.php) in ownCloud ...)
- owncloud <not-affected> (Only 5.0.x)
-CVE-2013-2043 [owncloud: oC-SA-2013-024]
- RESERVED
+CVE-2013-2043 (apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before ...)
- owncloud <not-affected> (Only 5.0.x and 4.5.x)
-CVE-2013-2042 [owncloud: oC-SA-2013-021]
- RESERVED
+CVE-2013-2042 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.15debian-1
-CVE-2013-2041 [owncloud: oC-SA-2013-021]
- RESERVED
+CVE-2013-2041 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x ...)
- owncloud <not-affected> (Only affects 5.0.x)
-CVE-2013-2040 [owncloud: oC-SA-2013-021]
- RESERVED
+CVE-2013-2040 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.15debian-1
-CVE-2013-2039 [owncloud: oC-SA-2013-020]
- RESERVED
+CVE-2013-2039 (Directory traversal vulnerability in lib/files/view.php in ownCloud ...)
- owncloud 4.0.15debian-1
CVE-2013-2038 (The NMEA0183 driver in gpsd before 3.9 allows remote attackers to ...)
- gpsd 3.6-5 (bug #706665)
@@ -19686,8 +19908,7 @@
{DSA-2666-1}
- xen 4.1.4-3
NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
-CVE-2013-1963
- RESERVED
+CVE-2013-1963 (The contacts application in ownCloud before 4.5.10 and 5.x before ...)
- owncloud <not-affected> (Vulnerable code not present)
NOTE: oC >= 4.5 only
CVE-2013-1962 (The remoteDispatchStoragePoolListAllVolumes function in the storage ...)
@@ -19775,8 +19996,7 @@
CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...)
{DSA-2661-1}
- xorg-server 2:1.12.4-6
-CVE-2013-1939 [Windows: Local file disclosure]
- RESERVED
+CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, ...)
- owncloud <not-affected> (Windows version only)
- php-sabredav <not-affected> (running in Windows hosts)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/
@@ -20076,13 +20296,11 @@
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager ...)
NOT-FOR-US: WordPress plugin LeagueManager
-CVE-2013-1851 [user_migrate: Local file disclosure]
- RESERVED
+CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
- owncloud 4.0.8debian-1.6 (bug #703094)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/
NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
-CVE-2013-1850 [Contacts: Bypass of file blacklist]
- RESERVED
+CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and ...)
- owncloud 4.0.8debian-1.6 (bug #703094)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/
NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
@@ -20179,8 +20397,7 @@
NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...)
NOT-FOR-US: Katello
-CVE-2013-1822
- RESERVED
+CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...)
- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
@@ -20375,10 +20592,10 @@
RESERVED
CVE-2013-1760
RESERVED
-CVE-2013-1759
- RESERVED
-CVE-2013-1758
- RESERVED
+CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo ...)
+ TODO: check
+CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis Watermark ...)
+ TODO: check
CVE-2013-1757
RESERVED
CVE-2013-1756
@@ -21717,8 +21934,8 @@
RESERVED
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin ...)
NOT-FOR-US: CommentLuv plugin for Wordpress
-CVE-2013-1408
- RESERVED
+CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters ...)
+ TODO: check
CVE-2013-1407
RESERVED
CVE-2013-1406 (The Virtual Machine Communication Interface (VMCI) implementation in ...)
@@ -21740,10 +21957,10 @@
CVE-2013-0243 [Basic constraints vulnerability]
RESERVED
- haskell-tls-extra 0.4.6.1-1 (bug #698545)
-CVE-2013-1399
- RESERVED
-CVE-2013-1398
- RESERVED
+CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
+ TODO: check
+CVE-2013-1398 (The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does ...)
+ TODO: check
CVE-2013-1397
RESERVED
CVE-2013-1396
@@ -23140,8 +23357,8 @@
RESERVED
CVE-2013-0806
RESERVED
-CVE-2013-0805
- RESERVED
+CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
+ TODO: check
CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before ...)
NOT-FOR-US: GroupWise
CVE-2013-0803
@@ -23818,8 +24035,8 @@
NOT-FOR-US: Symfony
CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data ...)
NOT-FOR-US: Symfony
-CVE-2012-6430
- RESERVED
+CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms ...)
+ TODO: check
CVE-2012-6429
RESERVED
CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...)
@@ -24822,8 +25039,7 @@
- git <not-affected> (OpenSSL support is not enabled in Debian, see bug #701586)
NOTE: http://marc.info/?l=git&m=136134619013145&w=2
NOTE: Further reference about SSL support in imap-send #434599 needs to be adressed first
-CVE-2013-0307 [XSS vulnerability]
- RESERVED
+CVE-2013-0307 (Cross-site scripting (XSS) vulnerability in settings.php in ownCloud ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0306 (The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...)
@@ -24835,30 +25051,24 @@
NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/
CVE-2013-0304
RESERVED
-CVE-2013-0303 [Multiple code executions]
- RESERVED
+CVE-2013-0303 (Unspecified vulnerability in core/ajax/translations.php in ownCloud ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-006/
CVE-2013-0302
RESERVED
-CVE-2013-0301 [Multiple CSRF vulnerabilities]
- RESERVED
+CVE-2013-0301 (Cross-site request forgery (CSRF) vulnerability in ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
-CVE-2013-0300 [Multiple CSRF vulnerabilities]
- RESERVED
+CVE-2013-0300 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
-CVE-2013-0299 [Multiple CSRF vulnerabilities]
- RESERVED
+CVE-2013-0299 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
-CVE-2013-0298 [XSS vulnerability]
- RESERVED
+CVE-2013-0298 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...)
- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
-CVE-2013-0297 [XSS vulnerability]
- RESERVED
+CVE-2013-0297 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.8debian-1.5 (bug #701115)
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0296 [creates temp files with too wide permissions]
@@ -25170,8 +25380,7 @@
- owncloud 4.0.8debian-1.4 (bug #698737)
[wheezy] - owncloud 4.0.4debian2-3.3
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
-CVE-2013-0201 [XSS vulnerabilities]
- RESERVED
+CVE-2013-0201 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...)
- owncloud 4.0.8debian-1.4 (bug #698737)
[wheezy] - owncloud 4.0.4debian2-3.3
NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
@@ -27465,8 +27674,7 @@
- drupal6 <removed> (bug #696343)
- drupal7 7.14-1.2 (bug #696342)
NOTE: http://drupal.org/SA-CORE-2012-004
-CVE-2012-5650 [DOM based XSS via Futon UI]
- RESERVED
+CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache ...)
- couchdb 1.2.0-5 (bug #698439)
CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash]
RESERVED
@@ -27497,8 +27705,7 @@
CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handle the ...)
- fail2ban 0.8.6-3wheezy1 (low; bug #696184)
[squeeze] - fail2ban <not-affected> (Introduced in 0.8.6, see #696187)
-CVE-2012-5641
- RESERVED
+CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in ...)
- couchdb <not-affected> (Only affects CouchDB on Windows)
CVE-2012-5640 [thttpd: Local DoS vulnerability]
RESERVED
@@ -28734,8 +28941,8 @@
NOT-FOR-US: Citrix XenApp
CVE-2012-5160
RESERVED
-CVE-2012-5158
- RESERVED
+CVE-2012-5158 (Puppet Enterprise (PE) before 2.6.1 does not properly invalidate ...)
+ TODO: check
CVE-2012-5157 (Google Chrome before 24.0.1312.52 does not properly handle image data ...)
- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5156 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
@@ -29447,8 +29654,8 @@
RESERVED
CVE-2012-4887
RESERVED
-CVE-2012-4886
- RESERVED
+CVE-2012-4886 (Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 ...)
+ TODO: check
CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
- mediawiki 1:1.19.0-1 (low)
CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before ...)
@@ -39903,8 +40110,8 @@
RESERVED
CVE-2012-0892
RESERVED
-CVE-2012-0891
- RESERVED
+CVE-2012-0891 (Multiple cross-site scripting (XSS) vulnerabilities in Puppet ...)
+ TODO: check
CVE-2012-0890
RESERVED
CVE-2012-0889
@@ -47737,24 +47944,19 @@
[squeeze] - rsyslog <no-dsa> (Minor issue)
[lenny] - rsyslog <no-dsa> (Minor issue)
NOTE: off-by-one/-two limited to 0 or :0
-CVE-2011-3199
- RESERVED
+CVE-2011-3199 (Multiple cross-site scripting (XSS) vulnerabilities in Domain ...)
{DSA-2365-1}
- dtc 0.34.1-1 (bug #637584)
-CVE-2011-3198
- RESERVED
+CVE-2011-3198 (Domain Technologie Control (DTC) before 0.34.1 includes a password in ...)
{DSA-2365-1}
- dtc 0.34.1-1 (bug #637537)
-CVE-2011-3197
- RESERVED
+CVE-2011-3197 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
{DSA-2365-1}
- dtc 0.34.1-1 (bug #637487; bug #637498)
-CVE-2011-3196
- RESERVED
+CVE-2011-3196 (The setup script in Domain Technologie Control (DTC) before 0.34.1 ...)
{DSA-2365-1}
- dtc 0.34.1-1 (bug #637485)
-CVE-2011-3195
- RESERVED
+CVE-2011-3195 (shared/inc/sql/lists.php in Domain Technologie Control (DTC) before ...)
{DSA-2365-1}
- dtc 0.34.1-1 (bug #637477)
CVE-2011-3194 (Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...)
More information about the Secure-testing-commits
mailing list