[Secure-testing-commits] r26889 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Fri May 9 21:14:11 UTC 2014
Author: joeyh
Date: 2014-05-09 21:14:11 +0000 (Fri, 09 May 2014)
New Revision: 26889
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-09 21:07:47 UTC (rev 26888)
+++ data/CVE/list 2014-05-09 21:14:11 UTC (rev 26889)
@@ -1,3 +1,433 @@
+CVE-2014-3444
+ RESERVED
+CVE-2014-3443
+ RESERVED
+CVE-2014-3442
+ RESERVED
+CVE-2014-3441
+ RESERVED
+CVE-2014-3440
+ RESERVED
+CVE-2014-3439
+ RESERVED
+CVE-2014-3438
+ RESERVED
+CVE-2014-3437
+ RESERVED
+CVE-2014-3436
+ RESERVED
+CVE-2014-3435
+ RESERVED
+CVE-2014-3434
+ RESERVED
+CVE-2014-3433
+ RESERVED
+CVE-2014-3432
+ RESERVED
+CVE-2014-3431
+ RESERVED
+CVE-2014-3429
+ RESERVED
+CVE-2014-3428
+ RESERVED
+CVE-2014-3427
+ RESERVED
+CVE-2014-3420
+ RESERVED
+CVE-2014-3419
+ RESERVED
+CVE-2014-3418
+ RESERVED
+CVE-2014-3417
+ RESERVED
+CVE-2014-3416
+ RESERVED
+CVE-2014-3415
+ RESERVED
+CVE-2014-3414
+ RESERVED
+CVE-2014-3413
+ RESERVED
+CVE-2014-3412
+ RESERVED
+CVE-2014-3411
+ RESERVED
+CVE-2014-3410
+ RESERVED
+CVE-2014-3409
+ RESERVED
+CVE-2014-3408
+ RESERVED
+CVE-2014-3407
+ RESERVED
+CVE-2014-3406
+ RESERVED
+CVE-2014-3405
+ RESERVED
+CVE-2014-3404
+ RESERVED
+CVE-2014-3403
+ RESERVED
+CVE-2014-3402
+ RESERVED
+CVE-2014-3401
+ RESERVED
+CVE-2014-3400
+ RESERVED
+CVE-2014-3399
+ RESERVED
+CVE-2014-3398
+ RESERVED
+CVE-2014-3397
+ RESERVED
+CVE-2014-3396
+ RESERVED
+CVE-2014-3395
+ RESERVED
+CVE-2014-3394
+ RESERVED
+CVE-2014-3393
+ RESERVED
+CVE-2014-3392
+ RESERVED
+CVE-2014-3391
+ RESERVED
+CVE-2014-3390
+ RESERVED
+CVE-2014-3389
+ RESERVED
+CVE-2014-3388
+ RESERVED
+CVE-2014-3387
+ RESERVED
+CVE-2014-3386
+ RESERVED
+CVE-2014-3385
+ RESERVED
+CVE-2014-3384
+ RESERVED
+CVE-2014-3383
+ RESERVED
+CVE-2014-3382
+ RESERVED
+CVE-2014-3381
+ RESERVED
+CVE-2014-3380
+ RESERVED
+CVE-2014-3379
+ RESERVED
+CVE-2014-3378
+ RESERVED
+CVE-2014-3377
+ RESERVED
+CVE-2014-3376
+ RESERVED
+CVE-2014-3375
+ RESERVED
+CVE-2014-3374
+ RESERVED
+CVE-2014-3373
+ RESERVED
+CVE-2014-3372
+ RESERVED
+CVE-2014-3371
+ RESERVED
+CVE-2014-3370
+ RESERVED
+CVE-2014-3369
+ RESERVED
+CVE-2014-3368
+ RESERVED
+CVE-2014-3367
+ RESERVED
+CVE-2014-3366
+ RESERVED
+CVE-2014-3365
+ RESERVED
+CVE-2014-3364
+ RESERVED
+CVE-2014-3363
+ RESERVED
+CVE-2014-3362
+ RESERVED
+CVE-2014-3361
+ RESERVED
+CVE-2014-3360
+ RESERVED
+CVE-2014-3359
+ RESERVED
+CVE-2014-3358
+ RESERVED
+CVE-2014-3357
+ RESERVED
+CVE-2014-3356
+ RESERVED
+CVE-2014-3355
+ RESERVED
+CVE-2014-3354
+ RESERVED
+CVE-2014-3353
+ RESERVED
+CVE-2014-3352
+ RESERVED
+CVE-2014-3351
+ RESERVED
+CVE-2014-3350
+ RESERVED
+CVE-2014-3349
+ RESERVED
+CVE-2014-3348
+ RESERVED
+CVE-2014-3347
+ RESERVED
+CVE-2014-3346
+ RESERVED
+CVE-2014-3345
+ RESERVED
+CVE-2014-3344
+ RESERVED
+CVE-2014-3343
+ RESERVED
+CVE-2014-3342
+ RESERVED
+CVE-2014-3341
+ RESERVED
+CVE-2014-3340
+ RESERVED
+CVE-2014-3339
+ RESERVED
+CVE-2014-3338
+ RESERVED
+CVE-2014-3337
+ RESERVED
+CVE-2014-3336
+ RESERVED
+CVE-2014-3335
+ RESERVED
+CVE-2014-3334
+ RESERVED
+CVE-2014-3333
+ RESERVED
+CVE-2014-3332
+ RESERVED
+CVE-2014-3331
+ RESERVED
+CVE-2014-3330
+ RESERVED
+CVE-2014-3329
+ RESERVED
+CVE-2014-3328
+ RESERVED
+CVE-2014-3327
+ RESERVED
+CVE-2014-3326
+ RESERVED
+CVE-2014-3325
+ RESERVED
+CVE-2014-3324
+ RESERVED
+CVE-2014-3323
+ RESERVED
+CVE-2014-3322
+ RESERVED
+CVE-2014-3321
+ RESERVED
+CVE-2014-3320
+ RESERVED
+CVE-2014-3319
+ RESERVED
+CVE-2014-3318
+ RESERVED
+CVE-2014-3317
+ RESERVED
+CVE-2014-3316
+ RESERVED
+CVE-2014-3315
+ RESERVED
+CVE-2014-3314
+ RESERVED
+CVE-2014-3313
+ RESERVED
+CVE-2014-3312
+ RESERVED
+CVE-2014-3311
+ RESERVED
+CVE-2014-3310
+ RESERVED
+CVE-2014-3309
+ RESERVED
+CVE-2014-3308
+ RESERVED
+CVE-2014-3307
+ RESERVED
+CVE-2014-3306
+ RESERVED
+CVE-2014-3305
+ RESERVED
+CVE-2014-3304
+ RESERVED
+CVE-2014-3303
+ RESERVED
+CVE-2014-3302
+ RESERVED
+CVE-2014-3301
+ RESERVED
+CVE-2014-3300
+ RESERVED
+CVE-2014-3299
+ RESERVED
+CVE-2014-3298
+ RESERVED
+CVE-2014-3297
+ RESERVED
+CVE-2014-3296
+ RESERVED
+CVE-2014-3295
+ RESERVED
+CVE-2014-3294
+ RESERVED
+CVE-2014-3293
+ RESERVED
+CVE-2014-3292
+ RESERVED
+CVE-2014-3291
+ RESERVED
+CVE-2014-3290
+ RESERVED
+CVE-2014-3289
+ RESERVED
+CVE-2014-3288
+ RESERVED
+CVE-2014-3287
+ RESERVED
+CVE-2014-3286
+ RESERVED
+CVE-2014-3285
+ RESERVED
+CVE-2014-3284
+ RESERVED
+CVE-2014-3283
+ RESERVED
+CVE-2014-3282
+ RESERVED
+CVE-2014-3281
+ RESERVED
+CVE-2014-3280
+ RESERVED
+CVE-2014-3279
+ RESERVED
+CVE-2014-3278
+ RESERVED
+CVE-2014-3277
+ RESERVED
+CVE-2014-3276
+ RESERVED
+CVE-2014-3275
+ RESERVED
+CVE-2014-3274
+ RESERVED
+CVE-2014-3273
+ RESERVED
+CVE-2014-3272
+ RESERVED
+CVE-2014-3271
+ RESERVED
+CVE-2014-3270
+ RESERVED
+CVE-2014-3269
+ RESERVED
+CVE-2014-3268
+ RESERVED
+CVE-2014-3267
+ RESERVED
+CVE-2014-3266
+ RESERVED
+CVE-2014-3265
+ RESERVED
+CVE-2014-3264
+ RESERVED
+CVE-2014-3263
+ RESERVED
+CVE-2014-3262
+ RESERVED
+CVE-2014-3261
+ RESERVED
+CVE-2014-3260
+ RESERVED
+CVE-2014-3259
+ RESERVED
+CVE-2014-3258
+ RESERVED
+CVE-2014-3257
+ RESERVED
+CVE-2014-3256
+ RESERVED
+CVE-2014-3255
+ RESERVED
+CVE-2014-3254
+ RESERVED
+CVE-2014-3253
+ RESERVED
+CVE-2014-3252
+ RESERVED
+CVE-2014-3251
+ RESERVED
+CVE-2014-3250
+ RESERVED
+CVE-2014-3249
+ RESERVED
+CVE-2014-3248
+ RESERVED
+CVE-2014-3247
+ RESERVED
+CVE-2014-3246
+ RESERVED
+CVE-2014-3245
+ RESERVED
+CVE-2014-3244
+ RESERVED
+CVE-2014-3241
+ RESERVED
+CVE-2014-3240
+ RESERVED
+CVE-2014-3239
+ RESERVED
+CVE-2014-3238
+ RESERVED
+CVE-2014-3237
+ RESERVED
+CVE-2014-3236
+ RESERVED
+CVE-2014-3235
+ RESERVED
+CVE-2014-3234
+ RESERVED
+CVE-2014-3233
+ RESERVED
+CVE-2014-3232
+ RESERVED
+CVE-2014-3231
+ RESERVED
+CVE-2014-3229
+ RESERVED
+CVE-2014-3228
+ RESERVED
+CVE-2014-3227
+ RESERVED
+CVE-2014-3226
+ RESERVED
+CVE-2014-3224
+ RESERVED
+CVE-2014-3223
+ RESERVED
+CVE-2014-3222
+ RESERVED
+CVE-2014-3221
+ RESERVED
+CVE-2014-3220 (F5 BIG-IQ 4.1.0.2013.0 allows remote authenticated users to change the ...)
+ TODO: check
+CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
+ TODO: check
CVE-2014-XXXX [linux: filter: prevent nla extensions to peek beyond the end of the message]
- linux <unfixed>
- linux-2.6 <removed>
@@ -5,25 +435,26 @@
NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3430 [dovecot: DoS]
+ RESERVED
- dovecot <unfixed> (bug #747549)
NOTE: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
-CVE-2014-3426 [denial of service]
+CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of ...)
- mosaic 2.7b5-3
-CVE-2014-3425 [denial of service]
+CVE-2014-3425 (NCSA Mosaic 2.0 and earlier allows local users to cause a denial of ...)
- mosaic 2.7b5-3
-CVE-2014-3424 [Insecure use of temporary files in lisp/net/tramp.el]
+CVE-2014-3424 (lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users ...)
- emacs23 <unfixed> (bug #747100)
[wheezy] - emacs23 <no-dsa> (Minor issue)
[squeeze] - emacs23 <no-dsa> (Minor issue)
- emacs24 <unfixed>
NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
-CVE-2014-3423 [Insecure use of temporary files in lisp/net/browse-url.el]
+CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local ...)
- emacs23 <unfixed> (bug #747100)
[wheezy] - emacs23 <no-dsa> (Minor issue)
[squeeze] - emacs23 <no-dsa> (Minor issue)
- emacs24 <unfixed>
NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html
-CVE-2014-3422 [Insecure use of temporary files in lisp/emacs-lisp/find-gc.el]
+CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local ...)
- emacs23 <unfixed> (bug #747100)
[wheezy] - emacs23 <no-dsa> (Minor issue)
[squeeze] - emacs23 <no-dsa> (Minor issue)
@@ -31,7 +462,7 @@
- xemacs21-packages <unfixed>
TODO: check xemacs21-packages
NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html
-CVE-2014-3421 [Insecure use of temporary files in lisp/gnus/gnus-fun.el]
+CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users ...)
- emacs23 <unfixed> (bug #747100)
[wheezy] - emacs23 <no-dsa> (Minor issue)
[squeeze] - emacs23 <no-dsa> (Minor issue)
@@ -41,12 +472,15 @@
- icecast2 <unfixed>
NOTE: https://trac.xiph.org/changeset/19137/
CVE-2014-3243 [python-soappy: billion laughs DoS]
+ RESERVED
- python-soappy <unfixed> (bug #747280)
NOTE: http://www.pnigos.com/?p=260
CVE-2014-3242 [python-soappy: XXE]
+ RESERVED
- python-soappy <unfixed> (bug #747280)
NOTE: http://www.pnigos.com/?p=260
CVE-2014-3225 [Local File inclusion vulnerability]
+ RESERVED
- cobbler <itp> (bug #545583)
CVE-2014-3219
RESERVED
@@ -59,12 +493,11 @@
RESERVED
CVE-2014-3216
RESERVED
-CVE-2014-3215 [local privilege escalation via seunshare]
- RESERVED
+CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 ...)
- policycoreutils <undetermined>
TODO: check
-CVE-2014-3214
- RESERVED
+CVE-2014-3214 (The prefetch implementation in named in ISC BIND 9.10.0, when a ...)
+ TODO: check
CVE-2014-3213
RESERVED
CVE-2014-3212
@@ -79,12 +512,12 @@
RESERVED
CVE-2014-3205
RESERVED
-CVE-2014-3204
- RESERVED
-CVE-2014-3203
- RESERVED
-CVE-2014-3202
- RESERVED
+CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...)
+ TODO: check
+CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...)
+ TODO: check
+CVE-2014-3202 (Unity before 7.2.1 does not properly handle entry activation, which ...)
+ TODO: check
CVE-2014-3201
RESERVED
CVE-2014-3200
@@ -239,12 +672,12 @@
[squeeze] - ldns <no-dsa> (Minor issue)
[wheezy] - ldns <no-dsa> (Minor issue)
CVE-2014-3230 [HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL]
+ RESERVED
- liblwp-protocol-https-perl <unfixed> (bug #746579)
[wheezy] - liblwp-protocol-https-perl <not-affected> (Introduced by bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04)
NOTE: Introduced by https://github.com/dagolden/lwp-protocol-https/commit/bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8
NOTE: CVE assignment for https://github.com/libwww-perl/lwp-protocol-https/pull/14#issuecomment-42328818
-CVE-2014-3207 [non-persistent XSS]
- RESERVED
+CVE-2014-3207 (Cross-site scripting (XSS) vulnerability in wserver.ml in SKS ...)
- sks <unfixed> (low; bug #746626)
[squeeze] - sks <no-dsa> (Minor issue)
[wheezy] - sks <no-dsa> (Minor issue)
@@ -263,12 +696,11 @@
RESERVED
CVE-2014-3125 (Xen 4.4.x, when running on an ARM system, does not properly context ...)
- xen <not-affected> (Only 32- and 64-bit ARM systems are affected from Xen 4.4 onwards)
-CVE-2014-3124 [XSA-92]
- RESERVED
+CVE-2014-3124 (The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local ...)
- xen <unfixed>
[squeeze] - xen <not-affected> (Xen versions from 4.1 onwards are vulnerable)
-CVE-2014-3123
- RESERVED
+CVE-2014-3123 (Cross-site scripting (XSS) vulnerability in admin/manage-images.php in ...)
+ TODO: check
CVE-2014-3121 [user-assisted arbitrary commands execution]
RESERVED
{DSA-2925-1}
@@ -283,8 +715,7 @@
RESERVED
CVE-2014-3116
RESERVED
-CVE-2014-3115
- RESERVED
+CVE-2014-3115 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
NOT-FOR-US: Fortinet Fortiweb
CVE-2014-3114
RESERVED
@@ -668,14 +1099,14 @@
RESERVED
CVE-2014-2937
RESERVED
-CVE-2014-2936
- RESERVED
-CVE-2014-2935
- RESERVED
-CVE-2014-2934
- RESERVED
-CVE-2014-2933
- RESERVED
+CVE-2014-2936 (The directory manager in Caldera 9.20 allows remote attackers to ...)
+ TODO: check
+CVE-2014-2935 (costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows ...)
+ TODO: check
+CVE-2014-2934 (Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote ...)
+ TODO: check
+CVE-2014-2933 (Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 ...)
+ TODO: check
CVE-2014-2932
RESERVED
CVE-2014-2931
@@ -708,8 +1139,8 @@
RESERVED
CVE-2014-2917
RESERVED
-CVE-2014-2916
- RESERVED
+CVE-2014-2916 (Cross-site request forgery (CSRF) vulnerability in the subscription ...)
+ TODO: check
CVE-2014-2914 [remote code execution]
RESERVED
- fish <unfixed> (bug #746259)
@@ -739,9 +1170,9 @@
NOTE: https://github.com/fish-shell/fish-shell/issues/1436
CVE-2014-2895
RESERVED
-CVE-2014-2891
- RESERVED
+CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of ...)
{DSA-2922-1}
+ TODO: check
CVE-2014-2887
RESERVED
CVE-2014-2886
@@ -787,8 +1218,7 @@
NOTE: https://savannah.gnu.org/bugs/?41751
CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict ...)
- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
-CVE-2014-2913 [Remote command execution]
- RESERVED
+CVE-2014-2913 (** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios ...)
- nagios-nrpe <unfixed> (low; bug #745272)
[wheezy] - nagios-nrpe <no-dsa> (Minor issue)
[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
@@ -889,8 +1319,8 @@
- llvm-toolchain-snapshot <unfixed> (bug #744817)
- llvm-toolchain-3.3 <unfixed>
- llvm-toolchain-3.4 <unfixed>
-CVE-2014-2854
- RESERVED
+CVE-2014-2854 (Cross-site scripting (XSS) vulnerability in the SemanticTitle ...)
+ TODO: check
CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in ...)
- mediawiki <not-affected> (Vulnerable code not present)
CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an ...)
@@ -1305,20 +1735,18 @@
RESERVED
CVE-2014-2690 (Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows ...)
NOT-FOR-US: Citrix VDI-in-a-Box
-CVE-2014-2689
- RESERVED
+CVE-2014-2689 (Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier ...)
+ TODO: check
CVE-2014-2688
RESERVED
CVE-2014-2687
RESERVED
-CVE-2013-7354
- RESERVED
+CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote ...)
- libpng <not-affected> (Only affects 1.5 and later)
NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/
NOTE: http://sourceforge.net/p/libpng/bugs/199/
NOTE: src:libpng1.6 in experimental fixed in 1.6.10-1
-CVE-2013-7353
- RESERVED
+CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in ...)
- libpng <not-affected> (Only affects 1.5 and later)
NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/
NOTE: http://sourceforge.net/p/libpng/bugs/199/
@@ -1574,8 +2002,7 @@
CVE-2014-2603
RESERVED
NOT-FOR-US: HP
-CVE-2014-2602
- RESERVED
+CVE-2014-2602 (Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote ...)
NOT-FOR-US: HP OneView
CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier ...)
NOT-FOR-US: HP
@@ -1646,8 +2073,8 @@
RESERVED
CVE-2014-2559
RESERVED
-CVE-2014-2558
- RESERVED
+CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...)
+ TODO: check
CVE-2014-2557
RESERVED
CVE-2014-2556
@@ -2236,8 +2663,8 @@
RESERVED
CVE-2014-2348
RESERVED
-CVE-2014-2347
- RESERVED
+CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage ...)
+ TODO: check
CVE-2014-2346
RESERVED
CVE-2014-2345
@@ -2310,8 +2737,7 @@
[wheezy] - linux 3.2.57-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
-CVE-2013-7336 [libvirt: unprivileged user can crash libvirtd during spice migration]
- RESERVED
+CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in ...)
- libvirt 1.1.4-1
[wheezy] - libvirt <not-affected> (Vulnerable code not present)
[squeeze] - libvirt <not-affected> (Vulnerable code not present)
@@ -2596,10 +3022,10 @@
RESERVED
CVE-2014-2192
RESERVED
-CVE-2014-2191
- RESERVED
-CVE-2014-2190
- RESERVED
+CVE-2014-2191 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
+ TODO: check
+CVE-2014-2190 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+ TODO: check
CVE-2014-2189
RESERVED
CVE-2014-2188
@@ -2616,8 +3042,8 @@
NOT-FOR-US: Cisco
CVE-2014-2182 (Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay ...)
NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2014-2181
- RESERVED
+CVE-2014-2181 (Cisco Adaptive Security Appliance (ASA) Software allows remote ...)
+ TODO: check
CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center ...)
NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-2179
@@ -2706,20 +3132,15 @@
NOT-FOR-US: Cisco Security Manager
CVE-2014-2137 (CRLF injection vulnerability in the web framework in Cisco Web ...)
NOT-FOR-US: Cisco Web Security Appliance
-CVE-2014-2136
- RESERVED
+CVE-2014-2136 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
NOT-FOR-US: Cisco WebEx
-CVE-2014-2135
- RESERVED
+CVE-2014-2135 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
NOT-FOR-US: Cisco WebEx
-CVE-2014-2134
- RESERVED
+CVE-2014-2134 (Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) ...)
NOT-FOR-US: Cisco WebEx
-CVE-2014-2133
- RESERVED
+CVE-2014-2133 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
NOT-FOR-US: Cisco WebEx
-CVE-2014-2132
- RESERVED
+CVE-2014-2132 (Cisco WebEx Recording Format (WRF) player and Advanced Recording ...)
NOT-FOR-US: Cisco WebEx
CVE-2014-2131 (The packet driver in Cisco IOS allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS
@@ -3129,8 +3550,8 @@
RESERVED
CVE-2014-1992
RESERVED
-CVE-2014-1991
- RESERVED
+CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through ...)
+ TODO: check
CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
NOT-FOR-US: TOSHIBA TEC e-Studio
CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...)
@@ -3446,8 +3867,7 @@
- 9base <unfixed> (low; bug #737206)
[squeeze] - 9base <no-dsa> (Minor issue)
[wheezy] - 9base <no-dsa> (Minor issue)
-CVE-2014-1934 [insecure use of /tmp]
- RESERVED
+CVE-2014-1934 (tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...)
- eyed3 <unfixed> (low; bug #737062)
[squeeze] - eyed3 <no-dsa> (Minor issue)
[wheezy] - eyed3 <no-dsa> (Minor issue)
@@ -3897,8 +4317,7 @@
- linux <unfixed>
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
-CVE-2014-1736
- RESERVED
+CVE-2014-1736 (Integer overflow in api.cc in Google V8, as used in Google Chrome ...)
{DSA-2920-1}
- chromium-browser 34.0.1847.132-1
[squeeze] - chromium-browser <end-of-life>
@@ -4104,16 +4523,14 @@
- mediawiki <unfixed> (unimportant)
NOTE: http://seclists.org/fulldisclosure/2014/Mar/102
NOTE: path disclosure not an issue
-CVE-2014-1685
- RESERVED
+CVE-2014-1685 (The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and ...)
- zabbix 1:2.2.2+dfsg-1
CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
- vlc <unfixed> (unimportant; bug #743033)
NOTE: Crash in enduser application, no security impact
CVE-2014-1683 (The bashMail function in ...)
NOT-FOR-US: SkyBlueCanvas CMS
-CVE-2014-1682 [API issue allows users to impersonate other users]
- RESERVED
+CVE-2014-1682 (The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ...)
- zabbix 1:2.2.2+dfsg-1 (bug #737818)
NOTE: https://support.zabbix.com/browse/ZBX-7703
CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -5510,8 +5927,8 @@
RESERVED
CVE-2014-0964
RESERVED
-CVE-2014-0963
- RESERVED
+CVE-2014-0963 (The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in ...)
+ TODO: check
CVE-2014-0962
RESERVED
CVE-2014-0961
@@ -5544,12 +5961,12 @@
RESERVED
CVE-2014-0947
RESERVED
-CVE-2014-0946
- RESERVED
-CVE-2014-0945
- RESERVED
-CVE-2014-0944
- RESERVED
+CVE-2014-0946 (The RES Console in Rule Execution Server in IBM Operational Decision ...)
+ TODO: check
+CVE-2014-0945 (Cross-site scripting (XSS) vulnerability in the RES Console in Rule ...)
+ TODO: check
+CVE-2014-0944 (Cross-site request forgery (CSRF) vulnerability in the RES Console in ...)
+ TODO: check
CVE-2014-0943
RESERVED
CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in ...)
@@ -5576,8 +5993,7 @@
NOT-FOR-US: IBM
CVE-2014-0931
RESERVED
-CVE-2014-0930
- RESERVED
+CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, ...)
NOT-FOR-US: IBM AIX
CVE-2014-0929
RESERVED
@@ -5611,12 +6027,12 @@
RESERVED
CVE-2014-0914
RESERVED
-CVE-2014-0913
- RESERVED
+CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino ...)
+ TODO: check
CVE-2014-0912
RESERVED
-CVE-2014-0911
- RESERVED
+CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...)
+ TODO: check
CVE-2014-0910
RESERVED
CVE-2014-0909
@@ -6137,10 +6553,10 @@
RESERVED
CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-0685
- RESERVED
-CVE-2014-0684
- RESERVED
+CVE-2014-0685 (Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware ...)
+ TODO: check
+CVE-2014-0684 (Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause ...)
+ TODO: check
CVE-2014-0683 (The web management interface on the Cisco RV110W firewall with ...)
NOT-FOR-US: Cisco
CVE-2014-0682 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
@@ -6366,8 +6782,8 @@
RESERVED
CVE-2014-0596
RESERVED
-CVE-2014-0595
- RESERVED
+CVE-2014-0595 (/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open ...)
+ TODO: check
CVE-2014-0594
RESERVED
CVE-2014-0593
@@ -6738,8 +7154,7 @@
CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the setuid ...)
{DSA-2917-1}
- super 3.30.0-7
-CVE-2014-0469 [stack-based buffer overflow in subject processing]
- RESERVED
+CVE-2014-0469 (Stack-based buffer overflow in a certain Debian patch for xbuffy ...)
{DSA-2921-1}
- xbuffy 3.3.bl.3.dfsg-9
CVE-2014-0468
@@ -7404,8 +7819,7 @@
RESERVED
CVE-2013-7035
RESERVED
-CVE-2013-7034
- RESERVED
+CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in ...)
NOT-FOR-US: LiveZilla
CVE-2013-7033
RESERVED
@@ -7534,8 +7948,7 @@
NOT-FOR-US: D-Link DSR-150
CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...)
NOT-FOR-US: D-Link DSR-150
-CVE-2013-7003
- RESERVED
+CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...)
NOT-FOR-US: LiveZilla
CVE-2012-6614
RESERVED
@@ -7547,8 +7960,8 @@
NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964)
CVE-2014-0363 (The ServerTrustManager component in the Ignite Realtime Smack XMPP API ...)
NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964)
-CVE-2014-0362
- RESERVED
+CVE-2014-0362 (Cross-site scripting (XSS) vulnerability on Google Search Appliance ...)
+ TODO: check
CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global ...)
NOT-FOR-US: IBM
CVE-2014-0360
@@ -7624,8 +8037,7 @@
RESERVED
CVE-2014-0326
RESERVED
-CVE-2013-7041 [pam_userdb: password hashes aren't compared case-sensitively]
- RESERVED
+CVE-2013-7041 (The pam_userdb module for Pam uses a case-insensitive method to ...)
- pam <unfixed> (low; bug #731368)
[squeeze] - pam <no-dsa> (Minor issue)
[wheezy] - pam <no-dsa> (Minor issue)
@@ -8186,15 +8598,13 @@
RESERVED
CVE-2014-0199
RESERVED
-CVE-2014-0198 [NULL pointer dereference in do_ssl3_write]
- RESERVED
+CVE-2014-0198 (The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...)
- openssl <unfixed> (bug #747432)
[squeeze] - openssl <not-affected> (vulnerable code not present)
NOTE: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
CVE-2014-0197
RESERVED
-CVE-2014-0196 [pty layer race condition memory corruption]
- RESERVED
+CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel ...)
- linux <unfixed> (bug #747166)
- linux-2.6 <removed>
NOTE: PoC: http://pastebin.com/yTSFUBgZ
@@ -8202,18 +8612,15 @@
RESERVED
CVE-2014-0194
RESERVED
-CVE-2014-0193
- RESERVED
+CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before ...)
- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
-CVE-2014-0192 [provisioning templates are world accessible]
- RESERVED
+CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to ...)
- foreman <itp> (bug #663101)
CVE-2014-0191 [external parameter entity loaded when entity substitution is disabled]
RESERVED
- libxml2 <unfixed> (bug #747309)
NOTE: patch: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
-CVE-2014-0190
- RESERVED
+CVE-2014-0190 (The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to ...)
- qt4-x11 4:4.8.6+dfsg-1 (low)
[wheezy] - qt4-x11 <no-dsa> (Minor issue)
[squeeze] - qt4-x11 <no-dsa> (Minor issue)
@@ -8227,8 +8634,7 @@
[wheezy] - neutron <not-affected> (Only affects 2013.1 to 2013.2.3, and 2014.1)
CVE-2014-0186
RESERVED
-CVE-2014-0185 [privilege escalation due to insecure default config]
- RESERVED
+CVE-2014-0185 (sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...)
- php5 5.5.12+dfsg-1
NOTE: https://bugs.php.net/bug.php?id=67060
CVE-2014-0184
@@ -8284,8 +8690,7 @@
CVE-2014-0165 (WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote ...)
{DSA-2901-1}
- wordpress 3.8.2+dfsg-1 (bug #744018)
-CVE-2014-0164
- RESERVED
+CVE-2014-0164 (openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise ...)
- mcollective 1.2.1+dfsg-2
CVE-2014-0163
RESERVED
@@ -8332,8 +8737,7 @@
{DSA-2910-1 DSA-2909-1}
- qemu 1.7.0+dfsg-8 (bug #744221)
- qemu-kvm <removed>
-CVE-2014-0149
- RESERVED
+CVE-2014-0149 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss ...)
NOT-FOR-US: JBoss Seam
CVE-2014-0148
RESERVED
@@ -8381,10 +8785,9 @@
RESERVED
CVE-2014-0136
RESERVED
-CVE-2014-0135
- RESERVED
-CVE-2014-0134 [Nova host data leak to vm instance in rescue mode]
- RESERVED
+CVE-2014-0135 (Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses ...)
+ TODO: check
+CVE-2014-0134 (The instance rescue mode in OpenStack Compute (Nova) 2013.2 before ...)
- nova 2013.2.2-4 (bug #742712)
[wheezy] - nova <not-affected> (Introduced in Grizzly)
NOTE: https://launchpad.net/bugs/1221190
@@ -8401,8 +8804,7 @@
[wheezy] - linux 3.2.57-1
- linux-2.6 <not-affected> (Introduced in 3.1)
NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2
-CVE-2014-0130 [Directory Traversal Vulnerability With Certain Route Configurations]
- RESERVED
+CVE-2014-0130 (Directory traversal vulnerability in ...)
- ruby-actionpack-2.3 <removed>
- ruby-actionpack-3.2 <removed>
- rails-3.2 <unfixed> (bug #747382)
@@ -8452,8 +8854,7 @@
RESERVED
CVE-2014-0117
RESERVED
-CVE-2014-0116
- RESERVED
+CVE-2014-0116 (CookieInterceptor in Apache Struts 2.x before 2.3.16.3, when a ...)
- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)
NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
CVE-2014-0115
@@ -8469,11 +8870,9 @@
NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote ...)
NOT-FOR-US: Apache Syncope
-CVE-2014-0110
- RESERVED
+CVE-2014-0110 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote ...)
NOT-FOR-US: Apache CXF
-CVE-2014-0109
- RESERVED
+CVE-2014-0109 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote ...)
NOT-FOR-US: Apache CXF
CVE-2014-0108
RESERVED
@@ -8540,8 +8939,7 @@
CVE-2014-0091
RESERVED
- foreman <itp> (bug #663101)
-CVE-2014-0090
- RESERVED
+CVE-2014-0090 (Session fixation vulnerability in Foreman before 1.4.2 allows remote ...)
- foreman <itp> (bug #663101)
CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
@@ -8677,8 +9075,7 @@
NOT-FOR-US: JBoss EAP
CVE-2014-0057 (The x_button method in the ServiceController ...)
NOT-FOR-US: RedHat CloudForms Management Engine
-CVE-2014-0056 [Routers can be cross plugged by other tenants]
- RESERVED
+CVE-2014-0056 (The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not ...)
- neutron 2013.2.2-4 (bug #742800)
CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net ...)
- linux 3.13.10-1
@@ -8926,8 +9323,7 @@
CVE-2013-6890 (denyhosts 2.6 uses an incorrect regular expression when analyzing ...)
{DSA-2826-1}
- denyhosts 2.6-10.1
-CVE-2013-6889 [Allows reading arbitrary files]
- RESERVED
+CVE-2013-6889 (GNU Rush 1.7 does not properly drop privileges, which allows local ...)
- rush 1.7+dfsg-4 (bug #733505)
[wheezy] - rush 1.7+dfsg-1+deb7u1
CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
@@ -9296,8 +9692,8 @@
NOT-FOR-US: IBM WebSphere Dashboard Framework
CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
NOT-FOR-US: IBM Sametime
-CVE-2013-6726
- RESERVED
+CVE-2013-6726 (Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv ...)
+ TODO: check
CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...)
@@ -10103,8 +10499,7 @@
RESERVED
CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
NOT-FOR-US: Cumin
-CVE-2013-6444 [failure to check certificate hostname]
- RESERVED
+CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname ...)
- pywbem <unfixed> (bug #732594)
[squeeze] - pywbem <no-dsa> (Minor issue)
[wheezy] - pywbem <no-dsa> (Minor issue)
@@ -10199,8 +10594,7 @@
- nova 2013.2.1-1
[wheezy] - nova <not-affected> (Only exploitable in combination in neutron, not in Wheezy)
NOTE: https://launchpad.net/bugs/1235450
-CVE-2013-6418 [TOCTOU vulnerability in certificate validation]
- RESERVED
+CVE-2013-6418 (PyWBEM 0.7 and earlier uses a separate connection to validate X.509 ...)
- pywbem <unfixed> (low; bug #732594)
[squeeze] - pywbem <no-dsa> (Minor issue)
[wheezy] - pywbem <no-dsa> (Minor issue)
@@ -10391,8 +10785,7 @@
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6373 (The Exclusion plugin before 0.9 for CloudBees Jenkins does not ...)
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
-CVE-2013-6372
- RESERVED
+CVE-2013-6372 (The Subversion plugin before 1.54 for Jenkins stores credentials using ...)
- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent ...)
- json-c 0.11-4 (bug #744008)
@@ -11399,8 +11792,7 @@
NOT-FOR-US: Platinum SEO plugin for WordPress
CVE-2013-5917 (SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI ...)
NOT-FOR-US: NOSpam PTIa plugin for Wordpress
-CVE-2013-5916
- RESERVED
+CVE-2013-5916 (Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco ...)
NOT-FOR-US: WordPress plugin wp-e-commerce
CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly ...)
{DSA-2782-1}
@@ -13599,8 +13991,8 @@
NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4
CVE-2013-5017
RESERVED
-CVE-2013-5016
- RESERVED
+CVE-2013-5016 (Symantec Critical System Protection (SCSP) before 5.2.9, when ...)
+ TODO: check
CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec ...)
NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
@@ -14773,8 +15165,7 @@
CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, ...)
{DSA-2798-1}
- curl 7.33.0-1
-CVE-2013-4544
- RESERVED
+CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local ...)
- qemu 2.0.0+dfsg-1
[wheezy] - qemu <not-affected> (Introduced in 1.4)
[squeeze] - qemu <not-affected> (Introduced in 1.4)
@@ -15596,7 +15987,8 @@
NOTE: http://core.trac.wordpress.org/changeset/25325
CVE-2013-4337
REJECTED
-CVE-2013-4336 (Cross-site scripting (XSS) vulnerability in the admin page in the Flag ...)
+CVE-2013-4336
+ REJECTED
NOT-FOR-US: Drupal module
CVE-2013-4335
RESERVED
@@ -16007,8 +16399,7 @@
- wimax-tools <itp> (bug #627975)
CVE-2013-4216 (The Trace_OpenLogFile function in ...)
- wimax-tools <itp> (bug #627975)
-CVE-2013-4215 [IPXPING_COMMAND uses fixed location in /tmp]
- RESERVED
+CVE-2013-4215 (The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...)
- nagios-plugins <unfixed> (unimportant)
NOTE: vulnerable code present, but check_ipxping is neither built nor installed
CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when ...)
@@ -17244,8 +17635,8 @@
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3737
RESERVED
-CVE-2013-3736
- RESERVED
+CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...)
+ TODO: check
CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
- php5 <unfixed> (unimportant)
NOTE: exploitable by malicious scripts only
@@ -17623,8 +18014,7 @@
NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3572 (Cross-site scripting (XSS) vulnerability in the administer interface ...)
NOT-FOR-US: Ubiquiti Networks UniFi
-CVE-2013-3571 [FD leak]
- RESERVED
+CVE-2013-3571 (socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used ...)
- socat 1.7.1.3-1.5 (low; bug #709931)
[squeeze] - socat <no-dsa> (Minor issue)
[wheezy] - socat <no-dsa> (Minor issue)
@@ -22444,8 +22834,8 @@
REJECTED
CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
NOT-FOR-US: PHP-Fusion
-CVE-2013-1803
- RESERVED
+CVE-2013-1803 (Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 ...)
+ TODO: check
CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...)
- ruby-extlib 0.9.15-3 (bug #697895)
- libextlib-ruby <removed> (bug #697895)
@@ -26903,8 +27293,7 @@
CVE-2013-0351 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-0350 [writes content from TCP streams to public readable file /tmp/smtp.log]
- RESERVED
+CVE-2013-0350 (tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary ...)
- pktstat 1.8.5-3 (bug #701211)
[squeeze] - pktstat <not-affected> (Vulnerable code not present)
CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...)
@@ -26920,8 +27309,7 @@
[squeeze] - webfs <no-dsa> (Minor issue)
CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for ...)
- tomcat6 <not-affected> (Log files are owned by tomcat:tomcat)
-CVE-2013-0345 [varnish world-readable logdir]
- RESERVED
+CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the ...)
- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
RESERVED
@@ -27339,8 +27727,8 @@
CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function in ...)
- libarchive 3.0.4-3 (bug #703957)
[squeeze] - libarchive <not-affected> (Vulnerable code not present)
-CVE-2013-0210
- RESERVED
+CVE-2013-0210 (The smart proxy Puppet run API in Foreman before 1.2.0 allows remote ...)
+ TODO: check
CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x ...)
{DSA-2611-1}
- movabletype-opensource 5.1.2+dfsg-1 (bug #697666)
@@ -27422,8 +27810,8 @@
[squeeze] - pam-pgsql 0.7.1-4+squeeze2
NOTE: patch: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/
-CVE-2013-0187
- RESERVED
+CVE-2013-0187 (Foreman before 1.1 allows remote authenticated users to gain ...)
+ TODO: check
CVE-2013-0186
RESERVED
NOT-FOR-US: ManageIQ EVM (CloudForms)
@@ -27469,16 +27857,16 @@
CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and ...)
- ruby-multi-xml <not-affected> (Vulnerable version never in the archive)
NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2
-CVE-2013-0174
- RESERVED
-CVE-2013-0173
- RESERVED
+CVE-2013-0174 (The external node classifier (ENC) API in Foreman before 1.1 allows ...)
+ TODO: check
+CVE-2013-0173 (Foreman before 1.1 uses a salt of "foreman" to hash root passwords, ...)
+ TODO: check
CVE-2013-0172 (Samba 4.0.x before 4.0.1, in certain Active Directory ...)
- samba4 4.0.0~beta2+dfsg1-3.1 (high; bug #699188)
- samba <not-affected> (Only affects Active Directory functionality)
NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html
-CVE-2013-0171
- RESERVED
+CVE-2013-0171 (Foreman before 1.1 allows remote attackers to execute arbitrary code ...)
+ TODO: check
CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in ...)
- libvirt 0.9.12-6 (bug #699224)
[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
@@ -30182,8 +30570,8 @@
[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2012-5477
- RESERVED
+CVE-2012-5477 (The smart proxy in Foreman before 1.1 uses a umask set to 0, which ...)
+ TODO: check
CVE-2012-5476
RESERVED
- horizon <not-affected> (File is installed with 0700 perms in Debian)
@@ -38307,8 +38695,7 @@
CVE-2010-5110 [poppler: JPEG error handler]
RESERVED
- poppler 0.16.3-1 (bug #722705)
-CVE-2010-5109 [libytnef: buffer overflow]
- RESERVED
+CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's ...)
- libytnef 1.5-5 (low; bug #705468)
[squeeze] - libytnef <no-dsa> (Minor issue)
[wheezy] - libytnef <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list