[Secure-testing-commits] r26926 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Wed May 14 21:14:10 UTC 2014
Author: joeyh
Date: 2014-05-14 21:14:10 +0000 (Wed, 14 May 2014)
New Revision: 26926
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-14 19:30:54 UTC (rev 26925)
+++ data/CVE/list 2014-05-14 21:14:10 UTC (rev 26926)
@@ -1,3 +1,35 @@
+CVE-2014-3461
+ RESERVED
+CVE-2014-3460
+ RESERVED
+CVE-2014-3459
+ RESERVED
+CVE-2014-3458
+ RESERVED
+CVE-2014-3457
+ RESERVED
+CVE-2014-3456 (Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition ...)
+ TODO: check
+CVE-2014-3455 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
+ TODO: check
+CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2014-3452
+ RESERVED
+CVE-2014-3451
+ RESERVED
+CVE-2014-3450
+ RESERVED
+CVE-2014-3449
+ RESERVED
+CVE-2014-3448
+ RESERVED
+CVE-2014-3447
+ RESERVED
+CVE-2014-3446
+ RESERVED
+CVE-2014-3445
+ RESERVED
CVE-2014-XXXX [Malformed URLs from user input incorrectly validated]
- python-django <unfixed>
NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
@@ -9,9 +41,11 @@
NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
TODO: check
CVE-2014-3462 [Editing Configuration File Disables MACs]
+ RESERVED
- encfs <unfixed> (bug #736066)
NOTE: https://defuse.ca/audits/encfs.htm
CVE-2014-3453
+ RESERVED
NOT-FOR-US: Drupal module
CVE-2014-3444
RESERVED
@@ -395,8 +429,8 @@
RESERVED
CVE-2014-3247
RESERVED
-CVE-2014-3246
- RESERVED
+CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote ...)
+ TODO: check
CVE-2014-3245
RESERVED
CVE-2014-3244
@@ -439,19 +473,17 @@
RESERVED
CVE-2014-3221
RESERVED
-CVE-2014-3220 (F5 BIG-IQ 4.1.0.2013.0 allows remote authenticated users to change the ...)
+CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...)
TODO: check
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
TODO: check
-CVE-2014-3145 [linux: filter: prevent nla extensions to peek beyond the end of the message]
- RESERVED
+CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
- linux 3.14.4-1
- linux-2.6 <removed>
NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
-CVE-2014-3144 [linux: filter: prevent nla extensions to peek beyond the end of the message]
- RESERVED
+CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension ...)
- linux 3.14.4-1
- linux-2.6 <removed>
NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
@@ -494,16 +526,13 @@
CVE-2014-XXXX
- icecast2 <unfixed>
NOTE: https://trac.xiph.org/changeset/19137/
-CVE-2014-3243 [python-soappy: billion laughs DoS]
- RESERVED
+CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity ...)
- python-soappy <unfixed> (bug #747280)
NOTE: http://www.pnigos.com/?p=260
-CVE-2014-3242 [python-soappy: XXE]
- RESERVED
+CVE-2014-3242 (SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a ...)
- python-soappy <unfixed> (bug #747280)
NOTE: http://www.pnigos.com/?p=260
-CVE-2014-3225 [Local File inclusion vulnerability]
- RESERVED
+CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler ...)
- cobbler <itp> (bug #545583)
CVE-2014-3219
RESERVED
@@ -707,8 +736,7 @@
- python-bottle 0.12.6-1 (bug #746322)
CVE-2014-3128
RESERVED
-CVE-2014-3127 [dpkg: patch(1)-dependent path traversal]
- RESERVED
+CVE-2014-3127 (dpkg 1.17.x before 1.17.9, 1.16.x before 1.16.14, and 1.15.x before ...)
{DSA-2915-2}
- dpkg 1.17.9
CVE-2014-3126
@@ -720,8 +748,7 @@
[squeeze] - xen <not-affected> (Xen versions from 4.1 onwards are vulnerable)
CVE-2014-3123 (Cross-site scripting (XSS) vulnerability in admin/manage-images.php in ...)
NOT-FOR-US: Wordpress plugin
-CVE-2014-3121 [user-assisted arbitrary commands execution]
- RESERVED
+CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape ...)
{DSA-2925-1}
- rxvt-unicode 9.20-1 (bug #746593)
CVE-2014-3120
@@ -989,8 +1016,8 @@
RESERVED
CVE-2014-2990
RESERVED
-CVE-2014-2989
- RESERVED
+CVE-2014-2989 (Cross-site request forgery (CSRF) vulnerability in Open Assessment ...)
+ TODO: check
CVE-2014-2988
RESERVED
CVE-2014-2987
@@ -1001,8 +1028,7 @@
NOT-FOR-US: Android
CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft ...)
NOT-FOR-US: Microsoft IIS
-CVE-2014-3122 [mm: try_to_unmap_cluster() should lock_page() before mlocking]
- RESERVED
+CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel ...)
{DSA-2926-1}
- linux 3.14.4-1 (bug #747326)
- linux-2.6 <removed>
@@ -1135,8 +1161,8 @@
RESERVED
CVE-2014-2929
RESERVED
-CVE-2014-2928
- RESERVED
+CVE-2014-2928 (The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and ...)
+ TODO: check
CVE-2014-2927
RESERVED
CVE-2014-2926
@@ -2025,8 +2051,7 @@
RESERVED
CVE-2014-2604
RESERVED
-CVE-2014-2603
- RESERVED
+CVE-2014-2603 (Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and ...)
NOT-FOR-US: HP
CVE-2014-2602 (Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote ...)
NOT-FOR-US: HP OneView
@@ -2048,8 +2073,8 @@
RESERVED
CVE-2014-2592
RESERVED
-CVE-2014-2591
- RESERVED
+CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 ...)
+ TODO: check
CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...)
NOT-FOR-US: Siemens RuggedCom ROS
CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend ...)
@@ -2565,9 +2590,9 @@
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2406 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
NOT-FOR-US: Oracle Database Server
-CVE-2014-2405
- RESERVED
+CVE-2014-2405 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...)
{DSA-2912-1}
+ TODO: check
CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
@@ -2815,8 +2840,8 @@
RESERVED
CVE-2014-2302
RESERVED
-CVE-2014-2301
- RESERVED
+CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...)
+ TODO: check
CVE-2014-2300
RESERVED
CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the ...)
@@ -3478,8 +3503,7 @@
RESERVED
CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is ...)
- owncloud 6.0.2+dfsg-1
-CVE-2014-2046
- RESERVED
+CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 ...)
NOT-FOR-US: Broadcom Ltd PIPA C211
CVE-2014-2045
RESERVED
@@ -3929,8 +3953,7 @@
CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the ...)
{DSA-2860-1}
- parcimonie 0.8.1-1 (bug #738134)
-CVE-2014-1909
- RESERVED
+CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android ...)
NOT-FOR-US: Android SDK Tools
CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen ...)
- xen <unfixed>
@@ -4014,8 +4037,7 @@
RESERVED
CVE-2014-1850
RESERVED
-CVE-2014-1849
- RESERVED
+CVE-2014-1849 (Foscam IP camera 11.37.2.49 and other versions, when using the Foscam ...)
NOT-FOR-US: Foscam
CVE-2014-1848
RESERVED
@@ -4182,26 +4204,26 @@
RESERVED
CVE-2014-1816
RESERVED
-CVE-2014-1815
- RESERVED
+CVE-2014-1815 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-1814
RESERVED
-CVE-2014-1813
- RESERVED
-CVE-2014-1812
- RESERVED
+CVE-2014-1813 (Microsoft Web Applications 2010 SP1 and SP2 allows remote ...)
+ TODO: check
+CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, ...)
+ TODO: check
CVE-2014-1811
RESERVED
CVE-2014-1810
RESERVED
-CVE-2014-1809
- RESERVED
-CVE-2014-1808
- RESERVED
-CVE-2014-1807
- RESERVED
-CVE-2014-1806
- RESERVED
+CVE-2014-1809 (The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, ...)
+ TODO: check
+CVE-2014-1808 (Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote ...)
+ TODO: check
+CVE-2014-1807 (The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 ...)
+ TODO: check
+CVE-2014-1806 (The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, ...)
+ TODO: check
CVE-2014-1805
RESERVED
CVE-2014-1804
@@ -4260,7 +4282,7 @@
RESERVED
CVE-2014-1777
RESERVED
-CVE-2014-1776 (Use-after-free vulnerability in VGX.DLL in Microsoft Internet Explorer ...)
+CVE-2014-1776 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1775
RESERVED
@@ -4300,12 +4322,12 @@
NOT-FOR-US: Microsoft Word
CVE-2014-1757 (Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility ...)
NOT-FOR-US: Microsoft Word
-CVE-2014-1756
- RESERVED
+CVE-2014-1756 (Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 ...)
+ TODO: check
CVE-2014-1755 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1754
- RESERVED
+CVE-2014-1754 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
+ TODO: check
CVE-2014-1753 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1752 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
@@ -4326,23 +4348,21 @@
RESERVED
CVE-2014-1743
RESERVED
-CVE-2014-1742
- RESERVED
-CVE-2014-1741
- RESERVED
-CVE-2014-1740
- RESERVED
+CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance ...)
+ TODO: check
+CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the ...)
+ TODO: check
+CVE-2014-1740 (Multiple use-after-free vulnerabilities in ...)
+ TODO: check
CVE-2014-1739
RESERVED
-CVE-2014-1738
- RESERVED
- {DSA-2926-1}
+CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux ...)
+ {DSA-2928-1 DSA-2926-1}
- linux 3.14.4-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2145e15e0557a01b9195d1c7199a1b92cb9be81f
-CVE-2014-1737
- RESERVED
- {DSA-2926-1}
+CVE-2014-1737 (The raw_cmd_copyin function in drivers/block/floppy.c in the Linux ...)
+ {DSA-2928-1 DSA-2926-1}
- linux 3.14.4-1
- linux-2.6 <removed>
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
@@ -7064,45 +7084,40 @@
RESERVED
CVE-2014-0530
RESERVED
-CVE-2014-0529
- RESERVED
-CVE-2014-0528
- RESERVED
-CVE-2014-0527
- RESERVED
-CVE-2014-0526
- RESERVED
-CVE-2014-0525
- RESERVED
-CVE-2014-0524
- RESERVED
-CVE-2014-0523
- RESERVED
-CVE-2014-0522
- RESERVED
-CVE-2014-0521
- RESERVED
-CVE-2014-0520
- RESERVED
+CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and ...)
+ TODO: check
+CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-0527 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
+ TODO: check
+CVE-2014-0526 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
+ TODO: check
+CVE-2014-0525 (The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x ...)
+ TODO: check
+CVE-2014-0524 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
+ TODO: check
+CVE-2014-0523 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
+ TODO: check
+CVE-2014-0522 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
+ TODO: check
+CVE-2014-0521 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
+ TODO: check
+CVE-2014-0520 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0519
- RESERVED
+CVE-2014-0519 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0518
- RESERVED
+CVE-2014-0518 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0517
- RESERVED
+CVE-2014-0517 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0516
- RESERVED
+CVE-2014-0516 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
NOT-FOR-US: Flash plugin
CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x ...)
NOT-FOR-US: Flash plugin
CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not ...)
NOT-FOR-US: Adobe Reader Mobile application
-CVE-2014-0513
- RESERVED
+CVE-2014-0513 (Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and ...)
+ TODO: check
CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox ...)
NOT-FOR-US: Adobe Reader
CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote ...)
@@ -7307,9 +7322,9 @@
CVE-2014-0463 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
- openjdk-7 <not-affected> (Only affects Java 8)
- openjdk-6 <not-affected> (Only affects Java 8)
-CVE-2014-0462
- RESERVED
+CVE-2014-0462 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...)
{DSA-2912-1}
+ TODO: check
CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
{DSA-2923-1 DSA-2912-1}
- openjdk-7 7u55-2.4.7-1
@@ -8411,8 +8426,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-0310
- RESERVED
+CVE-2014-0310 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
+ TODO: check
CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
@@ -8519,18 +8534,18 @@
NOT-FOR-US: Microsoft Office
CVE-2014-0257 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, ...)
NOT-FOR-US: Microsoft .NET Framework
-CVE-2014-0256
- RESERVED
-CVE-2014-0255
- RESERVED
+CVE-2014-0256 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold ...)
+ TODO: check
+CVE-2014-0255 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and ...)
+ TODO: check
CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, ...)
NOT-FOR-US: Microsoft
CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0252
RESERVED
-CVE-2014-0251
- RESERVED
+CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 ...)
+ TODO: check
CVE-2014-0250
RESERVED
CVE-2014-0249
@@ -8659,7 +8674,7 @@
CVE-2014-0197
RESERVED
CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel ...)
- {DSA-2926-1}
+ {DSA-2928-1 DSA-2926-1}
- linux 3.14.4-1 (bug #747166)
- linux-2.6 <removed>
NOTE: PoC: http://pastebin.com/yTSFUBgZ
@@ -10447,8 +10462,7 @@
- cups-filters 1.0.47-1 (bug #741318)
[wheezy] - cups-filters <not-affected> (does not contain urftopdf filter)
NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
-CVE-2013-6472
- RESERVED
+CVE-2013-6472 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...)
{DSA-2891-1}
- mediawiki 1:1.19.10+dfsg-1
[squeeze] - mediawiki <end-of-life>
@@ -10512,20 +10526,17 @@
CVE-2013-6455
RESERVED
NOT-FOR-US: Mediawiki CentralAuth extension
-CVE-2013-6454
- RESERVED
+CVE-2013-6454 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...)
{DSA-2891-1}
- mediawiki 1:1.19.10+dfsg-1
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58472
-CVE-2013-6453
- RESERVED
+CVE-2013-6453 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...)
{DSA-2891-1}
- mediawiki 1:1.19.10+dfsg-1
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58553
-CVE-2013-6452
- RESERVED
+CVE-2013-6452 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...)
{DSA-2891-1}
- mediawiki 1:1.19.10+dfsg-1
[squeeze] - mediawiki <end-of-life>
@@ -11196,8 +11207,7 @@
RESERVED
CVE-2013-6221
RESERVED
-CVE-2013-6220
- RESERVED
+CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
NOT-FOR-US: HP
CVE-2013-6219 (Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before ...)
NOT-FOR-US: HP-UX
@@ -11709,8 +11719,7 @@
[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
CVE-2013-5985
RESERVED
-CVE-2013-5984
- RESERVED
+CVE-2013-5984 (Directory traversal vulnerability in ...)
NOT-FOR-US: Microweber
CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before ...)
NOT-FOR-US: GuppY
@@ -12289,11 +12298,9 @@
NOT-FOR-US: SAP NetWeaver 7.x
CVE-2013-5750 (The login form in the FriendsOfSymfony FOSUserBundle bundle before ...)
NOT-FOR-US: FriendsOfSymfony FOSUserBundle
-CVE-2013-5749
- RESERVED
+CVE-2013-5749 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: SimpleRisk
-CVE-2013-5748
- RESERVED
+CVE-2013-5748 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: SimpleRisk
CVE-2013-5747
RESERVED
@@ -12576,8 +12583,7 @@
NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress
CVE-2013-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress
-CVE-2013-5671 [Remote Command Injection]
- RESERVED
+CVE-2013-5671 (lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for ...)
NOT-FOR-US: fog-dragonfly Ruby Gem
CVE-2013-5670 (Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php ...)
- serendipity <not-affected> (Spellcheck plugin not included in 1.5.x)
@@ -14601,8 +14607,7 @@
RESERVED
CVE-2013-4773
RESERVED
-CVE-2013-4772
- RESERVED
+CVE-2013-4772 (D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless ...)
NOT-FOR-US: D-Link
CVE-2013-4771
RESERVED
@@ -15088,11 +15093,9 @@
CVE-2013-4582 [Local file inclusion vulnerability]
RESERVED
- gitlab <itp> (bug #651606)
-CVE-2013-4581 [Remote code execution vulnerability via Git SSH access]
- RESERVED
+CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise ...)
- gitlab <itp> (bug #651606)
-CVE-2013-4580 [Unauthenticated API access to GitLab when using MySQL]
- RESERVED
+CVE-2013-4580 (GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise ...)
- gitlab <itp> (bug #651606)
CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in ...)
- linux-2.6 <not-affected> (ath9k not yet present)
@@ -15101,8 +15104,7 @@
NOTE: http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
CVE-2013-4578
RESERVED
-CVE-2013-4577 [should set safer permissions even when hashed passwords are found]
- RESERVED
+CVE-2013-4577 (A certain Debian patch for GNU GRUB uses world-readable permissions ...)
- grub2 2.00-20 (unimportant; bug #632598)
NOTE: Additional hardening for rare setups, not a vulnerability
CVE-2013-4576 (GnuPG 1.x before 1.4.16 generates RSA keys using sequences of ...)
@@ -15110,8 +15112,7 @@
- gnupg 1.4.15-3
CVE-2013-4575 (Heap-based buffer overflow in the utility program in the Linux agent ...)
NOT-FOR-US: Symantec Backup Exec
-CVE-2013-4574
- RESERVED
+CVE-2013-4574 (Cross-site scripting (XSS) vulnerability in the TimeMediaHandler ...)
NOT-FOR-US: TimedMediaHandler mediawiki extension
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=56699
CVE-2013-4573 (Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess ...)
@@ -15122,12 +15123,10 @@
- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
[squeeze] - mediawiki <end-of-life>
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
-CVE-2013-4571
- RESERVED
+CVE-2013-4571 (Buffer overflow in php-luasandbox in the Scribuntu extension for ...)
NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49705
-CVE-2013-4570
- RESERVED
+CVE-2013-4570 (The zend_inline_hash_func function in php-luasandbox in the Scribuntu ...)
NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=54527
CVE-2013-4569 (The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before ...)
@@ -15155,8 +15154,7 @@
[wheezy] - linux <not-affected> (Introduced in v3.10-rc5)
NOTE: Introduced: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e2bd517c108816220f262d7954b697af03b5f9c
NOTE: fixed in: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e033e0
-CVE-2013-4562
- RESERVED
+CVE-2013-4562 (The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store ...)
- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
NOTE: https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7
CVE-2013-4561
@@ -15186,8 +15184,7 @@
- xen <not-affected> (Doesn't affect Linux)
CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x ...)
- xen <unfixed>
-CVE-2013-4552
- RESERVED
+CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...)
NOT-FOR-US: drupalauth module for simpleSAMLphp
CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...)
- xen <unfixed>
@@ -15215,8 +15212,7 @@
{DSA-2802-1}
- nginx 1.4.4-1 (bug #730012)
[squeeze] - nginx <not-affected> (Only applies to 0.8.41 - 1.5.6)
-CVE-2013-4546 [remote command execution]
- RESERVED
+CVE-2013-4546 (The repository import feature in gitlab-shell before 1.7.4, as used in ...)
- gitlab <itp> (bug #651606)
CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, ...)
{DSA-2798-1}
@@ -15448,20 +15444,15 @@
CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion ...)
- subversion 1.7.14-1 (bug #730541; unimportant)
NOTE: Not built in the binary packages
-CVE-2013-4504
- RESERVED
+CVE-2013-4504 (The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote ...)
NOT-FOR-US: Drupal contrib module
-CVE-2013-4503
- RESERVED
+CVE-2013-4503 (Cross-site scripting (XSS) vulnerability in the Feed Element Mapper ...)
NOT-FOR-US: Drupal contrib module
-CVE-2013-4502
- RESERVED
+CVE-2013-4502 (The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before ...)
NOT-FOR-US: Drupal contrib module
-CVE-2013-4501
- RESERVED
+CVE-2013-4501 (The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal ...)
NOT-FOR-US: Drupal contrib module
-CVE-2013-4500
- RESERVED
+CVE-2013-4500 (The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote ...)
NOT-FOR-US: Drupal contrib module
CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x ...)
NOT-FOR-US: Drupal contrib module
@@ -15502,8 +15493,7 @@
- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
- rails <not-affected> (Vulnerable code not present)
NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-4490 [Remote code execution vulnerability in the SSH key upload feature]
- RESERVED
+CVE-2013-4490 (The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...)
- gitlab <itp> (bug #651606)
CVE-2013-4489 [Remote code execution vulnerability in the code search feature]
RESERVED
@@ -20132,8 +20122,8 @@
NOT-FOR-US: WordPress plugin
CVE-2013-2706 (Cross-site request forgery (CSRF) vulnerability in the Stream Video ...)
NOT-FOR-US: WordPress plugin Stream Video Player
-CVE-2013-2705
- RESERVED
+CVE-2013-2705 (Cross-site request forgery (CSRF) vulnerability in the WordPress ...)
+ TODO: check
CVE-2013-2704 (Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu ...)
NOT-FOR-US: WordPress plugin Dropdown Menu Widget
CVE-2013-2703 (Cross-site request forgery (CSRF) vulnerability in the Facebook ...)
@@ -20158,8 +20148,8 @@
NOT-FOR-US: WordPress plugin wp-symposium
CVE-2013-2693 (Cross-site request forgery (CSRF) vulnerability in the Options in the ...)
NOT-FOR-US: WordPress plugin WP-Print
-CVE-2013-2692
- RESERVED
+CVE-2013-2692 (Cross-site request forgery (CSRF) vulnerability in the Admin web ...)
+ TODO: check
CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...)
NOT-FOR-US: jetAudio
CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology ...)
@@ -24365,8 +24355,8 @@
NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters ...)
NOT-FOR-US: WordPress plugin wysija-newsletters
-CVE-2013-1407
- RESERVED
+CVE-2013-1407 (Multiple cross-site scripting (XSS) vulnerabilities in the Events ...)
+ TODO: check
CVE-2013-1406 (The Virtual Machine Communication Interface (VMCI) implementation in ...)
NOT-FOR-US: VMware Workstation, Fusion, View, ESXi, ESX
CVE-2013-1405 (VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, ...)
@@ -27048,8 +27038,7 @@
NOT-FOR-US: CyberArk Vault
CVE-2012-6343
RESERVED
-CVE-2012-6342
- RESERVED
+CVE-2012-6342 (Cross-site request forgery (CSRF) vulnerability in logout.action in ...)
NOT-FOR-US: Atlassian Confluence
CVE-2012-6341
RESERVED
@@ -40867,8 +40856,7 @@
CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...)
{DSA-2469-1}
- linux-2.6 3.2.17-1 (low)
-CVE-2012-1600 [XSS from 5.0.4 release]
- RESERVED
+CVE-2012-1600 (Multiple cross-site scripting (XSS) vulnerabilities in functions.php ...)
- phppgadmin 5.0.4-1
[squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update)
CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...)
@@ -44476,8 +44464,7 @@
{DSA-2832-1}
- memcached 1.4.13-0.3 (bug #706426)
NOTE: https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
-CVE-2011-4970 [Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)]
- RESERVED
+CVE-2011-4970 (Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) ...)
- lcgdm 1.8.6-1 (low; bug #702895)
[wheezy] - lcgdm <no-dsa> (Minor issue)
- dpm <removed>
@@ -46641,8 +46628,7 @@
NOT-FOR-US: Ubuntu One
CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and ...)
- ubuntu-sso-client <removed> (bug #680492)
-CVE-2011-4407 [apt-add-repository does not perform ssl verification where it *needs* to]
- RESERVED
+CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the ...)
- software-properties 0.76.7debian2+nmu2
[squeeze] - software-properties <not-affected> (Vulnerable code not present)
[lenny] - software-properties <not-affected> (Vulnerable code not present)
@@ -50018,8 +50004,8 @@
NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows ...)
NOT-FOR-US: ATCOM Netvolution
-CVE-2010-4832
- RESERVED
+CVE-2010-4832 (Android OS before 2.2 does not display the correct SSL certificate in ...)
+ TODO: check
CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in ...)
- gtk+2.0 <not-affected> (Win32-specific)
CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration ...)
@@ -52504,13 +52490,11 @@
CVE-2011-2515
RESERVED
- packagekit 0.6.17-1
-CVE-2011-2514
- RESERVED
+CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...)
- openjdk-6 6b21~pre1-1
- icedtea-web 1.1-1
NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
-CVE-2011-2513
- RESERVED
+CVE-2011-2513 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...)
- openjdk-6 6b21~pre1-1
- icedtea-web 1.1.2-1
NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
More information about the Secure-testing-commits
mailing list