[Secure-testing-commits] r27016 - data/CVE
Joey Hess
joeyh at moszumanska.debian.org
Thu May 22 21:14:10 UTC 2014
Author: joeyh
Date: 2014-05-22 21:14:10 +0000 (Thu, 22 May 2014)
New Revision: 27016
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-22 20:02:35 UTC (rev 27015)
+++ data/CVE/list 2014-05-22 21:14:10 UTC (rev 27016)
@@ -1,6 +1,114 @@
+CVE-2014-3839
+ RESERVED
+CVE-2014-3838
+ RESERVED
+CVE-2014-3837
+ RESERVED
+CVE-2014-3836
+ RESERVED
+CVE-2014-3835
+ RESERVED
+CVE-2014-3834
+ RESERVED
+CVE-2014-3833
+ RESERVED
+CVE-2014-3832
+ RESERVED
+CVE-2014-3831
+ RESERVED
+CVE-2014-3830
+ RESERVED
+CVE-2014-3829
+ RESERVED
+CVE-2014-3828
+ RESERVED
+CVE-2014-3827
+ RESERVED
+CVE-2014-3826
+ RESERVED
+CVE-2014-3825
+ RESERVED
+CVE-2014-3824
+ RESERVED
+CVE-2014-3823
+ RESERVED
+CVE-2014-3822
+ RESERVED
+CVE-2014-3821
+ RESERVED
+CVE-2014-3820
+ RESERVED
+CVE-2014-3819
+ RESERVED
+CVE-2014-3818
+ RESERVED
+CVE-2014-3817
+ RESERVED
+CVE-2014-3816
+ RESERVED
+CVE-2014-3815
+ RESERVED
+CVE-2014-3814
+ RESERVED
+CVE-2014-3813
+ RESERVED
+CVE-2014-3812
+ RESERVED
+CVE-2014-3811
+ RESERVED
+CVE-2014-3810
+ RESERVED
+CVE-2014-3809
+ RESERVED
+CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
+ TODO: check
+CVE-2014-3807 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
+ TODO: check
+CVE-2014-3806 (Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo ...)
+ TODO: check
+CVE-2014-3805
+ RESERVED
+CVE-2014-3804
+ RESERVED
+CVE-2014-3803 (The SpeechInput feature in Blink, as used in Google Chrome before ...)
+ TODO: check
+CVE-2014-3802 (msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as ...)
+ TODO: check
+CVE-2014-3799
+ RESERVED
+CVE-2014-3798
+ RESERVED
+CVE-2014-3797
+ RESERVED
+CVE-2014-3796
+ RESERVED
+CVE-2014-3795
+ RESERVED
+CVE-2014-3794
+ RESERVED
+CVE-2014-3793
+ RESERVED
+CVE-2014-3792 (Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 ...)
+ TODO: check
+CVE-2014-3791 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 ...)
+ TODO: check
+CVE-2014-3790
+ RESERVED
+CVE-2014-3789
+ RESERVED
+CVE-2014-3788
+ RESERVED
+CVE-2014-3787 (SAP NetWeaver 7.20 and earlier allows remote attackers to read ...)
+ TODO: check
+CVE-2013-7385 (LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator ...)
+ TODO: check
+CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a ...)
+ TODO: check
CVE-2014-3840 [Persistent XSS]
+ RESERVED
- mayan <itp> (bug #718580)
CVE-2014-3801 [Heat template URL information leakage]
+ RESERVED
- heat 2014.1-4 (bug #748824)
NOTE: https://launchpad.net/bugs/1311223
CVE-2014-3786
@@ -86,8 +194,8 @@
RESERVED
CVE-2014-3736
RESERVED
-CVE-2014-3735
- RESERVED
+CVE-2014-3735 (ir41_32.ax 4.51.16.3 for Intel Ideo Video 4.5 allows remote attackers ...)
+ TODO: check
CVE-2014-3734
RESERVED
CVE-2014-3733
@@ -635,6 +743,7 @@
CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
TODO: check
CVE-2014-3800 [file containing a password world readable]
+ RESERVED
- xbmc <unfixed> (low; bug #747428)
[wheezy] - xbmc <no-dsa> (Minor issue)
NOTE: http://trac.xbmc.org/ticket/15198
@@ -660,41 +769,32 @@
CVE-2014-XXXX [check_dhcp: arbitray option file read]
- nagios-plugins <unfixed> (unimportant)
NOTE: check_dhcp is not installed with root suid permissions in Debian
-CVE-2014-3776 [buffer overrun in some uses ofread-u8vect]
- RESERVED
+CVE-2014-3776 (Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit ...)
- chicken <unfixed> (bug #748904)
[squeeze] - chicken <no-dsa> (Minor issue)
[wheezy] - chicken <no-dsa> (Minor issue)
NOTE: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
-CVE-2014-3775 [memory corruption]
- RESERVED
+CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin ...)
{DSA-2935-1}
- libgadu 1:1.12.0~rc3-1
[squeeze] - libgadu <not-affected> (Vulnerable code not present)
-CVE-2014-3749
- RESERVED
+CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote ...)
NOT-FOR-US: Construtiva CIS Manager CMS
CVE-2014-3719
RESERVED
NOT-FOR-US: ALEPH500 Integrated library management system
-CVE-2014-3717
- RESERVED
+CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
-CVE-2014-3716
- RESERVED
+CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
-CVE-2014-3715
- RESERVED
+CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
-CVE-2014-3714
- RESERVED
+CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly ...)
- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
-CVE-2014-3739
- RESERVED
+CVE-2014-3739 (Open redirect vulnerability in ...)
- zenoss <itp> (bug #361253)
-CVE-2014-3738
- RESERVED
+CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote ...)
- zenoss <itp> (bug #361253)
CVE-2014-3756 [Mumble-SA-2014-006]
RESERVED
@@ -713,8 +813,8 @@
- qemu <unfixed>
- qemu-kvm <removed>
NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
-CVE-2014-3460
- RESERVED
+CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the ...)
+ TODO: check
CVE-2014-3459
RESERVED
CVE-2014-3458
@@ -763,8 +863,8 @@
NOTE: https://defuse.ca/audits/encfs.htm
CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
NOT-FOR-US: Drupal module
-CVE-2014-3444
- RESERVED
+CVE-2014-3444 (The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer ...)
+ TODO: check
CVE-2014-3443 (JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to ...)
NOT-FOR-US: JetAudio
CVE-2014-3442
@@ -813,10 +913,10 @@
RESERVED
CVE-2014-3413
RESERVED
-CVE-2014-3412
- RESERVED
-CVE-2014-3411
- RESERVED
+CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...)
+ TODO: check
+CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in NSM before ...)
+ TODO: check
CVE-2014-3410
RESERVED
CVE-2014-3409
@@ -1091,26 +1191,26 @@
RESERVED
CVE-2014-3274
RESERVED
-CVE-2014-3273
- RESERVED
+CVE-2014-3273 (The LLDP implementation in Cisco IOS allows remote attackers to cause ...)
+ TODO: check
CVE-2014-3272
RESERVED
-CVE-2014-3271
- RESERVED
-CVE-2014-3270
- RESERVED
-CVE-2014-3269
- RESERVED
-CVE-2014-3268
- RESERVED
+CVE-2014-3271 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to ...)
+ TODO: check
+CVE-2014-3270 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to ...)
+ TODO: check
+CVE-2014-3269 (The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users ...)
+ TODO: check
+CVE-2014-3268 (Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices ...)
+ TODO: check
CVE-2014-3267
RESERVED
CVE-2014-3266
RESERVED
-CVE-2014-3265
- RESERVED
-CVE-2014-3264
- RESERVED
+CVE-2014-3265 (Cross-site scripting (XSS) vulnerability in the Auto Update Server ...)
+ TODO: check
+CVE-2014-3264 (Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier ...)
+ TODO: check
CVE-2014-3263 (The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to ...)
NOT-FOR-US: Cisco IOS
CVE-2014-3262 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...)
@@ -1193,8 +1293,7 @@
RESERVED
CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...)
NOT-FOR-US: F5 BIG-IQ
-CVE-2013-7383 [X2Go Server privilege escalation]
- RESERVED
+CVE-2013-7383 (x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before ...)
- x2goserver <itp> (bug #465821)
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
NOT-FOR-US: PHP-Fusion
@@ -1390,8 +1489,7 @@
RESERVED
CVE-2014-3153
RESERVED
-CVE-2014-3152
- RESERVED
+CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in ...)
- chromium-browser <unfixed>
- libv8 <removed>
- libv8-3.14 <unfixed>
@@ -2779,8 +2877,8 @@
RESERVED
CVE-2014-2605
RESERVED
-CVE-2014-2604
- RESERVED
+CVE-2014-2604 (Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP ...)
+ TODO: check
CVE-2014-2603 (Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and ...)
NOT-FOR-US: HP
CVE-2014-2602 (Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote ...)
@@ -3443,8 +3541,8 @@
RESERVED
CVE-2014-2352
RESERVED
-CVE-2014-2351
- RESERVED
+CVE-2014-2351 (SQL injection vulnerability in the LiveData service in CSWorks before ...)
+ TODO: check
CVE-2014-2350
RESERVED
CVE-2014-2349
@@ -3795,8 +3893,8 @@
CVE-2014-2200
RESERVED
NOT-FOR-US: Cisco
-CVE-2014-2199
- RESERVED
+CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, ...)
+ TODO: check
CVE-2014-2198
RESERVED
CVE-2014-2197
@@ -3804,14 +3902,14 @@
CVE-2014-2196
RESERVED
NOT-FOR-US: Cisco Wide Area Application Services
-CVE-2014-2195
- RESERVED
-CVE-2014-2194
- RESERVED
-CVE-2014-2193
- RESERVED
-CVE-2014-2192
- RESERVED
+CVE-2014-2195 (Cisco AsyncOS on Email Security Appliance (ESA) and Content Security ...)
+ TODO: check
+CVE-2014-2194 (system/egain/chat/entrypoint in Cisco Unified Web and E-mail ...)
+ TODO: check
+CVE-2014-2193 (Cisco Unified Web and E-Mail Interaction Manager places session ...)
+ TODO: check
+CVE-2014-2192 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and ...)
+ TODO: check
CVE-2014-2191 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
NOT-FOR-US: Cisco
CVE-2014-2190 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
@@ -4764,8 +4862,8 @@
RESERVED
CVE-2014-1856
RESERVED
-CVE-2014-1855
- RESERVED
+CVE-2014-1855 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel ...)
+ TODO: check
CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the ...)
NOT-FOR-US: AdRotate plugin for WordPress
CVE-2014-1853
@@ -5033,8 +5131,8 @@
RESERVED
CVE-2014-1771
RESERVED
-CVE-2014-1770
- RESERVED
+CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
+ TODO: check
CVE-2014-1769
RESERVED
CVE-2014-1768
@@ -5073,26 +5171,19 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1751 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2014-1749
- RESERVED
+CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
-CVE-2014-1748
- RESERVED
+CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in ...)
- chromium-browser <unfixed>
-CVE-2014-1747
- RESERVED
+CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the ...)
- chromium-browser <unfixed>
-CVE-2014-1746
- RESERVED
+CVE-2014-1746 (The InMemoryUrlProtocol::Read function in ...)
- chromium-browser <unfixed>
-CVE-2014-1745
- RESERVED
+CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
- chromium-browser <unfixed>
-CVE-2014-1744
- RESERVED
+CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream ...)
- chromium-browser <unfixed>
-CVE-2014-1743
- RESERVED
+CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument ...)
- chromium-browser <unfixed>
CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance ...)
{DSA-2930-1}
@@ -6662,8 +6753,7 @@
NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1405 (Multiple open redirect vulnerabilities on the Conceptronic C54APM ...)
NOT-FOR-US: Conceptronic C54APM access point
-CVE-2014-1402 [jinja2.bccache.FileSystemBytecodeCache: insecure default directory]
- RESERVED
+CVE-2014-1402 (The default configuration for bccache.FileSystemBytecodeCache in ...)
- jinja2 2.7.2-1 (low; bug #734747)
[squeeze] - jinja2 <no-dsa> (Minor issue)
[wheezy] - jinja2 <no-dsa> (Minor issue)
@@ -6735,28 +6825,28 @@
RESERVED
CVE-2014-0960
RESERVED
-CVE-2014-0959
- RESERVED
-CVE-2014-0958
- RESERVED
+CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
+CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through ...)
+ TODO: check
CVE-2014-0957
RESERVED
-CVE-2014-0956
- RESERVED
-CVE-2014-0955
- RESERVED
-CVE-2014-0954
- RESERVED
+CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM ...)
+ TODO: check
+CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 ...)
+ TODO: check
+CVE-2014-0954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
CVE-2014-0953
RESERVED
-CVE-2014-0952
- RESERVED
-CVE-2014-0951
- RESERVED
+CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM ...)
+ TODO: check
+CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM ...)
+ TODO: check
CVE-2014-0950
RESERVED
-CVE-2014-0949
- RESERVED
+CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
+ TODO: check
CVE-2014-0948
RESERVED
CVE-2014-0947
@@ -8633,8 +8723,7 @@
RESERVED
CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in ...)
NOT-FOR-US: LiveZilla
-CVE-2013-7033
- RESERVED
+CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext ...)
NOT-FOR-US: LiveZilla
CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
NOT-FOR-US: LiveZilla
@@ -8853,8 +8942,7 @@
- pam <unfixed> (low; bug #731368)
[squeeze] - pam <no-dsa> (Minor issue)
[wheezy] - pam <no-dsa> (Minor issue)
-CVE-2013-7040
- RESERVED
+CVE-2013-7040 (Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...)
- python2.5 <removed> (low)
- python2.6 <removed> (low)
- python2.7 <unfixed> (low)
@@ -8992,8 +9080,8 @@
RESERVED
CVE-2013-6995
REJECTED
-CVE-2013-6994
- RESERVED
+CVE-2013-6994 (OpenText Exceed OnDemand (EoD) 8 transmits the session ID in ...)
+ TODO: check
CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 ...)
NOT-FOR-US: WordPress plugin Ad-minister
CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -9028,8 +9116,8 @@
RESERVED
CVE-2013-6976 (Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup ...)
NOT-FOR-US: Cisco
-CVE-2013-6975
- RESERVED
+CVE-2013-6975 (Directory traversal vulnerability in the command-line interface in ...)
+ TODO: check
CVE-2013-6974 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-6973 (Cisco WebEx Training Center allows remote attackers to discover ...)
@@ -10067,8 +10155,7 @@
RESERVED
CVE-2014-0013
RESERVED
-CVE-2014-0012 [unsafe temporary files creation]
- RESERVED
+CVE-2014-0012 (FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create ...)
- jinja2 2.7.2-2 (bug #734956)
[squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
[wheezy] - jinja2 <not-affected> (introduced by fix in 2.7.2)
@@ -10385,13 +10472,12 @@
- horizon 2013.2-2 (bug #730752)
[wheezy] - horizon <not-affected> (Vulnerable code not present)
NOTE: https://github.com/openstack/horizon/commit/6179f70290783e55b10bbd4b3b7ee74db3f8ef70
-CVE-2013-6807
- RESERVED
-CVE-2013-6806
- RESERVED
+CVE-2013-6807 (The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ...)
+ TODO: check
+CVE-2013-6806 (OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to ...)
NOT-FOR-US: OpenText Exceed onDemand
-CVE-2013-6805
- RESERVED
+CVE-2013-6805 (OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, ...)
+ TODO: check
CVE-2013-6804 (Cross-site scripting (XSS) vulnerability in the Search module before ...)
NOT-FOR-US: Jamroom Search module
CVE-2013-6803
@@ -10476,7 +10562,7 @@
CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro ...)
NOT-FOR-US: QuickHeal AntiVirus
CVE-2013-6764
- RESERVED
+ REJECTED
CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux ...)
NOTE: Red Hat consider this as a non-issue:
NOTE: http://seclists.org/oss-sec/2013/q4/282
@@ -10838,11 +10924,9 @@
- salt 0.17.1+dfsg-1
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: SpellChecker module in Xinha
-CVE-2013-6766
- RESERVED
+CVE-2013-6766 (OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows ...)
NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago)
-CVE-2013-6765
- RESERVED
+CVE-2013-6765 (OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote ...)
NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago)
CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote ...)
{DSA-2799-1}
@@ -11486,8 +11570,7 @@
- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
- rails <not-affected> (vulnerable code not present)
NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-6413 [unrealircd: DoS, use after free]
- RESERVED
+CVE-2013-6413 (Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 ...)
- unrealircd <itp> (bug #515130)
NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221
CVE-2013-6412 (The transform_save function in transform.c in Augeas 1.0.0 through ...)
@@ -11528,7 +11611,7 @@
{DSA-2829-1}
- hplip 3.13.11-2.1 (bug #725876)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=852368
-CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restricting the ability to ...)
+CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restrict the ability to ...)
- jansson 2.6-1 (bug #738647)
[wheezy] - jansson <no-dsa> (Minor issue)
CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been ...)
@@ -16466,27 +16549,23 @@
[wheezy] - dropbear <no-dsa> (Minor issue)
CVE-2013-4433 (Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows ...)
- xhprof 0.9.4-1 (bug #726284)
-CVE-2013-4432 [a group member with no access rights to folder can still view it]
- RESERVED
+CVE-2013-4432 (Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does ...)
- mahara <removed> (low; bug #727539)
[squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
NOTE: https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952
-CVE-2013-4431 [Not checking ownership of blocks before editing them]
- RESERVED
+CVE-2013-4431 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does ...)
- mahara <removed> (low; bug #727552)
[squeeze] - mahara <no-dsa> (Minor issue)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5832
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5542
NOTE: https://bugs.launchpad.net/mahara/+bug/1233500
-CVE-2013-4430
- RESERVED
+CVE-2013-4430 (Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, ...)
- mahara <removed> (unimportant; bug #727548)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5830
NOTE: https://bugs.launchpad.net/mahara/+bug/1175446
NOTE: Only exploitable during installation
-CVE-2013-4429 [Arbitrary image download]
- RESERVED
+CVE-2013-4429 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does ...)
- mahara <removed> (low; bug #727545)
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833
NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543
@@ -16495,11 +16574,9 @@
CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly ...)
- glance 2013.2-1 (bug #726478)
[wheezy] - glance <not-affected> (does not have the download_image)
-CVE-2013-4427 [pyxtrlock Incorrect return value checking]
- RESERVED
+CVE-2013-4427 (pyxtrlock before 0.2 does not properly check the return values of the ...)
NOT-FOR-US: pyxtrlock
-CVE-2013-4426 [pyxtrlock mis-spelled variable name]
- RESERVED
+CVE-2013-4426 (pyxtrlock before 0.1 uses an incorrect variable name, which allows ...)
NOT-FOR-US: pyxtrlock
CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when ...)
NOT-FOR-US: Osirix
@@ -16559,8 +16636,7 @@
{DSA-2801-1}
- libhttp-body-perl 1.17-2 (bug #721634)
[squeeze] - libhttp-body-perl <not-affected> (Vulnerable code introduced in 1.08)
-CVE-2013-4406
- RESERVED
+CVE-2013-4406 (The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, ...)
NOT-FOR-US: Quick Tabs Drupal contributed module
CVE-2013-4405 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
NOT-FOR-US: Cumin
@@ -16649,8 +16725,7 @@
REJECTED
CVE-2013-4381
REJECTED
-CVE-2013-4380
- RESERVED
+CVE-2013-4380 (Cross-site scripting (XSS) vulnerability in the MediaFront module ...)
NOT-FOR-US: Drupal module
CVE-2013-4379 (The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal ...)
NOT-FOR-US: Drupal module
@@ -16767,14 +16842,12 @@
- linux 3.11.6-2
- linux-2.6 <not-affected> (Introduced in 3.2)
[wheezy] - linux 3.2.53-2
-CVE-2013-4347 [Uses poor PRNG]
- RESERVED
+CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier ...)
- python-oauth2 <unfixed> (low; bug #722657)
[wheezy] - python-oauth2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/9
-CVE-2013-4346 [_check_signature() ignores the nonce value when validating signed urls]
- RESERVED
+CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...)
- python-oauth2 <unfixed> (low; bug #722656)
[wheezy] - python-oauth2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
@@ -16864,11 +16937,9 @@
- tomcat6 6.0.39
- tomcat7 7.0.50
- tomcat8 8.0.0
-CVE-2013-4321 [TYPO3 File Abstraction Layer: Remote Code Execution]
- RESERVED
+CVE-2013-4321 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x ...)
- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
-CVE-2013-4320 [TYPO3 Core: Cross-Site Scripting, Remote Code Execution]
- RESERVED
+CVE-2013-4320 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x ...)
- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka ...)
{DSA-2770-1}
@@ -17100,8 +17171,7 @@
[wheezy] - python-scipy <no-dsa> (Minor issue)
[squeeze] - python-scipy <no-dsa> (Minor issue)
NOTE: https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
-CVE-2013-4250 [Vulnerable subcomponent: Backend File Upload / File Abstraction Layer]
- RESERVED
+CVE-2013-4250 (The (1) file upload component and (2) File Abstraction Layer (FAL) in ...)
- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4249 (Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget ...)
- python-django 1.5.2-1
@@ -29245,8 +29315,7 @@
{DSA-2574-1}
- typo3-src 4.5.19+dfsg1-4 (bug #692775)
NOTE: https://review.typo3.org/16305
-CVE-2012-6146 [Backend History Module Information Disclosure]
- RESERVED
+CVE-2012-6146 (The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before ...)
{DSA-2574-1}
- typo3-src 4.5.19+dfsg1-4 (bug #692775)
NOTE: https://review.typo3.org/16304
@@ -42594,8 +42663,7 @@
- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2012-1166 [ldm (LTSP display manager)]
- RESERVED
+CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x ...)
- ldm 2:2.2.7-1 (bug #663645)
[squeeze] - ldm <not-affected> (Introduced in 2.2)
NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340
@@ -54150,8 +54218,7 @@
- tftp-hpa 5.1-1 (low)
[squeeze] - tftp-hpa <no-dsa> (Minor issue)
NOTE: http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
-CVE-2011-2198 [vte memory exhaustion]
- RESERVED
+CVE-2011-2198 (The "insert-blank-characters" capability in caps.c in gnome-terminal ...)
- vte 1:0.28.1-1 (low; bug #629688)
[lenny] - vte <no-dsa> (Minor issue)
[squeeze] - vte 1:0.24.3-3
More information about the Secure-testing-commits
mailing list