Author: joeyh
Date: 2014-03-05 21:14:12 +0000 (Wed, 05 Mar 2014)
New Revision: 25973
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-03-05 20:46:22 UTC (rev 25972)
+++ data/CVE/list 2014-03-05 21:14:12 UTC (rev 25973)
@@ -1,3 +1,359 @@
+CVE-2014-2280
+ RESERVED
+CVE-2014-2279
+ RESERVED
+CVE-2014-2278
+ RESERVED
+CVE-2014-2277
+ RESERVED
+CVE-2014-2276
+ RESERVED
+CVE-2014-2275
+ RESERVED
+CVE-2014-2274
+ RESERVED
+CVE-2014-2273
+ RESERVED
+CVE-2014-2272
+ RESERVED
+CVE-2014-2271
+ RESERVED
+CVE-2014-2269
+ RESERVED
+CVE-2014-2268
+ RESERVED
+CVE-2014-2267
+ RESERVED
+CVE-2014-2266
+ RESERVED
+CVE-2014-2265
+ RESERVED
+CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM)
4.3-3810 ...)
+ TODO: check
+CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream
(aka DVB) ...)
+ TODO: check
+CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2
TS2M3, SAS ...)
+ TODO: check
+CVE-2014-2261
+ RESERVED
+CVE-2014-2260
+ RESERVED
+CVE-2014-2259
+ RESERVED
+CVE-2014-2258
+ RESERVED
+CVE-2014-2257
+ RESERVED
+CVE-2014-2256
+ RESERVED
+CVE-2014-2255
+ RESERVED
+CVE-2014-2254
+ RESERVED
+CVE-2014-2253
+ RESERVED
+CVE-2014-2252
+ RESERVED
+CVE-2014-2251
+ RESERVED
+CVE-2014-2250
+ RESERVED
+CVE-2014-2249
+ RESERVED
+CVE-2014-2248
+ RESERVED
+CVE-2014-2247
+ RESERVED
+CVE-2014-2246
+ RESERVED
+CVE-2014-2241
+ RESERVED
+CVE-2014-2240
+ RESERVED
+CVE-2014-2239
+ RESERVED
+CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and
earlier ...)
+ TODO: check
+CVE-2014-2233
+ RESERVED
+CVE-2014-2232
+ RESERVED
+CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics
i-doit ...)
+ TODO: check
+CVE-2014-2230
+ RESERVED
+CVE-2014-2229
+ RESERVED
+CVE-2014-2228
+ RESERVED
+CVE-2014-2227
+ RESERVED
+CVE-2014-2226
+ RESERVED
+CVE-2014-2225
+ RESERVED
+CVE-2014-2224
+ RESERVED
+CVE-2014-2223
+ RESERVED
+CVE-2014-2222
+ RESERVED
+CVE-2014-2221
+ RESERVED
+CVE-2014-2220
+ RESERVED
+CVE-2014-2219
+ RESERVED
+CVE-2014-2218
+ RESERVED
+CVE-2014-2217
+ RESERVED
+CVE-2014-2216
+ RESERVED
+CVE-2014-2215
+ RESERVED
+CVE-2014-2210
+ RESERVED
+CVE-2014-2209
+ RESERVED
+CVE-2014-2208
+ RESERVED
+CVE-2014-2207
+ RESERVED
+CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator
(ePO) ...)
+ TODO: check
+CVE-2014-2204
+ RESERVED
+CVE-2014-2203
+ RESERVED
+CVE-2014-2202
+ RESERVED
+CVE-2014-2201
+ RESERVED
+CVE-2014-2200
+ RESERVED
+CVE-2014-2199
+ RESERVED
+CVE-2014-2198
+ RESERVED
+CVE-2014-2197
+ RESERVED
+CVE-2014-2196
+ RESERVED
+CVE-2014-2195
+ RESERVED
+CVE-2014-2194
+ RESERVED
+CVE-2014-2193
+ RESERVED
+CVE-2014-2192
+ RESERVED
+CVE-2014-2191
+ RESERVED
+CVE-2014-2190
+ RESERVED
+CVE-2014-2189
+ RESERVED
+CVE-2014-2188
+ RESERVED
+CVE-2014-2187
+ RESERVED
+CVE-2014-2186
+ RESERVED
+CVE-2014-2185
+ RESERVED
+CVE-2014-2184
+ RESERVED
+CVE-2014-2183
+ RESERVED
+CVE-2014-2182
+ RESERVED
+CVE-2014-2181
+ RESERVED
+CVE-2014-2180
+ RESERVED
+CVE-2014-2179
+ RESERVED
+CVE-2014-2178
+ RESERVED
+CVE-2014-2177
+ RESERVED
+CVE-2014-2176
+ RESERVED
+CVE-2014-2175
+ RESERVED
+CVE-2014-2174
+ RESERVED
+CVE-2014-2173
+ RESERVED
+CVE-2014-2172
+ RESERVED
+CVE-2014-2171
+ RESERVED
+CVE-2014-2170
+ RESERVED
+CVE-2014-2169
+ RESERVED
+CVE-2014-2168
+ RESERVED
+CVE-2014-2167
+ RESERVED
+CVE-2014-2166
+ RESERVED
+CVE-2014-2165
+ RESERVED
+CVE-2014-2164
+ RESERVED
+CVE-2014-2163
+ RESERVED
+CVE-2014-2162
+ RESERVED
+CVE-2014-2161
+ RESERVED
+CVE-2014-2160
+ RESERVED
+CVE-2014-2159
+ RESERVED
+CVE-2014-2158
+ RESERVED
+CVE-2014-2157
+ RESERVED
+CVE-2014-2156
+ RESERVED
+CVE-2014-2155
+ RESERVED
+CVE-2014-2154
+ RESERVED
+CVE-2014-2153
+ RESERVED
+CVE-2014-2152
+ RESERVED
+CVE-2014-2151
+ RESERVED
+CVE-2014-2150
+ RESERVED
+CVE-2014-2149
+ RESERVED
+CVE-2014-2148
+ RESERVED
+CVE-2014-2147
+ RESERVED
+CVE-2014-2146
+ RESERVED
+CVE-2014-2145
+ RESERVED
+CVE-2014-2144
+ RESERVED
+CVE-2014-2143
+ RESERVED
+CVE-2014-2142
+ RESERVED
+CVE-2014-2141
+ RESERVED
+CVE-2014-2140
+ RESERVED
+CVE-2014-2139
+ RESERVED
+CVE-2014-2138
+ RESERVED
+CVE-2014-2137
+ RESERVED
+CVE-2014-2136
+ RESERVED
+CVE-2014-2135
+ RESERVED
+CVE-2014-2134
+ RESERVED
+CVE-2014-2133
+ RESERVED
+CVE-2014-2132
+ RESERVED
+CVE-2014-2131
+ RESERVED
+CVE-2014-2130
+ RESERVED
+CVE-2014-2129
+ RESERVED
+CVE-2014-2128
+ RESERVED
+CVE-2014-2127
+ RESERVED
+CVE-2014-2126
+ RESERVED
+CVE-2014-2125
+ RESERVED
+CVE-2014-2124
+ RESERVED
+CVE-2014-2123
+ RESERVED
+CVE-2014-2122
+ RESERVED
+CVE-2014-2121
+ RESERVED
+CVE-2014-2120
+ RESERVED
+CVE-2014-2119
+ RESERVED
+CVE-2014-2118
+ RESERVED
+CVE-2014-2117
+ RESERVED
+CVE-2014-2116
+ RESERVED
+CVE-2014-2115
+ RESERVED
+CVE-2014-2114
+ RESERVED
+CVE-2014-2113
+ RESERVED
+CVE-2014-2112
+ RESERVED
+CVE-2014-2111
+ RESERVED
+CVE-2014-2110
+ RESERVED
+CVE-2014-2109
+ RESERVED
+CVE-2014-2108
+ RESERVED
+CVE-2014-2107
+ RESERVED
+CVE-2014-2106
+ RESERVED
+CVE-2014-2105
+ RESERVED
+CVE-2014-2104 (Multiple cross-site scripting (XSS) vulnerabilities in the
Business ...)
+ TODO: check
+CVE-2014-2103 (Cisco Intrusion Prevention System (IPS) Software allows remote
...)
+ TODO: check
+CVE-2014-2102 (Cisco Unified Contact Center Express (Unified CCX) does not
properly ...)
+ TODO: check
+CVE-2014-2101
+ RESERVED
+CVE-2014-2100
+ RESERVED
+CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg
before ...)
+ TODO: check
+CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an
incorrect ...)
+ TODO: check
+CVE-2014-2097 (The tak_decode_frame function in libavcodec/takdec.c in FFmpeg
before ...)
+ TODO: check
+CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in
ilias.php in ...)
+ TODO: check
+CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP
code via ...)
+ TODO: check
+CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS
4.4.1 ...)
+ TODO: check
+CVE-2014-2087
+ RESERVED
+CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1
and ...)
+ TODO: check
+CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1
and ...)
+ TODO: check
CVE-2014-2285 [snmptrapd crash when using a trap with empty community string]
- net-snmp <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
@@ -12,6 +368,7 @@
- mp3gain <unfixed> (bug #740268)
TODO: check
CVE-2014-2270 [crashes when checking softmagic for some corrupt PE executables]
+ RESERVED
- file 1:5.17-0.1
NOTE: http://bugs.gw.com/view.php?id=313
NOTE:
https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
@@ -22,53 +379,62 @@
CVE-2014-5795
NOT-FOR-US: Oracle Demantra
CVE-2014-2245
+ RESERVED
- cmsms <itp> (bug #608888)
-CVE-2014-2244
+CVE-2014-2244 (Cross-site scripting (XSS) vulnerability in the formatHTML
function in ...)
- mediawiki <not-affected> (vulnerable code not present)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61362
NOTE:
https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z
-CVE-2014-2243
+CVE-2014-2243 (includes/User.php in MediaWiki before 1.19.12, 1.20.x and
1.21.x ...)
- mediawiki 1:1.19.12+dfsg-1
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61346
NOTE:
https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z
-CVE-2014-2242
+CVE-2014-2242 (includes/upload/UploadBase.php in MediaWiki before 1.19.12,
1.20.x and ...)
- mediawiki 1:1.19.12+dfsg-1
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=60771
NOTE:
https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z
CVE-2014-2238 [mantis: sql injection]
+ RESERVED
- mantis <removed>
[squeeze] - mantis <no-dsa> (Minor issue)
NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
CVE-2014-2237 [Trustee token revocation does not work with memcache backend]
+ RESERVED
- keystone <unfixed>
NOTE: https://launchpad.net/bugs/1260080
CVE-2014-2236 [multiple XSS issues]
+ RESERVED
- askbot <itp> (bug #687966)
CVE-2014-2235 [XSS issue]
+ RESERVED
- askbot <itp> (bug #687966)
CVE-2014-2214
+ RESERVED
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2213
+ RESERVED
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2212
+ RESERVED
NOT-FOR-US: POSH web app (different from src:posh)
-CVE-2014-2211
+CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in
POSH ...)
NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2206
+ RESERVED
NOT-FOR-US: GetGo Download Manager
-CVE-2014-2096 [insecure when cwd is world-writable]
+CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through
1.0.0 ...)
- catfish 1.0.1-1 (low; bug #739958)
[squeeze] - catfish <no-dsa> (Minor issue)
[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2014-2095 [insecure when cwd is world-writable]
+CVE-2014-2095 (Untrusted search path vulnerability in Catfish 0.6.0 through
1.0.0, ...)
- catfish 1.0.1-1 (low; bug #739958)
[squeeze] - catfish <no-dsa> (Minor issue)
[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2014-2094 [insecure when cwd is world-writable]
+CVE-2014-2094 (Untrusted search path vulnerability in Catfish through 0.4.0.3,
when a ...)
- catfish 1.0.1-1 (low; bug #739958)
[squeeze] - catfish <no-dsa> (Minor issue)
[wheezy] - catfish <no-dsa> (Minor issue)
-CVE-2014-2093 [insecure when cwd is world-writable]
+CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3
allows ...)
- catfish 1.0.1-1 (low; bug #739958)
[squeeze] - catfish <no-dsa> (Minor issue)
[wheezy] - catfish <no-dsa> (Minor issue)
@@ -87,8 +453,7 @@
RESERVED
CVE-2014-2081
RESERVED
-CVE-2014-2080
- RESERVED
+CVE-2014-2080 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: MODx Revolution
CVE-2014-2079 [File New sets inappropriate permissions in ACL enabled
directories]
RESERVED
@@ -101,8 +466,8 @@
RESERVED
CVE-2014-2076
RESERVED
-CVE-2014-2075
- RESERVED
+CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise
Administrator SDK ...)
+ TODO: check
CVE-2014-2074
RESERVED
CVE-2014-2073
@@ -120,8 +485,7 @@
RESERVED
- jenkins <unfixed> (bug #739067)
NOTE:
https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
-CVE-2014-2067 [SECURITY-74]
- RESERVED
+CVE-2014-2067 (Cross-site scripting (XSS) vulnerability in ...)
- jenkins <unfixed> (bug #739067)
NOTE:
https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
CVE-2014-2066 [SECURITY-75]
@@ -153,8 +517,7 @@
- jenkins <unfixed> (bug #739067)
- jenkins-winstone <unfixed>
NOTE:
https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0
-CVE-2014-2059 [SECURITY-108]
- RESERVED
+CVE-2014-2059 (Directory traversal vulnerability in the CLI job creation ...)
- jenkins <unfixed> (bug #739067)
NOTE:
https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
CVE-2014-2058 [SECURITY-109]
@@ -195,11 +558,9 @@
RESERVED
CVE-2014-2041
RESERVED
-CVE-2014-2040
- RESERVED
+CVE-2014-2040 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
NOT-FOR-US: WordPress plugin MediaFileRenamer
-CVE-2014-2038 [nfs: information leakage]
- RESERVED
+CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the
Linux ...)
- linux 3.13.4-1
[wheezy] - linux <not-affected> (Introduced in 3.11)
- linux-2.6 <not-affected> (Introduced in 3.11)
@@ -207,13 +568,12 @@
NOTE: Fixed by
https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24
CVE-2014-2036
RESERVED
-CVE-2014-2035
- RESERVED
+CVE-2014-2035 (Cross-site scripting (XSS) vulnerability in xhr.php in
InterWorx Web ...)
NOT-FOR-US: InterWorx Web Control Panel
CVE-2014-2034
RESERVED
-CVE-2014-2033
- RESERVED
+CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through
5.5.11.3, ...)
+ TODO: check
CVE-2014-2028
RESERVED
CVE-2014-2026
@@ -329,12 +689,12 @@
RESERVED
CVE-2014-1969
RESERVED
-CVE-2014-1968
- RESERVED
-CVE-2014-1967
- RESERVED
-CVE-2014-1966
- RESERVED
+CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module
3.47 ...)
+ TODO: check
+CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not
verify X.509 ...)
+ TODO: check
+CVE-2014-1966 (The SNMP implementation in Siemens RuggedCom ROS before 3.11,
ROS 3.11 ...)
+ TODO: check
CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in
the ...)
NOT-FOR-US: SAP Exchange Infrastructure
CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration
Repository ...)
@@ -378,6 +738,7 @@
CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use
the ...)
NOT-FOR-US: Visibility Software Cyber Recruiter
CVE-2013-7330 [SECURITY-55]
+ RESERVED
- jenkins <unfixed> (bug #739067)
NOTE:
https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function
in ...)
@@ -396,8 +757,7 @@
- linux 3.2.29-1
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
-CVE-2014-2039 [Linux kernel: s390: crash due to linkage stack instruction]
- RESERVED
+CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on
the ...)
- linux 3.13.5-1
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
@@ -494,8 +854,8 @@
RESERVED
CVE-2014-1911
RESERVED
-CVE-2014-1910
- RESERVED
+CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before
2.4.4 ...)
+ TODO: check
CVE-2014-1908
RESERVED
CVE-2014-1907
@@ -524,14 +884,13 @@
RESERVED
CVE-2014-1889
RESERVED
-CVE-2014-1888
- RESERVED
+CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress
plugin ...)
+ TODO: check
CVE-2014-1880
RESERVED
CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in
phpMyAdmin ...)
- phpmyadmin 4:4.1.7-1 (unimportant)
-CVE-2014-1878
- RESERVED
+CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in
cgi/cmd.c ...)
- icinga 1.10.3-1
CVE-2014-1873
RESERVED
@@ -558,18 +917,17 @@
NOT-FOR-US: D-Link hardware
CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download
Manager ...)
TODO: check
-CVE-2012-6637
- RESERVED
-CVE-2012-6636
- RESERVED
+CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and
earlier ...)
+ TODO: check
+CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
+ TODO: check
CVE-2013-7322 [OTP token invalidation]
RESERVED
- oath-toolkit <unfixed> (low; bug #738515)
[wheezy] - oath-toolkit <no-dsa> (Minor issue)
NOTE:
http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
NOTE: fixed in 2.4.1 upstream,
http://lists.nongnu.org/archive/html/oath-toolkit-help/2014-02/msg00010.html
-CVE-2014-1939
- RESERVED
+CVE-2014-1939 (java/android/webkit/BrowserFrame.java in Android before 4.4
uses the ...)
NOT-FOR-US: Android Jelly Bean
CVE-2014-1938 [insecure use of /tmp]
RESERVED
@@ -650,26 +1008,19 @@
RESERVED
- xen <not-affected> (XSM not enabled in build)
NOTE: Debian package not built with XSM_ENABLE, thus resulted binary
packages not affected
-CVE-2014-1887
- RESERVED
+CVE-2014-1887 (The DrinkedIn BarFinder application for Android, when Adobe
PhoneGap ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1886
- RESERVED
+CVE-2014-1886 (The Edinburgh by Bus application for Android, when Adobe
PhoneGap ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1885
- RESERVED
+CVE-2014-1885 (The ForzeArmate application for Android, when Adobe PhoneGap
2.9.0 or ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1884
- RESERVED
+CVE-2014-1884 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and
earlier ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1883
- RESERVED
+CVE-2014-1883 (Adobe PhoneGap before 2.6.0 on Android uses the ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1882
- RESERVED
+CVE-2014-1882 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and
earlier ...)
NOT-FOR-US: Apache Cordova
-CVE-2014-1881
- RESERVED
+CVE-2014-1881 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and
earlier ...)
NOT-FOR-US: Apache Cordova
CVE-2014-1868 [DoS due to XML entity expansion]
RESERVED
@@ -705,8 +1056,8 @@
RESERVED
CVE-2014-1855
RESERVED
-CVE-2014-1854
- RESERVED
+CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the
...)
+ TODO: check
CVE-2014-1853
RESERVED
CVE-2014-1852
@@ -732,14 +1083,13 @@
CVE-2014-1841
RESERVED
NOT-FOR-US: Titan FTP Server
-CVE-2014-1840
- RESERVED
+CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php
in MyBB ...)
+ TODO: check
CVE-2014-1830
RESERVED
CVE-2014-1829
RESERVED
-CVE-2014-1912 [buffer overflow in socket.recvfrom_into]
- RESERVED
+CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in ...)
- python2.5 <removed> (low)
- python2.6 <removed> (low)
- python2.7 2.7.6-6 (low)
@@ -760,8 +1110,7 @@
- libcapture-tiny-perl 0.24-1 (bug #737835)
[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
-CVE-2014-1874 [SELinux local DoS]
- RESERVED
+CVE-2014-1874 (The security_context_to_sid_core function in ...)
- linux 3.13.4-1
- linux-2.6 <removed>
NOTE:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98,
first included in v3.14-rc2
@@ -832,8 +1181,7 @@
CVE-2014-XXXX [no input validation for search function]
- fookebox <unfixed> (low; bug #736821)
[wheezy] - fookebox <no-dsa> (Minor issue)
-CVE-2014-2013 [Stack-based Buffer Overflow in xps_parse_color()]
- RESERVED
+CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in
...)
- mupdf <unfixed> (bug #738857)
NOTE: http://www.hdwsec.fr/blog/mupdf.html
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
@@ -1125,8 +1473,8 @@
NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak
hash ...)
NOT-FOR-US: Siemens SIMATIC WinCC OA
-CVE-2014-1695
- RESERVED
+CVE-2014-1695 (Cross-site scripting (XSS) vulnerability in Open Ticket Request
System ...)
+ TODO: check
CVE-2013-7323 [Unrestricted use of unquoted strings in a shell]
RESERVED
- python-gnupg 0.3.6-1 (bug #738509)
@@ -1153,8 +1501,7 @@
- php-horde-util 2.3.0-1
NOTE:
https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
NOTE:
https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93
is also required
-CVE-2014-1690
- RESERVED
+CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux
kernel ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.7)
- linux-2.6 <not-affected> (Introduced in 3.7)
@@ -1170,8 +1517,8 @@
CVE-2014-1685
RESERVED
- zabbix 1:2.2.2+dfsg-1
-CVE-2014-1684
- RESERVED
+CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
+ TODO: check
CVE-2014-1683 (The bashMail function in ...)
NOT-FOR-US: SkyBlueCanvas CMS
CVE-2014-1682 [API issue allows users to impersonate other users]
@@ -1366,8 +1713,8 @@
RESERVED
CVE-2014-1598
RESERVED
-CVE-2014-1597
- RESERVED
+CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in
synetics ...)
+ TODO: check
CVE-2014-1596
RESERVED
CVE-2014-1595
@@ -1757,8 +2104,8 @@
NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1457
RESERVED
-CVE-2014-1456
- RESERVED
+CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in
Open Web ...)
+ TODO: check
CVE-2014-1455
RESERVED
CVE-2014-1454
@@ -2168,62 +2515,62 @@
RESERVED
CVE-2014-1271
RESERVED
-CVE-2014-1270
- RESERVED
-CVE-2014-1269
- RESERVED
-CVE-2014-1268
- RESERVED
+CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before
7.0.2, ...)
+ TODO: check
+CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before
7.0.2, ...)
+ TODO: check
+CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before
7.0.2, ...)
+ TODO: check
CVE-2014-1267
RESERVED
-CVE-2014-1266
- RESERVED
-CVE-2014-1265
- RESERVED
-CVE-2014-1264
- RESERVED
-CVE-2014-1263
- RESERVED
-CVE-2014-1262
- RESERVED
-CVE-2014-1261
- RESERVED
-CVE-2014-1260
- RESERVED
-CVE-2014-1259
- RESERVED
-CVE-2014-1258
- RESERVED
-CVE-2014-1257
- RESERVED
-CVE-2014-1256
- RESERVED
-CVE-2014-1255
- RESERVED
-CVE-2014-1254
- RESERVED
+CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
+ TODO: check
+CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple
OS X ...)
+ TODO: check
+CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL
integrity after ...)
+ TODO: check
+CVE-2014-1263 (curl in Apple OS X 10.9.x before 10.9.2 does not verify X.509
...)
+ TODO: check
+CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows
attackers ...)
+ TODO: check
+CVE-2014-1261 (Integer signedness error in CoreText in Apple OS X before
10.9.2 ...)
+ TODO: check
+CVE-2014-1260 (QuickLook in Apple OS X through 10.8.5 allows remote attackers
to ...)
+ TODO: check
+CVE-2014-1259 (Buffer overflow in File Bookmark in Apple OS X before 10.9.2
allows ...)
+ TODO: check
+CVE-2014-1258 (Heap-based buffer overflow in CoreAnimation in Apple OS X
before ...)
+ TODO: check
+CVE-2014-1257 (CFNetwork in Apple OS X through 10.8.5 does not remove session
cookies ...)
+ TODO: check
+CVE-2014-1256 (Buffer overflow in Apple Type Services (ATS) in Apple OS X
before ...)
+ TODO: check
+CVE-2014-1255 (Apple Type Services (ATS) in Apple OS X before 10.9.2 does not
...)
+ TODO: check
+CVE-2014-1254 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows
remote ...)
+ TODO: check
CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users
to ...)
NOT-FOR-US: Apple Boot Camp
CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x
before ...)
NOT-FOR-US: Apple Pages
-CVE-2014-1251
- RESERVED
-CVE-2014-1250
- RESERVED
-CVE-2014-1249
- RESERVED
-CVE-2014-1248
- RESERVED
-CVE-2014-1247
- RESERVED
-CVE-2014-1246
- RESERVED
-CVE-2014-1245
- RESERVED
-CVE-2014-1244
- RESERVED
-CVE-2014-1243
- RESERVED
+CVE-2014-1251 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote
...)
+ TODO: check
+CVE-2014-1250 (Apple QuickTime before 7.7.5 does not properly perform a
byte-swapping ...)
+ TODO: check
+CVE-2014-1249 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote
...)
+ TODO: check
+CVE-2014-1248 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote
...)
+ TODO: check
+CVE-2014-1247 (Apple QuickTime before 7.7.5 allows remote attackers to execute
...)
+ TODO: check
+CVE-2014-1246 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote
...)
+ TODO: check
+CVE-2014-1245 (Integer signedness error in Apple QuickTime before 7.7.5 allows
remote ...)
+ TODO: check
+CVE-2014-1244 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote
...)
+ TODO: check
+CVE-2014-1243 (Apple QuickTime before 7.7.5 does not initialize an unspecified
...)
+ TODO: check
CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials
window, ...)
NOT-FOR-US: Apple iTunes
CVE-2014-1241
@@ -2255,8 +2602,7 @@
RESERVED
CVE-2014-1224
RESERVED
-CVE-2014-1223
- RESERVED
+CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in
controlpanel/loading.aspx ...)
NOT-FOR-US: Telligent Evolution
CVE-2014-1222
RESERVED
@@ -2644,8 +2990,8 @@
RESERVED
CVE-2014-0875
RESERVED
-CVE-2014-0874
- RESERVED
+CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content
Navigator 2.x ...)
+ TODO: check
CVE-2014-0873
RESERVED
CVE-2014-0872
@@ -2668,26 +3014,26 @@
RESERVED
CVE-2014-0863
RESERVED
-CVE-2014-0862
- RESERVED
-CVE-2014-0861
- RESERVED
+CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational
...)
+ TODO: check
+CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM
Cognos ...)
+ TODO: check
CVE-2014-0860
RESERVED
CVE-2014-0859
RESERVED
-CVE-2014-0858
- RESERVED
+CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows
remote ...)
+ TODO: check
CVE-2014-0857
RESERVED
CVE-2014-0856
RESERVED
CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Connections ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0854
- RESERVED
-CVE-2014-0853
- RESERVED
+CVE-2014-0854 (The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1
before ...)
+ TODO: check
+CVE-2014-0853 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
+ TODO: check
CVE-2014-0852
RESERVED
CVE-2014-0851
@@ -2700,22 +3046,22 @@
RESERVED
CVE-2014-0847
RESERVED
-CVE-2014-0846
- RESERVED
-CVE-2014-0845
- RESERVED
-CVE-2014-0844
- RESERVED
-CVE-2014-0843
- RESERVED
-CVE-2014-0842
- RESERVED
+CVE-2014-0846 (Cross-site scripting (XSS) vulnerability in IBM Rational
Requirements ...)
+ TODO: check
+CVE-2014-0845 (Open redirect vulnerability in IBM Rational Requirements
Composer 3.x ...)
+ TODO: check
+CVE-2014-0844 (Unspecified vulnerability in IBM Rational Requirements Composer
3.x ...)
+ TODO: check
+CVE-2014-0843 (Cross-site scripting (XSS) vulnerability in IBM Rational Focal
Point ...)
+ TODO: check
+CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point
6.4.x ...)
+ TODO: check
CVE-2014-0841
RESERVED
-CVE-2014-0840
- RESERVED
-CVE-2014-0839
- RESERVED
+CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Rational ...)
+ TODO: check
+CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and
6.6.x ...)
+ TODO: check
CVE-2014-0838 (The AutoUpdate package before 6.4 for IBM Security QRadar SIEM
7.2 MR1 ...)
NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0837 (The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and
earlier ...)
@@ -2750,18 +3096,18 @@
RESERVED
CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and
9.0.x ...)
NOT-FOR-US: IBM Domino
-CVE-2014-0821
- RESERVED
-CVE-2014-0820
- RESERVED
-CVE-2014-0819
- RESERVED
-CVE-2014-0818
- RESERVED
-CVE-2014-0817
- RESERVED
-CVE-2014-0816
- RESERVED
+CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu
Garoon ...)
+ TODO: check
+CVE-2014-0820 (Directory traversal vulnerability in the download feature in
Cybozu ...)
+ TODO: check
+CVE-2014-0819 (Untrusted search path vulnerability in Autodesk AutoCAD before
2014 ...)
+ TODO: check
+CVE-2014-0818 (Untrusted search path vulnerability in Autodesk AutoCAD before
2014 ...)
+ TODO: check
+CVE-2014-0817 (Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does
not ...)
+ TODO: check
+CVE-2014-0816 (Unspecified vulnerability in Norman Security Suite 10.1 and
earlier ...)
+ TODO: check
CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android
allows ...)
NOT-FOR-US: Opera
CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before
2.8.6 ...)
@@ -2770,8 +3116,8 @@
NOT-FOR-US: phpMyFAQ
CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful
Note 2.8 ...)
NOT-FOR-US: KENT-WEB Joyful Note
-CVE-2014-0811
- RESERVED
+CVE-2014-0811 (Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE
8.0 ...)
+ TODO: check
CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before
update ...)
NOT-FOR-US: JustSystems Sanshiro 2007
CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip
(aka ...)
@@ -2908,8 +3254,8 @@
RESERVED
CVE-2014-0775
RESERVED
-CVE-2014-0774
- RESERVED
+CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in
Schneider ...)
+ TODO: check
CVE-2014-0773
RESERVED
CVE-2014-0772
@@ -2938,10 +3284,10 @@
RESERVED
CVE-2014-0760
RESERVED
-CVE-2014-0759
- RESERVED
-CVE-2014-0758
- RESERVED
+CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider
Electric ...)
+ TODO: check
+CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0,
8.02, ...)
+ TODO: check
CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before
2.4.7.44 ...)
NOT-FOR-US: Smart Software Solutions (3S) CoDeSys Runtime Toolkit
CVE-2014-0756
@@ -2963,28 +3309,28 @@
CVE-2014-0748
RESERVED
NOT-FOR-US: Aprun/apinit on Cray supercomputers
-CVE-2014-0747
- RESERVED
-CVE-2014-0746
- RESERVED
-CVE-2014-0745
- RESERVED
+CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI
implementation in ...)
+ TODO: check
+CVE-2014-0746 (The disaster recovery system (DRS) in Cisco Unified Contact
Center ...)
+ TODO: check
+CVE-2014-0745 (Cross-site request forgery (CSRF) vulnerability in the Unified
...)
+ TODO: check
CVE-2014-0744
RESERVED
-CVE-2014-0743
- RESERVED
-CVE-2014-0742
- RESERVED
-CVE-2014-0741
- RESERVED
-CVE-2014-0740
- RESERVED
-CVE-2014-0739
- RESERVED
-CVE-2014-0738
- RESERVED
-CVE-2014-0737
- RESERVED
+CVE-2014-0743 (The Certificate Authority Proxy Function (CAPF) component in
Cisco ...)
+ TODO: check
+CVE-2014-0742 (The Certificate Authority Proxy Function (CAPF) CLI
implementation in ...)
+ TODO: check
+CVE-2014-0741 (The certificate-import feature in the Certificate Authority
Proxy ...)
+ TODO: check
+CVE-2014-0740 (Cross-site request forgery (CSRF) vulnerability in the Call
Detail ...)
+ TODO: check
+CVE-2014-0739 (Race condition in the Phone Proxy component in Cisco Adaptive
Security ...)
+ TODO: check
+CVE-2014-0738 (The Phone Proxy component in Cisco Adaptive Security Appliance
(ASA) ...)
+ TODO: check
+CVE-2014-0737 (The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows
remote ...)
+ TODO: check
CVE-2014-0736 (Cross-site request forgery (CSRF) vulnerability in the Call
Detail ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0735 (Cross-site scripting (XSS) vulnerability in the IP Manager
Assistant ...)
@@ -2995,11 +3341,9 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0732 (The Real Time Monitoring Tool (RTMT) web application in Cisco
Unified ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-0731
- RESERVED
+CVE-2014-0731 (The administration interface in Cisco Unified Communications
Manager ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2014-0730
- RESERVED
+CVE-2014-0730 (Cisco Unified Computing System (UCS) Central Software 1.1 and
earlier ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility
Application ...)
NOT-FOR-US: Cisco Unified Communications Manager
@@ -3017,17 +3361,13 @@
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0722 (The log4jinit web application in Cisco Unified Communications
Manager ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2014-0721
- RESERVED
+CVE-2014-0721 (The Cisco Unified SIP Phone 3905 with firmware before 9.4(1)
allows ...)
NOT-FOR-US: Cisco Unified SIP Phone 3905
-CVE-2014-0720
- RESERVED
+CVE-2014-0720 (Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4
allows ...)
NOT-FOR-US: Cisco IPS
-CVE-2014-0719
- RESERVED
+CVE-2014-0719 (The control-plane access-list implementation in Cisco IPS
Software ...)
NOT-FOR-US: Cisco IPS
-CVE-2014-0718
- RESERVED
+CVE-2014-0718 (The produce-verbose-alert feature in Cisco IPS Software 7.1
before ...)
NOT-FOR-US: Cisco IPS
CVE-2014-0717
RESERVED
@@ -3043,11 +3383,9 @@
RESERVED
CVE-2014-0711
RESERVED
-CVE-2014-0710
- RESERVED
+CVE-2014-0710 (Race condition in the cut-through proxy feature in Cisco
Firewall ...)
NOT-FOR-US: Cisco Firewall Services Module
-CVE-2014-0709
- RESERVED
+CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a
hardcoded ...)
NOT-FOR-US: Cisco UCS Director
CVE-2014-0708
RESERVED
@@ -3114,8 +3452,7 @@
NOT-FOR-US: Cisco Identity Service Engine
CVE-2014-0680 (Cross-site scripting (XSS) vulnerability in the HTTP control
interface ...)
NOT-FOR-US: Cisco Identity Service Engine
-CVE-2014-0679
- RESERVED
+CVE-2014-0679 (Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4
before ...)
NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-0678 (The portal interface in Cisco Secure Access Control System
(ACS) does ...)
NOT-FOR-US: Cisco Secure Access Control System
@@ -3287,6 +3624,7 @@
CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before
3.5.3 ...)
NOT-FOR-US: ProjectForge
CVE-2009-5138 [gnutls: incorrect handling of V1 intermediate certificates]
+ RESERVED
- gnutls26 2.7.12-1
- gnutls28 <not-affected> (Only affects versions before 2.7.6)
NOTE: Only affects version prior of 2.7.6, fix:
https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd
@@ -3633,18 +3971,15 @@
RESERVED
CVE-2014-0503
RESERVED
-CVE-2014-0502
- RESERVED
+CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before
11.7.700.269 ...)
NOT-FOR-US: Flash plugin
CVE-2014-0501 (Adobe Shockwave Player before 12.0.9.149 allows remote
attackers to ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0500 (Adobe Shockwave Player before 12.0.9.149 allows remote
attackers to ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2014-0499
- RESERVED
+CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through
12.0.x ...)
NOT-FOR-US: Flash plugin
-CVE-2014-0498
- RESERVED
+CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before
11.7.700.269 ...)
NOT-FOR-US: Flash plugin
CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and
11.8.x ...)
NOT-FOR-US: Flash plugin
@@ -4531,10 +4866,9 @@
RESERVED
CVE-2014-0335
RESERVED
-CVE-2014-0334
- RESERVED
-CVE-2014-0333 [denial of service via png_push_read_chunk()]
- RESERVED
+CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made
Simple ...)
+ TODO: check
+CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the
progressive ...)
- libpng <not-affected> (Only affects libpng 1.6.0 through 1.6.9)
NOTE: Filed #740585 for src:libpng1.6 in experimental
CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell
SonicWALL ...)
@@ -4778,16 +5112,16 @@
NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to
read ...)
NOT-FOR-US: BlogEngine.NET
-CVE-2013-6952
- RESERVED
-CVE-2013-6951
- RESERVED
-CVE-2013-6950
- RESERVED
-CVE-2013-6949
- RESERVED
-CVE-2013-6948
- RESERVED
+CVE-2013-6952 (The Belkin WeMo Home Automation firmware before 3949 has a
hardcoded ...)
+ TODO: check
+CVE-2013-6951 (The Belkin WeMo Home Automation firmware before 3949 does not
maintain ...)
+ TODO: check
+CVE-2013-6950 (The Belkin WeMo Home Automation firmware before 3949 does not
use SSL ...)
+ TODO: check
+CVE-2013-6949 (The Belkin WeMo Home Automation firmware before 3949 does not
properly ...)
+ TODO: check
+CVE-2013-6948 (The peerAddresses API in the Belkin WeMo Home Automation
firmware ...)
+ TODO: check
CVE-2013-6947
RESERVED
CVE-2013-6946
@@ -4860,7 +5194,7 @@
RESERVED
CVE-2014-0323
RESERVED
-CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 10
allows ...)
+CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9
and 10 ...)
NOT-FOR-US: Microsoft Internet Explorer 10
CVE-2014-0321
RESERVED
@@ -5410,9 +5744,8 @@
RESERVED
- neutron <unfixed>
CVE-2014-0070
- RESERVED
-CVE-2014-0069 [cifs: incorrect handling of bogus user pointers during uncached
writes]
- RESERVED
+ REJECTED
+CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux
kernel ...)
- linux <unfixed>
- linux-2.6 <not-affected> (Only affects 2.6.38 and later)
NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401
@@ -5470,8 +5803,7 @@
- postgresql-9.3 9.3.3-1
CVE-2014-0059
RESERVED
-CVE-2014-0058
- RESERVED
+CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise
...)
NOT-FOR-US: JBoss EAP
CVE-2014-0057
RESERVED
@@ -5506,8 +5838,7 @@
RESERVED
CVE-2014-0047
RESERVED
-CVE-2014-0046
- RESERVED
+CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper
in ...)
NOT-FOR-US: ember.js
CVE-2014-0045 (The needSamples method in AudioOutputSpeech.cpp in the client
in ...)
{DSA-2854-1}
@@ -5547,8 +5878,7 @@
RESERVED
CVE-2014-0034
RESERVED
-CVE-2014-0033
- RESERVED
+CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache
Tomcat ...)
- tomcat6 6.0.39
CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module
in ...)
- subversion 1.8.8-1 (low; bug #737815)
@@ -6066,16 +6396,16 @@
RESERVED
CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through
6.0.1.7, ...)
NOT-FOR-US: IBM WebSphere Portal
-CVE-2013-6734
- RESERVED
+CVE-2013-6734 (IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not
...)
+ TODO: check
CVE-2013-6733 (Cross-site scripting (XSS) vulnerability in the Web Application
in the ...)
NOT-FOR-US: IBM Sametime
-CVE-2013-6732
- RESERVED
-CVE-2013-6731
- RESERVED
-CVE-2013-6730
- RESERVED
+CVE-2013-6732 (Cross-site scripting (XSS) vulnerability in the server in IBM
Cognos ...)
+ TODO: check
+CVE-2013-6731 (IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote
...)
+ TODO: check
+CVE-2013-6730 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x
through ...)
+ TODO: check
CVE-2013-6729
RESERVED
CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework
(WDF) ...)
@@ -6216,71 +6546,55 @@
RESERVED
CVE-2013-6669
RESERVED
-CVE-2013-6668
- RESERVED
+CVE-2013-6668 (Multiple unspecified vulnerabilities in Google V8 before
3.24.35.10, ...)
- chromium-browser <unfixed>
- libv8 <removed>
- libv8-3.14 <unfixed>
-CVE-2013-6667
- RESERVED
+CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6666
- RESERVED
+CVE-2013-6666 (The PepperFlashRendererHost::OnNavigate function in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6665
- RESERVED
+CVE-2013-6665 (Heap-based buffer overflow in the
ResourceProvider::InitializeSoftware ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6664
- RESERVED
+CVE-2013-6664 (Use-after-free vulnerability in the ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6663
- RESERVED
+CVE-2013-6663 (Use-after-free vulnerability in the SVGImage::setContainerSize
...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
CVE-2013-6662
RESERVED
-CVE-2013-6661
- RESERVED
+CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6660
- RESERVED
+CVE-2013-6660 (The drag-and-drop implementation in Google Chrome before
33.0.1750.117 ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6659
- RESERVED
+CVE-2013-6659 (The SSLClientSocketNSS::Core::OwnAuthCertHandler function in
...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6658
- RESERVED
+CVE-2013-6658 (Multiple use-after-free vulnerabilities in the layout
implementation ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6657
- RESERVED
+CVE-2013-6657 (core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as
used ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6656
- RESERVED
+CVE-2013-6656 (The XSSAuditor::init function in
core/html/parser/XSSAuditor.cpp in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6655
- RESERVED
+CVE-2013-6655 (Use-after-free vulnerability in Blink, as used in Google Chrome
before ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6654
- RESERVED
+CVE-2013-6654 (The SVGAnimateElement::calculateAnimatedValue function in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6653
- RESERVED
+CVE-2013-6653 (Use-after-free vulnerability in the web contents implementation
in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-6652
- RESERVED
+CVE-2013-6652 (Directory traversal vulnerability in ...)
- chromium-browser <not-affected> (Windows-specific)
CVE-2013-6651
RESERVED
@@ -6697,8 +7011,7 @@
CVE-2013-6494
RESERVED
NOT-FOR-US: fedup (Fedora specific)
-CVE-2013-6493 [insecure temporary directory use]
- RESERVED
+CVE-2013-6493 (The LiveConnect implementation in
plugin/icedteanp/IcedTeaNPPlugin.cc ...)
- icedtea-web 1.4.2-1
CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not
properly ...)
NOT-FOR-US: Pirhana
@@ -7250,12 +7563,12 @@
RESERVED
CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and
6.0.2, ...)
NOT-FOR-US: IBM
-CVE-2013-6333
- RESERVED
+CVE-2013-6333 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as
used in ...)
+ TODO: check
CVE-2013-6332 (Unrestricted file upload vulnerability in IBM Algo One UDS
4.7.0 ...)
NOT-FOR-US: IBM Algo One UDS
-CVE-2013-6331
- RESERVED
+CVE-2013-6331 (SQL injection vulnerability in IBM Algo One, as used in
MetaData ...)
+ TODO: check
CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when ...)
NOT-FOR-US: IBM WebSphere
CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager
...)
@@ -7276,12 +7589,12 @@
NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process
Management ...)
NOT-FOR-US: IBM Atlas eDiscovery Process Management
-CVE-2013-6320
- RESERVED
-CVE-2013-6319
- RESERVED
-CVE-2013-6318
- RESERVED
+CVE-2013-6320 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as
used in ...)
+ TODO: check
+CVE-2013-6319 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0
...)
+ TODO: check
+CVE-2013-6318 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as
used in ...)
+ TODO: check
CVE-2013-6317
RESERVED
CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x
before ...)
@@ -7310,16 +7623,16 @@
NOT-FOR-US: IBM Platform Symphony
CVE-2013-6304
RESERVED
-CVE-2013-6303
- RESERVED
-CVE-2013-6302
- RESERVED
-CVE-2013-6301
- RESERVED
-CVE-2013-6300
- RESERVED
-CVE-2013-6299
- RESERVED
+CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in
MetaData ...)
+ TODO: check
+CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in
MetaData ...)
+ TODO: check
+CVE-2013-6301 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as
used in ...)
+ TODO: check
+CVE-2013-6300 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as
used in ...)
+ TODO: check
+CVE-2013-6299 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as
used in ...)
+ TODO: check
CVE-2013-6298
RESERVED
CVE-2013-6297
@@ -7524,14 +7837,11 @@
RESERVED
CVE-2013-6205
RESERVED
-CVE-2013-6204
- RESERVED
+CVE-2013-6204 (The Web Console in HP Application Information Optimizer
(formerly HP ...)
NOT-FOR-US: HP Application Information Optimizer
-CVE-2013-6203
- RESERVED
+CVE-2013-6203 (The Web Console in HP Application Information Optimizer
(formerly HP ...)
NOT-FOR-US: HP Application Information Optimizer
-CVE-2013-6202
- RESERVED
+CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in
HP ...)
NOT-FOR-US: HP Service Manager
CVE-2013-6201
RESERVED
@@ -7873,8 +8183,7 @@
{DSA-2815-1}
- munin 2.0.18-1
[squeeze] - munin <no-dsa> (Minor issue)
-CVE-2013-6047 [XSS in site creation interface]
- RESERVED
+CVE-2013-6047 (Multiple cross-site scripting (XSS) vulnerabilities in the site
...)
- ikiwiki-hosting 0.20131025
[wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS)
CVE-2013-6046
@@ -9419,8 +9728,8 @@
NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-5469 (The TCP implementation in Cisco IOS does not properly implement
the ...)
NOT-FOR-US: Cisco IOS
-CVE-2013-5468
- RESERVED
+CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0
...)
+ TODO: check
CVE-2013-5467
RESERVED
CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5,
and the ...)
@@ -10399,18 +10708,16 @@
CVE-2013-4982
RESERVED
NOT-FOR-US: AVTECH DVR
-CVE-2013-4981
- RESERVED
+CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR
with ...)
NOT-FOR-US: AVTECH DVR
-CVE-2013-4980
- RESERVED
+CVE-2013-4980 (Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR
with ...)
NOT-FOR-US: AVTECH DVR
CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and
...)
NOT-FOR-US: EPS Viewer
CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and
earlier in ...)
NOT-FOR-US: Aloaha PDF Suite
-CVE-2013-4977
- RESERVED
+CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision
DS-2CD7153-E ...)
+ TODO: check
CVE-2013-4976
RESERVED
CVE-2013-4975
@@ -10758,8 +11065,7 @@
NOT-FOR-US: HP iLO
CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated
Lights-Out 4 ...)
NOT-FOR-US: HP iLO
-CVE-2013-4841
- RESERVED
+CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before
11.0 in ...)
NOT-FOR-US: HP StoreVirtual
CVE-2013-4840
RESERVED
@@ -11075,8 +11381,8 @@
NOT-FOR-US: I-O DATA DEVICE HDL-A and HDL2-A devices
CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch
3.2 on ...)
NOT-FOR-US: Accela Bizsearch, not in Debian
-CVE-2013-4710
- RESERVED
+CVE-2013-4710 (Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT
DOCOMO, ...)
+ TODO: check
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the
SEIL/x86 ...)
NOT-FOR-US: PPP Access Concentrator
CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative
Japan Inc. ...)
@@ -11350,8 +11656,7 @@
- linux-2.6 <not-affected> (Introduced in 3.6)
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
NOTE:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
-CVE-2013-4590 [information disclosure]
- RESERVED
+CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before
...)
- tomcat6 6.0.39
- tomcat7 7.0.50
- tomcat8 <itp> (bug #722675)
@@ -11981,8 +12286,7 @@
[squeeze] - dropbear <no-dsa> (Minor issue)
[wheezy] - dropbear <no-dsa> (Minor issue)
NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
-CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory
traversal]
- RESERVED
+CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) ...)
{DSA-2863-1}
- libtar 1.2.20-2 (bug #731860)
CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and
earlier, when ...)
@@ -12330,8 +12634,7 @@
[wheezy] - spice-gtk <no-dsa> (Minor issue)
CVE-2013-4323
RESERVED
-CVE-2013-4322 [incomplete fix for CVE-2012-3544]
- RESERVED
+CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before
...)
- tomcat6 6.0.39
- tomcat7 7.0.50
- tomcat8 <itp> (bug #722675)
@@ -12453,8 +12756,7 @@
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing
arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
-CVE-2013-4286 [incomplete fix for CVE-2005-2090]
- RESERVED
+CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before
...)
- tomcat6 6.0.39
- tomcat7 7.0.47
- tomcat8 <itp> (bug #722675)
@@ -13234,8 +13536,8 @@
NOT-FOR-US: IBM
CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in
Domino Web ...)
NOT-FOR-US: IBM Domino
-CVE-2013-4054
- RESERVED
+CVE-2013-4054 (Directory traversal vulnerability in WMQ Telemetry in IBM
WebSphere MQ ...)
+ TODO: check
CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application
Server ...)
NOT-FOR-US: WebSphere
CVE-2013-4052 (Cross-site scripting (XSS) vulnerability in the UDDI
Administrative ...)
@@ -13990,8 +14292,8 @@
RESERVED
CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for
...)
NOT-FOR-US: openSUSE live installer
-CVE-2013-3712
- RESERVED
+CVE-2013-3712 (SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension
for ...)
+ TODO: check
CVE-2013-3711
RESERVED
CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not
generate ...)
@@ -14514,8 +14816,8 @@
RESERVED
CVE-2013-3488
RESERVED
-CVE-2013-3487
- RESERVED
+CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the
security ...)
+ TODO: check
CVE-2013-3486
RESERVED
CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF ...)
@@ -14995,10 +15297,10 @@
NOT-FOR-US: WordPress plugin download-monitor
CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php
in the ...)
NOT-FOR-US: WordPress plugin flash-album-gallery
-CVE-2013-3260
- RESERVED
-CVE-2013-3259
- RESERVED
+CVE-2013-3260 (Heap-based buffer overflow in INMATRIX Zoom Player before 8.7
beta 11 ...)
+ TODO: check
+CVE-2013-3259 (Stack-based buffer overflow in INMATRIX Zoom Player before 8.7
beta 11 ...)
+ TODO: check
CVE-2013-3258
RESERVED
CVE-2013-3257
@@ -16109,8 +16411,8 @@
NOT-FOR-US: WellinTech KingSCADA
CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys
Director ...)
NOT-FOR-US: Elecsys Director Gateway
-CVE-2013-2824
- RESERVED
+CVE-2013-2824 (Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40,
Vijeo ...)
+ TODO: check
CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE
...)
NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2822 (NovaTech Orion Substation Automation Platform OrionLX DNP
Master ...)
@@ -16123,8 +16425,8 @@
NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and
3.7 ...)
NOT-FOR-US: e-terracontrol
-CVE-2013-2817
- RESERVED
+CVE-2013-2817 (An ActiveX control in IcoLaunch.dll in Mitsubishi Electric
Automation ...)
+ TODO: check
CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16
...)
NOT-FOR-US: Cooper Power Systems
CVE-2013-2815
@@ -16886,8 +17188,8 @@
RESERVED
CVE-2013-2499
RESERVED
-CVE-2013-2498
- RESERVED
+CVE-2013-2498 (SQL injection vulnerability in the login page in ...)
+ TODO: check
CVE-2013-2497
RESERVED
CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in
libavcodec in ...)
@@ -20615,8 +20917,8 @@
RESERVED
CVE-2013-1410
RESERVED
-CVE-2013-1409
- RESERVED
+CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv
plugin ...)
+ TODO: check
CVE-2013-1408
RESERVED
CVE-2013-1407
@@ -35795,8 +36097,7 @@
- python3.2 3.2.3-1 (bug #670389)
- python3.3 3.3.1-1
NOTE: http://bugs.python.org/issue14579
-CVE-2012-2134
- RESERVED
+CVE-2012-2134 (The handle_connection_error function in ldap_helper.c in ...)
NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6,
when ...)
{DSA-2469-1}
@@ -41931,8 +42232,8 @@
NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android)
CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application
before ...)
NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
-CVE-2011-4696
- RESERVED
+CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before
3.4.23 ...)
+ TODO: check
CVE-2010-5075
RESERVED
CVE-2012-0785 [Jenkins and hash collision attack]
@@ -42443,8 +42744,7 @@
- moodle <not-affected> (Only affects 2.x)
CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x
before ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4580
- RESERVED
+CVE-2011-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat
JBoss ...)
NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c)
in ...)
{DSA-2378-1}
@@ -43797,8 +44097,7 @@
CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not
properly ...)
- linux-2.6 3.1-1 (unimportant)
NOTE: Turned out to be a non-issue,
http://www.openwall.com/lists/oss-security/2011/11/24/3
-CVE-2011-4111
- RESERVED
+CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function
in ...)
- qemu 0.15.1+dfsg-2
[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
@@ -45379,8 +45678,7 @@
- empathy 3.2.1.1-1
[squeeze] - empathy <no-dsa> (Minor issue)
[lenny] - empathy <not-affected> (only affects webkit theming, not
present in Lenny)
-CVE-2011-3634
- RESERVED
+CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when
the ...)
- apt 0.8.11 (low)
[squeeze] - apt <no-dsa> (Minor issue, apt is only affected if
apt-transport-https is installed)
NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
@@ -47533,8 +47831,7 @@
[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in ...)
- linux-2.6 <not-affected> (RHEL-specific backport issue)
-CVE-2011-2941
- RESERVED
+CVE-2011-2941 (Open redirect vulnerability in Red Hat JBoss Enterprise Portal
...)
NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute
...)
- stunnel4 3:4.42-1 (bug #638758)
@@ -50908,8 +51205,7 @@
- qemu-kvm 0.14.1+dfsg-1 (bug #624177)
- kvm <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906
-CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE]
- RESERVED
+CVE-2011-1749 (The nfs_addmntent function in support/nfs/nfs_mntent.c in the
...)
- nfs-utils 1:1.2.3-3 (low; bug #629420)
[squeeze] - nfs-utils 1:1.2.2-4squeeze2
[lenny] - nfs-utils <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
