From coley at mitre.org Thu Jan 2 14:15:02 2014 From: coley at mitre.org (Christey, Steven M.) Date: Thu, 2 Jan 2014 20:15:02 +0000 Subject: [VIM] CVE-2013-6419 / OpenStack Nova & Neutron - interaction error Message-ID: http://www.openwall.com/lists/oss-security/2013/12/11/8 / OSSA 2013-033 The initial description of the issue can be somewhat confusing because it seems to cover multiple products. For CVE, we investigated whether there was a shared-codebase issue (one ID) or not (two IDs). With coordination help by Kurt Seifried, we received the following quote from Jeremy Stanley of upstream OpenStack: "The vulnerability was in the way those two components were designed to interact, so to patch it we had to make changes to both ends of the faulty communication channel to support the new mechanism. The litmus test for whether this is two vulnerabilities is that you're not vulnerable when running the components individually--only if you run them together." At least for us, we may characterize this as an "interaction error" as opposed to the same error existing in multiple products, as implied by some vuln sources. - Steve From gtheall at tenable.com Thu Jan 2 20:27:45 2014 From: gtheall at tenable.com (George Theall) Date: Fri, 3 Jan 2014 02:27:45 +0000 Subject: [VIM] op5 Monitor Unspecified Session Hijacking Vulnerability Message-ID: I see that SecurityFocus created two BIDs today for vulnerabilities reported in January 2012 ? 64606 and 64608. The first of those references CVE-2012-0264 and would appear to be covered already by BID 51212, which currently references both that CVE as well as CVE-2012-0261. Dinesh / Narayan / Venkat / Rob : is the intention here ultimately to split the earlier BID and move the session hijacking into its own BID or was this just an oversight? George -- theall at tenable.com From Dinesh_Theerthagiri at symantec.com Mon Jan 6 12:06:13 2014 From: Dinesh_Theerthagiri at symantec.com (Dinesh Theerthagiri) Date: Mon, 6 Jan 2014 10:06:13 -0800 Subject: [VIM] op5 Monitor Unspecified Session Hijacking Vulnerability In-Reply-To: References: Message-ID: <86E9E90EE35E9041B100B9ED1D5C8B5745A76C21A0@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Hi George, I checked all the 3 BIDs 51212, 64606 and 64608 and we didn't find anything duplicate in those. BID 51212 is covering CVE-2012-0261 and CVE-2012-0262 BID 64608 is covering CVE-2012-0263 BID 64606 is covering CVE-2012-0264 Thanks, T.Dinesh -----Original Message----- From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall Sent: Friday, January 03, 2014 7:58 AM To: Vulnerability Information Managers Subject: [VIM] op5 Monitor Unspecified Session Hijacking Vulnerability I see that SecurityFocus created two BIDs today for vulnerabilities reported in January 2012 - 64606 and 64608. The first of those references CVE-2012-0264 and would appear to be covered already by BID 51212, which currently references both that CVE as well as CVE-2012-0261. Dinesh / Narayan / Venkat / Rob : is the intention here ultimately to split the earlier BID and move the session hijacking into its own BID or was this just an oversight? George -- theall at tenable.com From gtheall at tenable.com Mon Jan 6 13:30:21 2014 From: gtheall at tenable.com (George Theall) Date: Mon, 6 Jan 2014 19:30:21 +0000 Subject: [VIM] op5 Monitor Unspecified Session Hijacking Vulnerability In-Reply-To: <86E9E90EE35E9041B100B9ED1D5C8B5745A76C21A0@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> References: <86E9E90EE35E9041B100B9ED1D5C8B5745A76C21A0@APJ1XCHEVSPIN30.SYMC.SYMANTEC.COM> Message-ID: <8404D1C5-E025-40BB-9A4D-2C44D36F212E@tenable.com> On Jan 6, 2014, at 1:06 PM, Dinesh Theerthagiri wrote: > Hi George, > > I checked all the 3 BIDs 51212, 64606 and 64608 and we didn't find anything duplicate in those. > > BID 51212 is covering CVE-2012-0261 and CVE-2012-0262 > BID 64608 is covering CVE-2012-0263 > BID 64606 is covering CVE-2012-0264 Ack, my bad. Sorry, > > Thanks, > T.Dinesh > > > -----Original Message----- > From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall > Sent: Friday, January 03, 2014 7:58 AM > To: Vulnerability Information Managers > Subject: [VIM] op5 Monitor Unspecified Session Hijacking Vulnerability > > I see that SecurityFocus created two BIDs today for vulnerabilities reported in January 2012 - 64606 and 64608. The first of those references CVE-2012-0264 and would appear to be covered already by BID 51212, which currently references both that CVE as well as CVE-2012-0261. > > Dinesh / Narayan / Venkat / Rob : is the intention here ultimately to split the earlier BID and move the session hijacking into its own BID or was this just an oversight? > > George > -- > theall at tenable.com > George -- theall at tenable.com From gtheall at tenable.com Thu Jan 23 20:28:09 2014 From: gtheall at tenable.com (George Theall) Date: Fri, 24 Jan 2014 02:28:09 +0000 Subject: [VIM] ELinks SSL Certificate Host Name Validation Security Bypass Vulnerability Message-ID: Dinesh / Narayan / Venkat / Rob : can someone clarify what vulnerability BID 65092 covers? The BID says versions prior to ELinks 0.12-pre6 are vulnerable. That version was released in 2012. And according to the release announcement ? http://article.gmane.org/gmane.comp.web.elinks.user/2094 ? addresses one security vulnerability : CVE-2012-4545. Is this a different vulnerability than that? George -- theall at tenable.com From geissert at debian.org Fri Jan 24 05:21:32 2014 From: geissert at debian.org (Raphael Geissert) Date: Fri, 24 Jan 2014 12:21:32 +0100 Subject: [VIM] Old CVE ids, public, but still "RESERVED" Message-ID: Hi, Attached are a list of CVE ids which are still marked as RESERVED (i.e. no description/links/etc have been set) yet our security tracker knows about them. The tracker only containing public data, it means that the ids are not embargoed. Hopefully these lists can be useful to MITRE to catch up on those, or to anyone else. I can generate these and other reports regularly if desired. Notes: * The year in the file name corresponds to the year in the CVE id, not necessarily the year of assignment. * The lists only contain the CVE id, probably a short description, and one line of data from our tracker. The full data can be obtained either by going to https://security-tracker.debian.org/tracker/CVE-YYYY-XXXX or by looking up on our text database. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -------------- next part -------------- CVE-2011-4973 [mod_nss FakeBasicAuth authentication bypass] - libapache2-mod-nss (low; bug #729626) CVE-2011-4972 [CKEditor module for Drupal access bypass] NOT-FOR-US: Drupal module CVE-2011-4970 [Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)] - lcgdm 1.8.6-1 (low; bug #702895) CVE-2011-4968 [nginx http proxy module does not verify peer identity of https origin server] - nginx (low; bug #697940) CVE-2011-4967 NOT-FOR-US: OpenPegasus CVE-2011-4958 [silverstripe:XSS] - silverstripe (bug #528461) CVE-2011-4955 NOT-FOR-US: wordpress bsuite plugin CVE-2011-4954 - cobbler (bug #545583) CVE-2011-4953 - cobbler (bug #545583) CVE-2011-4952 - cobbler (bug #545583) CVE-2011-4938 NOT-FOR-US: Ariadne CMS not in Debian CVE-2011-4937 - joomla (bug #571794) CVE-2011-4936 - joomla (bug #571794) CVE-2011-4935 - joomla (bug #571794) CVE-2011-4934 - joomla (bug #571794) CVE-2011-4933 - joomla (bug #571794) CVE-2011-4931 - gpw (unimportant; bug #651510) CVE-2011-4930 - condor (Fixed before initial release) CVE-2011-4924 - zope2.12 2.12.22-1 CVE-2011-4919 [mpack info disclosure] - mpack 1.6-8 (low; bug #655971) CVE-2011-4917 - linux-2.6 (unimportant) CVE-2011-4915 - linux-2.6 (unimportant) CVE-2011-4912 NOT-FOR-US: Joomla CVE-2011-4908 NOT-FOR-US: Joomla CVE-2011-4907 NOT-FOR-US: Joomla CVE-2011-4906 NOT-FOR-US: Joomla CVE-2011-4904 {DSA-2289-1} CVE-2011-4903 {DSA-2289-1} CVE-2011-4902 {DSA-2289-1} CVE-2011-4901 {DSA-2289-1} CVE-2011-4900 {DSA-2289-1} CVE-2011-4632 {DSA-2289-1} CVE-2011-4631 {DSA-2289-1} CVE-2011-4630 {DSA-2289-1} CVE-2011-4629 {DSA-2289-1} CVE-2011-4628 {DSA-2289-1} CVE-2011-4627 {DSA-2289-1} CVE-2011-4626 {DSA-2289-1} CVE-2011-4625 [simplesamlphp xml encryption issues] {DSA-2330-1} CVE-2011-4624 NOT-FOR-US: WordPress flash-album-gallery CVE-2011-4613 [X launcher permission bypass] {DSA-2364-1} CVE-2011-4610 - jbossas4 (Only builds a few libraries, not the full application server) CVE-2011-4600 - libvirt 0.9.9-1 (low) CVE-2011-4595 NOT-FOR-US: WordPress pretty-link plugin CVE-2011-4580 NOT-FOR-US: JBoss Enterprise Portal Platform CVE-2011-4573 NOT-FOR-US: JBoss Operations Network CVE-2011-4558 - tikiwiki CVE-2011-4455 - tikiwiki CVE-2011-4454 - tikiwiki CVE-2011-4407 [apt-add-repository does not perform ssl verification where it *needs* to] - software-properties 0.76.7debian2+nmu2 CVE-2011-4406 - accountsservice 0.6.15-3 CVE-2011-4366 NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090 CVE-2011-4365 NOTE: duplicate of CVE-2011-4090 CVE-2011-4350 - yaws 1.91-2 (bug #650009) CVE-2011-4343 NOT-FOR-US: Apache MyFaces CVE-2011-4338 NOT-FOR-US: Arch-Linux specific tool CVE-2011-4336 NOT-FOR-US: Tiki Wiki CVE-2011-4334 NOT-FOR-US: LabWiki CVE-2011-4333 NOT-FOR-US: LabWiki CVE-2011-4327 - openssh (Only affects platforms w/o /dev/random) CVE-2011-4322 NOT-FOR-US: websitebaker CVE-2011-4310 - cmsms (bug #608888) CVE-2011-4195 NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-4193 NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-4192 NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-4121 - ruby1.9.1 (Only affected trunk versions) CVE-2011-4120 [authentication bypass by pressing ctrl-d] - yubico-pam 2.10-1 CVE-2011-4117 NOT-FOR-US: perl Batch::BatchRun CPAN module CVE-2011-4116 - perl (unimportant) CVE-2011-4115 - libparallel-forkmanager-perl (issue introduced in 0.7.6 upstream, never in Debian) CVE-2011-4111 - qemu 0.15.1+dfsg-2 CVE-2011-4104 - django-tastypie 0.9.10-1 (bug #647314) CVE-2011-4103 [YAML deserialization vulnerability in Piston framework] {DSA-2344-1} CVE-2011-4099 - libcap2 1:2.22-1 (low) CVE-2011-4095 NOT-FOR-US: Jara CVE-2011-4094 NOT-FOR-US: Jara CVE-2011-4093 - net6 1:1.3.14-1 (low; bug #647318) CVE-2011-4092 - obby (low; bug #647317) CVE-2011-4091 [squeeze] - net6 (Minor issue) CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin] - serendipity (bug #650937) CVE-2011-4089 - bzip2 1.0.6-1 (low; bug #632862) CVE-2011-4088 NOT-FOR-US: abrt/libreport CVE-2011-4083 NOT-FOR-US: RedHat sos CVE-2011-4082 - phpldapadmin 0.9.8-1 CVE-2011-3923 - libstruts1.2-java (Only affects 2.x) CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)] - mahara (low; bug #699230) CVE-2011-3634 - apt 0.8.11 (low) CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees] - hardlink (Only the C version, ours are written in Python) CVE-2011-3631 [hardlink has buffer overflows, is unsafe on changing trees] - hardlink (Only the C version, ours are written in Python) CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees] - hardlink (Only the C version, ours are written in Python) CVE-2011-3629 NOT-FOR-US: Joomla CVE-2011-3628 - pam 1.1.3-7 (low; bug #670076) CVE-2011-3625 [mplayer SAMI subtitle parsing buffer overflow] - mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987) CVE-2011-3624 - ruby1.8 (low; bug #646020) CVE-2011-3623 [media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers] - vlc 1.1.3-1 CVE-2011-3622 NOT-FOR-US: phorum CVE-2011-3621 NOT-FOR-US: fluxbb CVE-2011-3618 [atop insecure tempfile handling] - atop 1.23-1.1 (low; bug #622794) CVE-2011-3617 [tahoe-lafs: an unauthorized user can delete files] - tahoe-lafs 1.8.3-1 (bug #641540) CVE-2011-3614 [vanilla plugin access control] NOT-FOR-US: Vanilla Forums CVE-2011-3613 [vanilla forums cookie theft] NOT-FOR-US: Vanilla Forums CVE-2011-3612 [HTB22913: Multiple CSRF in UseBB] NOT-FOR-US: UseBB CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB] NOT-FOR-US: UseBB CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others] NOT-FOR-US: Serendipity plugin CVE-2011-3609 [CSRF in the JBoss AS 7 administration console & HTTP management API] - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console] - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2011-3605 {DSA-2323-1} CVE-2011-3604 {DSA-2323-1} CVE-2011-3603 NOTE: http://seclists.org/oss-sec/2011/q4/30 CVE-2011-3602 {DSA-2323-1} CVE-2011-3601 {DSA-2323-1} CVE-2011-3600 - libxmlrpc3-java 3.1.3-1 (low) CVE-2011-3596 - polipo 1.0.4.1-1.2 (bug #644289) CVE-2011-3595 - joomla (bug #571794) CVE-2011-3592 [phpMyAdmin did not properly sanitize the content of db, table, and column names prior use of their values.] - phpmyadmin 4:3.4.5-1 CVE-2011-3591 [PMASA-2011-14 XSS] - phpmyadmin 4:3.4.5-1 CVE-2011-3590 [mkdumprd utility created the final initial ramdisk image with...] - kexec-tools (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora) CVE-2011-3589 [mkdumprd utility copied content of certain directories into newly...] - kexec-tools (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora) CVE-2011-3588 [kdump/mkdumprd: the default value of "StrictHostKeyChecking=no"] - kexec-tools (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora) CVE-2011-3586 NOTE: Dupe of CVE-2011-3504, to be rejected CVE-2011-3585 - samba 2:3.4.7~dfsg-2 (low) CVE-2011-3584 [TYPO3-SA-2011-003] - typo3-src 4.5.6+dfsg1-1 (low; bug #641683) CVE-2011-3583 [TYPO3-SA-2011-002] - typo3-src 4.5.6+dfsg1-1 (low; bug #641682) CVE-2011-3582 NOT-FOR-US: Advanced Electron Forums CVE-2011-3350 [masqmail improper privilege dropping] - masqmail 0.2.30-1 (low; bug #638002) CVE-2011-3377 [IcedTea browser plugin Same Origin Policy suffix issue] {DSA-2420-1} CVE-2011-3374 [apt-key insecure validation] - apt (unimportant; bug #642480) CVE-2011-3373 NOT-FOR-US: Views Bulk Operations module for Drupal CVE-2011-3370 - statusnet (bug #491723) CVE-2011-3355 - evolution-data-server3 3.2.1-1 (bug #641052) CVE-2011-3352 NOT-FOR-US: Zikula CVE-2011-3351 - openvas-scanner (bug #641327; low) CVE-2011-3349 [lightdm denial of service] - lightdm 0.9.6-1 (bug #639151) CVE-2011-3346 - qemu-kvm 0.15.1+dfsg-1 (bug #646118) CVE-2011-3344 NOT-FOR-US: Red Hat Network Satellite server CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution] NOT-FOR-US: Jcow CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting] NOT-FOR-US: Jcow CVE-2011-3199 {DSA-2365-1} CVE-2011-3198 {DSA-2365-1} CVE-2011-3197 {DSA-2365-1} CVE-2011-3196 {DSA-2365-1} CVE-2011-3195 {DSA-2365-1} CVE-2011-3183 NOT-FOR-US: Concrete CMS CVE-2011-3180 NOT-FOR-US: Suse kiwi (different from python-kiwi) CVE-2011-3154 - update-manager (ubuntu-specific issue) CVE-2011-3153 - lightdm 1.0.6-2 CVE-2011-3152 - update-manager (ubuntu-specific issue) CVE-2011-3145 {DSA-2382-1} CVE-2011-2941 NOT-FOR-US: JBoss Enterprise Portal Platform CVE-2011-2936 - elgg (bug #526197) CVE-2011-2935 - elgg (bug #526197) CVE-2011-2934 NOT-FOR-US: WebsiteBaker CVE-2011-2933 NOT-FOR-US: WebsiteBaker CVE-2011-2927 NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2924 - foomatic-filters 4.0.12-1 (low) CVE-2011-2923 - foomatic-filters (unimportant) CVE-2011-2922 - ktsuss CVE-2011-2921 - ktsuss CVE-2011-2920 NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2919 NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2916 - qtnx (low; bug #637439) CVE-2011-2910 - ax25-tools 0.0.8-13.2 (low; bug #638198) CVE-2011-2909 {DSA-2303-1} CVE-2011-2902 [xpdf: insecure tempfile usage] - xpdf 3.02-19 (low; bug #635849) CVE-2011-2897 - gdk-pixbuf (This only applies to the old standalone copy shipped until Lenny) CVE-2011-2765 [pyro: insecure use of temporary pid file] - pyro 1:3.14-1 (low; bug #631912) CVE-2011-2727 NOT-FOR-US: Tribiq CMS CVE-2011-2726 [SA-CORE-2011-003] - drupal7 7.6-1 CVE-2011-2725 [ark directory traversal] - kdeutils 4:4.6.5-4 (low; bug #635541) CVE-2011-2717 NOT-FOR-US: udhcp6c CVE-2011-2715 NOT-FOR-US: Drupal data module CVE-2011-2714 NOT-FOR-US: Drupal data module CVE-2011-2706 NOT-FOR-US: sNews CVE-2011-2702 [eglibc signedness vulnerability in ssse3 optimizations] - eglibc 2.13-10 CVE-2011-2684 - foo2zjs 20110722dfsg-1 (low; bug #633870) CVE-2011-2683 - reseed CVE-2011-2538 - plone3 CVE-2011-2523 - vsftpd (backdoored version was never in the Debian archive) CVE-2011-2515 - packagekit 0.6.17-1 CVE-2011-2514 - openjdk-6 6b21~pre1-1 CVE-2011-2513 - openjdk-6 6b21~pre1-1 CVE-2011-2500 - nfs-utils 1:1.2.4-1 (bug #633155) CVE-2011-2499 NOT-FOR-US: Mambo CMS CVE-2011-2498 - linux-2.6 2.6.39-1 (low) CVE-2011-2487 NOT-FOR-US: Apache CXF CVE-2011-2480 [kfreebsd info disclosure] - kfreebsd-9 9.0~svn223502-1 (bug #631160) CVE-2011-2207 - dirmngr (unimportant; bug #627377) CVE-2011-2187 - xscreensaver 5.14-1 (bug #627382) CVE-2011-2186 NOTE: Disputed gitweb non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=713298 CVE-2011-2177 - libreoffice CVE-2011-2198 [vte memory exhaustion] - vte 1:0.28.1-1 (low; bug #629688) CVE-2011-2054 NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524 CVE-2011-1939 - zendframework 1.11.6-1 (low) CVE-2011-1935 [packet truncation in libpcap] - libpcap 1.1.1-4 (low; bug #623868) CVE-2011-1934 [lilo: lilo.conf world-readable] - lilo 23.1-2 (low; bug #615103) CVE-2011-1933 - libjifty-dbi-perl 0.68-1 (low; bug #622919) CVE-2011-1930 - klibc 1.5.22-1 (low) CVE-2011-1837 {DSA-2382-1} CVE-2011-1836 - ecryptfs-utils 92-1 CVE-2011-1835 {DSA-2382-1} CVE-2011-1834 {DSA-2382-1} CVE-2011-1832 {DSA-2382-1} CVE-2011-1831 {DSA-2382-1} CVE-2011-1798 - chromium-browser 11.0.696.65~r84435-1 CVE-2011-1796 - chromium-browser 11.0.696.65~r84435-1 CVE-2011-1795 - chromium-browser 11.0.696.65~r84435-1 CVE-2011-1794 - chromium-browser 11.0.696.65~r84435-1 CVE-2011-1793 - chromium-browser 11.0.696.65~r84435-1 CVE-2011-1773 NOT-FOR-US: virt-v2v CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE] - nfs-utils 1:1.2.3-3 (low; bug #629420) CVE-2011-1597 NOT-FOR-US: OpenVAS Manager CVE-2011-1596 NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog) CVE-2011-1594 NOT-FOR-US: Red Hat Network Satellite server CVE-2011-1588 - thunar (Introduced in 1.2, only in experimental) CVE-2011-1490 - rsyslog 5.7.6-1 (low) CVE-2011-1489 - rsyslog 5.7.6-1 (low) CVE-2011-1488 - rsyslog 5.7.6-1 (low) CVE-2011-1474 NOT-FOR-US: PaX hardening patch CVE-2011-1408 [ikiwiki tty hijacking vulnerability] - ikiwiki 3.20110608 (low) CVE-2011-1151 NOT-FOR-US: Joomla! CVE-2011-1150 NOT-FOR-US: bbPress CVE-2011-1145 [buffer overflow in unixODBC's SQLDriverConnect()] - unixodbc 2.2.14p2-3 (low; bug #617655) CVE-2011-1086 NOT-FOR-US: openfiler CVE-2011-1085 NOT-FOR-US: smoothwall CVE-2011-1084 NOT-FOR-US: smoothwall CVE-2011-1070 - v86d 0.1.10-1 (low; bug #619404) CVE-2011-1069 NOT-FOR-US: PHPShop CVE-2011-1028 - smarty3 3.0.8-1 CVE-2011-1009 NOT-FOR-US: Vanilla Forums CVE-2011-1133 [xinha XSS mode param] - serendipity (bug #611661) CVE-2011-1134 [xinha XSS image manager] - serendipity (bug #611661) CVE-2011-1135 [xinha multiple vulns] - serendipity (bug #611661) CVE-2011-1136 [tesseract tempfile] - tesseract 2.04-2.1 (low; bug #612032) CVE-2011-0705 [path traversal in SimpleHTTPServer] NOTE: Will be rejected CVE-2011-0704 NOT-FOR-US: 389 Directory Server CVE-2011-0703 - gksu-polkit (bug #684489) CVE-2011-0699 - linux-2.6 2.6.37-2 CVE-2011-0544 - phpbb3 3.0.7-PL1-5 (low; bug #612477) CVE-2011-0529 - weborf 0.12.5-1 CVE-2011-0528 - puppet 2.6.2-3 CVE-2011-0525 NOT-FOR-US: Batavi CVE-2011-0460 - kbd (SUSE-specific) CVE-2011-0428 - ikiwiki 3.20110122 CVE-2011-0068 - xulrunner (Only affects Firefox 4.0, not yet in unstable) -------------- next part -------------- CVE-2012-6619 [MongoDB memory over-read via incorrect BSON object length] - mongodb 1:2.4.1-1 CVE-2012-6110 [bcron file descriptors not closed] - bcron 0.09-13 (low; bug #686650) CVE-2012-6345 NOT-FOR-US: CyberArk Vault CVE-2012-6344 NOT-FOR-US: CyberArk Vault CVE-2012-6342 NOT-FOR-US: Atlassian Confluence CVE-2012-6146 [Backend History Module Information Disclosure] {DSA-2574-1} CVE-2012-6143 [Storable::thaw called on untrusted inputs] - libspoon-perl (bug #715371; low) CVE-2012-6142 [Storable::thaw called on untrusted inputs] NOT-FOR-US: HTML-EP CPAN module CVE-2012-6141 [Storable::thaw called on untrusted inputs] NOT-FOR-US: App-Context CPAN module CVE-2012-6136 NOT-FOR-US: tuned (RH-specific powersaving tool) CVE-2012-6135 - ruby-passenger (Vulnerable code not present; bug #702219) CVE-2012-6133 [XSS flaws in ok and error messages] - roundup 1.4.20-1 CVE-2012-6132 [XSS flaw with the otk parameter] - roundup 1.4.20-1 CVE-2012-6131 [XSS flaw in @action parameter] - roundup 1.4.20-1 CVE-2012-6130 [XSS vulnerability when usernames contain HTML] - roundup 1.4.20-1 CVE-2012-6125 - chicken 4.8.0-1 (low; bug #702410) CVE-2012-6124 - chicken 4.8.0-1 (low; bug #702410) CVE-2012-6123 - chicken 4.8.0-1 (low; bug #702410) CVE-2012-6122 - chicken 4.8.0.3-1 (low; bug #702410) CVE-2012-6114 [temp file vulnerability in git-extras] - git-extras 1.7.0-1.2 (bug #698490) CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases] - gnome-keyring 3.8.2-1 (low; bug #697896) CVE-2012-6108 [default permissions for /var/log/hp are too open] - hplip (permissions are 755 on wheezy, sid and experimental) CVE-2012-6107 [Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate] - axis2c (bug #697974) CVE-2012-6094 - cups (systemd patch not applied in Debian, see bug #697584) CVE-2012-6086 [zabbix insecure curl usage] - zabbix 1:2.0.7+dfsg-1 (bug #697443) CVE-2012-6083 - freeciv 2.3.4-1 (low; bug #696306) CVE-2012-6079 NOT-FOR-US: W3 Total Cache CVE-2012-6078 NOT-FOR-US: W3 Total Cache CVE-2012-6077 NOT-FOR-US: W3 Total Cache CVE-2012-6071 [libnusoap-php: Curl insecure usage] - nusoap 0.7.3-5 (low; bug #696707) CVE-2012-6070 [falconpl: Curl insecure usage] - falconpl 0.9.6.9-git20120606-2 (bug #696681) CVE-2012-5844 - openjdk-6 (JavaFX not part of OpenJDK) CVE-2012-5663 NOT-FOR-US: Isearch CVE-2012-5662 - ibm-3270 (bug #706547) CVE-2012-5650 [DOM based XSS via Futon UI] - couchdb 1.2.0-5 (bug #698439) CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash] - couchdb 1.2.0-5 (bug #698439) CVE-2012-5645 - freeciv 2.3.4-1 (low; bug #696306) CVE-2012-5644 [(Complete) Information disclosure when moving user's home directory] - libuser (low; bug #705690) CVE-2012-5641 - couchdb (Only affects CouchDB on Windows) CVE-2012-5640 [thttpd: Local DoS vulnerability] - thttpd (low) CVE-2012-5639 - libreoffice (unimportant) CVE-2012-5631 NOT-FOR-US: FreeIPA CVE-2012-5630 [TOCTOU race conditions by copying and removing directory trees] - libuser (low; bug #705690) CVE-2012-5628 NOT-FOR-US: gofer component of PULP project CVE-2012-5623 NOT-FOR-US: change_passwd plugin for Squirrelmail CVE-2012-5621 [Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name] - ekiga 3.2.7-6 (bug #702282; low) CVE-2012-5620 NOT-FOR-US: Docecot non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138#15 CVE-2012-5619 - sleuthkit (unimportant; bug #695097) CVE-2012-5618 NOT-FOR-US: Ushahidi CVE-2012-5617 [privilege escalation due to improper authentication settings in policykit configuration file] - gksu-polkit (bug #695807) CVE-2012-5583 [phpcas curl usage] - php-cas 1.3.1-2 CVE-2012-5582 [opendnssec curl usage] - opendnssec (eppclient not built in Debian package) CVE-2012-5580 [libproxy: format string issue] - libproxy 0.3.1-4 (low) CVE-2012-5578 [Python keyring insecure permissions on new databases] - python-keyring 0.9.2-1.1 (bug #696736) CVE-2012-5577 [Python keyring insecure permissions on migrated files] - python-keyring 0.9.2-1.1 (bug #696736) CVE-2012-5572 [Dancer::Cookie: Cookie name CRLF injection] - libdancer-perl 1.3114+dfsg-1 (low; bug #694279) CVE-2012-5567 - kronolith2 (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid) CVE-2012-5566 - kronolith2 (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid) CVE-2012-5565 NOT-FOR-US: This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code CVE-2012-5560 NOT-FOR-US: MATE gnome fork CVE-2012-5535 - gnome-system-log (Fedora-specific issue) CVE-2012-5527 - claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391) CVE-2012-5524 - gajim 0.15.4-1 (low; bug #693282) CVE-2012-5521 - quagga (unimportant; bug #693102) CVE-2012-5518 NOT-FOR-US: ovirt / vsdm CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded] - zope2.12 2.12.26-1 (bug #692899) CVE-2012-5507 [ Zope/Plone: Timing attack in password validation ] - zope2.12 2.12.26-1 (bug #692899) CVE-2012-5506 [ Zope/Plone: DoS through RSS on private folder ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5505 [ Zope/Plone: Attempting to access a view with no name returns an internal data structure ] - zope2.12 2.12.26-1 (bug #692899) CVE-2012-5504 [ Zope/Plone: Persistent XSS ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5503 [ Zope/Plone: Users connected through FTP can list hidden folder contents ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5502 [ Zope/Plone: Persistent XSS via filtering bypass ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5501 [ Zope/Plone: Crafted URL allows downloading of BLOBs that are not visible to the user ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content items ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5499 [ Zope/Plone: Partial denial of service through internal function ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5498 [ Zope/Plone: Partial denial of service through Collections functionality ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5497 [ Zope/Plone: Anonymous users can list user account names ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5496 [ Zope/Plone: DoS through unsanitised inputs into Kupu ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5495 [ Zope/Plone: Restricted Python injection ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5494 [ Zope/Plone: Reflexive XSS ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5493 [ Zope/Plone: Restricted Python sandbox escape ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5492 [ Zope/Plone: Partial permissions bypass ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5491 [ Zope/Plone: Form detail exposure ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5490 [ Zope/Plone: Reflexive XSS ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5489 [ Zope/Plone: Partial restricted Python sandbox escape ] - zope2.12 (bug #692899) CVE-2012-5488 [ Zope/Plone: Restricted Python injection ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5487 [ Zope/Plone: Restricted Python sandbox escape ] - zope2.12 (unimportant; bug #692899) CVE-2012-5486 [ Zope/Plone: Reflexive HTTP header injection ] - zope2.12 2.12.26-1 (bug #692899) CVE-2012-5485 [ Restricted Python injection ] NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5476 - horizon (File is installed with 0700 perms in Debian) CVE-2012-5474 - horizon 2012.1.1-7 CVE-2012-5395 NOT-FOR-US: Mediawiki extension CentralAuth CVE-2012-5391 - mediawiki 1:1.19.3-1 (bug #694998) CVE-2012-5390 [Possible privilege escalation] - condor (standard universe is disabled in the Debian package, see bug #697936) CVE-2012-5366 NOT-FOR-US: Mac OS X CVE-2012-5365 - kfreebsd-8 (low; bug #690986) CVE-2012-5364 NOT-FOR-US: Microsoft Windows CVE-2012-5363 - kfreebsd-8 (low; bug #690986) CVE-2012-5362 NOT-FOR-US: Microsoft Windows CVE-2012-5361 - ffmpeg CVE-2012-5360 - ffmpeg CVE-2012-5359 - ffmpeg CVE-2012-5241 NOT-FOR-US: PEAR module for Twitter CVE-2012-5236 [Admin can decrypt user files] - owncloud (low) CVE-2012-4410 NOTE: to be rejected CVE-2012-4576 [freebsd privilege escalation] - kfreebsd-8 8.3-6 (bug #694096) CVE-2012-4570 [sql injection] - php-letodms-core 3.3.8-1 CVE-2012-4569 [multiple xss in 3.3.9] - letodms 3.3.9+dfsg-1 CVE-2012-4568 [csrf] - letodms 3.3.9+dfsg-1 CVE-2012-4567 [multiple xss in 3.3.8] - letodms 3.3.9+dfsg-1 CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525] - piwigo (incomplete fix not applied to Debian package) CVE-2012-4525 [XSS in password.php] - piwigo CVE-2012-4524 [xlockmore bypass] - xlockmore (low) CVE-2012-4519 NOT-FOR-US: Zenphoto CVE-2012-4512 - kdebase (unimportant) CVE-2012-4480 NOT-FOR-US: mom CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03] - zendframework (Vulnerable code introduced in 2.x, #688946) CVE-2012-4441 [jenkins XSS in CI game plugin] - jenkins (Plugin not built in Debian source package) CVE-2012-4440 [jenkins XSS in Violations plugin] - jenkins (Plugin not built in Debian source package) CVE-2012-4439 [jenkins XSS] - jenkins 1.447.2+dfsg-2 (bug #688298) CVE-2012-4438 [jenkins remote code execution] - jenkins 1.447.2+dfsg-2 (bug #688298) CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw] - fwknop 2.0.3-1 (bug #688151) CVE-2012-4428 - openslp-dfsg (bug #687597; low) CVE-2012-4420 [Duplicate of CVE-2012-4416] NOT-FOR-US: Duplicate of CVE-2012-4416 CVE-2012-4385 [letodms CSRF] - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4384 [letodms XSS] - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4383 NOT-FOR-US: Contao CVE-2012-4382 [Info leak in user blocks] - mediawiki 1:1.19.2-1 (bug #686330) CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used] - mediawiki 1:1.19.2-1 (bug #686330) CVE-2012-4380 [Insufficient API for account creation block] - mediawiki 1:1.19.2-1 (bug #686330) CVE-2012-4379 [CSRF] - mediawiki 1:1.19.2-1 (bug #686330) CVE-2012-4378 [DOM-based XSS] - mediawiki 1:1.19.2-1 (bug #686330) CVE-2012-4377 [[mediawiki stored XSS] - mediawiki 1:1.19.2-1 (bug #686330) CVE-2012-3543 - mono 2.10.8.1-7 (bug #686562) CVE-2012-3522 [geshi XSS in contrib/langwiz.php] - geshi (Vulnerable code not present, see bug #685323) CVE-2012-3521 [geshi information disclosure in contrib/cssgen.php] - geshi 1.0.8.4-2 (bug #685324) CVE-2012-3490 - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3427 - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-3415 - plpupload (bug #668396) CVE-2012-3409 - ecryptfs-utils 99-1 (bug #682220) CVE-2012-3407 NOT-FOR-US: plow CVE-2012-3406 [glibc formatted printing vulnerabilities] - eglibc (low; bug #681888) CVE-2012-3405 [glibc formatted printing vulnerabilities] - eglibc 2.13-35 (low; bug #681473) CVE-2012-3404 [glibc formatted printing vulnerabilities] - eglibc 2.13-35 (low; bug #681473) CVE-2012-3359 NOT-FOR-US: Red Hat Conga CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release] - nsd3 (Debian version not affected) CVE-2012-2945 - hadoop (bug #535861) CVE-2012-2736 [NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead] - network-manager 0.9.4.0-1 (low; bug #655972) CVE-2012-2724 NOT-FOR-US: Drupal module CVE-2012-2714 NOT-FOR-US: Drupal module CVE-2012-2663 - iptables (unimportant; bug #675445) CVE-2012-2656 [XXE vulnerability in Restlet] - restlet (bug #596472) CVE-2012-2350 [pam_shield default configuration does not take any action] - pam-shield 0.9.2-3.3 (low; bug #658830) CVE-2012-2328 NOT-FOR-US: sblim CVE-2012-2312 - jbossas4 (Only affects JBoss 7) CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution] NOT-FOR-US: Drupal addon not packaged CVE-2012-2250 - tor 0.2.3.24-rc-1 (low) CVE-2012-2249 - tor 0.2.3.23-rc-1 (low) CVE-2012-2248 [build-influenced PATH set in dhclient] - isc-dhcp 4.2.4-3 (bug #690532) CVE-2012-2238 - tryton-server (only affected 2.4, in experimental) CVE-2012-2237 {DSA-2540-1} CVE-2012-2095 [wicd command execution with root privileges] - wicd 1.7.2.4-1 (low; bug #668397) CVE-2012-2148 - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-2142 [Insufficient sanitization of escape sequences in the error message] - xpdf (uses poppler's Error.cc) CVE-2012-2134 NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-2130 - polarssl 1.1.2-1 CVE-2012-2108 - csound 1:5.17.6~dfsg-1 (low; bug #661197) CVE-2012-2107 - csound 1:5.17.6~dfsg-1 (bug #661197) CVE-2012-2106 - csound 1:5.17.6~dfsg-1 (bug #661197) CVE-2012-2092 - cobbler (bug #545583) CVE-2012-2079 NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2078 NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1637 NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1622 NOT-FOR-US: Apache OFBiz CVE-2012-1621 NOT-FOR-US: Apache OFBiz CVE-2012-1615 [sectool dbus priv escalation] NOT-FOR-US: sectool CVE-2012-1600 [XSS from 5.0.4 release] - phppgadmin 5.0.4-1 CVE-2012-1592 - libstruts1.2-java (Only applies to Struts 2, see bug #657870) CVE-2012-1577 - dietlibc 0.33~cvs20120325-1 (unimportant) CVE-2012-1572 - keystone 2012.1~rc2-1 CVE-2012-1567 NOT-FOR-US: LinuxMint CVE-2012-1566 NOT-FOR-US: LinuxMint CVE-2012-1563 - joomla (bug #571794) CVE-2012-1562 - joomla (bug #571794) CVE-2012-1561 NOT-FOR-US: Drupal Finder CVE-2012-1102 [XML::Atom Perl module XML entity expansion] {DSA-2424-1} CVE-2012-1301 NOT-FOR-US: Umbraco CVE-2012-1257 - pidgin (unimportant) CVE-2012-1187 - bitlbee 3.0.4+bzr855-1 (low) CVE-2012-1171 [safemode bypass after RSHUTDOWN] - php5 (unimportant) CVE-2012-1170 - moodle (Only affects 2.2) CVE-2012-1169 - moodle (Only affects 2.0 to 2.2) CVE-2012-1168 - moodle (Only affects 2.0 to 2.2) CVE-2012-1166 [ldm (LTSP display manager)] - ldm 2:2.2.7-1 (bug #663645) CVE-2012-1161 - moodle (Only affects 2.1 to 2.2) CVE-2012-1160 - moodle (Only affects 2.1 to 2.2) CVE-2012-1159 - moodle (Only affects 2.1 to 2.2) CVE-2012-1158 - moodle (Only affects 2.1 to 2.2) CVE-2012-1157 - moodle (Only affects 2.0 to 2.2) CVE-2012-1156 - moodle (Only affects 2.0 to 2.2) CVE-2012-1155 - moodle 1.9.9.dfsg2-6 (low; bug #668411) CVE-2012-1124 NOT-FOR-US: phxEventManager not in Debian CVE-2012-1115 - phpldapadmin 1.2.2-3 (low; bug #662050) CVE-2012-1114 - phpldapadmin 1.2.2-3 (low; bug #662050) CVE-2012-1111 - lightdm 1.0.9-1 (bug #658678) CVE-2012-1109 NOT-FOR-US: mwlib not in Debian CVE-2012-1105 - moodle 2.2.7.dfsg-1 (low; bug #662945) CVE-2012-1104 - moodle 2.2.7.dfsg-1 (low; bug #662945) CVE-2012-1101 - systemd 43-1 (bug #662029) CVE-2012-1100 NOT-FOR-US: JBoss Operations Network CVE-2012-1096 - network-manager (low; bug #684259) CVE-2012-1095 - osc (unimportant) CVE-2012-1094 NOT-FOR-US: mod_cluster CVE-2012-1093 [init script x11-common creates directories in insecure manner] - xorg 1:7.6+12 (bug #661627) CVE-2012-1088 - iproute 20120319-1 (unimportant) CVE-2012-0943 - lightdm (Ubuntu-specific script) CVE-2012-0875 [systemtap invalid read leading to kernel DoS] - systemtap 1.7-1 (low; bug #660929; bug #660886) CVE-2012-0871 - systemd 43-1 CVE-2012-0844 - netsurf 2.8-2 (bug #659376) CVE-2012-0843 - uzbl 0.0.0~git.20111128-2 (bug #659379) CVE-2012-0842 [surf info leak] - surf 0.4.1-6 (bug #659296) CVE-2012-0828 - xchat (Only affects Xchat on Windows and Maemo) CVE-2012-0824 - gnusound (low; bug #654270) CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities] - postfixadmin 2.3.5-1 CVE-2012-0811 [PostfixAdmin 2.3.4 multiple SQL vulnerabilities] - postfixadmin 2.3.5-1 CVE-2012-0810 - linux-2.6 3.2.16-1 (bug #672660) CVE-2012-0803 NOT-FOR-US: Apache CXF CVE-2012-0694 [SugarCRM CE unserialize PHP code execution in multiple files] - sugarcrm-ce-5.0 (bug #457876) CVE-2012-0270 [csound buffer overflows] - csound 1:5.16.6~dfsg-1 (low; bug #661197) CVE-2012-0214 [apt would still trust repository when old InRelease file present] - apt 0.8.15.10 CVE-2012-0153 NOT-FOR-US: Microsoft CVE-2012-0140 NOT-FOR-US: Microsoft CVE-2012-0139 NOT-FOR-US: Microsoft CVE-2012-0785 [Jenkins and hash collision attack] - jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553) CVE-2012-0070 NOT-FOR-US: spamdyke not in Debian CVE-2012-0064 [xorg screen lockers bypassed via key combo] - xorg-server 2:1.11.3.901-2 (high; bug #656410) CVE-2012-0063 - tucan (bug #656388) CVE-2012-0062 NOT-FOR-US: JBoss Operations Network CVE-2012-0059 NOT-FOR-US: RHN Satellite CVE-2012-0055 NOT-FOR-US: overlayfs is not (yet) in the Debian kernel CVE-2012-0052 NOT-FOR-US: JBoss Operations Network CVE-2012-0051 - tahoe-lafs (Only affects 1.9.0, not uploaded to the archive) CVE-2012-0049 {DSA-2524-1} CVE-2012-0046 [mediawiki info leak] - mediawiki 1:1.15.5-6 (low; bug #655694) CVE-2012-0033 [znc bouncedcc DoS] - znc 0.202-2 CVE-2012-0032 NOT-FOR-US: JBoss Operations Network -------------- next part -------------- CVE-2013-7303 [cross-site scripting] - spip 3.0.13-1 (bug #736170) CVE-2013-7302 NOT-FOR-US: Drupal contrib CVE-2013-7301 [external network interface is used with no access control for reading queued music files] - cantata (Vulnerable code introduced with 1.2.0; bug #736154) CVE-2013-7300 [absolute path traversal vulnerability] - cantata (Vulnerable code introduced with 1.2.0; bug #736154) CVE-2013-7299 [tntnet: denial of service] - tntnet (low; bug #735881) CVE-2013-7298 [cxxtools: denial of service] - cxxtools 2.2.1-1 (low; bug #735880) CVE-2013-7296 [DoS] - poppler (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41) CVE-2013-7285 [remote code execution via deserialization in XStream] - libxstream-java (bug #734821) CVE-2013-7284 [libplrpc-perl remote code execution due to Storable] - libplrpc-perl (high; bug #734789) CVE-2013-7273 [no prompt anymore after login cancel using disable_user_list] - gdm3 (low; bug #683338) CVE-2013-7259 - neo4j-community (bug #685615) CVE-2013-7252 [kwallet crypto misuse] - kde-runtime CVE-2013-7172 - libiodbc2 (RPATH issue slackware specific) CVE-2013-7171 - llvm-2.9 (RPATH issue slackware specific) CVE-2013-7236 NOT-FOR-US: Simple Machines Forum CVE-2013-7235 NOT-FOR-US: Simple Machines Forum CVE-2013-7234 NOT-FOR-US: Simple Machines Forum CVE-2013-7221 [run command dialog visible above screen locker] - gnome-shell CVE-2013-7220 [blind command execution via activities search keyboard focus] - gnome-shell CVE-2013-7203 - gitolite3 3.5.3.1-1 CVE-2013-7143 - open-xchange (bug #269329) CVE-2013-7142 - open-xchange (bug #269329) CVE-2013-7141 - open-xchange (bug #269329) CVE-2013-7140 - open-xchange (bug #269329) CVE-2013-7137 NOT-FOR-US: Burden CVE-2013-7135 - libproc-daemon-perl 0.14-2 (low; bug #732283) CVE-2013-7134 NOT-FOR-US: Juvia CVE-2013-7130 [Live migration can leak root disk into ephemeral storage] - nova (bug #736465) CVE-2013-7111 NOT-FOR-US: Bio Basespace SDK Ruby Gem CVE-2013-7110 - transifex-client (low) CVE-2013-7066 NOT-FOR-US: Drupal module CVE-2013-7065 NOT-FOR-US: Drupal module CVE-2013-7064 NOT-FOR-US: Drupal module CVE-2013-7063 NOT-FOR-US: Drupal module CVE-2013-7034 NOT-FOR-US: LiveZilla CVE-2013-7033 NOT-FOR-US: LiveZilla CVE-2013-7032 NOT-FOR-US: LiveZilla CVE-2013-7089 [dbg_printhex possible information leak] - clamav 0.97.7+dfsg-1 CVE-2013-7088 [buffer overflow] - clamav 0.97.7+dfsg-1 CVE-2013-7087 [[clamav: WWPack corrupt heap memory] - clamav 0.97.7+dfsg-1 CVE-2013-7072 NOT-FOR-US: Monitorix CVE-2013-7071 NOT-FOR-US: Monitorix CVE-2013-7070 NOT-FOR-US: Monitorix CVE-2013-7062 [XSS] - zope2.12 (low) CVE-2013-7061 [Privilege escalation through exposed underlying API] NOT-FOR-US: Plone CVE-2013-7060 [Filesystem path information leak] NOT-FOR-US: Plone CVE-2013-7048 [Nova live snapshots use an insecure local directory] - nova 2013.2.1-1 (bug #732022) CVE-2013-7003 NOT-FOR-US: LiveZilla CVE-2013-7041 [pam_userdb: password hashes aren't compared case-sensitively] - pam (low; bug #731368) CVE-2013-7040 - python2.5 (low) CVE-2013-6891 [lppasswd vulnerability] - cups 1.7.1-1 CVE-2013-6889 [Allows reading arbitrary files] - rush (bug #733505) CVE-2013-6887 - openjpeg (only affects 1.5, in experimental, see #731237) CVE-2013-6880 NOT-FOR-US: FlashCanvas CVE-2013-6879 NOT-FOR-US: MijoSearch CVE-2013-6878 NOT-FOR-US: MijoSearch CVE-2013-6838 NOT-FOR-US: IVR Pro/Contact Center (VIP2000) CVE-2013-6806 NOT-FOR-US: OpenText Exceed onDemand CVE-2013-6788 NOT-FOR-US: Bitrix Site Manager CVE-2013-6766 NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago) CVE-2013-6765 NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago) CVE-2013-6472 - mediawiki 1:1.19.10+dfsg-1 CVE-2013-6461 [DoS while parsing XML entities] - ruby-nokogiri 1.6.1+ds-1 (bug #734836) CVE-2013-6460 [DoS while parsing XML documents] - ruby-nokogiri 1.6.1+ds-1 (bug #734836) CVE-2013-6458 [job usage issue in several APIs leading to libvirtd crash] {DSA-2846-1} CVE-2013-6457 [avoid crashing if calling `virsh numatune' on inactive domain] - libvirt 1.2.1-1 CVE-2013-6456 [virsh shutdown does not handle symlinks correctly for LXC] - libvirt (bug #732394) CVE-2013-6455 - mediawiki CVE-2013-6454 - mediawiki 1:1.19.10+dfsg-1 CVE-2013-6453 - mediawiki 1:1.19.10+dfsg-1 CVE-2013-6452 - mediawiki 1:1.19.10+dfsg-1 CVE-2013-6451 - mediawiki 1:1.19.10+dfsg-1 CVE-2013-6444 [failure to check certificate hostname] - pywbem (bug #732594) CVE-2013-6441 [lxc: sshd template allow privilege escalation on host] - lxc (unimportant) CVE-2013-6440 [XML eXternal Entity (XXE) flaw in ParserPool and Decrypter] - opensaml2 (Debian provides the C-based Shibboleth implementation) CVE-2013-6437 [DoS through ephemeral disk backing files] - nova CVE-2013-6430 - libspring-java (bug #735420) CVE-2013-6429 - libspring-java (bug #735420) CVE-2013-6418 [TOCTOU vulnerability in certificate validation] - pywbem (low; bug #732594) CVE-2013-6413 [unrealircd: DoS, use after free] - unrealircd (bug #515130) CVE-2013-6396 [does not properly verify the server SSL certificates] - python-swiftclient (bug #730626) CVE-2013-6372 - jenkins (Affected plugins are not shipped in Debian, bug #730457) CVE-2013-6365 [CSRF edit.php] - php-horde 5.1.5+debian0-1 (bug #730110) CVE-2013-6364 [XSS and CSRF search.php] - php-horde (Vulnerable code in turba) CVE-2013-6275 [CSRF] - php-horde-ingo 3.1.3-1 (bug #727669) CVE-2013-6242 - open-xchange (bug #269329) CVE-2013-6241 - open-xchange (bug #269329) CVE-2013-6236 NOT-FOR-US: Stem Innovations IZON CVE-2013-6223 NOT-FOR-US: Livezilla CVE-2013-6117 NOT-FOR-US: Dahua DVR CVE-2013-6167 - iceweasel (unimportant) CVE-2013-6166 - chromium-browser 31.0.1650.57-1 (low) CVE-2013-6053 - openjpeg (only affects 1.5, in experimental, see #731237) CVE-2013-6049 [insecure temporary file creation] - apt-listbugs 0.1.10 (low) CVE-2013-6047 [XSS in site creation interface] - ikiwiki-hosting 0.20131025 CVE-2013-5984 NOT-FOR-US: Microweber CVE-2013-5983 NOT-FOR-US: GuppY CVE-2013-5916 NOT-FOR-US: WordPress plugin wp-e-commerce CVE-2013-5749 NOT-FOR-US: SimpleRisk CVE-2013-5748 NOT-FOR-US: SimpleRisk CVE-2013-5743 - zabbix 1:2.0.8+dfsg-2 CVE-2013-5680 [heap overflow] - hylafax (Not built with LDAP support) CVE-2013-5661 [DNS response rate limiting can simplify cache poisoning attacks] NOTE: DNS protocol flaw CVE-2013-5675 NOT-FOR-US: Symantec Endpoint Protection CVE-2013-5671 [Remote Command Injection] NOT-FOR-US: fog-dragonfly Ruby Gem CVE-2013-5655 NOT-FOR-US: YingZhi Python for iOS CVE-2013-5654 NOT-FOR-US: YingZhi Python for iOS CVE-2013-5640 NOT-FOR-US: Gnew CVE-2013-5639 NOT-FOR-US: Gnew CVE-2013-5582 NOT-FOR-US: Ammyy Admin CVE-2013-5581 NOT-FOR-US: Ammyy Admin CVE-2013-5350 NOT-FOR-US: OpenPNE CVE-2013-5212 NOT-FOR-US: easyXDM CVE-2013-5123 [insecure mirroring] - python-pip 1.4.1-1 (unimportant) CVE-2013-4985 NOT-FOR-US: Vivotek IP Cameras CVE-2013-4982 NOT-FOR-US: AVTECH DVR CVE-2013-4981 NOT-FOR-US: AVTECH DVR CVE-2013-4980 NOT-FOR-US: AVTECH DVR CVE-2013-4979 [Buffer Overflow] NOT-FOR-US: EPS Viewer CVE-2013-4978 [Buffer Overflow] NOT-FOR-US: Aloaha PDF Suite CVE-2013-4968 - puppet (Only affects Puppet Enterprise) CVE-2013-4772 NOT-FOR-US: D-Link CVE-2013-4752 NOT-FOR-US: Symfony HttpFoundation component CVE-2013-4751 NOT-FOR-US: Symfony Validator component CVE-2013-4739 - linux (Android-specific camera drivers) CVE-2013-4738 - linux (Android-specific camera drivers) CVE-2013-4730 NOT-FOR-US: PCMan FTP Server CVE-2013-4718 [XSS] NOT-FOR-US: OTRS ITSM CVE-2013-4717 [SQL injection] {DSA-2733-1} CVE-2013-4593 - ruby-omniauth-facebook (bug #705766) CVE-2013-4584 [ssl_outgoing_ciphers not applied to STARTTLS connections] - perdition (low; bug #729028) CVE-2013-4583 - gitlab (bug #651606) CVE-2013-4582 [Local file inclusion vulnerability] - gitlab (bug #651606) CVE-2013-4581 [Remote code execution vulnerability via Git SSH access] - gitlab (bug #651606) CVE-2013-4580 [Unauthenticated API access to GitLab when using MySQL] - gitlab (bug #651606) CVE-2013-4577 [should set safer permissions even when hashed passwords are found] - grub2 2.00-20 (unimportant; bug #632598) CVE-2013-4574 - mediawiki CVE-2013-4572 - mediawiki 1:1.19.8+dfsg-2.2 (bug #729629) CVE-2013-4571 - mediawiki CVE-2013-4570 - mediawiki CVE-2013-4565 [heap-based buffer overflow] - xlhtml (bug #729279) CVE-2013-4562 - ruby-omniauth-facebook (bug #705766) CVE-2013-4561 NOT-FOR-US: OpenShift CVE-2013-4552 NOT-FOR-US: drupalauth module for simpleSAMLphp CVE-2013-4546 [remote command execution] - gitlab (bug #651606) CVE-2013-4521 NOT-FOR-US: Nuxeo CVE-2013-4504 NOT-FOR-US: Drupal contrib module CVE-2013-4503 NOT-FOR-US: Drupal contrib module CVE-2013-4502 NOT-FOR-US: Drupal contrib module CVE-2013-4501 NOT-FOR-US: Drupal contrib module CVE-2013-4500 NOT-FOR-US: Drupal contrib module CVE-2013-4499 NOT-FOR-US: Drupal contrib module CVE-2013-4498 NOT-FOR-US: Drupal contrib module CVE-2013-4490 [Remote code execution vulnerability in the SSH key upload feature] - gitlab (bug #651606) CVE-2013-4489 [Remote code execution vulnerability in the code search feature] - gitlab (bug #651606) CVE-2013-4488 - libgadu (unimportant) CVE-2013-4472 [Race condition on temporary file] - poppler (unimportant) CVE-2013-4471 [password reset vulnerability] - horizon 2013.2-1 CVE-2013-4468 NOT-FOR-US: VICIDIAL CVE-2013-4467 NOT-FOR-US: VICIDIAL CVE-2013-4463 [Compressed disk image DoS] - nova 2013.2-3 (bug #728605) CVE-2013-4462 NOT-FOR-US: WordPress plugin CVE-2013-4455 NOT-FOR-US: Katello CVE-2013-4454 NOT-FOR-US: WordPress plugin CVE-2013-4451 [world writable files] - gitolite (vulnerable code introduced for v3.5.3) CVE-2013-4449 [slapd segfaults on certain queries with rwm overlay enabled] - openldap (low; bug #729367) CVE-2013-4442 [Silent fallback to insecure entropy] - pwgen (unimportant; bug #726578) CVE-2013-4441 [Phonemes mode has heavy bias and is enabled by default] - pwgen (unimportant; bug #726578) CVE-2013-4440 [non-tty passwords are trivially weak by default] - pwgen (unimportant; bug #726578) CVE-2013-4433 [xhprof: unspecified XSS] - xhprof 0.9.4-1 (bug #726284) CVE-2013-4432 [a group member with no access rights to folder can still view it] - mahara (low; bug #727539) CVE-2013-4431 [Not checking ownership of blocks before editing them] - mahara (low; bug #727552) CVE-2013-4430 - mahara (unimportant; bug #727548) CVE-2013-4429 [Arbitrary image download] - mahara (low; bug #727545) CVE-2013-4427 [pyxtrlock Incorrect return value checking] NOT-FOR-US: pyxtrlock CVE-2013-4426 [pyxtrlock mis-spelled variable name] NOT-FOR-US: pyxtrlock CVE-2013-4420 [tar_extract_glob and tar_extract_all path prefix directory traversal] - libtar (bug #731860) CVE-2013-4413 [arbitrary files read] NOT-FOR-US: Wicked Ruby Gem CVE-2013-4412 [NULL ptr dereference] - slim (bug #725902) CVE-2013-4411 - reviewboard (bug #653113) CVE-2013-4410 - reviewboard (bug #653113) CVE-2013-4409 [unsanitized eval() vulnerability] - djblets (low; bug #726039) CVE-2013-4406 NOT-FOR-US: Quick Tabs Drupal contributed module CVE-2013-4399 [unprivileged user can crash libvirtd when ACLs are enabled] - libvirt 1.1.4-1 CVE-2013-4395 NOT-FOR-US: Simple Machines Forum CVE-2013-4383 NOT-FOR-US: Drupal module CVE-2013-4380 NOT-FOR-US: Drupal module CVE-2013-4367 NOT-FOR-US: ovirt CVE-2013-4357 [getaddrinfo() stack overflow] - eglibc CVE-2013-4347 [Uses poor PRNG] - python-oauth2 (low; bug #722657) CVE-2013-4346 [_check_signature() ignores the nonce value when validating signed urls] - python-oauth2 (low; bug #722656) CVE-2013-4337 NOT-FOR-US: Drupal module CVE-2013-4336 NOT-FOR-US: Drupal module CVE-2013-4335 NOT-FOR-US: opOpenSocialPlugin CVE-2013-4334 NOT-FOR-US: opWebAPIPlugin CVE-2013-4333 NOT-FOR-US: OpenPNE CVE-2013-4331 [incorrect .Xauthority permissions] - lightdm 1.6.2-1 (bug #721744) CVE-2013-4321 [TYPO3 File Abstraction Layer: Remote Code Execution] - typo3-src (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4320 [TYPO3 Core: Cross-Site Scripting, Remote Code Execution] - typo3-src (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4318 NOT-FOR-US: Ruby gem Features CVE-2013-4304 [mediawiki CentralAuth auth bypass] NOT-FOR-US: Mediawiki CentralAuth extension CVE-2013-4303 [mediawiki XSS with IE6] - mediawiki 1:1.19.8+dfsg-1 (unimportant) CVE-2013-4290 [stack-based buffer overflows] - openjpeg (bug #722540) CVE-2013-4289 [heap-based buffer overflows] - openjpeg (bug #722540) CVE-2013-4279 - imapsync CVE-2013-4275 NOT-FOR-US: Drupal contributed module Zen CVE-2013-4273 NOT-FOR-US: Drupal contributed module Entity API CVE-2013-4269 - ajaxplorer (bug #668381) CVE-2013-4268 - ajaxplorer (bug #668381) CVE-2013-4267 - ajaxplorer (bug #668381) CVE-2013-4262 [svnwcsub.py and irkerbridge.py are vulnerable to symlink attack] - subversion (Optional admin-side utilities in Subversion 1.8.x) CVE-2013-4251 [weave /tmp and current directory issues] - python-scipy 0.12.0-3 (bug #726093) CVE-2013-4250 [Vulnerable subcomponent: Backend File Upload / File Abstraction Layer] - typo3-src (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4246 [FSFS repository corruption due to editing packed revision properties] - subversion (only affects 1.8.0 and 1.8.1) CVE-2013-4241 NOT-FOR-US: WordPress plugin HMS Testimonials CVE-2013-4240 NOT-FOR-US: WordPress plugin HMS Testimonials CVE-2013-4228 NOT-FOR-US: Organic Group Drupal contributed module CVE-2013-4227 NOT-FOR-US: Persona Drupal contributed module CVE-2013-4226 NOT-FOR-US: Authenticated User Page Caching Drupal contributed module CVE-2013-4225 NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-4224 NOTE: Dublicate of CVE-2013-4187, thus rejected CVE-2013-4223 [nullmailer world readable /etc/nullmailer/remotes] - nullmailer 1:1.11-2 (low; bug #684619) CVE-2013-4215 [IPXPING_COMMAND uses fixed location in /tmp] - nagios-plugins (unimportant) CVE-2013-4211 NOT-FOR-US: OpenX CVE-2013-4209 [ABRT: (substantially) limited leak of unauthorized information] NOT-FOR-US: NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2013-4201 [Katello: CLI - user without access can call "system remove_deletion" command] NOT-FOR-US: Katello CVE-2013-4199 [plone: DoS by decompressing large zip archives (cb_decode.py, linkintegrity.py)] NOT-FOR-US: Plone CVE-2013-4198 [plone: Authenticated users able to alter their password despite of policy definition / setting prohibiting it (mail_password.py)] NOT-FOR-US: Plone CVE-2013-4197 [plone: Authenticated users able to modify / delete portraits of other users (member_portrait.py)] NOT-FOR-US: Plone CVE-2013-4196 [plone: Multiple information exposure flaws via certain object methods (objectmanager.py)] NOT-FOR-US: Plone CVE-2013-4195 [plone: Open redirect in the HTTP server implementation (marmoset_patch.py, publish.py, principiaredirect.py)] NOT-FOR-US: Plone CVE-2013-4194 [plone: File system path exposure (wysiwyg.py)] NOT-FOR-US: Plone CVE-2013-4193 [plone: Anonymous users capable to hide certain fields from content edit forms (typeswidget.py)] NOT-FOR-US: Plone CVE-2013-4192 [plone: Ability to spoof emails (sendto.py)] NOT-FOR-US: Plone CVE-2013-4191 [plone: Information exposure due improper access control enforcement when generating zip archives (zip.py)] NOT-FOR-US: Plone CVE-2013-4190 [plone: Multiple cross-site scripting (XSS) flaws (spamProtect.py, pts.py, request.py)] NOT-FOR-US: Plone CVE-2013-4189 [plone: Privilege escalation due improper authorization (dataitems.py, get.py, traverseName.py)] NOT-FOR-US: Plone CVE-2013-4188 [plone: DoS (infinite loop) by administrator privilege users when retrieving information for certain resources (traverser.py)] NOT-FOR-US: Plone CVE-2013-4187 [Access Bypass] NOT-FOR-US: Flippy Contributed Drupal module CVE-2013-4184 [symlink attacks] - libdata-uuid-perl (low; bug #718949) CVE-2013-4178 NOT-FOR-US: GA Login Drupal contributed module CVE-2013-4177 NOT-FOR-US: GA Login Drupal contributed module CVE-2013-4176 [information disclosure] NOT-FOR-US: MySecureShell CVE-2013-4175 [local denial of service] NOT-FOR-US: MySecureShell CVE-2013-4168 [start and end time fields not filtered] - smokeping 2.6.8-2 CVE-2013-4166 [problem in GPG key selection when encrypting mail] - evolution (unimportant) CVE-2013-4161 - gksu-polkit (CVE for improperly applied fix for CVE-2012-5617 on Red Hat) CVE-2013-4158 - smokeping (fix for CVE-2012-0790/DSA-2651-1 uses regexp from 2.6.9 upstream release) CVE-2013-4152 [XML External Entity (XXE) injection flaw] {DSA-2842-1} CVE-2013-4143 NOT-FOR-US: xlockmore CVE-2013-4133 [memory leak] - kde-workspace 4:4.10.5-3 (unimportant; bug #717180) CVE-2013-4119 - freerdp (The server part is not build) CVE-2013-4118 - freerdp (The server part is not build) CVE-2013-4116 [npm: predictable temporary filenames when unpacking tarballs] - npm 1.3.10~dfsg-1 (bug #715325) CVE-2013-4110 NOT-FOR-US: Cryptocat CVE-2013-4109 NOT-FOR-US: Cryptocat CVE-2013-4108 NOT-FOR-US: Cryptocat CVE-2013-4107 NOT-FOR-US: Cryptocat CVE-2013-4106 NOT-FOR-US: Cryptocat CVE-2013-4105 NOT-FOR-US: Cryptocat CVE-2013-4104 NOT-FOR-US: Cryptocat CVE-2013-4103 NOT-FOR-US: Cryptocat CVE-2013-4102 NOT-FOR-US: Cryptocat CVE-2013-4101 NOT-FOR-US: Cryptocat CVE-2013-4100 NOT-FOR-US: Cryptocat CVE-2013-4088 [Information Disclosure] {DSA-2712-1} CVE-2013-3843 - monkey CVE-2013-3734 [Datasource password visible to administrator] NOT-FOR-US: Embedded Jopr CVE-2013-3729 NOT-FOR-US: Kasseler CMS CVE-2013-3728 NOT-FOR-US: Kasseler CMS CVE-2013-3727 NOT-FOR-US: Kasseler CMS CVE-2013-3718 [evince missing check on number of pages] - evince 3.10.0-1 CVE-2013-3703 NOT-FOR-US: Open Build Service CVE-2013-3685 NOT-FOR-US: Sprite Software's backup softare for Android CVE-2013-3587 [BREACH attack against HTTP compression] TODO: check CVE-2013-3571 [FD leak] - socat 1.7.1.3-1.5 (low; bug #709931) CVE-2013-3565 [XSS in HTTP Interface] - vlc 2.0.7-1 (unimportant) CVE-2013-3551 {DSA-2696-1} CVE-2013-3514 NOT-FOR-US: OpenX CVE-2013-2764 NOT-FOR-US: Secure Entry Server CVE-2013-2758 NOT-FOR-US: CloudStack CVE-2013-2756 NOT-FOR-US: CloudStack CVE-2013-2745 [SQL Injection] - minidlna (low; bug #717131) CVE-2013-2739 [heap-based buffer overflow] - minidlna (low; bug #717131) CVE-2013-2738 [SQL Injection] - minidlna (low; bug #717131) CVE-2013-2625 - otrs2 3.1.7+dfsg1-8 CVE-2013-2623 NOT-FOR-US: Uebimiau Webmail CVE-2013-2622 NOT-FOR-US: Uebimiau Webmail CVE-2013-2621 NOT-FOR-US: Uebimiau Webmail CVE-2013-2600 [MiniUPnPd information disclosure] - miniupnpd 1.8.20130730-1 (bug #716936) CVE-2013-2595 NOT-FOR-US: Qualcomm MSM Camera driver CVE-2013-2574 NOT-FOR-US: Foscam CVE-2013-2565 NOT-FOR-US: Mambo CMS CVE-2013-2564 NOT-FOR-US: Mambo CMS CVE-2013-2563 NOT-FOR-US: Mambo CMS CVE-2013-2562 NOT-FOR-US: Mambo CMS CVE-2013-2298 - boinc 7.0.65+dfsg-1 (low) CVE-2013-2294 NOT-FOR-US: ViewGit CVE-2013-2262 NOT-FOR-US: Cryptocat CVE-2013-2261 NOT-FOR-US: Cryptocat CVE-2013-2260 NOT-FOR-US: Cryptocat CVE-2013-2259 NOT-FOR-US: Cryptocat CVE-2013-2258 NOT-FOR-US: Cryptocat CVE-2013-2257 NOT-FOR-US: Cryptocat CVE-2013-2255 [Inconsistent and non-validating HTTPS client] - cinder CVE-2013-2233 [not caching SSH host keys] - ansible 1.3.4+dfsg-1 (bug #714822) CVE-2013-2228 [RSA exponent of 1] - salt 0.15.1-1 CVE-2013-2227 [local file inclusion] - glpi 0.83.91-1 (bug #714720; unimportant) CVE-2013-2226 [Multiple SQL injections] - glpi 0.83.91-1 (bug #714720; unimportant) CVE-2013-2225 - glpi 0.83.91-1 (bug #714720; unimportant) CVE-2013-2214 [nagios3: information leak] - nagios3 3.4.1-4 (low) CVE-2013-2213 [KRandom::random() Small Space of Random Values] - kdeplasma-addons (only affects if incomplete patch for CVE-2013-2120 is applied) CVE-2013-2198 NOT-FOR-US: Login Security Drupal contributed module CVE-2013-2193 [Apache HBase Man in the Middle Vulnerability] NOT-FOR-US: Apache HBase CVE-2013-2192 [Apache Hadoop Man in the Middle Vulnerability] NOT-FOR-US: Apache Hadoop CVE-2013-2191 NOT-FOR-US: python-bugzilla CVE-2013-2184 [unsafe use of Storable::thaw] - movabletype-opensource 5.2.7+dfsg-1 (bug #712602) CVE-2013-2183 - monkey (low) CVE-2013-2182 [monkey security rules bypass] - monkey (low) CVE-2013-2180 NOT-FOR-US: uk-cookie Wordpress plugin, not in Debian CVE-2013-2167 [middleware memcache signing bypass] - python-keystoneclient 1:0.2.5-2 (bug #713819) CVE-2013-2166 [middleware memcache encryption bypass] - python-keystoneclient 1:0.2.5-2 (bug #713819) CVE-2013-2163 [monkey denial of service] - monkey (low) CVE-2013-2159 [monkey broken authentication] - monkey CVE-2013-2150 [XSS vulnerability in js/viewer.js] - owncloud (affects only experimental version) CVE-2013-2149 [XSS vulnerability in core/js/oc-dialogs.js] - owncloud 4.0.16debian-1 (bug #711517) CVE-2013-2131 [format string vulnerability] - rrdtool (unimportant; bug #708866) CVE-2013-2130 [null pointer dereference in webadmin] - znc 1.0-5 (bug #720632) CVE-2013-2125 [DoS in TLS Support] - opensmtpd 5.3.3p1-1 CVE-2013-2124 [libguestfs: DoS due to a double-free when inspecting certain guest files] - libguestfs 1:1.20.8-1 (bug #710290) CVE-2013-2120 [weak generated passwords] - kdeplasma-addons (low; bug #710497) CVE-2013-2111 [DoS (daemon hang) when parsing invalid IMAP APPEND command parameters] - dovecot (vulnerable code appeared in 2.2) CVE-2013-2109 NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2108 NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2107 NOT-FOR-US: WordPress plugin mail-on-update CVE-2013-2106 [Authentication credential disclosure] - webauth (vulnerable code only in 4.4.1 up to 4.5.2) CVE-2013-2105 NOT-FOR-US: Show In Browser Ruby Gem CVE-2013-2100 NOT-FOR-US: Gentoo Portage binary package installer CVE-2013-2097 [zPanel themes remote command execution as root] NOT-FOR-US: zPanel CVE-2013-2093 - dolibarr 3.3.4-1 (high) CVE-2013-2092 - dolibarr 3.3.4-1 CVE-2013-2091 - dolibarr 3.3.4-1 CVE-2013-2090 [Remote command Injection] NOT-FOR-US: Creme Fraiche Ruby Gem CVE-2013-2089 [owncloud: oC-SA-2013-026] - owncloud (Only affects 5.0.x) CVE-2013-2087 [gallery: multiple xss] - gallery (Vulnerable code not present) CVE-2013-2086 [owncloud: oC-SA-2013-027] - owncloud (Only owncloud 5.0.x) CVE-2013-2085 [owncloud: oC-SA-2013-020] - owncloud (Only affects 5.0.x) CVE-2013-2075 - chicken (Incomplete fix was never applied) CVE-2013-2074 [prints passwords contained in HTTP URLs in error messages] - kde4libs 4:4.10.5-1 (low; bug #707776) CVE-2013-2073 [Does not validate HTTPS server certificate] - transifex-client 0.9-1 (low) CVE-2013-2060 NOT-FOR-US: OpenShift CVE-2013-2057 NOT-FOR-US: YaBB CVE-2013-2049 NOT-FOR-US: CloudForms Management Engine CVE-2013-2048 [owncloud: oC-SA-2013-025] - owncloud (Only affects 5.0.x) CVE-2013-2047 [owncloud: oC-SA-2013-023] - owncloud (Only 5.0.x) CVE-2013-2046 [owncloud: oC-SA-2013-019] - owncloud (Only affects 4.5.x) CVE-2013-2045 [owncloud: oC-SA-2013-019] - owncloud (Only affects 5.0.x) CVE-2013-2044 [owncloud: oC-SA-2013-022] - owncloud (Only 5.0.x) CVE-2013-2043 [owncloud: oC-SA-2013-024] - owncloud (Only 5.0.x and 4.5.x) CVE-2013-2042 [owncloud: oC-SA-2013-021] - owncloud 4.0.15debian-1 CVE-2013-2041 [owncloud: oC-SA-2013-021] - owncloud (Only affects 5.0.x) CVE-2013-2040 [owncloud: oC-SA-2013-021] - owncloud 4.0.15debian-1 CVE-2013-2039 [owncloud: oC-SA-2013-020] - owncloud 4.0.15debian-1 CVE-2013-2038 [DoS (packet parser crash) in the AIS driver when processing malformed packet] - gpsd 3.6-5 (bug #706665) CVE-2013-2034 [jenkins CSRF] - jenkins 1.509.2+dfsg-1 (bug #706725) CVE-2013-2033 [jenkins XSS] - jenkins 1.509.2+dfsg-1 (bug #706725) CVE-2013-2025 NOT-FOR-US: Ushahidi CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme] - chicken 4.8.0.3-1 (bug #706525) CVE-2013-2019 [stack overflow vulnerabilities in the XML parser] - boinc 6.13.6+dfsg-1 (low) CVE-2013-2018 [SQL injections in the server-side scheduler code] - boinc 7.0.65+dfsg-1 (low) CVE-2013-2016 [qemu: virtio: out-of-bounds config space access] - qemu 1.5.0+dfsg-1 (bug #710822) CVE-2013-2014 [no limitation for requests and headers size which can cause a crash] - keystone 2013.1.1-2 (bug #708515) CVE-2013-2012 [autojump profile will load random stuff from a directory called custom_install] - autojump (vulnerable code not present for unstable) CVE-2013-2011 NOT-FOR-US: WP Super Cache CVE-2013-2010 NOT-FOR-US: W3 Total Cache CVE-2013-2009 NOT-FOR-US: WP Super Cache CVE-2013-2008 NOT-FOR-US: WP Super Cache CVE-2013-1980 - xmp 3.4.0-3 (low; bug #706667) CVE-2013-1973 NOT-FOR-US: Drupal contributed module CVE-2013-1967 [mediaelement flashmediaelement XSS] - owncloud (Vulnerable code not present) CVE-2013-1963 - owncloud (Vulnerable code not present) CVE-2013-1951 - mediawiki 1:1.19.5-1 CVE-2013-1946 NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-1941 [Postgre: Insecure database password generator] - owncloud 5.0.4~rc1+dfsg-1 CVE-2013-1939 [Windows: Local file disclosure] - owncloud (Windows version only) CVE-2013-1938 NOT-FOR-US: Zimbra CVE-2013-1934 [mantis: XSS issue in adm_config_report.php when displaying complex value] - mantis (low; bug #717482) CVE-2013-1932 [mantis: XSS vulnerability on Configuration Report page] - mantis (affects Mantis 1.2.13 only) CVE-2013-1931 [mantis: XSS vulnerability when deleting a version] - mantis (affects Mantis 1.2.14 only) CVE-2013-1930 [mantis: Close button available to users despite workflow restrictions] - mantis (affects only Mantis 1.2.12 and later) CVE-2013-1924 NOT-FOR-US: Commerce Skrill Drupal module CVE-2013-1916 NOT-FOR-US: WordPress plugin CVE-2013-1910 [Not removing bad metadata and using it in next run] - yum (unimportant) CVE-2013-1904 [roundcube variable overwrite] - roundcube 0.7.2-9 CVE-2013-1895 [concurrency issue leading to auth bypass] - python-bcrypt (bug #704030) CVE-2013-1893 - owncloud (only affecting 5.0 branch) CVE-2013-1890 - owncloud (only affecting 5.0 branch) CVE-2013-1889 - libapache2-mod-ruid2 0.9.8-1 (low; bug #704066) CVE-2013-1886 NOT-FOR-US: Red Hat Certificate System CVE-2013-1885 NOT-FOR-US: Red Hat Certificate System CVE-2013-1883 [mantis: remote DoS] - mantis (only affects 1.2.12 to 1.2.14) CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application] - activemq (portfolio demo app not shipped in Debian package) CVE-2013-1874 [Chicken Scheme: code execution] - chicken 4.8.0.3-1 (low; bug #702410) CVE-2013-1864 [Ekiga billion laughs flaw in ptlib] NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6 CVE-2013-1853 [Almanah doesn't encrypt the database] - almanah 0.9.1-1 (bug #702905) CVE-2013-1851 [user_migrate: Local file disclosure] - owncloud 4.0.8debian-1.6 (bug #703094) CVE-2013-1850 [Contacts: Bypass of file blacklist] - owncloud 4.0.8debian-1.6 (bug #703094) CVE-2013-1841 [Reverse lookup issue in Net::Server] - libnet-server-perl (low; bug #702914) CVE-2013-1822 - owncloud (owncloud stable4 (4.0.x) is not affected) CVE-2013-1820 NOT-FOR-US: tuned (RH-specific powersaving tool) CVE-2013-1818 [mediawiki mwdoc-filter.php information disclosure] - mediawiki (mwdoc-filter.php introduced in 1.20) CVE-2013-1817 [mediawiki information disclosure in unblock API] - mediawiki 1:1.19.4-1 (bug #702305) CVE-2013-1816 [mediawiki insecure curl usage] - mediawiki 1:1.19.4-1 CVE-2013-1811 [Reporter can change issue status to 'new'] - mantis (low; bug #698481) CVE-2013-1810 [summary.php category/project names XSS vulnerability] - mantis (only affects MantisBT 1.2.12) CVE-2013-1809 [Gambas creates hijackable directory in /tmp] - gambas3 3.5.1-1 (low; bug #702184) CVE-2013-1771 [monkey: world-readable logdir] - monkey (low) CVE-2013-1770 [XSS issues in views_view.php] - ganglia (low; bug #700158) CVE-2013-1764 - packagekit (Zypp backend specific to SuSE) CVE-2013-1753 - python2.5 (low) CVE-2013-1752 - python2.5 (low) CVE-2013-1751 - twiki CVE-2013-1689 [wheezy] - iceape CVE-2013-1666 - foswiki (bug #509864) CVE-2013-1470 [XSS in geeklog] NOTE: There was a RFP long time ago, bug #203818 CVE-2013-1437 [Code execution when gathering version metadata] - perl 5.18.1-2 CVE-2013-1436 [code injection] - xmonad-contrib 0.11.2-1 (low) CVE-2013-1429 [Lintian unsafe symlinks] - lintian 2.5.10.5 (bug #705553; unimportant) CVE-2013-1426 [mahara: stored XSS in tinyMCE editor] - mahara CVE-2013-1425 [ldap-git-backup: Incorrect directory permissions exposes password hashes] - ldap-git-backup 1.0.4-1 (bug #699227) CVE-2013-0243 [Basic constraints vulnerability] - haskell-tls-extra 0.4.6.1-1 (bug #698545) CVE-2013-1376 NOT-FOR-US: Adobe Reader CVE-2013-0870 [libavcodec/vp3.c: 14c8ee00ffd9d45e6e0c6f11a957ce7e56f7eb3a] - ffmpeg (No threading support in vp3 from ffmpeg 0.5) CVE-2013-0350 [writes content from TCP streams to public readable file /tmp/smtp.log] - pktstat 1.8.5-3 (bug #701211) CVE-2013-0347 [webfs world-readable logdir] - webfs 1.21+ds1-9 (low; bug #701638) CVE-2013-0346 [tomcat world-readable logdir] - tomcat6 (Log files are owned by tomcat:tomcat) CVE-2013-0345 [varnish world-readable logdir] - varnish (Logfiles are owned by varnishlog:varnishlog) CVE-2013-0342 [CreateID() creates serialized packet IDs for RADIUS] - pyrad (low; bug #701151) CVE-2013-0336 [DoS when connecting with a missing username/dn] - 389-ds-base (bug #704077) CVE-2013-0326 - nova (low) CVE-2013-0307 [XSS vulnerability] - owncloud 4.0.8debian-1.5 (bug #701115) CVE-2013-0303 [Multiple code executions] - owncloud 4.0.8debian-1.5 (bug #701115) CVE-2013-0301 [Multiple CSRF vulnerabilities] - owncloud 4.0.8debian-1.5 (bug #701115) CVE-2013-0300 [Multiple CSRF vulnerabilities] - owncloud (Vulnerably code not present, only affects 4.5 branch) CVE-2013-0299 [Multiple CSRF vulnerabilities] - owncloud 4.0.8debian-1.5 (bug #701115) CVE-2013-0298 [XSS vulnerability] - owncloud (Vulnerably code not present, only affects 4.5 branch) CVE-2013-0297 [XSS vulnerability] - owncloud 4.0.8debian-1.5 (bug #701115) CVE-2013-0296 [creates temp files with too wide permissions] - pigz 2.2.4-2 (low; bug #700608) CVE-2013-0294 [potentially predictable password hashing] - pyrad 2.0-2 (low; bug #700669) CVE-2013-0293 [Lock screen accepts F2 to drop to shell] - ovirt-node (bug #502024) CVE-2013-0289 [missing SSL subject verification] - isync 1.0.4-2.2 (low; bug #701052) CVE-2013-0267 NOT-FOR-US: Apache VCL CVE-2013-0264 NOT-FOR-US: Cumin CVE-2013-0250 [corosync: Remote DoS due improper HMAC initialization] - corosync (Introduced in v1.99.8-2-ge925f42; bug #699615) CVE-2013-0234 - elgg (bug #526197) CVE-2013-0204 [Code execution in external storage] - owncloud (Vulnerably code not present, only affects 4.5 branch) CVE-2013-0203 [XSS vulnerabilities] - owncloud 4.0.8debian-1.4 (bug #698737) CVE-2013-0202 [XSS vulnerabilities] - owncloud 4.0.8debian-1.4 (bug #698737) CVE-2013-0201 [XSS vulnerabilities] - owncloud 4.0.8debian-1.4 (bug #698737) CVE-2013-0199 NOT-FOR-US: FreeIPA CVE-2013-0197 [XSS vulnerability with match_type filter] - mantis (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481) CVE-2013-0195 [Unspecified XSS] - piwik (bug #506933) CVE-2013-0194 [Unspecified XSS] - piwik (bug #506933) CVE-2013-0193 [Unspecified XSS] - piwik (bug #506933) CVE-2013-0192 NOT-FOR-US: Simple Machines Forum CVE-2013-0191 [pam-pgsql NULL password handling issue] - pam-pgsql 0.7.3.1-4 (bug #698241) CVE-2013-0185 NOT-FOR-US: ManageIQ EVM (CloudForms) CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swap file] - redis 2:2.6.0-1 (low) CVE-2013-0177 NOT-FOR-US: OFBiz CVE-2013-0161 NOT-FOR-US: Havalite CMS CVE-2013-0159 NOT-FOR-US: Fedora build script From coley at mitre.org Wed Jan 29 11:58:29 2014 From: coley at mitre.org (Christey, Steven M.) Date: Wed, 29 Jan 2014 17:58:29 +0000 Subject: [VIM] CVE-2013-6810 / EMC / HP issue is actually Brocade Message-ID: All, CVE-2013-6810 was originally published in EMC advisory ESA-2013-089 and HP's HPSBHF02953. We have received confirmation that this issue is actually due to a third-party product, produced by Brocade. However, there are no publicly-accessible advisories from that vendor. A Brocade representative has provided CVE with the following information for publication. - Steve --------------------------------------------------- Affected Products : Brocade Network Advisor 11.2.x, 11.3.x, 12.0.x Corrected in: Brocade Network Advisor 12.1.0 and later releases Vulnerable installation conditions : Default installations exposed to external access Non-vulnerable installation conditions : Brocade Network Advisor server isolated from external networks using strict firewall rules only allowing who can interact with Brocade Network Advisor server. Description : Brocade Network Advisor Server is vulnerable to remote attacks which can transfer and execute arbitrary code. CVE Identifier: CVE-2013-6810 CVSSv2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Discovered by: Andrea Micalizzi aka rgod with Zero Day Initiative Disclosure date : 12/2/2013 Disclosure coordinated with discoverer and Brocade partners.