[Secure-testing-commits] r21919 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Apr 11 21:14:27 UTC 2013
Author: joeyh
Date: 2013-04-11 21:14:27 +0000 (Thu, 11 Apr 2013)
New Revision: 21919
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-11 19:03:31 UTC (rev 21918)
+++ data/CVE/list 2013-04-11 21:14:27 UTC (rev 21919)
@@ -1,3 +1,5 @@
+CVE-2013-2779 (Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on ...)
+ TODO: check
CVE-2013-2778 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: PHP Address Book
CVE-2013-2777 (sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets ...)
@@ -22,8 +24,8 @@
RESERVED
CVE-2013-2767
RESERVED
-CVE-2013-2766
- RESERVED
+CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...)
+ TODO: check
CVE-2013-2765
RESERVED
CVE-2013-2764
@@ -127,8 +129,8 @@
CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.0.8 ...)
- db4o <unfixed> (unimportant)
NOTE: in doc package only
-CVE-2013-2716
- RESERVED
+CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized ...)
+ TODO: check
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the ...)
NOT-FOR-US: Drupal module search_api
CVE-2013-2714
@@ -1928,8 +1930,7 @@
- eglibc <unfixed> (bug #704623)
CVE-2013-1913
RESERVED
-CVE-2013-1912 [crash on TCP content inspection rules]
- RESERVED
+CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...)
- haproxy <unfixed> (bug #704611)
NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211
CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote ...)
@@ -2248,8 +2249,7 @@
CVE-2013-1816 [mediawiki insecure curl usage]
RESERVED
- mediawiki 1:1.19.4-1
-CVE-2013-1815 [OpenStack packstack: answerfile creation permissions issue]
- RESERVED
+CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create ...)
NOT-FOR-US: OpenStack PackStack
CVE-2013-1814 (The users/get program in the User RPC API in Apache Rave 0.11 through ...)
NOT-FOR-US: Apache Rave
@@ -3772,8 +3772,8 @@
RESERVED
CVE-2013-1190
RESERVED
-CVE-2013-1189
- RESERVED
+CVE-2013-1189 (Cisco Universal Broadband (aka uBR) 10000 series routers, when an ...)
+ TODO: check
CVE-2013-1188
RESERVED
CVE-2013-1187
@@ -3804,26 +3804,26 @@
RESERVED
CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration ...)
NOT-FOR-US: Cisco Tivoli Business Service Manager
-CVE-2013-1173
- RESERVED
-CVE-2013-1172
- RESERVED
+CVE-2013-1173 (Heap-based buffer overflow in ciscod.exe in the Cisco Security Service ...)
+ TODO: check
+CVE-2013-1172 (The Cisco Security Service in Cisco AnyConnect Secure Mobility Client ...)
+ TODO: check
CVE-2013-1171 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Cisco Connected Grid Network Management System (CG-NMS)
-CVE-2013-1170
- RESERVED
-CVE-2013-1169
- RESERVED
-CVE-2013-1168
- RESERVED
-CVE-2013-1167
- RESERVED
-CVE-2013-1166
- RESERVED
-CVE-2013-1165
- RESERVED
-CVE-2013-1164
- RESERVED
+CVE-2013-1170 (The Cisco Prime Network Control System (NCS) appliance with software ...)
+ TODO: check
+CVE-2013-1169 (Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 ...)
+ TODO: check
+CVE-2013-1168 (The web server in Cisco Unified MeetingPlace Application Server 7.x ...)
+ TODO: check
+CVE-2013-1167 (Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series ...)
+ TODO: check
+CVE-2013-1166 (Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before ...)
+ TODO: check
+CVE-2013-1165 (Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before ...)
+ TODO: check
+CVE-2013-1164 (Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series ...)
+ TODO: check
CVE-2013-1163 (Multiple SQL injection vulnerabilities in the device-management ...)
NOT-FOR-US: Cisco
CVE-2013-1162 (The traffic engineering (TE) processing subsystem in Cisco IOS XR ...)
@@ -3840,20 +3840,20 @@
RESERVED
CVE-2013-1156
RESERVED
-CVE-2013-1155
- RESERVED
+CVE-2013-1155 (The auth-proxy functionality in Cisco Firewall Services Module (FWSM) ...)
+ TODO: check
CVE-2013-1154 (The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, ...)
NOT-FOR-US: Cisco Small Business switches
CVE-2013-1153 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
NOT-FOR-US: Cisco Prime Infrastructure
-CVE-2013-1152
- RESERVED
-CVE-2013-1151
- RESERVED
-CVE-2013-1150
- RESERVED
-CVE-2013-1149
- RESERVED
+CVE-2013-1152 (Cisco Adaptive Security Appliances (ASA) devices with software 9.0 ...)
+ TODO: check
+CVE-2013-1151 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x ...)
+ TODO: check
+CVE-2013-1150 (The authentication-proxy implementation on Cisco Adaptive Security ...)
+ TODO: check
+CVE-2013-1149 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x ...)
+ TODO: check
CVE-2013-1148 (The General Responder implementation in the IP Service Level Agreement ...)
NOT-FOR-US: Cisco IOS
CVE-2013-1147 (The Protocol Translation (PT) functionality in Cisco IOS 12.3 through ...)
@@ -4300,8 +4300,8 @@
NOT-FOR-US: EMC AlphaStor
CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device Manager ...)
NOT-FOR-US: EMC AlphaStor
-CVE-2013-0927
- RESERVED
+CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c ...)
+ TODO: check
CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active ...)
- chromium-browser 26.0.1410.43-1
CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ...)
@@ -7195,8 +7195,7 @@
- roundcube <not-affected> (vulnerable code not in stable or testing)
NOTE: http://trac.roundcube.net/ticket/1488850
NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
-CVE-2012-6120 [Directory /var/log/puppet is world readable]
- RESERVED
+CVE-2012-6120 (Red Hat OpenStack Essex and Folsom creates the /var/log/puppet ...)
- puppet 2.6.4-2
[squeeze] - puppet <no-dsa> (Minor issue)
NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
More information about the Secure-testing-commits
mailing list