[Secure-testing-commits] r22046 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Apr 26 21:15:03 UTC 2013
Author: joeyh
Date: 2013-04-26 21:15:03 +0000 (Fri, 26 Apr 2013)
New Revision: 22046
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-04-26 10:38:54 UTC (rev 22045)
+++ data/CVE/list 2013-04-26 21:15:03 UTC (rev 22046)
@@ -56,19 +56,15 @@
CVE-2013-3242
RESERVED
- joomla <itp> (bug #571794)
-CVE-2013-3241 [phpmyadmin PMASA-2013-5]
- RESERVED
+CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...)
- phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2013-3240 [phpmyadmin PMASA-2013-4]
- RESERVED
+CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...)
- phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2013-3239 [phpmyadmin PMASA-2013-3]
- RESERVED
+CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...)
- phpmyadmin 4:3.4.11.1-2
[squeeze] - phpmyadmin <no-dsa> (Minor issue)
NOTE: Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime
-CVE-2013-3238 [phpmyadmin PMASA-2013-2]
- RESERVED
+CVE-2013-3238 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote ...)
- phpmyadmin <not-affected> (exploitable PHP on Windows only)
NOTE: code patched in 4:3.4.11.1-2 nonetheless
CVE-2013-3237 (The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the ...)
@@ -1026,8 +1022,8 @@
RESERVED
CVE-2013-2768
RESERVED
-CVE-2013-2767
- RESERVED
+CVE-2013-2767 (Unspecified vulnerability in Citrix NetScaler Access Gateway ...)
+ TODO: check
CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...)
NOT-FOR-US: Splunk
CVE-2013-2765
@@ -1147,8 +1143,8 @@
RESERVED
CVE-2013-2710
RESERVED
-CVE-2013-2709
- RESERVED
+CVE-2013-2709 (Cross-site request forgery (CSRF) vulnerability in the FourSquare ...)
+ TODO: check
CVE-2013-2708
RESERVED
CVE-2013-2707
@@ -1173,8 +1169,8 @@
RESERVED
CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: Wordpress plugin Downloadmanager
-CVE-2013-2696
- RESERVED
+CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One ...)
+ TODO: check
CVE-2013-2695
RESERVED
CVE-2013-2694
@@ -2119,10 +2115,10 @@
RESERVED
CVE-2013-2308
RESERVED
-CVE-2013-2307
- RESERVED
-CVE-2013-2306
- RESERVED
+CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows remote ...)
+ TODO: check
+CVE-2013-2306 (The jigbrowser+ application before 1.6.4 for Android does not properly ...)
+ TODO: check
CVE-2013-2305 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...)
TODO: check
CVE-2013-2304 (The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile ...)
@@ -2828,10 +2824,9 @@
CVE-2013-1971
RESERVED
CVE-2013-1970
- RESERVED
+ REJECTED
NOTE: rejected, erroneously assigned for libxml2
-CVE-2013-1969 [use-after-free error in "htmlParseChunk()" and "xmldecl_done()"]
- RESERVED
+CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...)
- libxml2 <not-affected> (Affecting only 2.9.x, see bug #705722)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
CVE-2013-1968
@@ -2892,14 +2887,11 @@
NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe
NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f
NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9
-CVE-2013-1949 [Social Media Widget remote file inclusion]
- RESERVED
+CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress ...)
NOT-FOR-US: Wordpress Social Media Widget
-CVE-2013-1948
- RESERVED
+CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...)
NOT-FOR-US: Ruby gem md2pdf
-CVE-2013-1947
- RESERVED
+CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers ...)
NOT-FOR-US: Ruby Gem kelredd-pruview
CVE-2013-1946
RESERVED
@@ -2949,8 +2941,7 @@
- mantis <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
NOTE: http://www.mantisbt.org/bugs/view.php?id=15416
-CVE-2013-1933 [Remote Command Injection]
- RESERVED
+CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...)
NOT-FOR-US: Karteek Docsplit Ruby Gem
CVE-2013-1932 [mantis: XSS vulnerability on Configuration Report page]
RESERVED
@@ -3013,8 +3004,7 @@
CVE-2013-1916
RESERVED
NOT-FOR-US: WordPress plugin
-CVE-2013-1915 [Vulnerable to XXE attacks]
- RESERVED
+CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary ...)
{DSA-2659-1}
- modsecurity-apache 2.6.6-6 (bug #704625)
- libapache-mod-security <removed>
@@ -4850,8 +4840,8 @@
NOT-FOR-US: Cisco IOS
CVE-2013-1216
RESERVED
-CVE-2013-1215
- RESERVED
+CVE-2013-1215 (The vpnclient program in the Easy VPN component on Cisco Adaptive ...)
+ TODO: check
CVE-2013-1214 (The scripts editor in Cisco Unified Contact Center Express (aka ...)
NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2013-1213
@@ -5104,7 +5094,7 @@
RESERVED
CVE-2013-1089
RESERVED
-CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Apache Tomcat, as ...)
+CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...)
TODO: check
CVE-2013-1087
RESERVED
@@ -5962,8 +5952,8 @@
RESERVED
CVE-2013-0728 (Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS ...)
TODO: check
-CVE-2013-0727
- RESERVED
+CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 ...)
+ TODO: check
CVE-2013-0726
RESERVED
CVE-2013-0725
@@ -7170,8 +7160,7 @@
RESERVED
{DSA-2652-1}
- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
-CVE-2013-0338 [CPU consumption DoS when performing string substitutions during entities expansion]
- RESERVED
+CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...)
{DSA-2652-1}
- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0337 [Directory /var/log/nginx is world readable]
@@ -7503,8 +7492,7 @@
CVE-2013-0234
RESERVED
- elgg <itp> (bug #526197)
-CVE-2013-0233
- RESERVED
+CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
- ruby-devise <itp> (bug #691525)
CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and ...)
{DSA-2640-1}
@@ -7692,8 +7680,7 @@
[squeeze] - libssh <no-dsa> (Minor issue)
NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8
-CVE-2013-0175
- RESERVED
+CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and ...)
- ruby-multi-xml <itp> (bug #691189)
NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2
CVE-2013-0174
@@ -10947,8 +10934,8 @@
RESERVED
CVE-2012-5221
RESERVED
-CVE-2012-5220
- RESERVED
+CVE-2012-5220 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
+ TODO: check
CVE-2012-5219
RESERVED
CVE-2012-5218 (HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not ...)
@@ -13103,14 +13090,12 @@
CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in ...)
- linux-2.6 <not-affected> (Vulnerable code introduced in 3.3)
- linux <not-affected> (Vulnerable code introduced in 3.3)
-CVE-2012-4466
- RESERVED
+CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...)
- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
[squeeze] - ruby1.9.1 <no-dsa> (Minor issue)
CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...)
- cgit <itp> (bug #515793)
-CVE-2012-4464
- RESERVED
+CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...)
- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) ...)
More information about the Secure-testing-commits
mailing list