[Secure-testing-commits] r23302 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Aug 12 21:14:25 UTC 2013
Author: joeyh
Date: 2013-08-12 21:14:25 +0000 (Mon, 12 Aug 2013)
New Revision: 23302
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-12 20:52:27 UTC (rev 23301)
+++ data/CVE/list 2013-08-12 21:14:25 UTC (rev 23302)
@@ -1,3 +1,23 @@
+CVE-2013-5100 (Cross-site scripting (XSS) vulnerability in the Static Methods since ...)
+ TODO: check
+CVE-2013-5099 (Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS ...)
+ TODO: check
+CVE-2013-5098 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the ...)
+ TODO: check
+CVE-2013-5097
+ RESERVED
+CVE-2013-5096
+ RESERVED
+CVE-2013-5095
+ RESERVED
+CVE-2013-5094
+ RESERVED
+CVE-2013-5093
+ RESERVED
+CVE-2013-5092
+ RESERVED
+CVE-2013-5091
+ RESERVED
CVE-2013-5090
RESERVED
CVE-2013-5089
@@ -284,8 +304,8 @@
NOT-FOR-US: BMC Service Desk Express
CVE-2013-4944 (Cross-site scripting (XSS) vulnerability in the BuddyPress Extended ...)
NOT-FOR-US: BuddyPress
-CVE-2013-4943
- RESERVED
+CVE-2013-4943 (The client application in Siemens COMOS before 9.1 Update 458, 9.2 ...)
+ TODO: check
CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the ...)
- moodle 2.5.1-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
@@ -628,8 +648,8 @@
RESERVED
CVE-2013-4807 (Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, ...)
NOT-FOR-US: HP
-CVE-2013-4806
- RESERVED
+CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, ...)
+ TODO: check
CVE-2013-4805 (Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) ...)
NOT-FOR-US: HP Integrated Lights-Out firmware
CVE-2013-4804
@@ -665,8 +685,8 @@
CVE-2013-4790 [Data injection]
RESERVED
- open-xchange <itp> (bug #269329)
-CVE-2013-4789
- RESERVED
+CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before ...)
+ TODO: check
CVE-2013-4788 [Eglibc PTR MANGLE bug]
RESERVED
- eglibc <unfixed> (low; bug #717178)
@@ -730,8 +750,8 @@
RESERVED
CVE-2013-4760
RESERVED
-CVE-2013-4759
- RESERVED
+CVE-2013-4759 (Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia ...)
+ TODO: check
CVE-2013-4757
RESERVED
CVE-2013-4756
@@ -772,8 +792,8 @@
NOT-FOR-US: PHPUnit TYPO3 extension
CVE-2013-4743
RESERVED
-CVE-2013-4742
- RESERVED
+CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers ...)
+ TODO: check
CVE-2013-4741
RESERVED
CVE-2013-4740
@@ -1061,8 +1081,8 @@
NOT-FOR-US: Huawei UTPS
CVE-2013-4626
RESERVED
-CVE-2013-4625
- RESERVED
+CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2013-4624
RESERVED
CVE-2013-4623
@@ -1071,10 +1091,10 @@
NOT-FOR-US: HTC Droid Incredible
CVE-2013-4621
RESERVED
-CVE-2013-4620
- RESERVED
-CVE-2013-4619
- RESERVED
+CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote ...)
+ TODO: check
CVE-2013-4618
RESERVED
CVE-2013-4617
@@ -1119,8 +1139,8 @@
RESERVED
CVE-2013-4601
RESERVED
-CVE-2013-4600
- RESERVED
+CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
+ TODO: check
CVE-2013-4599
RESERVED
CVE-2013-4598
@@ -1898,7 +1918,7 @@
RESERVED
NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-4224
- REJECTED
+ RESERVED
NOTE: Dublicate of CVE-2013-4187, thus rejected
CVE-2013-4223 [nullmailer world readable /etc/nullmailer/remotes]
RESERVED
@@ -2126,6 +2146,7 @@
NOTE: Harmless crash
CVE-2013-4155 [Swift Denial of Service using superfluous object tombstones]
RESERVED
+ {DSA-2737-1}
- swift 1.8.0-7 (bug #719008)
CVE-2013-4154 [libvirt: crash of libvirtd without guest agent configuration]
RESERVED
@@ -2149,8 +2170,7 @@
RESERVED
CVE-2013-4148
RESERVED
-CVE-2013-4147 [Format String Vulnerabilities]
- RESERVED
+CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon ...)
- yardradius <unfixed> (low; bug #714612)
[squeeze] - yardradius <no-dsa> (Minor issue)
[wheezy] - yardradius <no-dsa> (Minor issue)
@@ -2274,8 +2294,7 @@
- npm <unfixed> (bug #715325)
NOTE: Upstream fix https://github.com/isaacs/npm/commit/f4d31693
NOTE: https://github.com/isaacs/npm/issues/3635
-CVE-2013-4115 [SQUID-2013:2: buffer overflow in HTTP request handling]
- RESERVED
+CVE-2013-4115 (Buffer overflow in the idnsALookup function in dns_internal.cc in ...)
- squid <not-affected> (Only affects 3.2 onwards)
- squid3 3.3.8-1 (bug #716743)
[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
@@ -2499,10 +2518,10 @@
RESERVED
CVE-2013-4039
RESERVED
-CVE-2013-4038
- RESERVED
-CVE-2013-4037
- RESERVED
+CVE-2013-4038 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
+ TODO: check
+CVE-2013-4037 (The RAKP protocol support in the Intelligent Platform Management ...)
+ TODO: check
CVE-2013-4036
RESERVED
CVE-2013-4035
@@ -2513,8 +2532,8 @@
RESERVED
CVE-2013-4032
RESERVED
-CVE-2013-4031
- RESERVED
+CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
+ TODO: check
CVE-2013-4030
RESERVED
CVE-2013-4029
@@ -2595,8 +2614,8 @@
NOT-FOR-US: IBM
CVE-2013-3991
RESERVED
-CVE-2013-3990
- RESERVED
+CVE-2013-3990 (Cross-site scripting (XSS) vulnerability in the MIME e-mail ...)
+ TODO: check
CVE-2013-3989
RESERVED
CVE-2013-3988
@@ -3355,8 +3374,8 @@
NOT-FOR-US: activeCollab
CVE-2012-6553 (Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote ...)
NOT-FOR-US: Resource Hacker
-CVE-2013-3659
- RESERVED
+CVE-2013-3659 (The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for ...)
+ TODO: check
CVE-2013-3658
RESERVED
CVE-2013-3657
@@ -3616,7 +3635,7 @@
CVE-2013-3545
RESERVED
CVE-2013-3544
- RESERVED
+ REJECTED
CVE-2013-3543
RESERVED
CVE-2013-3542
@@ -3746,8 +3765,8 @@
RESERVED
CVE-2013-3481
RESERVED
-CVE-2013-3480
- RESERVED
+CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers ...)
+ TODO: check
CVE-2013-3479
RESERVED
CVE-2013-3478
@@ -3792,14 +3811,14 @@
RESERVED
CVE-2013-3458
RESERVED
-CVE-2013-3457
- RESERVED
+CVE-2013-3457 (Absolute path traversal vulnerability in the web interface in Cisco ...)
+ TODO: check
CVE-2013-3456
RESERVED
-CVE-2013-3455
- RESERVED
-CVE-2013-3454
- RESERVED
+CVE-2013-3455 (Cisco Finesse allows remote attackers to obtain sensitive information ...)
+ TODO: check
+CVE-2013-3454 (Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, ...)
+ TODO: check
CVE-2013-3453
RESERVED
CVE-2013-3452
@@ -4222,8 +4241,8 @@
RESERVED
CVE-2013-3263
RESERVED
-CVE-2013-3262
- RESERVED
+CVE-2013-3262 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the ...)
+ TODO: check
CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
NOT-FOR-US: WordPress plugin flash-album-gallery
CVE-2013-3260
@@ -4234,14 +4253,14 @@
RESERVED
CVE-2013-3257
RESERVED
-CVE-2013-3256
- RESERVED
+CVE-2013-3256 (Cross-site request forgery (CSRF) vulnerability in the Shareaholic ...)
+ TODO: check
CVE-2013-3255
RESERVED
CVE-2013-3254 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-3253
- RESERVED
+CVE-2013-3253 (Cross-site request forgery (CSRF) vulnerability in admin/setting.php ...)
+ TODO: check
CVE-2013-3252
RESERVED
CVE-2013-3251
@@ -4732,8 +4751,8 @@
RESERVED
CVE-2013-3033 (SQL injection vulnerability in the server component in IBM Tivoli ...)
NOT-FOR-US: IBM Tivoli Remote Control
-CVE-2013-3032
- RESERVED
+CVE-2013-3032 (Cross-site scripting (XSS) vulnerability in the MIME e-mail ...)
+ TODO: check
CVE-2013-3031
RESERVED
CVE-2013-3030
@@ -4742,8 +4761,8 @@
RESERVED
CVE-2013-3028 (Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x ...)
NOT-FOR-US: IBM WebSphere
-CVE-2013-3027
- RESERVED
+CVE-2013-3027 (Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino ...)
+ TODO: check
CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in ...)
NOT-FOR-US: Lotus Quickr for Domino ActiveX
CVE-2013-3025
@@ -5295,20 +5314,20 @@
RESERVED
CVE-2013-2799
RESERVED
-CVE-2013-2798
- RESERVED
+CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and ...)
+ TODO: check
CVE-2013-2797
RESERVED
-CVE-2013-2796
- RESERVED
+CVE-2013-2796 (Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and ...)
+ TODO: check
CVE-2013-2795
RESERVED
CVE-2013-2794
RESERVED
CVE-2013-2793
RESERVED
-CVE-2013-2792
- RESERVED
+CVE-2013-2792 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and ...)
+ TODO: check
CVE-2013-2791
RESERVED
CVE-2013-2790
@@ -5782,11 +5801,9 @@
RESERVED
CVE-2013-2578
RESERVED
-CVE-2013-2577
- RESERVED
+CVE-2013-2577 (Buffer overflow in XnView before 2.04 allows remote attackers to ...)
NOT-FOR-US: XnView
-CVE-2013-2576
- RESERVED
+CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers to ...)
NOT-FOR-US: Artweaver
CVE-2013-2575
RESERVED
@@ -7046,6 +7063,7 @@
[squeeze] - mysql-5.1 <no-dsa> (Minor issue, can be included in a future DSA)
CVE-2013-2161 [Unchecked user input in Swift XML responses]
RESERVED
+ {DSA-2737-1}
- swift 1.8.0-6 (low; bug #712202)
CVE-2013-2160
RESERVED
@@ -7210,8 +7228,7 @@
CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...)
{DSA-2694-1}
- spip 2.1.22-1 (bug #709674)
-CVE-2013-2117 [directory traversal]
- RESERVED
+CVE-2013-2117 (Directory traversal vulnerability in the cgit_parse_readme function in ...)
- cgit <itp> (bug #515793)
CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in ...)
{DSA-2697-1}
@@ -11539,8 +11556,8 @@
- connman 1.0-1.1 (bug #697580)
[wheezy] - connman 1.0-1.1+wheezy1
[squeeze] - connman <no-dsa> (Minor issue)
-CVE-2012-6458
- RESERVED
+CVE-2012-6458 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2012-6457
RESERVED
CVE-2012-6456
@@ -12020,12 +12037,12 @@
RESERVED
CVE-2013-0495
RESERVED
-CVE-2013-0494
- RESERVED
+CVE-2013-0494 (IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to ...)
+ TODO: check
CVE-2013-0493
RESERVED
-CVE-2013-0492
- RESERVED
+CVE-2013-0492 (Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin ...)
+ TODO: check
CVE-2013-0491
RESERVED
CVE-2013-0490 (Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 ...)
@@ -13233,8 +13250,8 @@
- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the ...)
- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
-CVE-2013-0150
- RESERVED
+CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java applet ...)
+ TODO: check
CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 ...)
- quagga <not-affected>
NOTE: OSPF protocol vulnerability, quagga implementation not affected
@@ -22353,8 +22370,8 @@
RESERVED
CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens ...)
NOT-FOR-US: Siemens
-CVE-2012-3039
- RESERVED
+CVE-2012-3039 (Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with ...)
+ TODO: check
CVE-2012-3038
RESERVED
CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the ...)
More information about the Secure-testing-commits
mailing list