[Secure-testing-commits] r23356 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Aug 19 21:14:33 UTC 2013


Author: joeyh
Date: 2013-08-19 21:14:33 +0000 (Mon, 19 Aug 2013)
New Revision: 23356

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-19 18:40:14 UTC (rev 23355)
+++ data/CVE/list	2013-08-19 21:14:33 UTC (rev 23356)
@@ -1,3 +1,23 @@
+CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
+	TODO: check
+CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management ...)
+	TODO: check
+CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search ...)
+	TODO: check
+CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP ...)
+	TODO: check
+CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator ...)
+	TODO: check
+CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extension ...)
+	TODO: check
+CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator) extension ...)
+	TODO: check
+CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) ...)
+	TODO: check
+CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter ...)
+	TODO: check
 CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
 	NOT-FOR-US: AlienVault OSSIM
 CVE-2013-5299
@@ -903,8 +923,8 @@
 	NOT-FOR-US: McAfee ePolicy Orchestrator
 CVE-2013-4882 (Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator ...)
 	NOT-FOR-US: McAfee ePolicy Orchestrator
-CVE-2013-4881
-	RESERVED
+CVE-2013-4881 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
 CVE-2013-4880 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: BigTree CMS
 CVE-2013-4879 (SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS ...)
@@ -1058,8 +1078,8 @@
 	RESERVED
 CVE-2013-4809
 	RESERVED
-CVE-2013-4808
-	RESERVED
+CVE-2013-4808 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and ...)
+	TODO: check
 CVE-2013-4807 (Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, ...)
 	NOT-FOR-US: HP
 CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, ...)
@@ -2267,8 +2287,7 @@
 CVE-2013-4249 [django Cross-site scripting (XSS) in admin interface]
 	RESERVED
 	- python-django 1.5.2-1
-CVE-2013-4248 [php invalid handling of certs with null bytes]
-	RESERVED
+CVE-2013-4248 (The openssl_x509_parse function in openssl.c in the OpenSSL module in ...)
 	- php5 <unfixed> (bug #719765)
 CVE-2013-4247 [linux: cifs: off-by-one bug in build_unc_path_to_root]
 	RESERVED
@@ -2306,8 +2325,7 @@
 	[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
 	NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
 	NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
-CVE-2013-4238 [Python SSL module does not handle certificates that contain hostnames with NULL bytes]
-	RESERVED
+CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6 ...)
 	- python2.5 <removed>
 	- python2.6 <removed>
 	- python2.7 <unfixed> (bug #719566)
@@ -2402,8 +2420,7 @@
 	- nagios3 <unfixed> (low; bug #719056)
 	[wheezy] - nagios3 <no-dsa> (Minor issue)
 	[squeeze] - nagios3 <not-affected> (html/rss-newsfeed.php not present)
-CVE-2013-4213
-	RESERVED
+CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-4212
 	RESERVED
@@ -2680,8 +2697,7 @@
 CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through 3.10.3 ...)
 	- linux <not-affected> (Introduced in 3.11-rc1)
 	- linux-2.6 <not-affected> (Introduced in 3.11-rc1)
-CVE-2013-4128
-	RESERVED
+CVE-2013-4128 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in ...)
 	- linux 3.10.5-1
@@ -2741,8 +2757,7 @@
 	[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
 	[squeeze] - squid3 <not-affected> (Only affects 3.2 onwards)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
-CVE-2013-4114 [nagstamon: credentials exposure]
-	RESERVED
+CVE-2013-4114 (The automatic update request in Nagstamont before 0.9.10 uses a ...)
 	- nagstamon 0.9.9-2 (low; bug #716718)
 	[wheezy] - nagstamon <no-dsa> (Minor issue)
 	[squeeze] - nagstamon <no-dsa> (Minor issue)
@@ -2882,8 +2897,7 @@
 	- wireshark 1.10.0-1 (bug #711918)
 	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
-CVE-2013-4073 [Hostname check bypassing vulnerability in SSL client]
-	RESERVED
+CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in ...)
 	{DSA-2738-1}
 	- ruby1.8 1.8.7.358-7.1 (bug #714541)
 	- ruby1.9.1 1.9.3.194-8.2 (bug #714543)
@@ -4547,8 +4561,8 @@
 	RESERVED
 CVE-2013-3320
 	RESERVED
-CVE-2013-3319
-	RESERVED
+CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP ...)
+	TODO: check
 CVE-2013-3318
 	RESERVED
 CVE-2013-3317
@@ -7451,8 +7465,7 @@
 CVE-2013-2176
 	RESERVED
 	NOT-FOR-US: Red Hat Enterprise Virtualization Apt service
-CVE-2013-2175
-	RESERVED
+CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...)
 	{DSA-2711-1}
 	- haproxy 1.4.24-1
 CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in ...)
@@ -7492,8 +7505,7 @@
 	RESERVED
 	- monkey <removed> (low)
 	[squeeze] - monkey <no-dsa> (Minor issue)
-CVE-2013-2162 [mysql insecure conffile creation]
-	RESERVED
+CVE-2013-2162 (Race condition in the post-installation script ...)
 	- mysql-5.5 <unfixed> (low; bug #711600)
 	[wheezy] - mysql-5.5 <no-dsa> (Minor issue, can be included in a future DSA)
 	- mysql-5.1 <removed> (low)
@@ -8010,8 +8022,7 @@
 	- jquery-jplayer 2.1.0-2
 	NOTE: used for jPlayer 2.2.23 XSS
 	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
-CVE-2013-2022
-	RESERVED
+CVE-2013-2022 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
 	- jquery-jplayer 2.1.0-2
 	NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
 	NOTE: used for jPlayer 2.2.20 XSS
@@ -120093,7 +120104,7 @@
 	NOT-FOR-US: Veritas NetBackup
 CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...)
 	NOT-FOR-US: MS Windows issue
-CVE-2006-0987 (The default configuration of ISC BIND, when configured as a caching ...)
+CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when configured ...)
 	- bind <unfixed> (bug #355787; unimportant)
 	- bind9 1:9.4.0-1 (bug #356266; unimportant)
 	NOTE: This is within the responsibilities of a local admin, especially when




More information about the Secure-testing-commits mailing list