[Secure-testing-commits] r23386 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Aug 21 21:24:10 UTC 2013
Author: joeyh
Date: 2013-08-21 21:24:09 +0000 (Wed, 21 Aug 2013)
New Revision: 23386
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-21 20:52:53 UTC (rev 23385)
+++ data/CVE/list 2013-08-21 21:24:09 UTC (rev 23386)
@@ -1,3 +1,71 @@
+CVE-2013-5348
+ RESERVED
+CVE-2013-5347
+ RESERVED
+CVE-2013-5346
+ RESERVED
+CVE-2013-5345
+ RESERVED
+CVE-2013-5344
+ RESERVED
+CVE-2013-5343
+ RESERVED
+CVE-2013-5342
+ RESERVED
+CVE-2013-5341
+ RESERVED
+CVE-2013-5340
+ RESERVED
+CVE-2013-5339
+ RESERVED
+CVE-2013-5338
+ RESERVED
+CVE-2013-5337
+ RESERVED
+CVE-2013-5336
+ RESERVED
+CVE-2013-5335
+ RESERVED
+CVE-2013-5334
+ RESERVED
+CVE-2013-5333
+ RESERVED
+CVE-2013-5332
+ RESERVED
+CVE-2013-5331
+ RESERVED
+CVE-2013-5330
+ RESERVED
+CVE-2013-5329
+ RESERVED
+CVE-2013-5328
+ RESERVED
+CVE-2013-5327
+ RESERVED
+CVE-2013-5326
+ RESERVED
+CVE-2013-5325
+ RESERVED
+CVE-2013-5324
+ RESERVED
+CVE-2013-5323 (Cross-site scripting (XSS) vulnerability in the Static Info Tables ...)
+ TODO: check
+CVE-2013-5322 (SQL injection vulnerability in the CoolURI extension before 1.0.30 for ...)
+ TODO: check
+CVE-2013-5321 (Multiple SQL injection vulnerabilities in AlienVault Open Source ...)
+ TODO: check
+CVE-2013-5320 (Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in ...)
+ TODO: check
+CVE-2013-5319 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2013-5318 (SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers ...)
+ TODO: check
+CVE-2013-5317 (Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows ...)
+ TODO: check
+CVE-2013-5316 (Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 ...)
+ TODO: check
+CVE-2012-6582 (Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x ...)
+ TODO: check
CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech ...)
@@ -693,39 +761,32 @@
CVE-2013-4968
RESERVED
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2013-4967
- RESERVED
+CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to obtain the ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4966
RESERVED
CVE-2013-4965
RESERVED
-CVE-2013-4964
- RESERVED
+CVE-2013-4964 (Puppet Enterprise before 3.0.1 does not set the secure flag for the ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4963
RESERVED
-CVE-2013-4962
- RESERVED
-CVE-2013-4961
- RESERVED
+CVE-2013-4962 (The reset password page in Puppet Enterprise before 3.0.1 does not ...)
+ TODO: check
+CVE-2013-4961 (Puppet Enterprise before 3.0.1 includes version information for the ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4960
RESERVED
-CVE-2013-4959
- RESERVED
+CVE-2013-4959 (Puppet Enterprise before 3.0.1 uses HTTP responses that contain ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2013-4958
- RESERVED
+CVE-2013-4958 (Puppet Enterprise before 3.0.1 does not use a session timeout, which ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4957
RESERVED
-CVE-2013-4956
- RESERVED
+CVE-2013-4956 (Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and ...)
- puppet 3.2.4-1
[squeeze] - puppet <not-affected> (puppet module not yet present)
-CVE-2013-4955
- RESERVED
+CVE-2013-4955 (Open redirect vulnerability in the login page in Puppet Enterprise ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4954 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
NOT-FOR-US: Genetech Solutions Pie-Register
@@ -1192,11 +1253,9 @@
RESERVED
CVE-2013-4763
RESERVED
-CVE-2013-4762
- RESERVED
+CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a ...)
- puppet <not-affected> (Only affects Puppet Enterprise)
-CVE-2013-4761
- RESERVED
+CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x ...)
- puppet 3.2.4-1 (low)
[squeeze] - puppet <no-dsa> (non-standard config and attacker requires local access to master)
CVE-2013-4760
@@ -2637,8 +2696,7 @@
- libreoffice 1:4.1.0-1 (unimportant)
- openoffice.org <removed> (unimportant)
NOTE: Harmless crash
-CVE-2013-4155 [Swift Denial of Service using superfluous object tombstones]
- RESERVED
+CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows ...)
{DSA-2737-1}
- swift 1.8.0-7 (bug #719008)
CVE-2013-4154 [libvirt: crash of libvirtd without guest agent configuration]
@@ -2724,8 +2782,7 @@
- subversion <unfixed> (bug #717794)
[squeeze] - subversion <not-affected> (Only affects >= 1.7)
[wheezy] - subversion <not-affected> (Only affects >= 1.7)
-CVE-2013-4130
- RESERVED
+CVE-2013-4130 (The (1) red_channel_pipes_add_type and (2) ...)
- spice 0.12.4-0nocelt1 (low; bug #717030)
[wheezy] - spice <no-dsa> (Minor issue)
CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through 3.10.3 ...)
@@ -5494,30 +5551,24 @@
RESERVED
CVE-2013-2906
RESERVED
-CVE-2013-2905
- RESERVED
+CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2904
- RESERVED
+CVE-2013-2904 (Use-after-free vulnerability in the Document::finishedParsing function ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2903
- RESERVED
+CVE-2013-2903 (Use-after-free vulnerability in the ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2902
- RESERVED
+CVE-2013-2902 (Use-after-free vulnerability in the XSLT ProcessingInstruction ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
- libxslt <unfixed>
TODO: Contact libxslt upstream for specific commit
-CVE-2013-2901
- RESERVED
+CVE-2013-2901 (Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2900
- RESERVED
+CVE-2013-2900 (The FilePath::ReferencesParent function in files/file_path.cc in ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2899
@@ -5544,8 +5595,7 @@
RESERVED
CVE-2013-2888
RESERVED
-CVE-2013-2887
- RESERVED
+CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2886 (Multiple unspecified vulnerabilities in Google Chrome before ...)
@@ -7400,8 +7450,7 @@
CVE-2013-2211 [libxl allows guest write access to sensitive console related xenstore keys]
RESERVED
- xen <unfixed>
-CVE-2013-2210 [heap overflow during XPointer evaluation]
- RESERVED
+CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference ...)
{DSA-2717-1}
- xml-security-c 1.6.1-7 (bug #714241)
NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
@@ -7526,8 +7575,7 @@
CVE-2013-2173 (wp-includes/class-phpass.php in WordPress 3.5.1, when a ...)
{DSA-2718-1}
- wordpress 3.5.2+dfsg-1 (bug #713947)
-CVE-2013-2172 [Java XML Signature spoofing attack]
- RESERVED
+CVE-2013-2172 (jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache ...)
- libxml-security-java <unfixed> (bug #720375)
NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap ...)
@@ -7564,8 +7612,7 @@
[wheezy] - mysql-5.5 <no-dsa> (Minor issue, can be included in a future DSA)
- mysql-5.1 <removed> (low)
[squeeze] - mysql-5.1 <no-dsa> (Minor issue, can be included in a future DSA)
-CVE-2013-2161 [Unchecked user input in Swift XML responses]
- RESERVED
+CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift ...)
{DSA-2737-1}
- swift 1.8.0-6 (low; bug #712202)
CVE-2013-2160 (Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before ...)
@@ -7576,23 +7623,18 @@
[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2158 (Cross-site request forgery (CSRF) vulnerability in the Services module ...)
NOT-FOR-US: Services Drupal contributed modules
-CVE-2013-2157 [keystone authentication bypass when using LDAP backend]
- RESERVED
+CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when ...)
- keystone 2013.1.2-1 (bug #712160)
-CVE-2013-2156 [heap overflow while processing InclusiveNamespace PrefixList]
- RESERVED
+CVE-2013-2156 (Heap-based buffer overflow in the Exclusive Canonicalization ...)
{DSA-2710-1}
- xml-security-c 1.6.1-6
-CVE-2013-2155 [denial of service and hash length bypass issues while processing HMAC signatures]
- RESERVED
+CVE-2013-2155 (Apache Santuario XML Security for C++ (aka xml-security-c) before ...)
{DSA-2710-1}
- xml-security-c 1.6.1-6
-CVE-2013-2154 [stack overflow during XPointer evaluation]
- RESERVED
+CVE-2013-2154 (Stack-based buffer overflow in the XML Signature Reference ...)
{DSA-2710-1}
- xml-security-c 1.6.1-6
-CVE-2013-2153 [XML Signature Bypass issue]
- RESERVED
+CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ...)
{DSA-2710-1}
- xml-security-c 1.6.1-6
CVE-2013-2152 [rhevm: spice service unquoted search path]
@@ -9989,11 +10031,13 @@
[wheezy] - xmonad-contrib <no-dsa> (Minor issue)
CVE-2013-1435 [shell escaping issues]
RESERVED
+ {DSA-2739-1}
- cacti 0.8.8b+dfsg-1
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7392
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7393
CVE-2013-1434 [SQL injection]
RESERVED
+ {DSA-2739-1}
- cacti 0.8.8b+dfsg-1
NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394
CVE-2013-1433
More information about the Secure-testing-commits
mailing list