[Secure-testing-commits] r23466 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Aug 29 09:14:33 UTC 2013 

Author: joeyh
Date: 2013-08-29 09:14:33 +0000 (Thu, 29 Aug 2013)
New Revision: 23466

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-08-29 09:11:11 UTC (rev 23465)
+++ data/CVE/list	2013-08-29 09:14:33 UTC (rev 23466)
@@ -1,5 +1,12 @@
+CVE-2013-5638
+	RESERVED
+CVE-2013-5637
+	RESERVED
+CVE-2013-5636
+	RESERVED
+CVE-2013-5635
+	RESERVED
 CVE-2013-5647 [Command Injection]
-	RESERVED
 	NOT-FOR-US: Sounder Ruby Gem
 CVE-2013-5642
 	- asterisk <unfixed> (bug #721220)
@@ -3297,9 +3304,11 @@
 CVE-2013-4164
 	RESERVED
 CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 ...)
+	{DSA-2745-1}
 	- linux 3.10.5-1
 	- linux-2.6 <not-affected> (Introduced in 3.5)
 CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 ...)
+	{DSA-2745-1}
 	- linux 3.10.5-1 (low)
 	- linux-2.6 <removed> (low)
 CVE-2013-4161
@@ -3696,8 +3705,8 @@
 	RESERVED
 CVE-2013-4040
 	RESERVED
-CVE-2013-4039
-	RESERVED
+CVE-2013-4039 (IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 ...)
+	TODO: check
 CVE-2013-4038 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
 	TODO: check
 CVE-2013-4037 (The RAKP protocol support in the Intelligent Platform Management ...)
@@ -3708,8 +3717,7 @@
 	RESERVED
 CVE-2013-4034
 	RESERVED
-CVE-2013-4033
-	RESERVED
+CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
 	NOT-FOR-US: IBM DB2
 CVE-2013-4032
 	RESERVED
@@ -4671,10 +4679,10 @@
 	RESERVED
 CVE-2013-3599
 	RESERVED
-CVE-2013-3598
-	RESERVED
-CVE-2013-3597
-	RESERVED
+CVE-2013-3598 (Directory traversal vulnerability in servlet/CreateTemplateServlet in ...)
+	TODO: check
+CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows ...)
+	TODO: check
 CVE-2013-3596
 	RESERVED
 CVE-2013-3595
@@ -4687,8 +4695,8 @@
 	RESERVED
 CVE-2013-3591
 	RESERVED
-CVE-2013-3590
-	RESERVED
+CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in ...)
+	TODO: check
 CVE-2013-3589
 	RESERVED
 CVE-2013-3588
@@ -4696,16 +4704,16 @@
 CVE-2013-3587
 	RESERVED
 	TODO: check
-CVE-2013-3586
-	RESERVED
-CVE-2013-3585
-	RESERVED
-CVE-2013-3584
-	RESERVED
-CVE-2013-3583
-	RESERVED
-CVE-2013-3582
-	RESERVED
+CVE-2013-3586 (Samsung Web Viewer for Samsung DVR devices allows remote attackers to ...)
+	TODO: check
+CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials in ...)
+	TODO: check
+CVE-2013-3584 (Cross-site scripting (XSS) vulnerability in Corporater EPM Suite ...)
+	TODO: check
+CVE-2013-3583 (Cross-site request forgery (CSRF) vulnerability in saveProperties.html ...)
+	TODO: check
+CVE-2013-3582 (Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and ...)
+	TODO: check
 CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green Packet ...)
 	NOT-FOR-US: Choice Wireless Green Packet WIXFMR-111 4G WiMax modem
 CVE-2013-3580 (The TrustGo Antivirus & Mobile Security application before 1.3.6 for ...)
@@ -5378,8 +5386,7 @@
 	NOT-FOR-US: EMC
 CVE-2013-3272 (EMC Replication Manager (RM) before 5.4.4 places encoded passwords in ...)
 	NOT-FOR-US: EMC
-CVE-2013-3271
-	RESERVED
+CVE-2013-3271 (EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the ...)
 	NOT-FOR-US: EMC
 CVE-2013-3270 (EMC VNX Control Station before 7.1.70.2 and Celerra Control Station ...)
 	NOT-FOR-US: EMC
@@ -5830,8 +5837,7 @@
 	NOT-FOR-US: vCenter
 CVE-2013-3078
 	RESERVED
-CVE-2013-3077 [local ip_multicast buffer overflow]
-	RESERVED
+CVE-2013-3077 (Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER ...)
 	{DSA-2743-1}
 	- kfreebsd-8 <unfixed> (bug #720470)
 	- kfreebsd-9 9.2~svn254368-2 (bug #720468)
@@ -6392,9 +6398,11 @@
 	- chromium-browser 28.0.1500.71-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in ...)
+	{DSA-2745-1}
 	- linux 3.9.8-1 (low)
 	- linux-2.6 <removed> (low)
 CVE-2013-2851 (Format string vulnerability in the register_disk function in ...)
+	{DSA-2745-1}
 	- linux 3.9.8-1 (low)
 	- linux-2.6 <removed> (low)
 CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response ...)
@@ -6519,8 +6527,8 @@
 	RESERVED
 CVE-2013-2805
 	RESERVED
-CVE-2013-2804
-	RESERVED
+CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 ...)
+	TODO: check
 CVE-2013-2803
 	RESERVED
 CVE-2013-2802 (The universal protocol implementation in Sixnet UDR before 2.0 and RTU ...)
@@ -6563,8 +6571,8 @@
 	NOT-FOR-US: Triangle Research International
 CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers ...)
 	NOT-FOR-US: IOServer DNP3 drivers
-CVE-2013-2782
-	RESERVED
+CVE-2013-2782 (Schneider Electric Trio J-Series License Free Ethernet Radio with ...)
+	TODO: check
 CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S CODESYS ...)
 	NOT-FOR-US: 3S CODESYS Gateway
 CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to ...)
@@ -7730,8 +7738,7 @@
 	NOT-FOR-US: HP SMH
 CVE-2013-2354
 	RESERVED
-CVE-2013-2353
-	RESERVED
+CVE-2013-2353 (Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before ...)
 	NOT-FOR-US: HP
 CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage ...)
 	NOT-FOR-US: HP
@@ -8015,6 +8022,7 @@
 	RESERVED
 	- freeswitch <itp> (bug #389591) 
 CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...)
+	{DSA-2745-1}
 	- linux-2.6 <removed> (low)
 	- linux 3.9.4-1 (low)
 	NOTE: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
@@ -8025,6 +8033,7 @@
 CVE-2013-2235
 	RESERVED
 CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions ...)
+	{DSA-2745-1}
 	- linux-2.6 <removed>
 	- linux 3.10.1-1
 CVE-2013-2233 [not caching SSH host keys]
@@ -8032,6 +8041,7 @@
 	- ansible <unfixed> (bug #714822)
 	NOTE: https://github.com/ansible/ansible/issues/857
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux ...)
+	{DSA-2745-1}
 	- linux-2.6 <removed>
 	- linux 3.10.1-1
 CVE-2013-2231 [qemu-ga win32 service unquoted search path]
@@ -8266,6 +8276,7 @@
 CVE-2013-2165 (ResourceBuilderImpl.java in the RichFaces 3.x through 5.x ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the ...)
+	{DSA-2745-1}
 	- linux-2.6 <removed> (low)
 	- linux 3.9.8-1 (low)
 CVE-2013-2163 [monkey denial of service]
@@ -8315,6 +8326,7 @@
 	RESERVED
 	- owncloud 4.0.16debian-1 (bug #711517)
 CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c ...)
+	{DSA-2745-1}
 	- linux-2.6 <removed> (low)
 	[squeeze] - linux-2.6 <not-affected> (fanotify introduced in 2.6.36)
 	- linux 3.9.8-1 (low)
@@ -11535,6 +11547,7 @@
 CVE-2013-1060
 	RESERVED
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote ...)
+	{DSA-2745-1}
 	- linux 3.10.1-1 (low)
 	- linux-2.6 <removed> (low)
 	[squeeze] - linux-2.6 <not-affected> (CEPH was introduced in 2.6.34)

More information about the Secure-testing-commits mailing list