[Secure-testing-commits] r22831 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Jul 3 09:14:24 UTC 2013 

Author: joeyh
Date: 2013-07-03 09:14:24 +0000 (Wed, 03 Jul 2013)
New Revision: 22831

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-07-03 07:14:00 UTC (rev 22830)
+++ data/CVE/list	2013-07-03 09:14:24 UTC (rev 22831)
@@ -1,3 +1,31 @@
+CVE-2013-4749 (Cross-site scripting (XSS) vulnerability in the UserTask Center, ...)
+	TODO: check
+CVE-2013-4748 (SQL injection vulnerability in the News system (news) extension before ...)
+	TODO: check
+CVE-2013-4747 (Cross-site scripting (XSS) vulnerability in the Accessible browse ...)
+	TODO: check
+CVE-2013-4746 (Cross-site scripting (XSS) vulnerability in the My quiz and poll ...)
+	TODO: check
+CVE-2013-4745 (SQL injection vulnerability in the My quiz and poll (myquizpoll) ...)
+	TODO: check
+CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit extension ...)
+	TODO: check
+CVE-2013-4743
+	RESERVED
+CVE-2013-4742
+	RESERVED
+CVE-2013-4741
+	RESERVED
+CVE-2013-4740
+	RESERVED
+CVE-2013-4739
+	RESERVED
+CVE-2013-4738
+	RESERVED
+CVE-2013-4737
+	RESERVED
+CVE-2013-4736
+	RESERVED
 CVE-2013-4735 (The Digital Alert Systems DASDEC EAS device before 2.0-2 and the ...)
 	NOT-FOR-US: Digital Alert Systems and Monroe Electronics
 CVE-2013-4734 (dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before ...)
@@ -1688,10 +1716,10 @@
 	RESERVED
 CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
 	NOT-FOR-US: Siemens COMOS
-CVE-2013-3926
-	RESERVED
-CVE-2013-3925
-	RESERVED
+CVE-2013-3926 (Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary ...)
+	TODO: check
+CVE-2013-3925 (Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and ...)
+	TODO: check
 CVE-2013-3924
 	RESERVED
 CVE-2013-3923
@@ -2828,20 +2856,20 @@
 	RESERVED
 CVE-2013-3402
 	RESERVED
-CVE-2013-3401
-	RESERVED
+CVE-2013-3401 (The SIP implementation in Cisco TelePresence TC Software allows remote ...)
+	TODO: check
 CVE-2013-3400
 	RESERVED
-CVE-2013-3399
-	RESERVED
+CVE-2013-3399 (Buffer overflow in an unspecified Android API on the Cisco Desktop ...)
+	TODO: check
 CVE-2013-3398 (The web framework in Cisco Prime Central for Hosted Collaboration ...)
 	NOT-FOR-US: Cisco
 CVE-2013-3397 (Cross-site request forgery (CSRF) vulnerability in the Unified ...)
 	NOT-FOR-US: Cisco
 CVE-2013-3396 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
 	NOT-FOR-US: Cisco
-CVE-2013-3395
-	RESERVED
+CVE-2013-3395 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+	TODO: check
 CVE-2013-3394
 	RESERVED
 CVE-2013-3393 (The Precision Video Engine component in Cisco Jabber for Windows and ...)
@@ -4348,7 +4376,7 @@
 	NOT-FOR-US: EMC
 CVE-2012-6573 (Cross-site scripting (XSS) vulnerability in the Apache Solr ...)
 	NOT-FOR-US: DRUPAL-SA-CONTRIB-2012-136
-CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.0.8 ...)
+CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...)
 	- db4o <unfixed> (unimportant)
 	NOTE: in doc package only
 CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized ...)
@@ -5810,8 +5838,7 @@
 	- wordpress 3.5.2+dfsg-1 (bug #713947)
 CVE-2013-2172
 	RESERVED
-CVE-2013-2171 [Privilege escalation via mmap]
-	RESERVED
+CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap ...)
 	{DSA-2714-1}
 	- kfreebsd-9 9.0-12 (bug #712664)
 	- kfreebsd-8 <not-affected> (Only affects 9.x)
@@ -5854,8 +5881,7 @@
 	RESERVED
 	- monkey <removed>
 	[squeeze] - monkey <no-dsa> (Minor issue)
-CVE-2013-2158
-	RESERVED
+CVE-2013-2158 (Cross-site request forgery (CSRF) vulnerability in the Services module ...)
 	NOT-FOR-US: Services Drupal contributed modules
 CVE-2013-2157 [keystone authentication bypass when using LDAP backend]
 	RESERVED
@@ -12457,13 +12483,11 @@
 	RESERVED
 CVE-2012-6149
 	RESERVED
-CVE-2012-6148 [Backend API XSS]
-	RESERVED
+CVE-2012-6148 (Cross-site scripting (XSS) vulnerability in the function menu API in ...)
 	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
 	[squeeze] - typo3-src <not-affected> (Vulnerable code not present)
 	NOTE: https://review.typo3.org/16300
-CVE-2012-6147 [Backend API XSS]
-	RESERVED
+CVE-2012-6147 (Cross-site scripting (XSS) vulnerability in the tree render API ...)
 	{DSA-2574-1}
 	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
 	NOTE: https://review.typo3.org/16305
@@ -12472,13 +12496,11 @@
 	{DSA-2574-1}
 	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
 	NOTE: https://review.typo3.org/16304
-CVE-2012-6145 [Backend History Module XSS]
-	RESERVED
+CVE-2012-6145 (Cross-site scripting (XSS) vulnerability in the Backend History module ...)
 	{DSA-2574-1}
 	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
 	NOTE: https://review.typo3.org/16304
-CVE-2012-6144 [Backend History Module SQL Injection]
-	RESERVED
+CVE-2012-6144 (SQL injection vulnerability in the Backend History module in TYPO3 ...)
 	{DSA-2574-1}
 	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
 	NOTE: https://review.typo3.org/16304

More information about the Secure-testing-commits mailing list