[Secure-testing-commits] r22903 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Jul 10 21:14:32 UTC 2013
Author: joeyh
Date: 2013-07-10 21:14:32 +0000 (Wed, 10 Jul 2013)
New Revision: 22903
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-10 18:32:52 UTC (rev 22902)
+++ data/CVE/list 2013-07-10 21:14:32 UTC (rev 22903)
@@ -1,3 +1,5 @@
+CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
+ TODO: check
CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange ...)
TODO: check
CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote ...)
@@ -2380,7 +2382,7 @@
RESERVED
CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP ...)
NOT-FOR-US: Microsoft Windows
-CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft ...)
+CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-6563 (engine/lib/access.php in Elgg before 1.8.5 does not properly clear ...)
- elgg <itp> (bug #526197)
@@ -3079,22 +3081,19 @@
RESERVED
CVE-2013-3351
RESERVED
-CVE-2013-3350
- RESERVED
-CVE-2013-3349
- RESERVED
-CVE-2013-3348
- RESERVED
-CVE-2013-3347
- RESERVED
+CVE-2013-3350 (Adobe ColdFusion 10 before Update 11 allows remote attackers to call ...)
+ TODO: check
+CVE-2013-3349 (Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when ...)
+ TODO: check
+CVE-2013-3348 (Adobe Shockwave Player before 12.0.3.133 allows attackers to execute ...)
+ TODO: check
+CVE-2013-3347 (Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x ...)
NOT-FOR-US: Adobe Flash
CVE-2013-3346
RESERVED
-CVE-2013-3345
- RESERVED
+CVE-2013-3345 (Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 ...)
NOT-FOR-US: Adobe Flash
-CVE-2013-3344
- RESERVED
+CVE-2013-3344 (Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 ...)
NOT-FOR-US: Adobe Flash
CVE-2013-3343 (Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on ...)
NOT-FOR-US: Adobe Flash
@@ -3494,42 +3493,42 @@
RESERVED
CVE-2013-3179
RESERVED
-CVE-2013-3178
- RESERVED
+CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly ...)
+ TODO: check
CVE-2013-3177
RESERVED
CVE-2013-3176
RESERVED
CVE-2013-3175
RESERVED
-CVE-2013-3174
- RESERVED
-CVE-2013-3173
- RESERVED
-CVE-2013-3172
- RESERVED
-CVE-2013-3171
- RESERVED
+CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
+ TODO: check
+CVE-2013-3173 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
+ TODO: check
+CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, ...)
+ TODO: check
CVE-2013-3170
RESERVED
CVE-2013-3169
RESERVED
CVE-2013-3168
RESERVED
-CVE-2013-3167
- RESERVED
-CVE-2013-3166
- RESERVED
+CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
+CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+ TODO: check
CVE-2013-3165
RESERVED
-CVE-2013-3164
- RESERVED
-CVE-2013-3163
- RESERVED
-CVE-2013-3162
- RESERVED
-CVE-2013-3161
- RESERVED
+CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3162 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3161 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
CVE-2013-3160
RESERVED
CVE-2013-3159
@@ -3542,30 +3541,30 @@
RESERVED
CVE-2013-3155
RESERVED
-CVE-2013-3154
- RESERVED
-CVE-2013-3153
- RESERVED
-CVE-2013-3152
- RESERVED
-CVE-2013-3151
- RESERVED
-CVE-2013-3150
- RESERVED
-CVE-2013-3149
- RESERVED
-CVE-2013-3148
- RESERVED
-CVE-2013-3147
- RESERVED
-CVE-2013-3146
- RESERVED
-CVE-2013-3145
- RESERVED
-CVE-2013-3144
- RESERVED
-CVE-2013-3143
- RESERVED
+CVE-2013-3154 (The signature-update functionality in Windows Defender on Microsoft ...)
+ TODO: check
+CVE-2013-3153 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3152 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-3151 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3150 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-3149 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-3148 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3147 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3146 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-3145 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-3144 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
+ TODO: check
+CVE-2013-3143 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
+ TODO: check
CVE-2013-3142 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
@@ -3582,22 +3581,22 @@
NOT-FOR-US: Microsoft
CVE-2013-3135
RESERVED
-CVE-2013-3134
- RESERVED
-CVE-2013-3133
- RESERVED
-CVE-2013-3132
- RESERVED
-CVE-2013-3131
- RESERVED
+CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...)
+ TODO: check
+CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...)
+ TODO: check
+CVE-2013-3132 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...)
+ TODO: check
+CVE-2013-3131 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and ...)
+ TODO: check
CVE-2013-3130
REJECTED
-CVE-2013-3129
- RESERVED
+CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight ...)
+ TODO: check
CVE-2013-3128
RESERVED
-CVE-2013-3127
- RESERVED
+CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows ...)
+ TODO: check
CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3125 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
@@ -3620,8 +3619,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3116 (Microsoft Internet Explorer 7 through 9 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2013-3115
- RESERVED
+CVE-2013-3115 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
+ TODO: check
CVE-2013-3114 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3113 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
@@ -4093,47 +4092,33 @@
RESERVED
CVE-2013-2881
RESERVED
-CVE-2013-2880
- RESERVED
+CVE-2013-2880 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed>
-CVE-2013-2879
- RESERVED
+CVE-2013-2879 (Google Chrome before 28.0.1500.71 does not properly determine the ...)
- chromium-browser <unfixed>
-CVE-2013-2878
- RESERVED
+CVE-2013-2878 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a ...)
- chromium-browser <unfixed>
-CVE-2013-2877
- RESERVED
+CVE-2013-2877 (parser.c in libxml2 before 2.9.0, as used in Google Chrome before ...)
- libxml2 <unfixed> (bug #715531)
-CVE-2013-2876
- RESERVED
+CVE-2013-2876 (browser/extensions/api/tabs/tabs_api.cc in Google Chrome before ...)
- chromium-browser <unfixed>
-CVE-2013-2875
- RESERVED
+CVE-2013-2875 (core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in ...)
- chromium-browser <unfixed>
-CVE-2013-2874
- RESERVED
+CVE-2013-2874 (Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is ...)
- chromium-browser <not-affected> (Windows-specific)
-CVE-2013-2873
- RESERVED
+CVE-2013-2873 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 ...)
- chromium-browser <unfixed>
-CVE-2013-2872
- RESERVED
+CVE-2013-2872 (Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a ...)
- chromium-browser <not-affected> (MacOS specific)
-CVE-2013-2871
- RESERVED
+CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 ...)
- chromium-browser <unfixed>
-CVE-2013-2870
- RESERVED
+CVE-2013-2870 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 ...)
- chromium-browser <unfixed>
-CVE-2013-2869
- RESERVED
+CVE-2013-2869 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a ...)
- chromium-browser <unfixed>
-CVE-2013-2868
- RESERVED
+CVE-2013-2868 (common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 ...)
- chromium-browser <unfixed>
-CVE-2013-2867
- RESERVED
+CVE-2013-2867 (Google Chrome before 28.0.1500.71 does not properly prevent pop-under ...)
- chromium-browser <unfixed>
CVE-2013-2866 (The Flash plug-in in Google Chrome before 27.0.1453.116, as used on ...)
- chromium-browser <not-affected> (Flash plugin not included in Chromium)
@@ -4181,8 +4166,7 @@
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2854 (Google Chrome before 27.0.1453.110 on Windows provides an incorrect ...)
- chromium-browser <not-affected> (Windows-specific)
-CVE-2013-2853
- RESERVED
+CVE-2013-2853 (The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ...)
- chromium-browser <unfixed>
CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in ...)
- linux 3.9.8-1 (low)
@@ -6167,8 +6151,7 @@
RESERVED
- ruby-passenger 3.0.13debian-1.1 (low; bug #710351)
[wheezy] - ruby-passenger <no-dsa> (Minor issue)
-CVE-2013-2118 [privilege escalation]
- RESERVED
+CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...)
{DSA-2694-1}
- spip 2.1.22-1 (bug #709674)
CVE-2013-2117 [directory traversal]
@@ -6270,8 +6253,7 @@
CVE-2013-2097 [zPanel themes remote command execution as root]
RESERVED
NOT-FOR-US: zPanel
-CVE-2013-2096 [fails to verify image virtual size]
- RESERVED
+CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify ...)
- nova <unfixed> (low; bug #710157)
[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-2095
@@ -6421,18 +6403,14 @@
NOT-FOR-US: RHN Satellite
CVE-2013-2055
RESERVED
-CVE-2013-2054 [strongswan remote buffer overflow in atodn]
- RESERVED
+CVE-2013-2054 (Buffer overflow in the atodn function in strongSwan 2.0.0 through ...)
- strongswan 4.3.4-1
NOTE: http://download.strongswan.org/patches/11_pluto_atodn_patch/CVE-2013-2054.txt
-CVE-2013-2053
- RESERVED
+CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when ...)
- openswan <unfixed> (low; bug #709144)
-CVE-2013-2052
- RESERVED
+CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when ...)
NOT-FOR-US: libreswan not in Debian
-CVE-2013-2051
- RESERVED
+CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat ...)
- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)
CVE-2013-2050
@@ -6700,8 +6678,7 @@
CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2
-CVE-2013-1976
- RESERVED
+CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...)
- tomcat6 <not-affected> (RedHat-specific issue)
- tomcat7 <not-affected> (RedHat-specific issue)
CVE-2013-1975
@@ -6790,8 +6767,7 @@
CVE-2013-1951
RESERVED
- mediawiki 1:1.19.5-1
-CVE-2013-1950
- RESERVED
+CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows ...)
- libtirpc <not-affected> (regression code not present)
NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe
NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f
@@ -8617,8 +8593,7 @@
NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
CVE-2013-1363
RESERVED
-CVE-2013-1362 [Allows passing of $() as command arguments and executing shell commands]
- RESERVED
+CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In ...)
- nagios-nrpe 2.13-3 (low; bug #701227)
[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
CVE-2013-1361
@@ -8653,8 +8628,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1346 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 ...)
NOT-FOR-US: Microsoft Malware Protection Engine
-CVE-2013-1345
- RESERVED
+CVE-2013-1345 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2013-1344
RESERVED
CVE-2013-1343
@@ -8663,8 +8638,8 @@
RESERVED
CVE-2013-1341
RESERVED
-CVE-2013-1340
- RESERVED
+CVE-2013-1340 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2013-1339 (The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 ...)
NOT-FOR-US: Microsoft
CVE-2013-1338 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
@@ -8743,8 +8718,8 @@
NOT-FOR-US: Microsoft
CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote ...)
NOT-FOR-US: Microsoft Visio
-CVE-2013-1300
- RESERVED
+CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
+ TODO: check
CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ...)
NOT-FOR-US: Microsoft Windows Modern Mail
CVE-2013-1298
More information about the Secure-testing-commits
mailing list