[Secure-testing-commits] r22933 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Sat Jul 13 13:50:18 UTC 2013
Author: carnil
Date: 2013-07-13 13:50:18 +0000 (Sat, 13 Jul 2013)
New Revision: 22933
Modified:
data/CVE/list
Log:
couple of NFUs and one phpmyadmin issue (unchecked)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-13 12:35:50 UTC (rev 22932)
+++ data/CVE/list 2013-07-13 13:50:18 UTC (rev 22933)
@@ -133,6 +133,7 @@
RESERVED
NOT-FOR-US: PCMan FTP Server
CVE-2013-4729 (import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict ...)
+ - phpmyadmin <unfixed>
TODO: check
CVE-2013-4728
RESERVED
@@ -221,19 +222,19 @@
CVE-2013-4691
RESERVED
CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-4689
RESERVED
CVE-2013-4688 (flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-4687 (flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-4686 (The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-4685 (Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-4684 (flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 ...)
- TODO: check
+ NOT-FOR-US: Juniper Junos
CVE-2013-4683 (SQL injection vulnerability in the meta_feedit extension 0.1.10 and ...)
NOT-FOR-US: meta_feedit extension for TYPO3
CVE-2013-4682 (SQL injection vulnerability in the Multishop extension before 2.0.39 ...)
@@ -2610,7 +2611,7 @@
CVE-2013-3580
RESERVED
CVE-2013-3579 (The Lookout Mobile Security application before 8.17-8a39d3f for ...)
- TODO: check
+ NOT-FOR-US: Lookout Mobile Security application for Android
CVE-2013-3578
RESERVED
CVE-2013-3577
@@ -2648,7 +2649,7 @@
CVE-2013-3564
RESERVED
CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL Server ...)
- TODO: check
+ NOT-FOR-US: Lianja SQL Server
CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in ...)
{DSA-2700-1}
- wireshark 1.8.7-1 (bug #709167)
@@ -2963,19 +2964,19 @@
CVE-2013-3420
RESERVED
CVE-2013-3419 (Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly allocate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3417
RESERVED
CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework in the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3415
RESERVED
CVE-2013-3414
RESERVED
CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3412
RESERVED
CVE-2013-3411
@@ -2985,13 +2986,13 @@
CVE-2013-3409
RESERVED
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3407
RESERVED
CVE-2013-3406
RESERVED
CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3404
RESERVED
CVE-2013-3403
@@ -3001,7 +3002,7 @@
CVE-2013-3401 (The SIP implementation in Cisco TelePresence TC Software allows remote ...)
NOT-FOR-US: Cisco
CVE-2013-3400 (The license-installation module in Cisco NX-OS on Nexus 1000V devices ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-3399 (Buffer overflow in an unspecified Android API on the Cisco Desktop ...)
NOT-FOR-US: Cisco
CVE-2013-3398 (The web framework in Cisco Prime Central for Hosted Collaboration ...)
@@ -3122,11 +3123,11 @@
CVE-2013-3351
RESERVED
CVE-2013-3350 (Adobe ColdFusion 10 before Update 11 allows remote attackers to call ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2013-3349 (Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2013-3348 (Adobe Shockwave Player before 12.0.3.133 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3347 (Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x ...)
NOT-FOR-US: Adobe Flash
CVE-2013-3346
@@ -3227,7 +3228,7 @@
CVE-2013-3300
RESERVED
CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: RealPlayer
CVE-2013-3298
RESERVED
CVE-2013-3297
@@ -3279,7 +3280,7 @@
CVE-2013-3274
RESERVED
CVE-2013-3273 (EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2013-3272 (EMC Replication Manager (RM) before 5.4.4 places encoded passwords in ...)
NOT-FOR-US: EMC
CVE-2013-3271
@@ -3533,7 +3534,7 @@
CVE-2013-3179
RESERVED
CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Silverlight
CVE-2013-3177
RESERVED
CVE-2013-3176
@@ -3541,13 +3542,13 @@
CVE-2013-3175
RESERVED
CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3173 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3170
RESERVED
CVE-2013-3169
@@ -3555,19 +3556,19 @@
CVE-2013-3168
RESERVED
CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3165
RESERVED
CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3162 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3161 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3160
RESERVED
CVE-2013-3159
@@ -3581,29 +3582,29 @@
CVE-2013-3155
RESERVED
CVE-2013-3154 (The signature-update functionality in Windows Defender on Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2013-3153 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3152 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3151 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3150 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3149 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3148 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3147 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3146 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3145 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3144 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3143 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3142 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
@@ -3621,21 +3622,21 @@
CVE-2013-3135
RESERVED
CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3132 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3131 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3130
REJECTED
CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3128
RESERVED
CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3125 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
@@ -3659,7 +3660,7 @@
CVE-2013-3116 (Microsoft Internet Explorer 7 through 9 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3115 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3114 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3113 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
@@ -3881,7 +3882,7 @@
CVE-2013-3006
RESERVED
CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, ...)
- TODO: check
+ NOT-FOR-US: TFTP client in IBM AIX
CVE-2013-3004
RESERVED
CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite ...)
@@ -4372,11 +4373,11 @@
CVE-2013-2787
RESERVED
CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 ...)
- TODO: check
+ NOT-FOR-US: Alstom Grid MiCOM S1
CVE-2013-2785
RESERVED
CVE-2013-2784 (Triangle Research International (aka Tri) Nano-10 PLC devices with ...)
- TODO: check
+ NOT-FOR-US: Triangle Research International
CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers ...)
NOT-FOR-US: IOServer DNP3 drivers
CVE-2013-2782
@@ -5511,7 +5512,7 @@
CVE-2013-2353
RESERVED
CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2013-2351
RESERVED
CVE-2013-2350
@@ -5533,9 +5534,9 @@
CVE-2013-2342 (The HP StoreOnce D2D backup system with software before 3.0.0 has a ...)
NOT-FOR-US: HP StoreOnce D2D backup system
CVE-2013-2341 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2013-2340 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2013-2339 (HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero ...)
NOT-FOR-US: HP Smart Zero Client
CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) ...)
@@ -7933,11 +7934,11 @@
CVE-2013-1616
RESERVED
CVE-2013-1615 (The management console (aka Java console) on the Symantec Security ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2013-1614 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2013-1613 (SQL injection vulnerability in the management console (aka Java ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2013-1612 (Buffer overflow in secars.dll in the management console in Symantec ...)
NOT-FOR-US: Symantec
CVE-2013-1611 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -8481,7 +8482,7 @@
NOTE: https://github.com/krb5/krb5/commit/c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
NOTE: https://github.com/krb5/krb5/commit/b71f8c4aacea8849ceaf31a2fa95e143f3943097
CVE-2013-1414 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiOS on FortiGate firewall devices
CVE-2012-6521 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Elefant CMS
CVE-2012-6520 (Multiple SQL injection vulnerabilities in the advanced search in ...)
@@ -8676,7 +8677,7 @@
CVE-2013-1346 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 ...)
NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2013-1345 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-1344
RESERVED
CVE-2013-1343
@@ -8686,7 +8687,7 @@
CVE-2013-1341
RESERVED
CVE-2013-1340 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-1339 (The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 ...)
NOT-FOR-US: Microsoft
CVE-2013-1338 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
@@ -8766,7 +8767,7 @@
CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote ...)
NOT-FOR-US: Microsoft Visio
CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ...)
NOT-FOR-US: Microsoft Windows Modern Mail
CVE-2013-1298
@@ -9117,7 +9118,7 @@
CVE-2013-1133 (Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1132 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2013-1131 (Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, ...)
NOT-FOR-US: Cisco Small Business Wireless Access Points
CVE-2013-1130
@@ -10796,7 +10797,7 @@
CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Business ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2013-0580
RESERVED
CVE-2013-0579
More information about the Secure-testing-commits
mailing list