[Secure-testing-commits] r23007 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Jul 18 21:14:37 UTC 2013
Author: joeyh
Date: 2013-07-18 21:14:37 +0000 (Thu, 18 Jul 2013)
New Revision: 23007
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-18 18:20:43 UTC (rev 23006)
+++ data/CVE/list 2013-07-18 21:14:37 UTC (rev 23007)
@@ -1,3 +1,31 @@
+CVE-2013-4871 (Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO ...)
+ TODO: check
+CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) extension ...)
+ TODO: check
+CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and ...)
+ TODO: check
+CVE-2013-4868
+ RESERVED
+CVE-2013-4867
+ RESERVED
+CVE-2013-4866
+ RESERVED
+CVE-2013-4865
+ RESERVED
+CVE-2013-4864
+ RESERVED
+CVE-2013-4863
+ RESERVED
+CVE-2013-4862
+ RESERVED
+CVE-2013-4861
+ RESERVED
+CVE-2013-4860
+ RESERVED
+CVE-2013-4859
+ RESERVED
+CVE-2013-4858
+ RESERVED
CVE-2013-4857
RESERVED
CVE-2013-4856
@@ -2665,8 +2693,8 @@
RESERVED
CVE-2013-3657
RESERVED
-CVE-2013-3656
- RESERVED
+CVE-2013-3656 (Cybozu Office 9.1.0 and earlier does not properly manage sessions, ...)
+ TODO: check
CVE-2013-3655 (The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 ...)
NOT-FOR-US: Sharp AQUOS PhotoPlayer
CVE-2013-3654 (Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through ...)
@@ -3142,10 +3170,10 @@
RESERVED
CVE-2013-3435
RESERVED
-CVE-2013-3434
- RESERVED
-CVE-2013-3433
- RESERVED
+CVE-2013-3434 (Untrusted search path vulnerability in Cisco Unified Communications ...)
+ TODO: check
+CVE-2013-3433 (Untrusted search path vulnerability in Cisco Unified Communications ...)
+ TODO: check
CVE-2013-3432
RESERVED
CVE-2013-3431
@@ -3158,8 +3186,8 @@
NOT-FOR-US: Cisco
CVE-2013-3427
RESERVED
-CVE-2013-3426
- RESERVED
+CVE-2013-3426 (The Serviceability servlet on Cisco 9900 IP phones does not properly ...)
+ TODO: check
CVE-2013-3425
RESERVED
CVE-2013-3424 (Cross-site request forgery (CSRF) vulnerability in Administration and ...)
@@ -3170,8 +3198,8 @@
NOT-FOR-US: Cisco
CVE-2013-3421 (Cross-site scripting (XSS) vulnerability in the Help index page in ...)
NOT-FOR-US: Cisco
-CVE-2013-3420
- RESERVED
+CVE-2013-3420 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
+ TODO: check
CVE-2013-3419 (Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace ...)
NOT-FOR-US: Cisco
CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly allocate ...)
@@ -3186,12 +3214,12 @@
RESERVED
CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the ...)
NOT-FOR-US: Cisco
-CVE-2013-3412
- RESERVED
-CVE-2013-3411
- RESERVED
-CVE-2013-3410
- RESERVED
+CVE-2013-3412 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2013-3411 (The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software ...)
+ TODO: check
+CVE-2013-3410 (Cisco Intrusion Prevention System (IPS) Software on IPS NME devices ...)
+ TODO: check
CVE-2013-3409
RESERVED
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices ...)
@@ -3202,12 +3230,12 @@
RESERVED
CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...)
NOT-FOR-US: Cisco
-CVE-2013-3404
- RESERVED
-CVE-2013-3403
- RESERVED
-CVE-2013-3402
- RESERVED
+CVE-2013-3404 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
+ TODO: check
+CVE-2013-3403 (Multiple untrusted search path vulnerabilities in Cisco Unified ...)
+ TODO: check
+CVE-2013-3402 (An unspecified function in Cisco Unified Communications Manager (CUCM) ...)
+ TODO: check
CVE-2013-3401 (The SIP implementation in Cisco TelePresence TC Software allows remote ...)
NOT-FOR-US: Cisco
CVE-2013-3400 (The license-installation module in Cisco NX-OS on Nexus 1000V devices ...)
@@ -6010,14 +6038,14 @@
RESERVED
CVE-2013-2252
RESERVED
-CVE-2013-2251
- RESERVED
+CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute ...)
+ TODO: check
CVE-2013-2250
RESERVED
CVE-2013-2249
RESERVED
-CVE-2013-2248
- RESERVED
+CVE-2013-2248 (Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through ...)
+ TODO: check
CVE-2013-2247 [Access bypass]
RESERVED
NOT-FOR-US: Fast Permissions Administration Drupal contributed module
@@ -6675,8 +6703,7 @@
CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat ...)
- tomcat7 7.0.40-1 (bug #707704)
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
-CVE-2013-2070 [nginx proxy_pass buffer overflow]
- RESERVED
+CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...)
{DSA-2721-1}
- nginx 1.4.1-1 (bug #708164)
[squeeze] - nginx <not-affected> (Vulnerable code not present)
@@ -6687,6 +6714,7 @@
CVE-2013-2068
RESERVED
CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...)
+ {DSA-2725-1}
- tomcat7 7.0.33
- tomcat6 <unfixed>
CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to ...)
@@ -6821,8 +6849,7 @@
RESERVED
- nagios <not-affected> (Affected file nagios.upgrade_to_v3.sh not in Debian)
NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8
-CVE-2013-2028 [nginx http_transfer_encoding buffer overflow]
- RESERVED
+CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...)
- nginx <not-affected> (Vulnerable code not present)
CVE-2013-2027
RESERVED
@@ -7072,8 +7099,7 @@
- linux 3.8.13-1
CVE-2013-1956 (The create_user_ns function in kernel/user_namespace.c in the Linux ...)
- linux 3.8.11-1
-CVE-2013-1955
- RESERVED
+CVE-2013-1955 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
NOT-FOR-US: Easy PHP Calendar
CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
- vlc 2.0.6-1 (bug #705136)
@@ -7342,8 +7368,7 @@
RESERVED
- activemq <not-affected> (portfolio demo app not shipped in Debian package)
NOTE: https://issues.apache.org/jira/browse/AMQ-4398
-CVE-2013-1879 [XSS vulnerability in scheduled.jsp]
- RESERVED
+CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ...)
- activemq <not-affected> (scheduler not shipped in Debian package)
NOTE: https://issues.apache.org/jira/browse/AMQ-4397
CVE-2013-1878
@@ -9175,8 +9200,8 @@
NOT-FOR-US: Cisco WebEx Social
CVE-2013-1244 (Cross-site scripting (XSS) vulnerability in the portal module in Cisco ...)
NOT-FOR-US: Cisco WebEx Social
-CVE-2013-1243
- RESERVED
+CVE-2013-1243 (The IP stack in Cisco Intrusion Prevention System (IPS) Software in ...)
+ TODO: check
CVE-2013-1242 (Memory leak in the web framework in the server in Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2013-1241 (The ISM module in Cisco IOS on ISR G2 routers does not properly handle ...)
@@ -9225,8 +9250,8 @@
NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1219 (SensorApp in Cisco Intrusion Prevention System (IPS) allows local ...)
NOT-FOR-US: Cisco Intrusion Prevention System
-CVE-2013-1218
- RESERVED
+CVE-2013-1218 (Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP ...)
+ TODO: check
CVE-2013-1217 (The generic input/output control implementation in Cisco IOS does not ...)
NOT-FOR-US: Cisco IOS
CVE-2013-1216 (Memory leak in the SNMP module in Cisco IOS XR allows remote ...)
@@ -20265,6 +20290,7 @@
CVE-2012-3545
RESERVED
CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not ...)
+ {DSA-2725-1}
- tomcat6 <unfixed>
- tomcat7 7.0.30
CVE-2012-3543
More information about the Secure-testing-commits
mailing list