[Secure-testing-commits] r23137 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Jul 29 21:14:28 UTC 2013
Author: joeyh
Date: 2013-07-29 21:14:27 +0000 (Mon, 29 Jul 2013)
New Revision: 23137
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-29 19:50:54 UTC (rev 23136)
+++ data/CVE/list 2013-07-29 21:14:27 UTC (rev 23137)
@@ -1,3 +1,13 @@
+CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the ...)
+ TODO: check
+CVE-2013-4941 (Cross-site scripting (XSS) vulnerability in uploader.swf in the ...)
+ TODO: check
+CVE-2013-4940 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility ...)
+ TODO: check
+CVE-2013-4939 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility ...)
+ TODO: check
+CVE-2013-4938 (The LTI (aka IMS-LTI) mod_form implementation in Moodle through ...)
+ TODO: check
CVE-2013-XXXX [phpmyadmin PMASA-2013-9, PMASA-2013-11, PMASA-2013-12, PMASA-2013-13, PMASA-2013-14, PMASA-2013-15]
- phpmyadmin 4:4.0.4.2-1
CVE-2013-4937 (Multiple unspecified vulnerabilities in the AiCloud feature on the ...)
@@ -207,8 +217,7 @@
RESERVED
CVE-2013-4855
RESERVED
-CVE-2013-4854 [denial of service]
- RESERVED
+CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x ...)
{DSA-2728-1}
- bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
NOTE: https://kb.isc.org/article/AA-01015/0
@@ -216,8 +225,7 @@
RESERVED
CVE-2013-4852
RESERVED
-CVE-2013-4851 [nfsserver applies wrong credentials]
- RESERVED
+CVE-2013-4851 (The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS ...)
- kfreebsd-9 9.2~svn244772 (bug #717958)
- kfreebsd-8 8.3-7 (bug #717959)
[squeeze] - kfreebsd-8 <not-affected> (FreeBSD NFS server implementation was not supported in squeeze)
@@ -317,18 +325,18 @@
RESERVED
CVE-2013-4803
RESERVED
-CVE-2013-4802
- RESERVED
-CVE-2013-4801
- RESERVED
-CVE-2013-4800
- RESERVED
-CVE-2013-4799
- RESERVED
-CVE-2013-4798
- RESERVED
-CVE-2013-4797
- RESERVED
+CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle ...)
+ TODO: check
+CVE-2013-4801 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
+CVE-2013-4800 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
+CVE-2013-4799 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
+CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
+CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
CVE-2013-4796
RESERVED
CVE-2013-4795
@@ -1514,6 +1522,7 @@
RESERVED
CVE-2013-4242 [the Yarom/Falkner flush+reload side-channel attack on RSA secret keys]
RESERVED
+ {DSA-2731-1 DSA-2730-1}
- gnupg 1.4.14-1 (bug #717880)
- libgcrypt11 1.5.3-1
CVE-2013-4241
@@ -1686,12 +1695,10 @@
NOTE: https://github.com/bitcoin/bitcoin/issues/2838
CVE-2013-4164
RESERVED
-CVE-2013-4163 [linux: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu]
- RESERVED
+CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 ...)
- linux <unfixed>
- linux-2.6 <not-affected> (Introduced in 3.5)
-CVE-2013-4162 [linux: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled]
- RESERVED
+CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 ...)
- linux <unfixed> (low)
- linux-2.6 <removed> (low)
CVE-2013-4161
@@ -1811,15 +1818,13 @@
- spice 0.12.4-0nocelt1 (low; bug #717030)
[wheezy] - spice <no-dsa> (Minor issue)
[squeeze] - spice <no-dsa> (Minor issue)
-CVE-2013-4129
- RESERVED
+CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through 3.10.3 ...)
- linux <not-affected> (Introduced in 3.11-rc1)
- linux-2.6 <not-affected> (Introduced in 3.11-rc1)
CVE-2013-4128
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
-CVE-2013-4127 [use-after-free in vhost_net_flush]
- RESERVED
+CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in ...)
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.8)
@@ -3102,8 +3107,8 @@
RESERVED
CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green Packet ...)
NOT-FOR-US: Choice Wireless Green Packet WIXFMR-111 4G WiMax modem
-CVE-2013-3580
- RESERVED
+CVE-2013-3580 (The TrustGo Antivirus & Mobile Security application before 1.3.6 for ...)
+ TODO: check
CVE-2013-3579 (The Lookout Mobile Security application before 8.17-8a39d3f for ...)
NOT-FOR-US: Lookout Mobile Security application for Android
CVE-2013-3578 (SQL injection vulnerability in the Help Desk application in Wave ...)
@@ -3405,8 +3410,8 @@
RESERVED
CVE-2013-3446
RESERVED
-CVE-2013-3445
- RESERVED
+CVE-2013-3445 (The firewall subsystem in Cisco Identity Services Engine has an ...)
+ TODO: check
CVE-2013-3444
RESERVED
CVE-2013-3443
@@ -3719,8 +3724,8 @@
[squeeze] - automysqlbackup <no-dsa> (Minor issue)
CVE-2013-XXXX [autopostgresqlbackup code injection]
- autopostgresqlbackup 1.0-2 (bug #706095)
-CVE-2013-3300
- RESERVED
+CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 ...)
+ TODO: check
CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...)
NOT-FOR-US: RealPlayer
CVE-2013-3298
@@ -4318,8 +4323,8 @@
NOT-FOR-US: IBM AIX
CVE-2013-3034
RESERVED
-CVE-2013-3033
- RESERVED
+CVE-2013-3033 (SQL injection vulnerability in the server component in IBM Tivoli ...)
+ TODO: check
CVE-2013-3032
RESERVED
CVE-2013-3031
@@ -6033,12 +6038,12 @@
NOT-FOR-US: TIBCO Spotfire Web Player
CVE-2013-2371 (The Web API in the Statistics Server in TIBCO Spotfire Statistics ...)
NOT-FOR-US: TIBCO Spotfire Statistics
-CVE-2013-2370
- RESERVED
-CVE-2013-2369
- RESERVED
-CVE-2013-2368
- RESERVED
+CVE-2013-2370 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
+CVE-2013-2369 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
+CVE-2013-2368 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
+ TODO: check
CVE-2013-2367
RESERVED
CVE-2013-2366
@@ -6317,27 +6322,22 @@
CVE-2013-2247 [Access bypass]
RESERVED
NOT-FOR-US: Fast Permissions Administration Drupal contributed module
-CVE-2013-2246
- RESERVED
+CVE-2013-2246 (mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, ...)
- moodle 2.5.1-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: https://moodle.org/mod/forum/discuss.php?d=232503
-CVE-2013-2245
- RESERVED
+CVE-2013-2245 (rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x ...)
- moodle 2.5.1-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: https://moodle.org/mod/forum/discuss.php?d=232502
-CVE-2013-2244
- RESERVED
+CVE-2013-2244 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- moodle <not-affected> (Only affects 2.4.x and 2.5.x)
NOTE: https://moodle.org/mod/forum/discuss.php?d=232501
-CVE-2013-2243
- RESERVED
+CVE-2013-2243 (mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x ...)
- moodle 2.5.1-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: https://moodle.org/mod/forum/discuss.php?d=232500
-CVE-2013-2242
- RESERVED
+CVE-2013-2242 (mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before ...)
- moodle 2.5.1-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: https://moodle.org/mod/forum/discuss.php?d=232498
@@ -40141,8 +40141,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922
CVE-2011-1484 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as ...)
NOT-FOR-US: JBoss Seam
-CVE-2011-1483
- RESERVED
+CVE-2011-1483 (wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise ...)
NOT-FOR-US: JBoss Enterprise Web Platform
CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: PHP-Nuke
More information about the Secure-testing-commits
mailing list