[Secure-testing-commits] r23154 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Jul 31 21:14:21 UTC 2013
Author: joeyh
Date: 2013-07-31 21:14:21 +0000 (Wed, 31 Jul 2013)
New Revision: 23154
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-31 18:29:12 UTC (rev 23153)
+++ data/CVE/list 2013-07-31 21:14:21 UTC (rev 23154)
@@ -1,3 +1,9 @@
+CVE-2013-5020 (Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in ...)
+ TODO: check
+CVE-2013-5019 (Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote ...)
+ TODO: check
+CVE-2013-5018
+ RESERVED
CVE-2013-5017
RESERVED
CVE-2013-5016
@@ -20,8 +26,8 @@
RESERVED
CVE-2013-5007
RESERVED
-CVE-2013-5006
- RESERVED
+CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750 with ...)
+ TODO: check
CVE-2013-5005
RESERVED
CVE-2013-5004
@@ -145,37 +151,28 @@
CVE-2013-4938 (The LTI (aka IMS-LTI) mod_form implementation in Moodle through ...)
- moodle 2.5.1-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-4995 [http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php]
- RESERVED
+CVE-2013-4995 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before ...)
- phpmyadmin 4:4.0.4.2-1 (low)
-CVE-2013-4996 [PMASA-2013-9, PMASA-2013-11]
- RESERVED
+CVE-2013-4996 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.0.4.2-1
-CVE-2013-4997 [PMASA-2013-9]
- RESERVED
+CVE-2013-4997 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.0.4.2-1
-CVE-2013-4998 [PMASA-2013-12]
- RESERVED
+CVE-2013-4998 (phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote ...)
- phpmyadmin 4:4.0.4.2-1 (unimportant)
NOTE: Full path disclosure irrelevant in Debian packages
-CVE-2013-4999 [PMASA-2013-12]
- RESERVED
+CVE-2013-4999 (phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain ...)
- phpmyadmin 4:4.0.4.2-1 (unimportant)
NOTE: Full path disclosure irrelevant in Debian packages
-CVE-2013-5000 [PMASA-2013-12]
- RESERVED
+CVE-2013-5000 (phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain ...)
- phpmyadmin 4:4.0.4.2-1 (unimportant)
NOTE: Full path disclosure irrelevant in Debian packages
-CVE-2013-5001 [PMASA-2013-13]
- RESERVED
+CVE-2013-5001 (Cross-site scripting (XSS) vulnerability in ...)
- phpmyadmin 4:4.0.4.2-1 (low)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2013-5002 [PMASA-2013-14]
- RESERVED
+CVE-2013-5002 (Cross-site scripting (XSS) vulnerability in ...)
- phpmyadmin 4:4.0.4.2-1 (low)
-CVE-2013-5003 [PMASA-2013-15]
- RESERVED
+CVE-2013-5003 (Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before ...)
- phpmyadmin 4:4.0.4.2-1
CVE-2013-4937 (Multiple unspecified vulnerabilities in the AiCloud feature on the ...)
NOT-FOR-US: Asus firmware
@@ -735,8 +732,8 @@
RESERVED
CVE-2013-4698
RESERVED
-CVE-2013-4697
- RESERVED
+CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop ...)
+ TODO: check
CVE-2013-4695
RESERVED
CVE-2013-4694
@@ -779,8 +776,8 @@
RESERVED
CVE-2013-4675
RESERVED
-CVE-2013-4674
- RESERVED
+CVE-2013-4674 (Cross-site scripting (XSS) vulnerability in the Web Email Protection ...)
+ TODO: check
CVE-2013-4673
RESERVED
CVE-2013-4672
@@ -1873,8 +1870,7 @@
NOTE: Debian package applied already the more complete fix, see #659899
CVE-2013-4157
RESERVED
-CVE-2013-4156 [OpenOffice DOCM Memory Corruption Vulnerability]
- RESERVED
+CVE-2013-4156 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...)
- libreoffice 1:4.1.0-1 (unimportant)
- openoffice.org <removed> (unimportant)
NOTE: Harmless crash
@@ -1960,8 +1956,7 @@
NOTE: https://git.reviewboard.kde.org/r/111261/
NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
NOTE: only relevant with eglibc >= 2.17.
-CVE-2013-4131
- RESERVED
+CVE-2013-4131 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
- subversion <unfixed> (bug #717794)
[squeeze] - subversion <not-affected> (Only affects >= 1.7)
[wheezy] - subversion <not-affected> (Only affects >= 1.7)
@@ -2412,8 +2407,8 @@
NOT-FOR-US: Siemens WinCC
CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web Navigator ...)
NOT-FOR-US: Siemens WinCC
-CVE-2013-3956
- RESERVED
+CVE-2013-3956 (The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on ...)
+ TODO: check
CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x ...)
NOT-FOR-US: Apple iOS
CVE-2013-3954 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...)
@@ -2990,8 +2985,8 @@
RESERVED
CVE-2013-3698
RESERVED
-CVE-2013-3697
- RESERVED
+CVE-2013-3697 (Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell ...)
+ TODO: check
CVE-2013-3696
RESERVED
CVE-2013-3695
@@ -3601,8 +3596,8 @@
RESERVED
CVE-2013-3426 (The Serviceability servlet on Cisco 9900 IP phones does not properly ...)
NOT-FOR-US: Cisco
-CVE-2013-3425
- RESERVED
+CVE-2013-3425 (The Meeting Center component in Cisco WebEx 11 generates different ...)
+ TODO: check
CVE-2013-3424 (Cross-site request forgery (CSRF) vulnerability in Administration and ...)
NOT-FOR-US: Cisco
CVE-2013-3423 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
@@ -4769,23 +4764,17 @@
RESERVED
CVE-2013-2887
RESERVED
-CVE-2013-2886
- RESERVED
+CVE-2013-2886 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 28.0.1500.95-1
-CVE-2013-2885
- RESERVED
+CVE-2013-2885 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 ...)
- chromium-browser 28.0.1500.95-1
-CVE-2013-2884
- RESERVED
+CVE-2013-2884 (Use-after-free vulnerability in the DOM implementation in Google ...)
- chromium-browser 28.0.1500.95-1
-CVE-2013-2883
- RESERVED
+CVE-2013-2883 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 ...)
- chromium-browser 28.0.1500.95-1
-CVE-2013-2882
- RESERVED
+CVE-2013-2882 (Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...)
- chromium-browser 28.0.1500.95-1
-CVE-2013-2881
- RESERVED
+CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, ...)
- chromium-browser 28.0.1500.95-1
CVE-2013-2880 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2724-1}
@@ -5057,8 +5046,8 @@
RESERVED
CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 ...)
NOT-FOR-US: Alstom Grid MiCOM S1
-CVE-2013-2785
- RESERVED
+CVE-2013-2785 (Multiple buffer overflows in CimWebServer.exe in the WebView component ...)
+ TODO: check
CVE-2013-2784 (Triangle Research International (aka Tri) Nano-10 PLC devices with ...)
NOT-FOR-US: Triangle Research International
CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers ...)
@@ -5401,8 +5390,8 @@
- libv8 <unfixed>
CVE-2013-2631
RESERVED
-CVE-2013-2630
- RESERVED
+CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager ...)
+ TODO: check
CVE-2013-2629
RESERVED
CVE-2013-2628
@@ -6201,8 +6190,8 @@
TODO: check
CVE-2013-2368 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
TODO: check
-CVE-2013-2367
- RESERVED
+CVE-2013-2367 (Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, ...)
+ TODO: check
CVE-2013-2366
RESERVED
CVE-2013-2365 (HP Database and Middleware Automation (DMA) 10.x before 10.10, when ...)
@@ -6575,13 +6564,11 @@
- libzrtpcpp 2.3.4-1 (bug #714650)
[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
-CVE-2013-2220 [radius_get_vendor_attr vendor specific attributes size checks]
- RESERVED
+CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius ...)
{DSA-2726-1}
- php-radius 1.2.5-2.4 (bug #714362)
NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
-CVE-2013-2219 [ACLs inoperative in some search scenarios]
- RESERVED
+CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...)
- 389-ds-base <unfixed> (bug #718325)
CVE-2013-2218 [crash when listing network interfaces with filters]
RESERVED
@@ -6621,8 +6608,7 @@
{DSA-2717-1}
- xml-security-c 1.6.1-7 (bug #714241)
NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
-CVE-2013-2209
- RESERVED
+CVE-2013-2209 (Cross-site scripting (XSS) vulnerability in the auto-complete widget ...)
NOT-FOR-US: Reviewboard (this was once in experimental, but removed later on)
CVE-2013-2208 [arbitrary code execution when processing untrusted TPP template]
RESERVED
@@ -6688,8 +6674,7 @@
[wheezy] - clutter-1.0 <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701974
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=954054
-CVE-2013-2189 [OpenOffice DOC Memory Corruption Vulnerability]
- RESERVED
+CVE-2013-2189 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...)
- libreoffice 1:3.4.3-1
- openoffice.org <removed>
CVE-2013-2188 (A certain Red Hat patch to the do_filp_open function in fs/namei.c in ...)
@@ -6738,8 +6723,7 @@
RESERVED
{DSA-2711-1}
- haproxy 1.4.24-1
-CVE-2013-2174 [URL decode buffer boundary flaw]
- RESERVED
+CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in ...)
{DSA-2713-1}
- curl 7.31.0-1
CVE-2013-2173 (wp-includes/class-phpass.php in WordPress 3.5.1, when a ...)
@@ -6934,8 +6918,7 @@
NOT-FOR-US: Node access user reference Drupal contributed module
CVE-2013-2122 (The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not ...)
NOT-FOR-US: Edit Limit Drupal contributed module
-CVE-2013-2121
- RESERVED
+CVE-2013-2121 (Eval injection vulnerability in the create method in the Bookmarks ...)
- foreman <itp> (bug #663101)
CVE-2013-2120 [weak generated passwords]
RESERVED
@@ -6963,11 +6946,9 @@
- mediawiki 1:1.19.7+dfsg-1
[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
[wheezy] - mediawiki <no-dsa> (Minor issue)
-CVE-2013-2113
- RESERVED
+CVE-2013-2113 (The create method in app/controllers/users_controller.rb in Foreman ...)
- foreman <itp> (bug #663101)
-CVE-2013-2112
- RESERVED
+CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before ...)
{DSA-2703-1}
- subversion 1.7.9-1+nmu2 (bug #711033)
NOTE: http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
@@ -7071,8 +7052,7 @@
CVE-2013-2089 [owncloud: oC-SA-2013-026]
RESERVED
- owncloud <not-affected> (Only affects 5.0.x)
-CVE-2013-2088
- RESERVED
+CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...)
- subversion <unfixed> (unimportant)
NOTE: Both affected tools not installed into the binary packages
CVE-2013-2087 [gallery: multiple xss]
@@ -7192,8 +7172,7 @@
CVE-2013-2057
RESERVED
NOT-FOR-US: YaBB
-CVE-2013-2056
- RESERVED
+CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) ...)
NOT-FOR-US: RHN Satellite
CVE-2013-2055
RESERVED
@@ -7491,8 +7470,7 @@
CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...)
- libxml2 <not-affected> (Affecting only 2.9.x, see bug #705722)
NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
-CVE-2013-1968
- RESERVED
+CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote ...)
{DSA-2703-1}
- subversion 1.7.9-1+nmu2 (bug #711033)
NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
@@ -9344,8 +9322,8 @@
NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
NOT-FOR-US: Adobe Flash Plugin
-CVE-2013-1377
- RESERVED
+CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ...)
+ TODO: check
CVE-2013-1376
RESERVED
NOT-FOR-US: Adobe Reader
@@ -10242,8 +10220,7 @@
NOT-FOR-US: EMC Avamar
CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 ...)
NOT-FOR-US: EMC Avamar
-CVE-2013-0943
- RESERVED
+CVE-2013-0943 (EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain ...)
NOT-FOR-US: EMC
CVE-2013-0942 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication ...)
NOT-FOR-US: EMC RSA Authentication Agent
More information about the Secure-testing-commits
mailing list