[Secure-testing-commits] r21774 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Mar 28 21:14:31 UTC 2013
Author: joeyh
Date: 2013-03-28 21:14:31 +0000 (Thu, 28 Mar 2013)
New Revision: 21774
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-28 16:15:29 UTC (rev 21773)
+++ data/CVE/list 2013-03-28 21:14:31 UTC (rev 21774)
@@ -1,3 +1,15 @@
+CVE-2013-2716
+ RESERVED
+CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the ...)
+ TODO: check
+CVE-2013-2714
+ RESERVED
+CVE-2013-2713
+ RESERVED
+CVE-2013-2712
+ RESERVED
+CVE-2013-2711
+ RESERVED
CVE-2013-XXXX [roundcube variable overwrite]
- roundcube 0.7.2-9
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
@@ -966,8 +978,8 @@
RESERVED
CVE-2013-2301
RESERVED
-CVE-2013-2300
- RESERVED
+CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier ...)
+ TODO: check
CVE-2013-2299
RESERVED
CVE-2013-2298
@@ -1815,8 +1827,8 @@
- python-pip <not-affected>
[squeeze] - python-pip <not-affected>
NOTE: https://github.com/pypa/pip/pull/780/files
-CVE-2013-1887
- RESERVED
+CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
+ TODO: check
CVE-2013-1886
RESERVED
CVE-2013-1885
@@ -1895,14 +1907,15 @@
CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in ...)
- linux 3.2.41-1
- linux-2.6 <removed>
-CVE-2013-1859
- RESERVED
+CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...)
+ TODO: check
CVE-2013-1858 [linux: CLONE_NEWUSER|CLONE_FS root exploit]
RESERVED
- linux <not-affected> (Only exploitable starting with 3.7)
- linux-2.6 <not-affected> (Only exploitable starting with 3.7)
NOTE: http://stealth.openwall.net/xSports/clown-newuser.c
CVE-2013-1857 (The sanitize helper in ...)
+ {DSA-2655-1}
- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
- ruby-actionpack-2.3 2.3.14-5
- rails 2.3.14.1
@@ -1913,11 +1926,13 @@
- rails <not-affected> (Only affects 3.x and later)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1855 (The sanitize_css method in ...)
+ {DSA-2655-1}
- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
- ruby-actionpack-2.3 2.3.14-5
- rails 2.3.14.1
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, ...)
+ {DSA-2655-1}
- ruby-activerecord-3.2 3.2.6-5 (bug #703348)
- ruby-activerecord-2.3 2.3.14-6
- ruby-activesupport-2.3 2.3.14-7
@@ -2134,35 +2149,25 @@
CVE-2013-1788 [invalid memory issues]
RESERVED
- poppler 0.18.4-6 (low; bug #702071)
-CVE-2013-1787
- RESERVED
+CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1786
- RESERVED
+CVE-2013-1786 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1785
- RESERVED
+CVE-2013-1785 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1784
- RESERVED
+CVE-2013-1784 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1783
- RESERVED
+CVE-2013-1783 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1782
- RESERVED
+CVE-2013-1782 (Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1781
- RESERVED
+CVE-2013-1781 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1780
- RESERVED
+CVE-2013-1780 (Cross-site scripting (XSS) vulnerability in the Best Responsive Theme ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1779
- RESERVED
+CVE-2013-1779 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
NOT-FOR-US: Drupal addon
-CVE-2013-1778
- RESERVED
+CVE-2013-1778 (Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x ...)
NOT-FOR-US: Drupal addon
CVE-2013-1777
RESERVED
@@ -4116,38 +4121,27 @@
NOT-FOR-US: EMC AlphaStor
CVE-2013-0927
RESERVED
-CVE-2013-0926
- RESERVED
+CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active ...)
- chromium-browser <unfixed>
-CVE-2013-0925
- RESERVED
+CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ...)
- chromium-browser <unfixed>
-CVE-2013-0924
- RESERVED
+CVE-2013-0924 (The extension functionality in Google Chrome before 26.0.1410.43 does ...)
- chromium-browser <unfixed>
-CVE-2013-0923
- RESERVED
+CVE-2013-0923 (The USB Apps API in Google Chrome before 26.0.1410.43 allows remote ...)
- chromium-browser <unfixed>
-CVE-2013-0922
- RESERVED
+CVE-2013-0922 (Google Chrome before 26.0.1410.43 does not properly restrict ...)
- chromium-browser <unfixed>
-CVE-2013-0921
- RESERVED
+CVE-2013-0921 (The Isolated Sites feature in Google Chrome before 26.0.1410.43 does ...)
- chromium-browser <unfixed>
-CVE-2013-0920
- RESERVED
+CVE-2013-0920 (Use-after-free vulnerability in the extension bookmarks API in Google ...)
- chromium-browser <unfixed>
-CVE-2013-0919
- RESERVED
+CVE-2013-0919 (Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on ...)
- chromium-browser <unfixed>
-CVE-2013-0918
- RESERVED
+CVE-2013-0918 (Google Chrome before 26.0.1410.43 does not prevent navigation to ...)
- chromium-browser <unfixed>
-CVE-2013-0917
- RESERVED
+CVE-2013-0917 (The URL loader in Google Chrome before 26.0.1410.43 allows remote ...)
- chromium-browser <unfixed>
-CVE-2013-0916
- RESERVED
+CVE-2013-0916 (Use-after-free vulnerability in the Web Audio implementation in Google ...)
- chromium-browser <unfixed>
CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows ...)
NOT-FOR-US: Overflow in Chrome-specific libs
@@ -4710,12 +4704,12 @@
RESERVED
CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress ...)
NOT-FOR-US: WordPress plugin
-CVE-2013-0720
- RESERVED
-CVE-2013-0719
- RESERVED
-CVE-2013-0718
- RESERVED
+CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions ...)
+ TODO: check
+CVE-2013-0719 (The ArtIME Japanese Input application 1.1.2 and earlier for Android ...)
+ TODO: check
+CVE-2013-0718 (The Simeji application 4.8.1 and earlier for Android uses weak ...)
+ TODO: check
CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: NEC Aterm routers
CVE-2013-0716 (The web server in Wind River VxWorks 5.5 through 6.9 allows remote ...)
@@ -5668,7 +5662,7 @@
NOT-FOR-US: Sun Storage Common Array Manager
CVE-2013-0416
RESERVED
-CVE-2013-0415 (Unspecified vulnerability Oracle Sun Solaris 10 allows local users to ...)
+CVE-2013-0415 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
NOT-FOR-US: Solaris
CVE-2013-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
NOT-FOR-US: Solaris
@@ -5889,35 +5883,25 @@
RESERVED
- nova <unfixed> (low)
[wheezy] - nova <no-dsa> (Minor issue)
-CVE-2013-0325
- RESERVED
+CVE-2013-0325 (Multiple cross-site scripting (XSS) vulnerabilities in the Varnish ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0324
- RESERVED
+CVE-2013-0324 (Cross-site scripting (XSS) vulnerability in the Rendered links ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0323
- RESERVED
+CVE-2013-0323 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0322
- RESERVED
+CVE-2013-0322 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0321
- RESERVED
+CVE-2013-0321 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0320
- RESERVED
+CVE-2013-0320 (Cross-site request forgery (CSRF) vulnerability in the Taxonomy ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0319
- RESERVED
+CVE-2013-0319 (Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0318
- RESERVED
+CVE-2013-0318 (The admin page in the Banckle Chat module for Drupal does not properly ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0317
- RESERVED
+CVE-2013-0317 (Cross-site scripting (XSS) vulnerability in the Manager Change for ...)
NOT-FOR-US: Drupal addon
-CVE-2013-0316
- RESERVED
+CVE-2013-0316 (The Image module in Drupal 7.x before 7.20 allows remote attackers to ...)
- drupal7 7.14-2 (bug #701165)
- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2013-0315
@@ -6109,14 +6093,14 @@
NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30
CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in ...)
NOT-FOR-US: Openstack Packstack
-CVE-2013-0260
- RESERVED
-CVE-2013-0259
- RESERVED
-CVE-2013-0258
- RESERVED
-CVE-2013-0257
- RESERVED
+CVE-2013-0260 (Unspecified vulnerability in the Drush Debian Packaging module for ...)
+ TODO: check
+CVE-2013-0259 (Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x ...)
+ TODO: check
+CVE-2013-0258 (The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 ...)
+ TODO: check
+CVE-2013-0257 (The email2image module 6.x-1.x and 6.x-2.x for Drupal does not ...)
+ TODO: check
CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before ...)
- ruby1.9.1 1.9.3.194-6 (low; bug #699929)
- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
@@ -6365,10 +6349,10 @@
CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...)
- ruby-rack 1.4.1-2.1 (bug #698440)
- librack-ruby <removed>
-CVE-2013-0182
- RESERVED
-CVE-2013-0181
- RESERVED
+CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
+ TODO: check
+CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API ...)
+ TODO: check
CVE-2013-0180
RESERVED
CVE-2013-0179 [memcached DoS]
@@ -14387,10 +14371,12 @@
- gnome-keyring 3.4.1-5 (bug #683655)
[squeeze] - gnome-keyring <not-affected> (Only affects gnome-keyring 3.4.x)
CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in ...)
+ {DSA-2655-1}
- rails 2.3.14.1 (low)
- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in ...)
+ {DSA-2655-1}
- rails 2.3.14.1 (low)
- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
NOTE: Starting with 2.3.14.1 rails is a transition package
@@ -29389,6 +29375,7 @@
RESERVED
NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
+ {DSA-2655-1}
- rails 2.3.14
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
{DSA-2301-1}
More information about the Secure-testing-commits
mailing list