[Secure-testing-commits] r24305 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Nov 5 21:14:43 UTC 2013
Author: joeyh
Date: 2013-11-05 21:14:43 +0000 (Tue, 05 Nov 2013)
New Revision: 24305
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-05 16:03:02 UTC (rev 24304)
+++ data/CVE/list 2013-11-05 21:14:43 UTC (rev 24305)
@@ -1,38 +1,581 @@
+CVE-2013-6616
+ RESERVED
+CVE-2013-6615
+ RESERVED
+CVE-2013-6614
+ RESERVED
+CVE-2013-6613
+ RESERVED
+CVE-2013-6612
+ RESERVED
+CVE-2013-6611
+ RESERVED
+CVE-2013-6610
+ RESERVED
+CVE-2013-6609
+ RESERVED
+CVE-2013-6608
+ RESERVED
+CVE-2013-6607
+ RESERVED
+CVE-2013-6606
+ RESERVED
+CVE-2013-6605
+ RESERVED
+CVE-2013-6604
+ RESERVED
+CVE-2013-6603
+ RESERVED
+CVE-2013-6602
+ RESERVED
+CVE-2013-6601
+ RESERVED
+CVE-2013-6600
+ RESERVED
+CVE-2013-6599
+ RESERVED
+CVE-2013-6598
+ RESERVED
+CVE-2013-6597
+ RESERVED
+CVE-2013-6596
+ RESERVED
+CVE-2013-6595
+ RESERVED
+CVE-2013-6594
+ RESERVED
+CVE-2013-6593
+ RESERVED
+CVE-2013-6592
+ RESERVED
+CVE-2013-6591
+ RESERVED
+CVE-2013-6590
+ RESERVED
+CVE-2013-6589
+ RESERVED
+CVE-2013-6588
+ RESERVED
+CVE-2013-6587
+ RESERVED
+CVE-2013-6586
+ RESERVED
+CVE-2013-6585
+ RESERVED
+CVE-2013-6584
+ RESERVED
+CVE-2013-6583
+ RESERVED
+CVE-2013-6582
+ RESERVED
+CVE-2013-6581
+ RESERVED
+CVE-2013-6580
+ RESERVED
+CVE-2013-6579
+ RESERVED
+CVE-2013-6578
+ RESERVED
+CVE-2013-6577
+ RESERVED
+CVE-2013-6576
+ RESERVED
+CVE-2013-6575
+ RESERVED
+CVE-2013-6574
+ RESERVED
+CVE-2013-6573
+ RESERVED
+CVE-2013-6572
+ RESERVED
+CVE-2013-6571
+ RESERVED
+CVE-2013-6570
+ RESERVED
+CVE-2013-6569
+ RESERVED
+CVE-2013-6568
+ RESERVED
+CVE-2013-6567
+ RESERVED
+CVE-2013-6566
+ RESERVED
+CVE-2013-6565
+ RESERVED
+CVE-2013-6564
+ RESERVED
+CVE-2013-6563
+ RESERVED
+CVE-2013-6562
+ RESERVED
+CVE-2013-6561
+ RESERVED
+CVE-2013-6560
+ RESERVED
+CVE-2013-6559
+ RESERVED
+CVE-2013-6558
+ RESERVED
+CVE-2013-6557
+ RESERVED
+CVE-2013-6556
+ RESERVED
+CVE-2013-6555
+ RESERVED
+CVE-2013-6554
+ RESERVED
+CVE-2013-6553
+ RESERVED
+CVE-2013-6552
+ RESERVED
+CVE-2013-6551
+ RESERVED
+CVE-2013-6550
+ RESERVED
+CVE-2013-6549
+ RESERVED
+CVE-2013-6548
+ RESERVED
+CVE-2013-6547
+ RESERVED
+CVE-2013-6546
+ RESERVED
+CVE-2013-6545
+ RESERVED
+CVE-2013-6544
+ RESERVED
+CVE-2013-6543
+ RESERVED
+CVE-2013-6542
+ RESERVED
+CVE-2013-6541
+ RESERVED
+CVE-2013-6540
+ RESERVED
+CVE-2013-6539
+ RESERVED
+CVE-2013-6538
+ RESERVED
+CVE-2013-6537
+ RESERVED
+CVE-2013-6536
+ RESERVED
+CVE-2013-6535
+ RESERVED
+CVE-2013-6534
+ RESERVED
+CVE-2013-6533
+ RESERVED
+CVE-2013-6532
+ RESERVED
+CVE-2013-6531
+ RESERVED
+CVE-2013-6530
+ RESERVED
+CVE-2013-6529
+ RESERVED
+CVE-2013-6528
+ RESERVED
+CVE-2013-6527
+ RESERVED
+CVE-2013-6526
+ RESERVED
+CVE-2013-6525
+ RESERVED
+CVE-2013-6524
+ RESERVED
+CVE-2013-6523
+ RESERVED
+CVE-2013-6522
+ RESERVED
+CVE-2013-6521
+ RESERVED
+CVE-2013-6520
+ RESERVED
+CVE-2013-6519
+ RESERVED
+CVE-2013-6518
+ RESERVED
+CVE-2013-6517
+ RESERVED
+CVE-2013-6516
+ RESERVED
+CVE-2013-6515
+ RESERVED
+CVE-2013-6514
+ RESERVED
+CVE-2013-6513
+ RESERVED
+CVE-2013-6512
+ RESERVED
+CVE-2013-6511
+ RESERVED
+CVE-2013-6510
+ RESERVED
+CVE-2013-6509
+ RESERVED
+CVE-2013-6508
+ RESERVED
+CVE-2013-6507
+ RESERVED
+CVE-2013-6506
+ RESERVED
+CVE-2013-6505
+ RESERVED
+CVE-2013-6504
+ RESERVED
+CVE-2013-6503
+ RESERVED
+CVE-2013-6502
+ RESERVED
+CVE-2013-6501
+ RESERVED
+CVE-2013-6500
+ RESERVED
+CVE-2013-6499
+ RESERVED
+CVE-2013-6498
+ RESERVED
+CVE-2013-6497
+ RESERVED
+CVE-2013-6496
+ RESERVED
+CVE-2013-6495
+ RESERVED
+CVE-2013-6494
+ RESERVED
+CVE-2013-6493
+ RESERVED
+CVE-2013-6492
+ RESERVED
+CVE-2013-6491
+ RESERVED
+CVE-2013-6490
+ RESERVED
+CVE-2013-6489
+ RESERVED
+CVE-2013-6488
+ RESERVED
+CVE-2013-6487
+ RESERVED
+CVE-2013-6486
+ RESERVED
+CVE-2013-6485
+ RESERVED
+CVE-2013-6484
+ RESERVED
+CVE-2013-6483
+ RESERVED
+CVE-2013-6482
+ RESERVED
+CVE-2013-6481
+ RESERVED
+CVE-2013-6480
+ RESERVED
+CVE-2013-6479
+ RESERVED
+CVE-2013-6478
+ RESERVED
+CVE-2013-6477
+ RESERVED
+CVE-2013-6476
+ RESERVED
+CVE-2013-6475
+ RESERVED
+CVE-2013-6474
+ RESERVED
+CVE-2013-6473
+ RESERVED
+CVE-2013-6472
+ RESERVED
+CVE-2013-6471
+ RESERVED
+CVE-2013-6470
+ RESERVED
+CVE-2013-6469
+ RESERVED
+CVE-2013-6468
+ RESERVED
+CVE-2013-6467
+ RESERVED
+CVE-2013-6466
+ RESERVED
+CVE-2013-6465
+ RESERVED
+CVE-2013-6464
+ RESERVED
+CVE-2013-6463
+ RESERVED
+CVE-2013-6462
+ RESERVED
+CVE-2013-6461
+ RESERVED
+CVE-2013-6460
+ RESERVED
+CVE-2013-6459
+ RESERVED
+CVE-2013-6458
+ RESERVED
+CVE-2013-6457
+ RESERVED
+CVE-2013-6456
+ RESERVED
+CVE-2013-6455
+ RESERVED
+CVE-2013-6454
+ RESERVED
+CVE-2013-6453
+ RESERVED
+CVE-2013-6452
+ RESERVED
+CVE-2013-6451
+ RESERVED
+CVE-2013-6450
+ RESERVED
+CVE-2013-6449
+ RESERVED
+CVE-2013-6448
+ RESERVED
+CVE-2013-6447
+ RESERVED
+CVE-2013-6446
+ RESERVED
+CVE-2013-6445
+ RESERVED
+CVE-2013-6444
+ RESERVED
+CVE-2013-6443
+ RESERVED
+CVE-2013-6442
+ RESERVED
+CVE-2013-6441
+ RESERVED
+CVE-2013-6440
+ RESERVED
+CVE-2013-6439
+ RESERVED
+CVE-2013-6438
+ RESERVED
+CVE-2013-6437
+ RESERVED
+CVE-2013-6436
+ RESERVED
+CVE-2013-6435
+ RESERVED
+CVE-2013-6434
+ RESERVED
+CVE-2013-6433
+ RESERVED
+CVE-2013-6432
+ RESERVED
+CVE-2013-6431
+ RESERVED
+CVE-2013-6430
+ RESERVED
+CVE-2013-6429
+ RESERVED
+CVE-2013-6428
+ RESERVED
+CVE-2013-6427
+ RESERVED
+CVE-2013-6426
+ RESERVED
+CVE-2013-6425
+ RESERVED
+CVE-2013-6424
+ RESERVED
+CVE-2013-6423
+ RESERVED
+CVE-2013-6422
+ RESERVED
+CVE-2013-6421
+ RESERVED
+CVE-2013-6420
+ RESERVED
+CVE-2013-6419
+ RESERVED
+CVE-2013-6418
+ RESERVED
+CVE-2013-6417
+ RESERVED
+CVE-2013-6416
+ RESERVED
+CVE-2013-6415
+ RESERVED
+CVE-2013-6414
+ RESERVED
+CVE-2013-6413
+ RESERVED
+CVE-2013-6412
+ RESERVED
+CVE-2013-6411
+ RESERVED
+CVE-2013-6410
+ RESERVED
+CVE-2013-6409
+ RESERVED
+CVE-2013-6408
+ RESERVED
+CVE-2013-6407
+ RESERVED
+CVE-2013-6406
+ RESERVED
+CVE-2013-6405
+ RESERVED
+CVE-2013-6404
+ RESERVED
+CVE-2013-6403
+ RESERVED
+CVE-2013-6402
+ RESERVED
+CVE-2013-6401
+ RESERVED
+CVE-2013-6400
+ RESERVED
+CVE-2013-6399
+ RESERVED
+CVE-2013-6398
+ RESERVED
+CVE-2013-6397
+ RESERVED
+CVE-2013-6396
+ RESERVED
+CVE-2013-6395
+ RESERVED
+CVE-2013-6394
+ RESERVED
+CVE-2013-6393
+ RESERVED
+CVE-2013-6392
+ RESERVED
+CVE-2013-6391
+ RESERVED
+CVE-2013-6390
+ RESERVED
+CVE-2013-6389
+ RESERVED
+CVE-2013-6388
+ RESERVED
+CVE-2013-6387
+ RESERVED
+CVE-2013-6386
+ RESERVED
+CVE-2013-6385
+ RESERVED
+CVE-2013-6384
+ RESERVED
+CVE-2013-6383
+ RESERVED
+CVE-2013-6382
+ RESERVED
+CVE-2013-6381
+ RESERVED
+CVE-2013-6380
+ RESERVED
+CVE-2013-6379
+ RESERVED
+CVE-2013-6378
+ RESERVED
+CVE-2013-6377
+ RESERVED
+CVE-2013-6376
+ RESERVED
+CVE-2013-6375
+ RESERVED
+CVE-2013-6374
+ RESERVED
+CVE-2013-6373
+ RESERVED
+CVE-2013-6372
+ RESERVED
+CVE-2013-6371
+ RESERVED
+CVE-2013-6370
+ RESERVED
+CVE-2013-6369
+ RESERVED
+CVE-2013-6368
+ RESERVED
+CVE-2013-6367
+ RESERVED
+CVE-2013-6363
+ RESERVED
+CVE-2013-6362
+ RESERVED
+CVE-2013-6361
+ RESERVED
+CVE-2013-6360
+ RESERVED
+CVE-2013-6359
+ RESERVED
+CVE-2013-6358
+ RESERVED
+CVE-2013-6357
+ RESERVED
+CVE-2013-6356
+ RESERVED
+CVE-2013-6355
+ RESERVED
+CVE-2013-6354
+ RESERVED
+CVE-2013-6353
+ RESERVED
+CVE-2013-6352
+ RESERVED
+CVE-2013-6351
+ RESERVED
+CVE-2013-6350
+ RESERVED
+CVE-2013-6349 (McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 ...)
+ TODO: check
+CVE-2013-6348 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
+ TODO: check
+CVE-2013-6347 (Session fixation vulnerability in Novell ZENworks Configuration ...)
+ TODO: check
+CVE-2013-6346 (Cross-site request forgery (CSRF) vulnerability in the ZCC page in ...)
+ TODO: check
+CVE-2013-6345 (Unspecified vulnerability in the ZCC page in Novell ZENworks ...)
+ TODO: check
+CVE-2013-6344 (The ZCC page in Novell ZENworks Configuration Management (ZCM) before ...)
+ TODO: check
+CVE-2013-6343
+ RESERVED
+CVE-2013-6342
+ RESERVED
+CVE-2013-6341
+ RESERVED
CVE-2004-XXXX [base-passwd: sets valid shells for system services]
- bass-passwd <unfixed> (low; bug #274229)
-CVE-2013-6366
+CVE-2013-6366 (The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote ...)
NOT-FOR-US: VMware Hyperic HQ
CVE-2013-6365 [CSRF edit.php]
+ RESERVED
- php-horde <unfixed>
- horde3 <removed>
TODO: check
CVE-2013-6364 [XSS and CSRF search.php]
+ RESERVED
- php-horde <unfixed>
- turba2 <removed>
TODO: check
-CVE-2013-6340 [TCP dissector crash]
- RESERVED
+CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x ...)
{DSA-2792-1}
- wireshark 1.10.3-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263
-CVE-2013-6339 [OpenWire dissector could go into a large loop]
- RESERVED
+CVE-2013-6339 (The dissect_openwire_type function in ...)
- wireshark 1.10.3-1
[squeeze] - wireshark <not-affected> (OpenWire dissector introduced in 1.8.0)
-CVE-2013-6338 [SIP dissector could crash]
- RESERVED
+CVE-2013-6338 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...)
{DSA-2792-1}
- wireshark 1.10.3-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228
-CVE-2013-6337 [NBAP dissector could crash]
- RESERVED
+CVE-2013-6337 (Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x ...)
{DSA-2792-1}
- wireshark 1.10.3-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 not accessible
-CVE-2013-6336 [IEEE 802.15.4 dissector could crash]
- RESERVED
+CVE-2013-6336 (The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c ...)
{DSA-2792-1}
- wireshark 1.10.3-1
[squeeze] - wireshark <not-affected> (code introduced in 1.6.0)
@@ -483,14 +1026,14 @@
RESERVED
CVE-2013-6115
RESERVED
-CVE-2013-6114
- RESERVED
+CVE-2013-6114 (Integer overflow in the OZDocument::parseElement function in Apple ...)
+ TODO: check
CVE-2013-6113
RESERVED
CVE-2013-6112
RESERVED
-CVE-2013-6111
- RESERVED
+CVE-2013-6111 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
+ TODO: check
CVE-2013-6110
RESERVED
CVE-2013-6109
@@ -559,13 +1102,11 @@
RESERVED
CVE-2013-6077
RESERVED
-CVE-2013-6076 [remote denial of service in IKEv1 code]
- RESERVED
+CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a ...)
- strongswan 5.1.0-3
[squeeze] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
[wheezy] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
-CVE-2013-6075 [remote denial of service and authorization bypass]
- RESERVED
+CVE-2013-6075 (The compare_dn function in utils/identification.c in strongSwan 4.3.3 ...)
{DSA-2789-1}
- strongswan 5.1.0-3
CVE-2013-6074
@@ -690,8 +1231,8 @@
NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6024
RESERVED
-CVE-2013-6023
- RESERVED
+CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with ...)
+ TODO: check
CVE-2013-6022
RESERVED
CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 ...)
@@ -784,8 +1325,8 @@
NOT-FOR-US: Xibo
CVE-2013-5978
RESERVED
-CVE-2013-5977
- RESERVED
+CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php ...)
+ TODO: check
CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout ...)
NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 ...)
@@ -1871,20 +2412,18 @@
RESERVED
CVE-2013-5565
RESERVED
-CVE-2013-5564
- RESERVED
+CVE-2013-5564 (The Java process in the Impact server in Cisco Prime Central for ...)
NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution
CVE-2013-5563
RESERVED
NOT-FOR-US: Cisco CS-MARS
CVE-2013-5562
RESERVED
-CVE-2013-5561
- RESERVED
+CVE-2013-5561 (The Safe Search enforcement feature in Cisco Adaptive Security ...)
+ TODO: check
CVE-2013-5560
RESERVED
-CVE-2013-5559
- RESERVED
+CVE-2013-5559 (Buffer overflow in the Active Template Library (ATL) framework in the ...)
NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2013-5558
RESERVED
@@ -3405,20 +3944,17 @@
RESERVED
CVE-2013-4840
RESERVED
-CVE-2013-4839
- RESERVED
-CVE-2013-4838
- RESERVED
+CVE-2013-4839 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
+ TODO: check
+CVE-2013-4838 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
NOT-FOR-US: HP LoadRunner
-CVE-2013-4837
- RESERVED
-CVE-2013-4836
- RESERVED
+CVE-2013-4837 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
+ TODO: check
+CVE-2013-4836 (Unspecified vulnerability in the GossipService SOAP Request ...)
NOT-FOR-US: HP Application LifeCycle Management
-CVE-2013-4835
- RESERVED
-CVE-2013-4834
- RESERVED
+CVE-2013-4835 (Unspecified vulnerability in the issueSiebelCmd SOAP implementation in ...)
+ TODO: check
+CVE-2013-4834 (Unspecified vulnerability in the client component in HP Application ...)
NOT-FOR-US: HP Application LifeCycle Management
CVE-2013-4833 (Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 ...)
NOT-FOR-US: HP
@@ -4227,8 +4763,7 @@
RESERVED
CVE-2013-4495
RESERVED
-CVE-2013-4494 [Lock order reversal between page allocation and grant table locks]
- RESERVED
+CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock ...)
- xen <unfixed>
CVE-2013-4493
RESERVED
@@ -4257,8 +4792,7 @@
CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of ...)
- varnish <unfixed>
NOTE: https://www.varnish-cache.org/trac/ticket/1367
-CVE-2013-4483 [ipc: ipc_rcu_putref refcount races]
- RESERVED
+CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before ...)
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8
@@ -4278,8 +4812,7 @@
- sup-mail <unfixed> (bug #728232)
NOTE: http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
NOTE: https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
-CVE-2013-4477 [OpenStack Keystone: Unintentional role granting with Keystone LDAP backend]
- RESERVED
+CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, ...)
- keystone 2013.2-2 (bug #728233)
NOTE: https://bugs.launchpad.net/keystone/+bug/1242855
CVE-2013-4476
@@ -4303,13 +4836,11 @@
RESERVED
- horizon 2013.2-1
NOTE: https://bugs.launchpad.net/horizon/+bug/1237989
-CVE-2013-4470 [memory corruption with UDP_CORK and UFO]
- RESERVED
+CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is ...)
- linux <unfixed>
- linux-2.6 <removed>
TODO: check
-CVE-2013-4469 [Denial of Service]
- RESERVED
+CVE-2013-4469 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when ...)
- nova <unfixed> (bug #728605)
NOTE: CVE for incomplete fix of CVE-2013-2096
CVE-2013-4468
@@ -4350,8 +4881,7 @@
[squeeze] - eglibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072
-CVE-2013-4457
- RESERVED
+CVE-2013-4457 (The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent ...)
NOT-FOR-US: Cocaine rubygem
CVE-2013-4456
RESERVED
@@ -4385,8 +4915,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
CVE-2013-4448
RESERVED
-CVE-2013-4447
- RESERVED
+CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the Simplenews ...)
NOT-FOR-US: Simplenews Drupal contributed module
CVE-2013-4446
RESERVED
@@ -4483,8 +5012,7 @@
RESERVED
CVE-2013-4417
RESERVED
-CVE-2013-4416 [ocaml xenstored mishandles oversized message replies]
- RESERVED
+CVE-2013-4416 (The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, ...)
- xen <unfixed>
TODO: check if oxenstored is used
CVE-2013-4415
@@ -4531,8 +5059,7 @@
{DSA-2774-1 DSA-2773-1}
- gnupg2 2.0.22-1 (bug #725433)
- gnupg 1.4.15-1 (bug #725439)
-CVE-2013-4401 [unintended API access due to incorrect permissions checks]
- RESERVED
+CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 checks ...)
- libvirt 1.1.4-1 (bug #727101)
[squeeze] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
[wheezy] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
@@ -4720,13 +5247,12 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
CVE-2013-4349 [IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow]
- RESERVED
+ REJECTED
{DSA-2768-1}
- icedtea-web 1.4-3.1 (bug #723118)
NOTE: issues CVE-2012-4540 not fixed in 1.4 branch
NOTE: Patch: http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
-CVE-2013-4348 [net: deadloop path in skb_flow_dissect()]
- RESERVED
+CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the ...)
- linux 3.11.6-2
- linux-2.6 <removed>
TODO: check linux-2.6
@@ -4946,8 +5472,7 @@
CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote ...)
- 389-ds-base <unfixed> (bug #721222)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=999634
-CVE-2013-4282 [stack buffer overflow in reds_handle_ticket() function]
- RESERVED
+CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in ...)
- spice <unfixed> (bug #728314)
NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
CVE-2013-4281
@@ -6647,8 +7172,8 @@
NOT-FOR-US: Siemens
CVE-2013-3632
RESERVED
-CVE-2013-3631
- RESERVED
+CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to ...)
+ TODO: check
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to ...)
- moodle <unfixed>
NOTE: https://tracker.moodle.org/browse/MDL-41449
@@ -6678,8 +7203,8 @@
RESERVED
CVE-2013-3618
RESERVED
-CVE-2013-3617
- RESERVED
+CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote ...)
+ TODO: check
CVE-2013-3616 (Cross-site scripting (XSS) vulnerability in the KnowledgeView ...)
NOT-FOR-US: KnowledgeView Editorial and Management application
CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash ...)
@@ -7393,14 +7918,12 @@
RESERVED
CVE-2013-3288
RESERVED
-CVE-2013-3287
- RESERVED
+CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...)
NOT-FOR-US: EMC Unisphere for VMAX
CVE-2013-3286
RESERVED
NOT-FOR-US: EMC Documentum
-CVE-2013-3285
- RESERVED
+CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before ...)
NOT-FOR-US: EMC NetWorker
CVE-2013-3284
RESERVED
@@ -8841,8 +9364,8 @@
NOT-FOR-US: Facebook Members plugin for WordPres
CVE-2013-2702 (Cross-site request forgery (CSRF) vulnerability in the Easy AdSense ...)
NOT-FOR-US: Easy AdSense Lite plugin for WordPress
-CVE-2013-2701
- RESERVED
+CVE-2013-2701 (Cross-site request forgery (CSRF) vulnerability in the Social Sharing ...)
+ TODO: check
CVE-2013-2700
RESERVED
CVE-2013-2699
@@ -8943,8 +9466,7 @@
CVE-2013-2653 [Information Exposure Through Query Strings in GET Request]
RESERVED
- silverstripe <itp> (bug #528461)
-CVE-2013-2652
- RESERVED
+CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab ...)
NOT-FOR-US: WebCollab
CVE-2013-2651 (Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 ...)
NOT-FOR-US: Boltwire
@@ -10275,7 +10797,7 @@
- linux <not-affected> (RHEL-specific issue)
CVE-2013-2187
RESERVED
-CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload as used in, Red ...)
+CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red ...)
- libcommons-fileupload-java <unfixed> (bug #726601)
CVE-2013-2185 [tomcat: arbitrary file upload via deserialization]
RESERVED
@@ -10714,8 +11236,7 @@
CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to ...)
{DSA-2674-1}
- libxv 2:1.0.7-1+deb7u1
-CVE-2013-2065
- RESERVED
+CVE-2013-2065 ((1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 ...)
- ruby1.9.1 <unfixed>
- ruby1.8 <not-affected> (Only affects 1.9 and 2.x)
CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to ...)
@@ -10740,8 +11261,7 @@
- keystone 2013.1.1-2 (bug #707598)
[wheezy] - keystone 2012.1.1-13+wheezy1
NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html
-CVE-2013-2058 [linux: chipidea: allow disabling streaming in host mode]
- RESERVED
+CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Linux ...)
- linux-2.6 <not-affected> (Vulnerable code not present)
- linux 3.8-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
@@ -13693,8 +14213,8 @@
NOT-FOR-US: Novell GroupWise
CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in Novell ...)
NOT-FOR-US: Novell Messenger
-CVE-2013-1084
- RESERVED
+CVE-2013-1084 (Directory traversal vulnerability in the GetFle method in the umaninv ...)
+ TODO: check
CVE-2013-1083 (Unspecified vulnerability in the login functionality in the Reporting ...)
NOT-FOR-US: Novell Identity Manager
CVE-2013-1082 (Directory traversal vulnerability in DUSAP.php in Novell ZENworks ...)
More information about the Secure-testing-commits
mailing list