[Secure-testing-commits] r24499 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Nov 29 19:42:02 UTC 2013
Author: carnil
Date: 2013-11-29 19:42:02 +0000 (Fri, 29 Nov 2013)
New Revision: 24499
Modified:
data/CVE/list
Log:
Run manual update (as cronjob still disabled on alioth)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-11-29 18:41:30 UTC (rev 24498)
+++ data/CVE/list 2013-11-29 19:42:02 UTC (rev 24499)
@@ -1,3 +1,69 @@
+CVE-2013-6899
+ RESERVED
+CVE-2013-6898
+ RESERVED
+CVE-2013-6897
+ RESERVED
+CVE-2013-6896
+ RESERVED
+CVE-2013-6895
+ RESERVED
+CVE-2013-6894
+ RESERVED
+CVE-2013-6893
+ RESERVED
+CVE-2013-6892
+ RESERVED
+CVE-2013-6891
+ RESERVED
+CVE-2013-6890
+ RESERVED
+CVE-2013-6889
+ RESERVED
+CVE-2013-6888
+ RESERVED
+CVE-2013-6887
+ RESERVED
+CVE-2013-6886
+ RESERVED
+CVE-2013-6884
+ RESERVED
+CVE-2013-6883
+ RESERVED
+CVE-2013-6882
+ RESERVED
+CVE-2013-6881
+ RESERVED
+CVE-2013-6880
+ RESERVED
+CVE-2013-6879
+ RESERVED
+CVE-2013-6878
+ RESERVED
+CVE-2013-6877
+ RESERVED
+CVE-2013-6876
+ RESERVED
+CVE-2013-6875 (SQL injection vulnerability in functions/prepend_adm.php in Nagios ...)
+ TODO: check
+CVE-2013-6874 (Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows ...)
+ TODO: check
+CVE-2013-6873 (SQL injection vulnerability in Testa Online Test Management System ...)
+ TODO: check
+CVE-2013-6872
+ RESERVED
+CVE-2013-6871
+ RESERVED
+CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
+ TODO: check
+CVE-2012-6611
+ RESERVED
+CVE-2012-6610
+ RESERVED
+CVE-2012-6609
+ RESERVED
+CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...)
+ TODO: check
CVE-2013-XXXX [unrealircd: DoS, use after free]
- unrealircd <itp> (bug #515130)
NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221
@@ -12,7 +78,7 @@
CVE-2013-XXXX [owncloud: security bypass on admin page]
- owncloud <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/5
-CVE-2013-6885 [AMD Publ. 51810 Errata 793 system hang]
+CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...)
TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2013/11/28/1
CVE-2013-6857
@@ -341,8 +407,7 @@
RESERVED
CVE-2013-6713
RESERVED
-CVE-2013-6712 [heap-based buffer over-read in DateInterval]
- RESERVED
+CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...)
- php5 <unfixed>
NOTE: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
CVE-2013-6711
@@ -355,8 +420,8 @@
RESERVED
CVE-2013-6707
RESERVED
-CVE-2013-6706
- RESERVED
+CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows ...)
+ TODO: check
CVE-2013-6705
RESERVED
CVE-2013-6704
@@ -367,8 +432,8 @@
RESERVED
CVE-2013-6701
RESERVED
-CVE-2013-6700
- RESERVED
+CVE-2013-6700 (The SNMP module in Cisco IOS XR allows remote attackers to cause a ...)
+ TODO: check
CVE-2013-6699 (The Control and Provisioning of Wireless Access Points (CAPWAP) ...)
NOT-FOR-US: Cisco
CVE-2013-6698 (The web interface on Cisco Wireless LAN Controller (WLC) devices does ...)
@@ -1009,6 +1074,7 @@
NOTE: http://bugs.openttd.org/task/5820
CVE-2013-6410 [incorrect parsing of access control file in nbd-server]
RESERVED
+ {DSA-2806-1}
- nbd <unfixed>
NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9
CVE-2013-6409 [privilege escalation via tty hijacking]
@@ -1111,34 +1177,29 @@
NOTE: https://drupal.org/SA-CORE-2013-003
CVE-2013-6384 ((1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 ...)
- ceilometer <unfixed> (bug #730227)
-CVE-2013-6383
- RESERVED
+CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the ...)
- linux-2.6 <removed>
- linux <unfixed>
NOTE: http://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
-CVE-2013-6382
- RESERVED
+CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux ...)
- linux-2.6 <removed> (low)
- linux <unfixed> (low)
-CVE-2013-6381
- RESERVED
+CVE-2013-6381 (Buffer overflow in the qeth_snmp_command function in ...)
- linux-2.6 <removed> (low)
- linux <unfixed> (low)
NOTE: http://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62
-CVE-2013-6380
- RESERVED
+CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in ...)
- linux-2.6 <removed>
- linux <unfixed>
NOTE: http://git.kernel.org/linus/b4789b8e6be3151a955ade74872822f30e8cd914
CVE-2013-6379
- RESERVED
+ REJECTED
- linux-2.6 <not-affected> (Vulnerable driver not yet present)
- linux <unfixed> (unimportant)
[wheezy] - linux <not-affected> (Vulnerable driver not yet present)
NOTE: http://git.kernel.org/linus/c2c65cd2e14ada6de44cb527e7f1990bede24e15
NOTE: Driver not activated, only in staging
-CVE-2013-6378
- RESERVED
+CVE-2013-6378 (The lbs_debugfs_write function in ...)
- linux-2.6 <removed> (low)
- linux <unfixed> (low)
NOTE: http://git.kernel.org/linus/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88
@@ -1150,11 +1211,9 @@
- xen <unfixed> (bug #730254)
[squeeze] - xen <not-affected> (Only affects >= 4.2)
[wheezy] - xen <not-affected> (Only affects >= 4.2)
-CVE-2013-6374
- RESERVED
+CVE-2013-6374 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
- jenkins <unfixed> (bug #730457)
-CVE-2013-6373
- RESERVED
+CVE-2013-6373 (The Exclusion plugin before 0.9 for CloudBees Jenkins does not ...)
- jenkins <unfixed> (bug #730457)
CVE-2013-6372
RESERVED
@@ -1278,8 +1337,8 @@
RESERVED
CVE-2013-6323
RESERVED
-CVE-2013-6322
- RESERVED
+CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
+ TODO: check
CVE-2013-6321
RESERVED
CVE-2013-6320
@@ -2050,8 +2109,8 @@
NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5958
RESERVED
-CVE-2013-5957
- RESERVED
+CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
CVE-2013-5956
RESERVED
CVE-2013-5955
@@ -2147,8 +2206,8 @@
NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04
CVE-2013-5913 (Cross-site scripting (XSS) vulnerability in the getRecommSearch ...)
NOT-FOR-US: OXID eShop
-CVE-2013-5912
- RESERVED
+CVE-2013-5912 (VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server ...)
+ TODO: check
CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
NOT-FOR-US: Tenable SecurityCenter
CVE-2013-5910
@@ -3320,14 +3379,11 @@
RESERVED
CVE-2013-5459
RESERVED
-CVE-2013-5458
- RESERVED
+CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
NOT-FOR-US: IBM JDK
-CVE-2013-5457
- RESERVED
+CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
NOT-FOR-US: IBM JDK
-CVE-2013-5456
- RESERVED
+CVE-2013-5456 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
NOT-FOR-US: IBM JDK
CVE-2013-5455
RESERVED
@@ -3489,8 +3545,7 @@
RESERVED
CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...)
NOT-FOR-US: IBM Storwize V7000 Unified
-CVE-2013-5375
- RESERVED
+CVE-2013-5375 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
NOT-FOR-US: IBM JDK
CVE-2013-5374
RESERVED
@@ -4125,8 +4180,8 @@
RESERVED
CVE-2013-5066
RESERVED
-CVE-2013-5065
- RESERVED
+CVE-2013-5065 (NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and ...)
+ TODO: check
CVE-2013-5064
RESERVED
CVE-2013-5063
@@ -4635,8 +4690,7 @@
RESERVED
CVE-2013-4845
RESERVED
-CVE-2013-4844
- RESERVED
+CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, ...)
NOT-FOR-US: HP Service Manager and ServiceCenter
CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with ...)
NOT-FOR-US: HP iLO
@@ -5148,8 +5202,8 @@
NOT-FOR-US: WordPress plugin BackWPup
CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin Duplicator
-CVE-2013-4624
- RESERVED
+CVE-2013-4624 (Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM ...)
+ TODO: check
CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 ...)
{DSA-2782-1}
- polarssl 1.2.8-1 (low; bug #719954)
@@ -5163,8 +5217,8 @@
NOT-FOR-US: OpenEMR
CVE-2013-4618
RESERVED
-CVE-2013-4617
- RESERVED
+CVE-2013-4617 (Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a ...)
+ TODO: check
CVE-2013-4616 (The WifiPasswordController generateDefaultPassword method in ...)
NOT-FOR-US: Apple iOS
CVE-2013-4615 (The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, ...)
@@ -5282,8 +5336,7 @@
NOT-FOR-US: Symantec Backup Exec
CVE-2013-4574
RESERVED
-CVE-2013-4573
- RESERVED
+CVE-2013-4573 (Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess ...)
NOT-FOR-US: mediawiki extension ZeroRatedMobileAccess
CVE-2013-4572
RESERVED
@@ -5420,19 +5473,15 @@
RESERVED
CVE-2013-4526
RESERVED
-CVE-2013-4525
- RESERVED
+CVE-2013-4525 (Cross-site scripting (XSS) vulnerability in ...)
- moodle 2.5.3-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-4524
- RESERVED
+CVE-2013-4524 (Directory traversal vulnerability in repository/filesystem/lib.php in ...)
- moodle 2.5.3-1
[squeeze] - moodle <not-affected> (Vulnerable code not present)
-CVE-2013-4523
- RESERVED
+CVE-2013-4523 (Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle ...)
- moodle 2.5.3-1
-CVE-2013-4522
- RESERVED
+CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x ...)
- moodle 2.5.3-1 (low)
[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4521
@@ -7040,8 +7089,7 @@
RESERVED
CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
-CVE-2013-4041
- RESERVED
+CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...)
NOT-FOR-US: IBM JDK
CVE-2013-4040
RESERVED
@@ -7051,8 +7099,8 @@
NOT-FOR-US: IBM BladeCenter
CVE-2013-4037 (The RAKP protocol support in the Intelligent Platform Management ...)
NOT-FOR-US: IBM BladeCenter
-CVE-2013-4036
- RESERVED
+CVE-2013-4036 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
+ TODO: check
CVE-2013-4035
RESERVED
CVE-2013-4034 (IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, ...)
@@ -7281,14 +7329,14 @@
NOT-FOR-US: Atlassian Crowd
CVE-2013-3924
RESERVED
-CVE-2013-3923
- RESERVED
-CVE-2013-3922
- RESERVED
+CVE-2013-3923 (Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 ...)
+ TODO: check
+CVE-2013-3922 (Directory traversal vulnerability in Gummy Bear Studios FTP Drive + ...)
+ TODO: check
CVE-2013-3921
RESERVED
-CVE-2013-3920
- RESERVED
+CVE-2013-3920 (Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 ...)
+ TODO: check
CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll ...)
NOT-FOR-US: Microsoft
CVE-2013-3917 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
@@ -8477,8 +8525,8 @@
NOT-FOR-US: Cisco
CVE-2013-3395 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
NOT-FOR-US: Cisco IronPort Web Security Appliance
-CVE-2013-3394
- RESERVED
+CVE-2013-3394 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
+ TODO: check
CVE-2013-3393 (The Precision Video Engine component in Cisco Jabber for Windows and ...)
NOT-FOR-US: Cisco
CVE-2013-3392 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco ...)
More information about the Secure-testing-commits
mailing list