[Secure-testing-commits] r24150 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Oct 24 09:14:26 UTC 2013
Author: joeyh
Date: 2013-10-24 09:14:26 +0000 (Thu, 24 Oct 2013)
New Revision: 24150
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-24 08:44:02 UTC (rev 24149)
+++ data/CVE/list 2013-10-24 09:14:26 UTC (rev 24150)
@@ -1,13 +1,371 @@
+CVE-2013-6242
+ RESERVED
+CVE-2013-6241
+ RESERVED
+CVE-2013-6240
+ RESERVED
+CVE-2013-6239
+ RESERVED
+CVE-2013-6238
+ RESERVED
+CVE-2013-6237
+ RESERVED
+CVE-2013-6236
+ RESERVED
+CVE-2013-6235
+ RESERVED
+CVE-2013-6234
+ RESERVED
+CVE-2013-6233
+ RESERVED
+CVE-2013-6232
+ RESERVED
+CVE-2013-6231
+ RESERVED
+CVE-2013-6230
+ RESERVED
+CVE-2013-6229
+ RESERVED
+CVE-2013-6228
+ RESERVED
+CVE-2013-6227
+ RESERVED
+CVE-2013-6226
+ RESERVED
+CVE-2013-6225
+ RESERVED
+CVE-2013-6224
+ RESERVED
+CVE-2013-6223
+ RESERVED
+CVE-2013-6222
+ RESERVED
+CVE-2013-6221
+ RESERVED
+CVE-2013-6220
+ RESERVED
+CVE-2013-6219
+ RESERVED
+CVE-2013-6218
+ RESERVED
+CVE-2013-6217
+ RESERVED
+CVE-2013-6216
+ RESERVED
+CVE-2013-6215
+ RESERVED
+CVE-2013-6214
+ RESERVED
+CVE-2013-6213
+ RESERVED
+CVE-2013-6212
+ RESERVED
+CVE-2013-6211
+ RESERVED
+CVE-2013-6210
+ RESERVED
+CVE-2013-6209
+ RESERVED
+CVE-2013-6208
+ RESERVED
+CVE-2013-6207
+ RESERVED
+CVE-2013-6206
+ RESERVED
+CVE-2013-6205
+ RESERVED
+CVE-2013-6204
+ RESERVED
+CVE-2013-6203
+ RESERVED
+CVE-2013-6202
+ RESERVED
+CVE-2013-6201
+ RESERVED
+CVE-2013-6200
+ RESERVED
+CVE-2013-6199
+ RESERVED
+CVE-2013-6198
+ RESERVED
+CVE-2013-6197
+ RESERVED
+CVE-2013-6196
+ RESERVED
+CVE-2013-6195
+ RESERVED
+CVE-2013-6194
+ RESERVED
+CVE-2013-6193
+ RESERVED
+CVE-2013-6192
+ RESERVED
+CVE-2013-6191
+ RESERVED
+CVE-2013-6190
+ RESERVED
+CVE-2013-6189
+ RESERVED
+CVE-2013-6188
+ RESERVED
+CVE-2013-6187
+ RESERVED
+CVE-2013-6186
+ RESERVED
+CVE-2013-6185
+ RESERVED
+CVE-2013-6184
+ RESERVED
+CVE-2013-6183
+ RESERVED
+CVE-2013-6182
+ RESERVED
+CVE-2013-6181
+ RESERVED
+CVE-2013-6180
+ RESERVED
+CVE-2013-6179
+ RESERVED
+CVE-2013-6178
+ RESERVED
+CVE-2013-6177
+ RESERVED
+CVE-2013-6176
+ RESERVED
+CVE-2013-6175
+ RESERVED
+CVE-2013-6174
+ RESERVED
+CVE-2013-6173
+ RESERVED
+CVE-2013-6172
+ RESERVED
+CVE-2013-6171
+ RESERVED
+CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before ...)
+ TODO: check
+CVE-2013-6169 (The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) ...)
+ TODO: check
+CVE-2013-6168
+ RESERVED
+CVE-2013-6165
+ RESERVED
+CVE-2013-6164
+ RESERVED
+CVE-2013-6163
+ RESERVED
+CVE-2013-6162
+ RESERVED
+CVE-2013-6161
+ RESERVED
+CVE-2013-6160
+ RESERVED
+CVE-2013-6159
+ RESERVED
+CVE-2013-6158
+ RESERVED
+CVE-2013-6157
+ RESERVED
+CVE-2013-6156
+ RESERVED
+CVE-2013-6155
+ RESERVED
+CVE-2013-6154
+ RESERVED
+CVE-2013-6153
+ RESERVED
+CVE-2013-6152
+ RESERVED
+CVE-2013-6151
+ RESERVED
+CVE-2013-6150
+ RESERVED
+CVE-2013-6149
+ RESERVED
+CVE-2013-6148
+ RESERVED
+CVE-2013-6147
+ RESERVED
+CVE-2013-6146
+ RESERVED
+CVE-2013-6145
+ RESERVED
+CVE-2013-6144
+ RESERVED
+CVE-2013-6143
+ RESERVED
+CVE-2013-6142
+ RESERVED
+CVE-2013-6141
+ RESERVED
+CVE-2013-6140
+ RESERVED
+CVE-2013-6139
+ RESERVED
+CVE-2013-6138
+ RESERVED
+CVE-2013-6137
+ RESERVED
+CVE-2013-6136
+ RESERVED
+CVE-2013-6135
+ RESERVED
+CVE-2013-6134
+ RESERVED
+CVE-2013-6133
+ RESERVED
+CVE-2013-6132
+ RESERVED
+CVE-2013-6131
+ RESERVED
+CVE-2013-6130
+ RESERVED
+CVE-2013-6128
+ RESERVED
+CVE-2013-6127
+ RESERVED
+CVE-2013-6126
+ RESERVED
+CVE-2013-6125
+ RESERVED
+CVE-2013-6124
+ RESERVED
+CVE-2013-6123
+ RESERVED
+CVE-2013-6122
+ RESERVED
+CVE-2013-6121
+ RESERVED
+CVE-2013-6120
+ RESERVED
+CVE-2013-6119
+ RESERVED
+CVE-2013-6118
+ RESERVED
+CVE-2013-6117
+ RESERVED
+CVE-2013-6116
+ RESERVED
+CVE-2013-6115
+ RESERVED
+CVE-2013-6114
+ RESERVED
+CVE-2013-6113
+ RESERVED
+CVE-2013-6112
+ RESERVED
+CVE-2013-6111
+ RESERVED
+CVE-2013-6110
+ RESERVED
+CVE-2013-6109
+ RESERVED
+CVE-2013-6108
+ RESERVED
+CVE-2013-6107
+ RESERVED
+CVE-2013-6106
+ RESERVED
+CVE-2013-6105
+ RESERVED
+CVE-2013-6104
+ RESERVED
+CVE-2013-6103
+ RESERVED
+CVE-2013-6102
+ RESERVED
+CVE-2013-6101
+ RESERVED
+CVE-2013-6100
+ RESERVED
+CVE-2013-6099
+ RESERVED
+CVE-2013-6098
+ RESERVED
+CVE-2013-6097
+ RESERVED
+CVE-2013-6096
+ RESERVED
+CVE-2013-6095
+ RESERVED
+CVE-2013-6094
+ RESERVED
+CVE-2013-6093
+ RESERVED
+CVE-2013-6092
+ RESERVED
+CVE-2013-6091
+ RESERVED
+CVE-2013-6090
+ RESERVED
+CVE-2013-6089
+ RESERVED
+CVE-2013-6088
+ RESERVED
+CVE-2013-6087
+ RESERVED
+CVE-2013-6086
+ RESERVED
+CVE-2013-6085
+ RESERVED
+CVE-2013-6084
+ RESERVED
+CVE-2013-6083
+ RESERVED
+CVE-2013-6082
+ RESERVED
+CVE-2013-6081
+ RESERVED
+CVE-2013-6080
+ RESERVED
+CVE-2013-6079 (Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 ...)
+ TODO: check
+CVE-2013-6078
+ RESERVED
+CVE-2013-6077
+ RESERVED
+CVE-2013-6076
+ RESERVED
+CVE-2013-6075
+ RESERVED
+CVE-2013-6074
+ RESERVED
+CVE-2013-6073
+ RESERVED
+CVE-2013-6072
+ RESERVED
+CVE-2013-6071
+ RESERVED
+CVE-2013-6070
+ RESERVED
+CVE-2013-6069
+ RESERVED
+CVE-2013-6068
+ RESERVED
+CVE-2013-6067
+ RESERVED
+CVE-2013-6066
+ RESERVED
+CVE-2013-6065
+ RESERVED
+CVE-2013-6064
+ RESERVED
+CVE-2009-5136 (The policy definition evaluator in Condor before 7.4.2 does not ...)
+ TODO: check
+CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve ...)
+ TODO: check
CVE-2013-6243 [SQL Injection]
NOT-FOR-US: WordPress Landing Pages Plugin
CVE-2013-6167
+ RESERVED
- iceweasel <unfixed> (low)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
CVE-2013-6166
+ RESERVED
- chromium-browser <unfixed> (low)
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=238041
-CVE-2013-6129
+CVE-2013-6129 (The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote ...)
NOT-FOR-US: VBulletin
CVE-2013-6063
RESERVED
@@ -82,20 +440,20 @@
RESERVED
CVE-2013-6028
RESERVED
-CVE-2013-6027
- RESERVED
-CVE-2013-6026
- RESERVED
-CVE-2013-6025
- RESERVED
+CVE-2013-6027 (Stack-based buffer overflow in the RuntimeDiagnosticPing function in ...)
+ TODO: check
+CVE-2013-6026 (The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, ...)
+ TODO: check
+CVE-2013-6025 (The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) ...)
+ TODO: check
CVE-2013-6024
RESERVED
CVE-2013-6023
RESERVED
CVE-2013-6022
RESERVED
-CVE-2013-6021
- RESERVED
+CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 ...)
+ TODO: check
CVE-2013-6020
RESERVED
CVE-2013-6019
@@ -106,12 +464,12 @@
RESERVED
CVE-2013-6016
RESERVED
-CVE-2013-6015
- RESERVED
+CVE-2013-6015 (Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before ...)
+ TODO: check
CVE-2013-6014
RESERVED
-CVE-2013-6013
- RESERVED
+CVE-2013-6013 (Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 ...)
+ TODO: check
CVE-2013-6012
RESERVED
CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 before ...)
@@ -196,11 +554,9 @@
RESERVED
CVE-2013-5972
RESERVED
-CVE-2013-5971
- RESERVED
+CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in ...)
NOT-FOR-US: VMware vSphere
-CVE-2013-5970
- RESERVED
+CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 ...)
NOT-FOR-US: VMware ESXi and ESX
CVE-2013-5969
RESERVED
@@ -320,8 +676,8 @@
{DSA-2782-1}
- polarssl 1.2.0-1 (bug #725359)
NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04
-CVE-2013-5913
- RESERVED
+CVE-2013-5913 (Cross-site scripting (XSS) vulnerability in the getRecommSearch ...)
+ TODO: check
CVE-2013-5912
RESERVED
CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
@@ -412,364 +768,273 @@
RESERVED
CVE-2013-5868
RESERVED
-CVE-2013-5867
- RESERVED
-CVE-2013-5866
- RESERVED
+CVE-2013-5867 (Unspecified vulnerability in the Siebel Core - Server Infrastructure ...)
+ TODO: check
+CVE-2013-5866 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
NOT-FOR-US: Solaris
-CVE-2013-5865
- RESERVED
+CVE-2013-5865 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
NOT-FOR-US: Solaris
-CVE-2013-5864
- RESERVED
+CVE-2013-5864 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
NOT-FOR-US: Solaris
-CVE-2013-5863
- RESERVED
+CVE-2013-5863 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote ...)
NOT-FOR-US: Solaris
-CVE-2013-5862
- RESERVED
+CVE-2013-5862 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
NOT-FOR-US: Solaris
-CVE-2013-5861
- RESERVED
+CVE-2013-5861 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote ...)
NOT-FOR-US: Solaris
CVE-2013-5860
RESERVED
-CVE-2013-5859
- RESERVED
+CVE-2013-5859 (Unspecified vulnerability in the Instantis EnterpriseTrack component ...)
+ TODO: check
CVE-2013-5858
RESERVED
-CVE-2013-5857
- RESERVED
-CVE-2013-5856
- RESERVED
+CVE-2013-5857 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
+ TODO: check
+CVE-2013-5856 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
+ TODO: check
CVE-2013-5855
RESERVED
-CVE-2013-5854
- RESERVED
+CVE-2013-5854 (Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5853
RESERVED
-CVE-2013-5852
- RESERVED
+CVE-2013-5852 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5851
- RESERVED
+CVE-2013-5851 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Only affects Java 7)
- openjdk-7 <unfixed>
-CVE-2013-5850
- RESERVED
+CVE-2013-5850 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5849
- RESERVED
+CVE-2013-5849 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5848
- RESERVED
+CVE-2013-5848 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5847
- RESERVED
+CVE-2013-5847 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-5846
- RESERVED
+CVE-2013-5846 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5845
- RESERVED
+CVE-2013-5845 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
-CVE-2013-5844
- RESERVED
+CVE-2013-5844 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5843
- RESERVED
+CVE-2013-5843 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
-CVE-2013-5842
- RESERVED
+CVE-2013-5842 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5841
- RESERVED
+CVE-2013-5841 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-5840
- RESERVED
+CVE-2013-5840 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5839
- RESERVED
+CVE-2013-5839 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
NOT-FOR-US: Solaris
-CVE-2013-5838
- RESERVED
+CVE-2013-5838 (Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java ...)
- openjdk-6 <not-affected> (Only affects Java 7)
- openjdk-7 <unfixed>
-CVE-2013-5837
- RESERVED
+CVE-2013-5837 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
NOT-FOR-US: Solaris
-CVE-2013-5836
- RESERVED
+CVE-2013-5836 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-5835
- RESERVED
+CVE-2013-5835 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5834
RESERVED
CVE-2013-5833
RESERVED
-CVE-2013-5832
- RESERVED
+CVE-2013-5832 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
-CVE-2013-5831
- RESERVED
+CVE-2013-5831 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5830
- RESERVED
+CVE-2013-5830 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5829
- RESERVED
+CVE-2013-5829 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5828
- RESERVED
+CVE-2013-5828 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
-CVE-2013-5827
- RESERVED
+CVE-2013-5827 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
-CVE-2013-5826
- RESERVED
+CVE-2013-5826 (Unspecified vulnerability in the Oracle Transportation Management ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
-CVE-2013-5825
- RESERVED
+CVE-2013-5825 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5824
- RESERVED
+CVE-2013-5824 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5823
- RESERVED
+CVE-2013-5823 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
-CVE-2013-5822
- RESERVED
+CVE-2013-5822 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
CVE-2013-5821
RESERVED
-CVE-2013-5820
- RESERVED
+CVE-2013-5820 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5819
- RESERVED
+CVE-2013-5819 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5818
- RESERVED
+CVE-2013-5818 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5817
- RESERVED
+CVE-2013-5817 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5816
- RESERVED
+CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-5815
- RESERVED
+CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
-CVE-2013-5814
- RESERVED
+CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5813
- RESERVED
+CVE-2013-5813 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-5812
- RESERVED
+CVE-2013-5812 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5811
- RESERVED
+CVE-2013-5811 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
NOT-FOR-US: Oracle Industry Applications
-CVE-2013-5810
- RESERVED
+CVE-2013-5810 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5809
- RESERVED
+CVE-2013-5809 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
CVE-2013-5808
RESERVED
-CVE-2013-5807
- RESERVED
+CVE-2013-5807 (Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 ...)
- mysql-5.5 <unfixed>
- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
-CVE-2013-5806
- RESERVED
+CVE-2013-5806 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- openjdk-7 <not-affected> (Specific to MacOS X)
-CVE-2013-5805
- RESERVED
+CVE-2013-5805 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- openjdk-7 <not-affected> (Specific to MacOS X)
-CVE-2013-5804
- RESERVED
+CVE-2013-5804 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed> (unimportant)
- openjdk-7 <unfixed> (unimportant)
NOTE: Javadoc comments can contain arbitrary HTML
-CVE-2013-5803
- RESERVED
+CVE-2013-5803 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
-CVE-2013-5802
- RESERVED
+CVE-2013-5802 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5801
- RESERVED
+CVE-2013-5801 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
-CVE-2013-5800
- RESERVED
+CVE-2013-5800 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Only affects Java 7)
- openjdk-7 <unfixed>
-CVE-2013-5799
- RESERVED
+CVE-2013-5799 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
-CVE-2013-5798
- RESERVED
+CVE-2013-5798 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-5797
- RESERVED
+CVE-2013-5797 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5796
- RESERVED
+CVE-2013-5796 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5795
RESERVED
-CVE-2013-5794
- RESERVED
+CVE-2013-5794 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-5793
- RESERVED
+CVE-2013-5793 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
-CVE-2013-5792
- RESERVED
+CVE-2013-5792 (Unspecified vulnerability in the Techstack component in Oracle ...)
NOT-FOR-US: Oracle E-Business Suite
-CVE-2013-5791
- RESERVED
+CVE-2013-5791 (Unspecified vulnerability in the Oracle Outside In Technology ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-5790
- RESERVED
+CVE-2013-5790 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5789
- RESERVED
+CVE-2013-5789 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5788
- RESERVED
+CVE-2013-5788 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5787
- RESERVED
+CVE-2013-5787 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5786
- RESERVED
+CVE-2013-5786 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5785
RESERVED
-CVE-2013-5784
- RESERVED
+CVE-2013-5784 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5783
- RESERVED
+CVE-2013-5783 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
TODO: This issue was fixed in Oracle Java, but not in OpenJDK. Likely not-affected, but needs further check
-CVE-2013-5782
- RESERVED
+CVE-2013-5782 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5781
- RESERVED
+CVE-2013-5781 (Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running ...)
NOT-FOR-US: Oracle PARC Enterprise
-CVE-2013-5780
- RESERVED
+CVE-2013-5780 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5779
- RESERVED
+CVE-2013-5779 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-5778
- RESERVED
+CVE-2013-5778 (Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5777
- RESERVED
+CVE-2013-5777 (Unspecified vulnerability in the Java SE and JavaFX components in ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5776
- RESERVED
+CVE-2013-5776 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
-CVE-2013-5775
- RESERVED
+CVE-2013-5775 (Unspecified vulnerability in the Java SE and JavaFX components in ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
-CVE-2013-5774
- RESERVED
+CVE-2013-5774 (Unspecified vulnerability in the Java SE, Java SE Embedded component ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5773
- RESERVED
+CVE-2013-5773 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-5772
- RESERVED
+CVE-2013-5772 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-5771
- RESERVED
+CVE-2013-5771 (Unspecified vulnerability in the XML Parser component in Oracle ...)
NOT-FOR-US: Oracle Database Server
-CVE-2013-5770
- RESERVED
+CVE-2013-5770 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
-CVE-2013-5769
- RESERVED
+CVE-2013-5769 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-5768
- RESERVED
+CVE-2013-5768 (Unspecified vulnerability in the Siebel UI Framework component in ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-5767
- RESERVED
+CVE-2013-5767 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
-CVE-2013-5766
- RESERVED
+CVE-2013-5766 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
-CVE-2013-5765
- RESERVED
+CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5764
RESERVED
CVE-2013-5763
RESERVED
-CVE-2013-5762
- RESERVED
+CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in ...)
NOT-FOR-US: Oracle Siebel
-CVE-2013-5761
- RESERVED
+CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
NOT-FOR-US: Oracle Siebel
CVE-2013-5760
RESERVED
@@ -912,10 +1177,9 @@
RESERVED
CVE-2013-5704
RESERVED
-CVE-2013-5703
- RESERVED
-CVE-2013-5702
- RESERVED
+CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
+ TODO: check
+CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in ...)
NOT-FOR-US: Watchguard Server Center
CVE-2013-5701 (Multiple untrusted search path vulnerabilities in (1) Watchguard Log ...)
NOT-FOR-US: Watchguard Server Center
@@ -1321,8 +1585,8 @@
RESERVED
CVE-2013-5551
RESERVED
-CVE-2013-5550
- RESERVED
+CVE-2013-5550 (The fabric-interconnect component in Cisco Unified Computing System ...)
+ TODO: check
CVE-2013-5549
RESERVED
CVE-2013-5548
@@ -1333,45 +1597,40 @@
RESERVED
CVE-2013-5545
RESERVED
-CVE-2013-5544
- RESERVED
+CVE-2013-5544 (The VPN authentication functionality in Cisco Adaptive Security ...)
+ TODO: check
CVE-2013-5543
RESERVED
-CVE-2013-5542
- RESERVED
-CVE-2013-5541
- RESERVED
+CVE-2013-5542 (Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), ...)
+ TODO: check
+CVE-2013-5541 (Cross-site scripting (XSS) vulnerability in the file-upload interface ...)
NOT-FOR-US: Cisco Identity Services Engine
-CVE-2013-5540
- RESERVED
+CVE-2013-5540 (The file-upload feature in Cisco Identity Services Engine (ISE) allows ...)
NOT-FOR-US: Cisco Identity Services Engine
-CVE-2013-5539
- RESERVED
+CVE-2013-5539 (The upload-dialog implementation in Cisco Identity Services Engine ...)
NOT-FOR-US: Cisco Identity Services Engine
-CVE-2013-5538
- RESERVED
+CVE-2013-5538 (The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak ...)
NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5537
RESERVED
CVE-2013-5536
RESERVED
-CVE-2013-5535
- RESERVED
-CVE-2013-5534
- RESERVED
-CVE-2013-5533
- RESERVED
-CVE-2013-5532
- RESERVED
+CVE-2013-5535 (The analytics page on Cisco Video Surveillance 4000 IP cameras has ...)
+ TODO: check
+CVE-2013-5534 (Directory traversal vulnerability in the attachment service in the ...)
+ TODO: check
+CVE-2013-5533 (The image-upgrade functionality on Cisco 9900 Unified IP phones allows ...)
+ TODO: check
+CVE-2013-5532 (Buffer overflow in the web-application interface on Cisco 9900 IP ...)
+ TODO: check
CVE-2013-5531
RESERVED
CVE-2013-5530
RESERVED
-CVE-2013-5529
- RESERVED
+CVE-2013-5529 (The deployment module in the server in Cisco WebEx Meeting Center does ...)
NOT-FOR-US: Cisco WebEx Meetings Server
-CVE-2013-5528
- RESERVED
+CVE-2013-5528 (Directory traversal vulnerability in the Tomcat administrative web ...)
+ TODO: check
CVE-2013-5527 (The OSPF functionality in Cisco IOS and IOS XE allows remote attackers ...)
NOT-FOR-US: Cisco
CVE-2013-5526 (Cisco 9900 fourth-generation IP phones do not properly perform SDP ...)
@@ -1396,26 +1655,26 @@
NOT-FOR-US: Cisco
CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence Multipoint ...)
NOT-FOR-US: Cisco
-CVE-2013-5515
- RESERVED
+CVE-2013-5515 (The Clientless SSL VPN feature in Cisco Adaptive Security Appliance ...)
+ TODO: check
CVE-2013-5514
RESERVED
-CVE-2013-5513
- RESERVED
-CVE-2013-5512
- RESERVED
-CVE-2013-5511
- RESERVED
-CVE-2013-5510
- RESERVED
-CVE-2013-5509
- RESERVED
-CVE-2013-5508
- RESERVED
-CVE-2013-5507
- RESERVED
-CVE-2013-5506
- RESERVED
+CVE-2013-5513 (Cisco Adaptive Security Appliance (ASA) Software 8.2.x before ...)
+ TODO: check
+CVE-2013-5512 (Race condition in the HTTP Deep Packet Inspection (DPI) feature in ...)
+ TODO: check
+CVE-2013-5511 (The Adaptive Security Device Management (ASDM) remote-management ...)
+ TODO: check
+CVE-2013-5510 (The remote-access VPN implementation in Cisco Adaptive Security ...)
+ TODO: check
+CVE-2013-5509 (The SSL implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2013-5508 (The SQL*Net inspection engine in Cisco Adaptive Security Appliance ...)
+ TODO: check
+CVE-2013-5507 (The IPsec implementation in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2013-5506 (The authorization functionality in Cisco Firewall Services Module ...)
+ TODO: check
CVE-2013-5505 (Cross-site scripting (XSS) vulnerability in an administration page in ...)
NOT-FOR-US: Cisco
CVE-2013-5504 (Cross-site scripting (XSS) vulnerability in the Mobile Device ...)
@@ -1534,8 +1793,8 @@
RESERVED
CVE-2013-5447
RESERVED
-CVE-2013-5446
- RESERVED
+CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
+ TODO: check
CVE-2013-5445
RESERVED
CVE-2013-5444
@@ -1570,8 +1829,8 @@
RESERVED
CVE-2013-5429
RESERVED
-CVE-2013-5428
- RESERVED
+CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...)
+ TODO: check
CVE-2013-5427
RESERVED
CVE-2013-5426
@@ -1638,23 +1897,20 @@
RESERVED
CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
NOT-FOR-US: IBM Maximo Asset Management
-CVE-2013-5394
- RESERVED
+CVE-2013-5394 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, ...)
NOT-FOR-US: IBM WebSphere eXtreme Scale
-CVE-2013-5393
- RESERVED
+CVE-2013-5393 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, ...)
NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5392
RESERVED
CVE-2013-5391
RESERVED
-CVE-2013-5390
- RESERVED
+CVE-2013-5390 (Cross-site scripting (XSS) vulnerability in the monitoring console in ...)
NOT-FOR-US: IBM WebSphere eXtreme Scale
-CVE-2013-5389
- RESERVED
-CVE-2013-5388
- RESERVED
+CVE-2013-5389 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
+ TODO: check
+CVE-2013-5388 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
+ TODO: check
CVE-2013-5387
RESERVED
CVE-2013-5386
@@ -1677,16 +1933,16 @@
RESERVED
CVE-2013-5377
RESERVED
-CVE-2013-5376
- RESERVED
+CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...)
+ TODO: check
CVE-2013-5375
RESERVED
CVE-2013-5374
RESERVED
CVE-2013-5373 (The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through ...)
NOT-FOR-US: IBM Rational ClearCase
-CVE-2013-5372
- RESERVED
+CVE-2013-5372 (The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, ...)
+ TODO: check
CVE-2013-5371
RESERVED
CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
@@ -2017,8 +2273,7 @@
- kfreebsd-8 <removed> (bug #720476)
- kfreebsd-9 9.2~svn254368-2 (bug #720475)
NOTE: kfreebsd-10 (experimental, #720478)
-CVE-2013-5208
- RESERVED
+CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the ...)
NOT-FOR-US: HR Systems Strategies
CVE-2013-5207
RESERVED
@@ -2383,16 +2638,14 @@
RESERVED
CVE-2013-5031
RESERVED
-CVE-2013-5030
- RESERVED
+CVE-2013-5030 (Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow ...)
NOT-FOR-US: Ruckus Wireless Zoneflex
CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to ...)
- phpmyadmin 4:4.0.5-1
[squeeze] - phpmyadmin <no-dsa> (Not feasible)
[wheezy] - phpmyadmin <no-dsa> (Not feasible)
NOTE: porting not feasible & X-Frame-Options protection enough on any modern browser
-CVE-2013-5028
- RESERVED
+CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok ...)
NOT-FOR-US: Kwok Information Server
CVE-2013-5027
RESERVED
@@ -2847,39 +3100,29 @@
RESERVED
CVE-2013-4834
RESERVED
-CVE-2013-4833
- RESERVED
+CVE-2013-4833 (Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 ...)
NOT-FOR-US: HP
-CVE-2013-4832
- RESERVED
+CVE-2013-4832 (HP Service Manager 9.30 through 9.32 allows remote authenticated users ...)
NOT-FOR-US: HP
-CVE-2013-4831
- RESERVED
+CVE-2013-4831 (HP Service Manager 9.30 through 9.32 does not properly manage ...)
NOT-FOR-US: HP
-CVE-2013-4830
- RESERVED
+CVE-2013-4830 (HP Service Manager 9.30 through 9.32 allows remote attackers to ...)
NOT-FOR-US: HP
CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet ...)
NOT-FOR-US: HP
CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet ...)
NOT-FOR-US: HP
-CVE-2013-4827
- RESERVED
+CVE-2013-4827 (SQL injection vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2013-4826
- RESERVED
+CVE-2013-4826 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2013-4825
- RESERVED
+CVE-2013-4825 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2013-4824
- RESERVED
+CVE-2013-4824 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2013-4823
- RESERVED
+CVE-2013-4823 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
-CVE-2013-4822
- RESERVED
+CVE-2013-4822 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
NOT-FOR-US: HP System Management Homepage
@@ -2915,8 +3158,7 @@
NOT-FOR-US: HP routers
CVE-2013-4805 (Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) ...)
NOT-FOR-US: HP Integrated Lights-Out firmware
-CVE-2013-4804
- RESERVED
+CVE-2013-4804 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...)
NOT-FOR-US: HP Business Process Monitor
CVE-2013-4803
RESERVED
@@ -3153,8 +3395,8 @@
RESERVED
CVE-2013-4713
RESERVED
-CVE-2013-4712
- RESERVED
+CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and ...)
+ TODO: check
CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on ...)
NOT-FOR-US: Accela Bizsearch, not in Debian
CVE-2013-4710
@@ -3198,8 +3440,8 @@
RESERVED
CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before ...)
NOT-FOR-US: Juniper Junos
-CVE-2013-4689
- RESERVED
+CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R ...)
+ TODO: check
CVE-2013-4688 (flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the ...)
NOT-FOR-US: Juniper Junos
CVE-2013-4687 (flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before ...)
@@ -3722,8 +3964,7 @@
RESERVED
- gitolite <not-affected> (vulnerable code introduced for v3.5.3)
- gitolite3 <not-affected> (vulnerable code introduced for v3.5.3)
-CVE-2013-4450 [nodejs: HTTP Pipelining DoS]
- RESERVED
+CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before ...)
- nodejs 0.10.21~dfsg1-1 (medium)
NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
@@ -3904,9 +4145,8 @@
[squeeze] - libvirt <not-affected> (Introduced in 1.1.0)
NOTE: fixed in 1.1.3 (not yet in unstable)
CVE-2013-4398
- RESERVED
-CVE-2013-4397 [Integer overflow]
- RESERVED
+ REJECTED
+CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c in ...)
- libtar 1.2.20-1 (bug #725938)
CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in ...)
{DSA-2784-1}
@@ -3941,15 +4181,13 @@
CVE-2013-4390
RESERVED
NOT-FOR-US: Apache Sling
-CVE-2013-4389
- RESERVED
+CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in ...)
- rails-4.0 <not-affected> (Only affects 3.x)
- ruby-actionmailer-3.2 <unfixed> (bug #726576)
- ruby-actionmailer-2.3 <not-affected> (Only affects 3.x)
- rails <not-affected> (Only affects 3.x)
NOTE: Starting with 2.3.14.1 rails is a transition package
-CVE-2013-4388 [buffer overflow in the mp4a packetizer]
- RESERVED
+CVE-2013-4388 (Buffer overflow in the mp4a packetizer ...)
- vlc <unfixed> (bug #726528)
NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...)
@@ -3968,9 +4206,9 @@
RESERVED
NOT-FOR-US: Drupal module
CVE-2013-4382
- RESERVED
+ REJECTED
CVE-2013-4381
- RESERVED
+ REJECTED
CVE-2013-4380
RESERVED
NOT-FOR-US: Drupal module
@@ -3978,8 +4216,7 @@
NOT-FOR-US: Drupal module
CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Javamelody
-CVE-2013-4377 [qemu host crash from within guest]
- RESERVED
+CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in Qemu ...)
- qemu <unfixed>
[jessie] - qemu <not-affected> (Introduced in 1.4)
[wheezy] - qemu <not-affected> (Introduced in 1.4)
@@ -4009,37 +4246,31 @@
NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...)
NOT-FOR-US: JBoss Fuse
-CVE-2013-4371 [use-after-free in libxl_list_cpupool under memory pressure]
- RESERVED
+CVE-2013-4371 (Use-after-free vulnerability in the libxl_list_cpupool function in the ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
-CVE-2013-4370 [misplaced free in ocaml xc_vcpu_getaffinity stub]
- RESERVED
+CVE-2013-4370 (The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
-CVE-2013-4369 [possible null dereference when parsing vif ratelimiting info]
- RESERVED
+CVE-2013-4369 (The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
-CVE-2013-4368 [Information leak through outs instruction emulation]
- RESERVED
+CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and ...)
- xen <unfixed>
CVE-2013-4367
RESERVED
NOT-FOR-US: ovirt
CVE-2013-4366
RESERVED
-CVE-2013-4365
- RESERVED
+CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read function in ...)
{DSA-2778-1}
- libapache2-mod-fcgid 1:2.3.9-1 (bug #725942)
CVE-2013-4364
RESERVED
-CVE-2013-4363
- RESERVED
+CVE-2013-4363 (Algorithmic complexity vulnerability in ...)
- rubygems <unfixed> (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
@@ -4193,8 +4424,7 @@
CVE-2013-4320 [TYPO3 Core: Cross-Site Scripting, Remote Code Execution]
RESERVED
- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
-CVE-2013-4319 [Torque privilege escalation]
- RESERVED
+CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka ...)
{DSA-2770-1}
- torque 2.4.16+dfsg-1.1 (bug #722306)
NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
@@ -4230,11 +4460,9 @@
NOT-FOR-US: Mediawiki LiquidThreads extension
CVE-2013-4307 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Mediawiki Wikibase
-CVE-2013-4306 [CheckUser CSRF bypass]
- RESERVED
+CVE-2013-4306 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: Mediawiki CheckUser extension
-CVE-2013-4305 [mediawiki SyntaxHighlight_GeSHi XSS]
- RESERVED
+CVE-2013-4305 (Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...)
- mediawiki-extensions <unfixed> (low)
[wheezy] - mediawiki-extensions <no-dsa> (Minor issue)
NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
@@ -4308,8 +4536,7 @@
- policykit-1 0.105-3+nmu1 (low; bug #723717)
[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
-CVE-2013-4287 [Algorithmic complexity vulnerability]
- RESERVED
+CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...)
- rubygems <unfixed> (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
@@ -4408,8 +4635,7 @@
CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio ...)
{DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
-CVE-2013-4255 [condor_startd DoS when parsing policy definition that evaluates to ERROR or UNDEFINED]
- RESERVED
+CVE-2013-4255 (The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier ...)
- condor <unfixed> (bug #721693)
[wheezy] - condor <no-dsa> (Minor issue)
CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the ...)
@@ -4607,8 +4833,7 @@
- gwt <removed> (low)
[squeeze] - gwt <no-dsa> (Minor issue)
NOTE: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
-CVE-2013-4203 [Rgpg Ruby Gem Remote Command Injection]
- RESERVED
+CVE-2013-4203 (The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem ...)
NOT-FOR-US: Ruby Rgpg Gem
CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer ...)
- cinder 2013.1.2-4 (bug #719118)
@@ -4691,8 +4916,7 @@
NOT-FOR-US: MySecureShell
CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald ...)
NOT-FOR-US: Scald Drupal contributed module
-CVE-2013-4173 [remote file deletion]
- RESERVED
+CVE-2013-4173 (Directory traversal vulnerability in the trend-data daemon ...)
- xymon <unfixed> (bug #717895)
[wheezy] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
[squeeze] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
@@ -4709,8 +4933,7 @@
RESERVED
- smokeping 2.6.8-2
NOTE: https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563
-CVE-2013-4167 [XSS]
- RESERVED
+CVE-2013-4167 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...)
- cmsms <itp> (bug #608888)
CVE-2013-4166 [problem in GPG key selection when encrypting mail]
RESERVED
@@ -4803,8 +5026,7 @@
NOT-FOR-US: Stage File Proxy Drupal contributed module
CVE-2013-4138 (Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x ...)
NOT-FOR-US: Hatch Drupal contributed module
-CVE-2013-4137 [SQL Injection]
- RESERVED
+CVE-2013-4137 (Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 ...)
- statusnet <itp> (bug #491723)
CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 ...)
- passenger <removed>
@@ -5082,8 +5304,8 @@
RESERVED
CVE-2013-4057
RESERVED
-CVE-2013-4056
- RESERVED
+CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality ...)
+ TODO: check
CVE-2013-4055
RESERVED
CVE-2013-4054
@@ -5510,59 +5732,43 @@
NOT-FOR-US: Microsoft
CVE-2013-3844
RESERVED
-CVE-2013-3842
- RESERVED
+CVE-2013-3842 (Unspecified vulnerability Oracle Solaris 10 allows local users to ...)
NOT-FOR-US: Solaris
-CVE-2013-3841
- RESERVED
+CVE-2013-3841 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-3840
- RESERVED
+CVE-2013-3840 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-3839
- RESERVED
+CVE-2013-3839 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
{DSA-2780-1}
- mysql-5.5 <unfixed>
- mysql-5.1 <unfixed>
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
-CVE-2013-3838
- RESERVED
+CVE-2013-3838 (Unspecified vulnerability in Oracle SPARC Enterprise T & M Series ...)
NOT-FOR-US: Oracle SPARC Enterprise
-CVE-2013-3837
- RESERVED
+CVE-2013-3837 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote ...)
NOT-FOR-US: Oracle Solaris
-CVE-2013-3836
- RESERVED
+CVE-2013-3836 (Unspecified vulnerability in the Oracle Web Cache component in Oracle ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-3835
- RESERVED
+CVE-2013-3835 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2013-3834
- RESERVED
+CVE-2013-3834 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
NOT-FOR-US: Oracle Secure Global Desktop
-CVE-2013-3833
- RESERVED
+CVE-2013-3833 (Unspecified vulnerability in the Oracle Access Manager component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-3832
- RESERVED
+CVE-2013-3832 (Unspecified vulnerability in the Siebel Server Remote component in ...)
NOT-FOR-US: Oracle Siebel CRM
-CVE-2013-3831
- RESERVED
+CVE-2013-3831 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3830
RESERVED
-CVE-2013-3829
- RESERVED
+CVE-2013-3829 (Unspecified vulnerability in the Java SE, Java SE Embedded component ...)
- openjdk-6 <unfixed>
- openjdk-7 <unfixed>
-CVE-2013-3828
- RESERVED
+CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-3827
- RESERVED
+CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-3826
- RESERVED
+CVE-2013-3826 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
@@ -5586,8 +5792,7 @@
NOT-FOR-US: Oracle Industry Applications
CVE-2013-3815
RESERVED
-CVE-2013-3814
- RESERVED
+CVE-2013-3814 (Unspecified vulnerability in the Oracle Retail Invoice Matching ...)
NOT-FOR-US: Oracle Industry Applications
CVE-2013-3813 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
NOT-FOR-US: Oracle Solaris
@@ -5666,8 +5871,7 @@
- mysql-5.5 5.5.33+dfsg-1
- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
-CVE-2013-3792 [virtio-net host DoS]
- RESERVED
+CVE-2013-3792 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
- virtualbox-ose <removed>
- virtualbox 4.2.16-dfsg-1 (bug #715327)
NOTE: https://www.virtualbox.org/ticket/11863
@@ -5684,8 +5888,7 @@
NOT-FOR-US: Oracle Solaris
CVE-2013-3786 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...)
NOT-FOR-US: Oracle Solaris
-CVE-2013-3785
- RESERVED
+CVE-2013-3785 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3784 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
NOT-FOR-US: Oracle PeopleSoft Products
@@ -5725,8 +5928,7 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3767 (Unspecified vulnerability in the Oracle Application Object Library ...)
NOT-FOR-US: Oracle E-Business Suite Access Gate
-CVE-2013-3766
- RESERVED
+CVE-2013-3766 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
NOT-FOR-US: Oracle Primavera Products Suite
CVE-2013-3765 (Unspecified vulnerability in Oracle Solaris 11 allows local users to ...)
NOT-FOR-US: Oracle Solaris
@@ -5734,8 +5936,7 @@
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3763 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2013-3762
- RESERVED
+CVE-2013-3762 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-3761 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products Portal
@@ -5898,8 +6099,8 @@
RESERVED
CVE-2013-3694
RESERVED
-CVE-2013-3693
- RESERVED
+CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise ...)
+ TODO: check
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
NOT-FOR-US: Blackberry OS
CVE-2013-3691
@@ -5910,10 +6111,10 @@
NOT-FOR-US: Brickcom
CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, ...)
NOT-FOR-US: TP-Link
-CVE-2013-3687
- RESERVED
-CVE-2013-3686
- RESERVED
+CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, ...)
+ TODO: check
+CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera ...)
+ TODO: check
CVE-2013-3685
RESERVED
NOT-FOR-US: Sprite Software's backup softare for Android
@@ -6521,8 +6722,8 @@
NOT-FOR-US: Cisco
CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework in the ...)
NOT-FOR-US: Cisco
-CVE-2013-3415
- RESERVED
+CVE-2013-3415 (Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) ...)
+ TODO: check
CVE-2013-3414 (Cross-site scripting (XSS) vulnerability in the WebVPN portal login ...)
NOT-FOR-US: Cisco
CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the ...)
@@ -6811,8 +7012,7 @@
CVE-2013-3280
RESERVED
NOT-FOR-US: RSA Authentication Agent for Web for Internet Information Services
-CVE-2013-3279
- RESERVED
+CVE-2013-3279 (EMC Atmos before 2.1.4 has a blank password for the PostgreSQL ...)
NOT-FOR-US: EMC
CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...)
NOT-FOR-US: EMC
@@ -7388,8 +7588,8 @@
NOT-FOR-US: IBM Domino
CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in ...)
NOT-FOR-US: Lotus Quickr for Domino ActiveX
-CVE-2013-3025
- RESERVED
+CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...)
+ TODO: check
CVE-2013-3024
RESERVED
CVE-2013-3023
@@ -7583,20 +7783,16 @@
RESERVED
CVE-2013-2929
RESERVED
-CVE-2013-2928
- RESERVED
+CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 30.0.1599.101-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2927
- RESERVED
+CVE-2013-2927 (Use-after-free vulnerability in the ...)
- chromium-browser 30.0.1599.101-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2926
- RESERVED
+CVE-2013-2926 (Use-after-free vulnerability in the ...)
- chromium-browser 30.0.1599.101-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2013-2925
- RESERVED
+CVE-2013-2925 (Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, ...)
- chromium-browser 30.0.1599.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ...)
@@ -8028,8 +8224,8 @@
NOT-FOR-US: Kepware
CVE-2013-2788 (The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 ...)
NOT-FOR-US: SUBNET Solutions SubSTATION Server
-CVE-2013-2787
- RESERVED
+CVE-2013-2787 (Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to ...)
+ TODO: check
CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 ...)
NOT-FOR-US: Alstom Grid MiCOM S1
CVE-2013-2785 (Multiple buffer overflows in CimWebServer.exe in the WebView component ...)
@@ -8116,7 +8312,7 @@
CVE-2013-2750
RESERVED
CVE-2013-2749
- RESERVED
+ REJECTED
CVE-2013-2748
RESERVED
CVE-2013-2747
@@ -8488,14 +8684,14 @@
- open-xchange <itp> (bug #269329)
CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange ...)
- open-xchange <itp> (bug #269329)
-CVE-2013-2581
- RESERVED
-CVE-2013-2580
- RESERVED
-CVE-2013-2579
- RESERVED
-CVE-2013-2578
- RESERVED
+CVE-2013-2581 (cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, ...)
+ TODO: check
+CVE-2013-2580 (Unrestricted file upload vulnerability in cgi-bin/uploadfile in ...)
+ TODO: check
+CVE-2013-2579 (TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and ...)
+ TODO: check
+CVE-2013-2578 (cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, ...)
+ TODO: check
CVE-2013-2577 (Buffer overflow in XnView before 2.04 allows remote attackers to ...)
NOT-FOR-US: XnView
CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers to ...)
@@ -9183,8 +9379,7 @@
NOT-FOR-US: HP LoadRunner
CVE-2013-2367 (Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, ...)
NOT-FOR-US: HP SiteScope
-CVE-2013-2366
- RESERVED
+CVE-2013-2366 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...)
NOT-FOR-US: HP Business Process Monitor
CVE-2013-2365 (HP Database and Middleware Automation (DMA) 10.x before 10.10, when ...)
NOT-FOR-US: HP DMA
@@ -9440,8 +9635,7 @@
- quantum <unfixed>
- swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5)
TODO: check if complete and possibly report to BTS, sec announcement from upstream in preparation
-CVE-2013-2254
- RESERVED
+CVE-2013-2254 (The deepGetOrCreateNode function in ...)
NOT-FOR-US: Apache Sling
CVE-2013-2253
RESERVED
@@ -9648,8 +9842,7 @@
CVE-2013-2191
RESERVED
NOT-FOR-US: python-bugzilla
-CVE-2013-2190
- RESERVED
+CVE-2013-2190 (The translate_hierarchy_event function in ...)
- clutter-1.0 1.14.4-3 (low; bug #714264)
[squeeze] - clutter-1.0 <no-dsa> (Minor issue)
[wheezy] - clutter-1.0 <no-dsa> (Minor issue)
@@ -10772,7 +10965,7 @@
CVE-2013-1871
RESERVED
CVE-2013-1870
- RESERVED
+ REJECTED
CVE-2013-1869
RESERVED
CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and ...)
@@ -11197,8 +11390,7 @@
RESERVED
CVE-2013-1740
RESERVED
-CVE-2013-1739 [nss "uninitialized data read in the event of a decryption failure"]
- RESERVED
+CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...)
- nss 2:3.15.2-1 (bug #726473)
[squeeze] - nss <not-affected> (Introduced in 3.14.3)
NOTE: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes
@@ -14830,8 +15022,8 @@
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-0501 (The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in ...)
NOT-FOR-US: IBM Cognos Disclosure Management
-CVE-2013-0500
- RESERVED
+CVE-2013-0500 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not ...)
+ TODO: check
CVE-2013-0499 (Cross-site scripting (XSS) vulnerability in the echo functionality on ...)
NOT-FOR-US: IBM
CVE-2013-0498
@@ -20736,8 +20928,8 @@
NOT-FOR-US: WellinTech KingView
CVE-2012-4710 (Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote ...)
NOT-FOR-US: Invensys Wonderware Win-XML Exporter
-CVE-2012-4709
- RESERVED
+CVE-2012-4709 (Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote ...)
+ TODO: check
CVE-2012-4708 (Stack-based buffer overflow in 3S CODESYS Gateway-Server before ...)
NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4707 (3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to ...)
@@ -22526,8 +22718,7 @@
RESERVED
CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass intended ...)
NOT-FOR-US: Cisco
-CVE-2012-4121
- RESERVED
+CVE-2012-4121 (Cisco NX-OS allows local users to gain privileges, and read or modify ...)
NOT-FOR-US: Cisco
CVE-2012-4120
RESERVED
@@ -22535,23 +22726,17 @@
RESERVED
CVE-2012-4118
RESERVED
-CVE-2012-4117
- RESERVED
+CVE-2012-4117 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco
-CVE-2012-4116
- RESERVED
+CVE-2012-4116 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco
-CVE-2012-4115
- RESERVED
+CVE-2012-4115 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco
-CVE-2012-4114
- RESERVED
+CVE-2012-4114 (The fabric-interconnect KVM module in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco
-CVE-2012-4113
- RESERVED
+CVE-2012-4113 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco
-CVE-2012-4112
- RESERVED
+CVE-2012-4112 (The Baseboard Management Controller (BMC) in Cisco Unified Computing ...)
NOT-FOR-US: Cisco
CVE-2012-4111 (The create certreq command in the fabric-interconnect component in ...)
NOT-FOR-US: Cisco
@@ -22559,17 +22744,13 @@
NOT-FOR-US: Cisco
CVE-2012-4109 (The clear sshkey command in the fabric-interconnect component in Cisco ...)
NOT-FOR-US: Cisco
-CVE-2012-4108
- RESERVED
+CVE-2012-4108 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2012-4107
- RESERVED
+CVE-2012-4107 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2012-4106
- RESERVED
+CVE-2012-4106 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2012-4105
- RESERVED
+CVE-2012-4105 (The fabric-interconnect component in Cisco Unified Computing System ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4104 (Absolute path traversal vulnerability in the image-download process in ...)
NOT-FOR-US: Cisco
@@ -22581,13 +22762,11 @@
RESERVED
CVE-2012-4100
RESERVED
-CVE-2012-4099
- RESERVED
+CVE-2012-4099 (The BGP implementation in Cisco NX-OS does not properly filter AS ...)
NOT-FOR-US: Cisco
CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter AS ...)
NOT-FOR-US: Cisco
-CVE-2012-4097
- RESERVED
+CVE-2012-4097 (The BGP implementation in Cisco NX-OS does not properly filter segment ...)
NOT-FOR-US: Cisco
CVE-2012-4096 (The local file editor in the Baseboard Management Controller (BMC) in ...)
NOT-FOR-US: Cisco
@@ -22627,11 +22806,10 @@
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4078 (The Baseboard Management Controller (BMC) in Cisco Unified Computing ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2012-4077
- RESERVED
+CVE-2012-4077 (Cisco NX-OS allows local users to gain privileges and execute ...)
NOT-FOR-US: Cisco
-CVE-2012-4076
- RESERVED
+CVE-2012-4076 (Cisco NX-OS allows local users to gain privileges and execute ...)
+ TODO: check
CVE-2012-4075 (Cisco NX-OS allows local users to gain privileges and execute ...)
NOT-FOR-US: Cisco
CVE-2012-4074 (The Board Management Controller (BMC) in the Serial over LAN (SoL) ...)
More information about the Secure-testing-commits
mailing list