[Secure-testing-commits] r23707 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Sep 17 21:14:29 UTC 2013
Author: joeyh
Date: 2013-09-17 21:14:29 +0000 (Tue, 17 Sep 2013)
New Revision: 23707
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-17 18:21:23 UTC (rev 23706)
+++ data/CVE/list 2013-09-17 21:14:29 UTC (rev 23707)
@@ -1,3 +1,29 @@
+CVE-2013-5754 (The authorization implementation on Dahua DVR appliances accepts a ...)
+ TODO: check
+CVE-2013-5753
+ RESERVED
+CVE-2013-5752
+ RESERVED
+CVE-2013-5751 (Directory traversal vulnerability in SAP NetWeaver 7.x allows remote ...)
+ TODO: check
+CVE-2013-5750
+ RESERVED
+CVE-2013-5749
+ RESERVED
+CVE-2013-5748
+ RESERVED
+CVE-2013-5747
+ RESERVED
+CVE-2013-5746
+ RESERVED
+CVE-2013-5744
+ RESERVED
+CVE-2013-5743
+ RESERVED
+CVE-2013-5742
+ RESERVED
+CVE-2013-5741
+ RESERVED
CVE-2013-XXXX [poppler / JPEG error handler]
- poppler 0.16.3-1 (bug #722705)
CVE-2013-XXXX [Unsecure use of system]
@@ -4,6 +30,7 @@
- davfs2 <unfixed> (bug #723034)
NOTE: http://savannah.nongnu.org/bugs/?40034
CVE-2013-5745 [Persistent DoS Vulnerability in Vino VNC Server]
+ RESERVED
- vino <unfixed>
NOTE: http://seclists.org/fulldisclosure/2013/Sep/105
TODO: check
@@ -56,8 +83,7 @@
RESERVED
CVE-2013-5712
RESERVED
-CVE-2013-5711
- RESERVED
+CVE-2013-5711 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Design-approval-system Plugin for WordPress
CVE-2013-XXXX [https://www.wireshark.org/security/wnpa-sec-2013-60.html ]
- wireshark 1.10.2-1
@@ -91,8 +117,8 @@
RESERVED
- kfreebsd-9 9.2~svn255465-1 (bug #722337)
- kfreebsd-8 <removed>
-CVE-2013-5709
- RESERVED
+CVE-2013-5709 (The authentication implementation in the web server on Siemens ...)
+ TODO: check
CVE-2013-5708 (Coursemill Learning Management System (LMS) 6.8 constructs secret ...)
NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5707 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
@@ -252,8 +278,8 @@
RESERVED
CVE-2013-5652
RESERVED
-CVE-2013-5650
- RESERVED
+CVE-2013-5650 (Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before ...)
+ TODO: check
CVE-2013-5649 (Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos ...)
NOT-FOR-US: Juniper
CVE-2013-5655
@@ -308,33 +334,33 @@
CVE-2013-5635
RESERVED
CVE-2013-5633
- RESERVED
+ REJECTED
CVE-2013-5632
- RESERVED
+ REJECTED
CVE-2013-5631
- RESERVED
+ REJECTED
CVE-2013-5630
- RESERVED
+ REJECTED
CVE-2013-5629
- RESERVED
+ REJECTED
CVE-2013-5628
- RESERVED
+ REJECTED
CVE-2013-5627
- RESERVED
+ REJECTED
CVE-2013-5626
- RESERVED
+ REJECTED
CVE-2013-5625
- RESERVED
+ REJECTED
CVE-2013-5624
- RESERVED
+ REJECTED
CVE-2013-5623
- RESERVED
+ REJECTED
CVE-2013-5622
- RESERVED
+ REJECTED
CVE-2013-5621
- RESERVED
+ REJECTED
CVE-2013-5620
- RESERVED
+ REJECTED
CVE-2013-5619
RESERVED
CVE-2013-5618
@@ -871,8 +897,8 @@
RESERVED
CVE-2013-5370
RESERVED
-CVE-2013-5369
- RESERVED
+CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before ...)
+ TODO: check
CVE-2013-5368
RESERVED
CVE-2013-5367
@@ -2166,8 +2192,8 @@
RESERVED
CVE-2013-4767
RESERVED
-CVE-2013-4766
- RESERVED
+CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote ...)
+ TODO: check
CVE-2013-4765
RESERVED
CVE-2013-4764
@@ -3192,8 +3218,7 @@
RESERVED
CVE-2013-4316
RESERVED
-CVE-2013-4315 [directory traversal with ssi template tag]
- RESERVED
+CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...)
{DSA-2755-1}
- python-django 1.5.3-1 (bug #722605)
CVE-2013-4314 [hostname check bypassing vulnerability]
@@ -3308,13 +3333,11 @@
RESERVED
CVE-2013-4279
RESERVED
-CVE-2013-4278 [Nova private flavors resource limit circumvention]
- RESERVED
+CVE-2013-4278 (The "create an instance" API in OpenStack Compute (Nova) Folsom, ...)
- nova 2013.1.3-1 (bug #720602)
[wheezy] - nova <not-affected> (Affected code not present)
NOTE: incomplete fix for CVE-2013-2256
-CVE-2013-4277 [local privilege escalation vulnerability via symlink attack]
- RESERVED
+CVE-2013-4277 (Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through ...)
- subversion <unfixed> (low; bug #721542)
[squeeze] - subversion <no-dsa> (Minor issue, PID file not created by default)
[wheezy] - subversion <no-dsa> (Minor issue, PID file not created by default)
@@ -3373,11 +3396,9 @@
NOTE: code in nova/rpc/impl_qpid.py
NOTE: https://bugs.launchpad.net/nova/+bug/1215091/comments/10 (relevant question for other components)
TODO: check
-CVE-2013-4260 [predictible filename used for failed result in world writable directory]
- RESERVED
+CVE-2013-4260 (lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when ...)
- ansible <not-affected> (affected code introduced with ansible 1.2)
-CVE-2013-4259 [insecure location for ssh ControlMaster socket]
- RESERVED
+CVE-2013-4259 (runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ...)
- ansible <unfixed> (bug #721766)
NOTE: upstream commit: https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0
CVE-2013-4258 [Format string]
@@ -3471,12 +3492,10 @@
NOTE: for incomplete fix for CVE-2013-0167
CVE-2013-4235
RESERVED
-CVE-2013-4234 [heap overflow]
- RESERVED
+CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...)
{DSA-2751-1}
- libmodplug 1:0.8.8.4-4 (bug #719462)
-CVE-2013-4233 [integer overflow]
- RESERVED
+CVE-2013-4233 (Integer overflow in the abc_set_parts function in load_abc.cpp in ...)
{DSA-2751-1}
- libmodplug 1:0.8.8.4-4 (bug #719462)
CVE-2013-4232 (Use-after-free vulnerability in the t2p_readwrite_pdf_image function ...)
@@ -3587,8 +3606,7 @@
CVE-2013-4203 [Rgpg Ruby Gem Remote Command Injection]
RESERVED
NOT-FOR-US: Ruby Rgpg Gem
-CVE-2013-4202 [Denial of Service using XML entities in Nova/Cinder extensions]
- RESERVED
+CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer ...)
- cinder 2013.1.2-4 (bug #719118)
CVE-2013-4201 [Katello: CLI - user without access can call "system remove_deletion" command]
RESERVED
@@ -3643,20 +3661,15 @@
CVE-2013-4184 [symlink attacks]
RESERVED
- libdata-uuid-perl <unfixed> (low; bug #718949)
-CVE-2013-4183 [Cinder LVM volume driver does not support secure deletion]
- RESERVED
+CVE-2013-4183 (The clear_volume function in LVMVolumeDriver driver in OpenStack ...)
- cinder 2013.1.2-4 (bug #719010)
-CVE-2013-4182
- RESERVED
+CVE-2013-4182 (app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 ...)
- foreman <itp> (bug #663101)
-CVE-2013-4181
- RESERVED
+CVE-2013-4181 (Cross-site scripting (XSS) vulnerability in the addAlert function in ...)
NOT-FOR-US: ovirt
-CVE-2013-4180
- RESERVED
+CVE-2013-4180 (The (1) power and (2) ipmi_boot actions in the HostController in ...)
- foreman <itp> (bug #663101)
-CVE-2013-4179 [Denial of Service using XML entities in Nova/Cinder extensions]
- RESERVED
+CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly ...)
- nova <unfixed>
CVE-2013-4178
RESERVED
@@ -3809,8 +3822,7 @@
- kde-workspace 4:4.10.5-3 (unimportant; bug #717180)
NOTE: https://bugs.kde.org/show_bug.cgi?id=314919
NOTE: Plain bug, security implication rather far-fetched
-CVE-2013-4132 [NULL pointer dereference]
- RESERVED
+CVE-2013-4132 (KDE-Workspace 4.10.5 and earlier does not properly handle the return ...)
- kde-workspace 4:4.10.5-3 (bug #717180)
[wheezy] - kde-workspace <not-affected> (Only exploitable with glibc 2.17)
- kdebase-workspace <not-affected> (Only exploitable with glibc 2.17)
@@ -3846,8 +3858,7 @@
- samba4 <unfixed> (low)
[wheezy] - samba4 <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2013-4124
-CVE-2013-4123 [SQUID-2013:3 Denial of service in request processing]
- RESERVED
+CVE-2013-4123 (client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before ...)
- squid <not-affected> (Only affects 3.2 onwards)
- squid3 3.3.8-1 (bug #716743)
[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
@@ -4082,12 +4093,12 @@
RESERVED
CVE-2013-4050
RESERVED
-CVE-2013-4049
- RESERVED
-CVE-2013-4048
- RESERVED
-CVE-2013-4047
- RESERVED
+CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...)
+ TODO: check
+CVE-2013-4048 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical ...)
+ TODO: check
+CVE-2013-4047 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical ...)
+ TODO: check
CVE-2013-4046
RESERVED
CVE-2013-4045
@@ -5042,14 +5053,14 @@
RESERVED
CVE-2013-3616
RESERVED
-CVE-2013-3615
- RESERVED
-CVE-2013-3614
- RESERVED
-CVE-2013-3613
- RESERVED
-CVE-2013-3612
- RESERVED
+CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash ...)
+ TODO: check
+CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password ...)
+ TODO: check
+CVE-2013-3613 (Dahua DVR appliances do not properly restrict UPnP requests, which ...)
+ TODO: check
+CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root ...)
+ TODO: check
CVE-2013-3611
RESERVED
CVE-2013-3610
@@ -6943,8 +6954,8 @@
NOT-FOR-US: IOServer
CVE-2013-2789 (The Kepware DNP Master Driver for the KEPServerEX Communications ...)
NOT-FOR-US: Kepware
-CVE-2013-2788
- RESERVED
+CVE-2013-2788 (The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 ...)
+ TODO: check
CVE-2013-2787
RESERVED
CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 ...)
@@ -8238,10 +8249,9 @@
[wheezy] - boinc <no-dsa> (Minor issue, only exploitable by a rogue BOINC server)
[squeeze] - boinc <no-dsa> (Minor issue, only exploitable by a rogue BOINC server)
NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b
-CVE-2013-2297
- RESERVED
-CVE-2013-2296 [Walrus does not check authorization for some operations]
- RESERVED
+CVE-2013-2297 (Eucalyptus EuStore sets a blank root password in the default ...)
+ TODO: check
+CVE-2013-2296 (Walrus in Eucalyptus before 3.2.2 does not verify authorization for ...)
- eucalyptus <removed> (bug #707592)
NOTE: commit: https://github.com/eucalyptus/eucalyptus/commit/da7bb8b7c15d453e62df38eff5c12d0998e6eab1
NOTE: https://eucalyptus.atlassian.net/browse/EUCA-3074
@@ -8342,8 +8352,7 @@
CVE-2013-2257
RESERVED
NOT-FOR-US: Cryptocat
-CVE-2013-2256 [Resource limit circumvention in Nova private flavors]
- RESERVED
+CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 ...)
- nova 2013.1.2-3 (bug #718905)
[wheezy] - nova <not-affected> (Affected code not present)
CVE-2013-2255 [Inconsistent and non-validating HTTPS client]
@@ -11065,18 +11074,17 @@
RESERVED
CVE-2013-1443 [python-django: denial-of-service via large passwords]
RESERVED
+ {DSA-2758-1}
- python-django 1.5.4-1 (bug #723043)
CVE-2013-1442
RESERVED
-CVE-2013-1441 [exactimage crash on dcraw failures]
- RESERVED
+CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initialize ...)
{DSA-2754-1}
- exactimage 0.8.9-2
NOTE: a different issue than CVE-2013-1438
CVE-2013-1440
RESERVED
-CVE-2013-1439 [libraw: multiple DoS]
- RESERVED
+CVE-2013-1439 (The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before ...)
- libraw <unfixed> (bug #721338)
- libkdcraw <unfixed> (bug #721340)
- darktable 1.2.2-2 (bug #721339)
@@ -21420,8 +21428,7 @@
NOT-FOR-US: Dir2Web
CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix ...)
NOT-FOR-US: Citrix
-CVE-2012-4067 [Walrus XML parsing allows document type declaration]
- RESERVED
+CVE-2012-4067 (Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a ...)
- eucalyptus <removed> (bug #707592)
NOTE: https://github.com/eucalyptus/eucalyptus/commit/e958e60
NOTE: https://eucalyptus.atlassian.net/browse/EUCA-5277
More information about the Secure-testing-commits
mailing list