[Secure-testing-commits] r23772 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Sep 24 21:15:11 UTC 2013 

Author: joeyh
Date: 2013-09-24 21:15:11 +0000 (Tue, 24 Sep 2013)
New Revision: 23772

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-09-24 13:38:40 UTC (rev 23771)
+++ data/CVE/list	2013-09-24 21:15:11 UTC (rev 23772)
@@ -1,3 +1,9 @@
+CVE-2013-5932 (Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro ...)
+	TODO: check
+CVE-2013-5931 (SQL injection vulnerability in property_listings_detail.php in Real ...)
+	TODO: check
+CVE-2013-5930 (Cross-site scripting (XSS) vulnerability in search_residential.php in ...)
+	TODO: check
 CVE-2013-5929
 	RESERVED
 CVE-2013-5928
@@ -34,8 +40,8 @@
 	RESERVED
 CVE-2013-5912
 	RESERVED
-CVE-2013-5911
-	RESERVED
+CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
+	TODO: check
 CVE-2013-5910
 	RESERVED
 CVE-2013-5909
@@ -50,8 +56,8 @@
 	RESERVED
 CVE-2013-5904
 	RESERVED
-CVE-2013-5903
-	RESERVED
+CVE-2013-5903 (Cross-site scripting (XSS) vulnerability in Graphite before 0.9.11 ...)
+	TODO: check
 CVE-2013-5902
 	RESERVED
 CVE-2013-5901
@@ -458,8 +464,7 @@
 	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
 	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-54.html
-CVE-2013-5710 [nullfs hardlinks across mounts]
-	RESERVED
+CVE-2013-5710 (The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel ...)
 	- kfreebsd-9 9.2~svn255465-1 (bug #722337)
 	- kfreebsd-8 <removed>
 CVE-2013-5709 (The authentication implementation in the web server on Siemens ...)
@@ -539,8 +544,7 @@
 	RESERVED
 CVE-2013-5667
 	RESERVED
-CVE-2013-5666 [sendfile kernel memory disclosure]
-	RESERVED
+CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...)
 	- kfreebsd-9 9.2~svn255465-1 (bug #722336)
 CVE-2013-5665
 	RESERVED
@@ -1540,8 +1544,8 @@
 	RESERVED
 CVE-2013-5222
 	RESERVED
-CVE-2013-5221
-	RESERVED
+CVE-2013-5221 (The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 ...)
+	TODO: check
 CVE-2013-5220
 	RESERVED
 CVE-2013-5219
@@ -1751,8 +1755,7 @@
 	NOT-FOR-US: PHPFox
 CVE-2013-5120 (SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows ...)
 	NOT-FOR-US: PHPFox
-CVE-2013-5119
-	RESERVED
+CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows ...)
 	NOT-FOR-US: Zimbra Collaboration Suite
 CVE-2013-5118
 	RESERVED
@@ -3589,6 +3592,7 @@
 	- python-django 1.5.3-1 (bug #722605)
 CVE-2013-4314 [hostname check bypassing vulnerability]
 	RESERVED
+	{DSA-2763-1}
 	- pyopenssl 0.13-2.1 (bug #722055)
 CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...)
 	- moodle 2.5.2-1
@@ -3657,8 +3661,7 @@
 	NOTE: Fix: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=e7f400a110e2e3673b96518170bfea0855dd82c0
 CVE-2013-4295
 	RESERVED
-CVE-2013-4294 [Token revocation failure using Keystone memcache/KVS backends]
-	RESERVED
+CVE-2013-4294 (The (1) mamcache and (2) KVS token backends in OpenStack Identity ...)
 	- keystone 2013.1.3-2 (bug #722505)
 	[wheezy] - keystone <not-affected> (only affects Folsom release and above)
 CVE-2013-4293
@@ -5432,8 +5435,8 @@
 	RESERVED
 CVE-2013-3617
 	RESERVED
-CVE-2013-3616
-	RESERVED
+CVE-2013-3616 (Cross-site scripting (XSS) vulnerability in the KnowledgeView ...)
+	TODO: check
 CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash ...)
 	NOT-FOR-US: Dahua DVR
 CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password ...)
@@ -5442,8 +5445,8 @@
 	NOT-FOR-US: Dahua DVR
 CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root ...)
 	NOT-FOR-US: Dahua DVR
-CVE-2013-3611
-	RESERVED
+CVE-2013-3611 (NETELLER Direct Payment API 4.1.6 allows remote authenticated users to ...)
+	TODO: check
 CVE-2013-3610
 	RESERVED
 CVE-2013-3609 (The web interface in the Intelligent Platform Management Interface ...)
@@ -5486,8 +5489,8 @@
 	RESERVED
 CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in ...)
 	NOT-FOR-US: SearchBlox
-CVE-2013-3589
-	RESERVED
+CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
+	TODO: check
 CVE-2013-3588
 	RESERVED
 CVE-2013-3587 [BREACH attack against HTTP compression]
@@ -8875,8 +8878,7 @@
 	[jessie] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
 	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
 	NOTE: Vulnerable code introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=7ac2c4fe624f30f2c8270116513fa2ddab07631f
-CVE-2013-2217 [Insecure temporary directory use when initializing file-based URL cache]
-	RESERVED
+CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local users ...)
 	- suds 0.4.1-8 (low; bug #714340)
 	[wheezy] - suds <no-dsa> (Minor issue)
 	[squeeze] - suds <no-dsa> (Minor issue)
@@ -11538,8 +11540,7 @@
 	RESERVED
 CVE-2013-1444
 	RESERVED
-CVE-2013-1443 [python-django: denial-of-service via large passwords]
-	RESERVED
+CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x ...)
 	{DSA-2758-1}
 	- python-django 1.5.4-1 (bug #723043)
 CVE-2013-1442
@@ -11597,8 +11598,7 @@
 CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not ...)
 	- xen <unfixed>
 	NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable
-CVE-2013-1431
-	RESERVED
+CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before ...)
 	{DSA-2702-1}
 	- telepathy-gabble 0.16.6-1
 CVE-2013-1430
@@ -18306,8 +18306,8 @@
 	RESERVED
 CVE-2012-5339 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
-CVE-2012-5338
-	RESERVED
+CVE-2012-5338 (Open redirect vulnerability in JForum 2.1.9 allows remote attackers to ...)
+	TODO: check
 CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in ...)
 	NOT-FOR-US: jForum
 CVE-2012-5336
@@ -21849,8 +21849,8 @@
 	RESERVED
 CVE-2012-4095
 	RESERVED
-CVE-2012-4094
-	RESERVED
+CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric ...)
+	TODO: check
 CVE-2012-4093 (The Manager component in Cisco Unified Computing System (UCS) allows ...)
 	NOT-FOR-US: Cisco Unified Computing System
 CVE-2012-4092
@@ -21859,16 +21859,16 @@
 	RESERVED
 CVE-2012-4090
 	RESERVED
-CVE-2012-4089
-	RESERVED
+CVE-2012-4089 (MCTOOLS in the fabric interconnect in Cisco Unified Computing System ...)
+	TODO: check
 CVE-2012-4088
 	RESERVED
-CVE-2012-4087
-	RESERVED
+CVE-2012-4087 (A setup script for fabric interconnect devices in Cisco Unified ...)
+	TODO: check
 CVE-2012-4086
 	RESERVED
-CVE-2012-4085
-	RESERVED
+CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
+	TODO: check
 CVE-2012-4084
 	RESERVED
 CVE-2012-4083 (Multiple buffer overflows in the administrative web interface in Cisco ...)
@@ -21881,8 +21881,8 @@
 	RESERVED
 CVE-2012-4079
 	RESERVED
-CVE-2012-4078
-	RESERVED
+CVE-2012-4078 (The Baseboard Management Controller (BMC) in Cisco Unified Computing ...)
+	TODO: check
 CVE-2012-4077
 	RESERVED
 CVE-2012-4076
@@ -25553,8 +25553,8 @@
 	{DSA-2636-1}
 	- xen 4.1.3-4 (low; bug #688125)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
-CVE-2012-2624
-	RESERVED
+CVE-2012-2624 (Stack-based buffer overflow in Logica HotScan allows remote attackers ...)
+	TODO: check
 CVE-2012-XXXX [two XSS]
 	- spip 2.1.14-1 (low; bug #672961)
 	[squeeze] - spip 2.1.1-3squeeze4

More information about the Secure-testing-commits mailing list