Author: joeyh Date: 2013-05-29 09:14:26 +0000 (Wed, 29 May 2013) New Revision: 22395
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-05-29 08:52:09 UTC (rev 22394) +++ data/CVE/list 2013-05-29 09:14:26 UTC (rev 22395) @@ -1,3 +1,47 @@ +CVE-2013-3681 + RESERVED +CVE-2013-3680 + RESERVED +CVE-2013-3679 + RESERVED +CVE-2013-3678 + RESERVED +CVE-2013-3677 + RESERVED +CVE-2013-3676 + RESERVED +CVE-2013-3675 + RESERVED +CVE-2013-3674 + RESERVED +CVE-2013-3673 + RESERVED +CVE-2013-3672 + RESERVED +CVE-2013-3671 + RESERVED +CVE-2013-3670 + RESERVED +CVE-2013-3669 + RESERVED +CVE-2013-3668 + RESERVED +CVE-2013-3667 + RESERVED +CVE-2013-3666 + RESERVED +CVE-2013-3665 + RESERVED +CVE-2013-3664 + RESERVED +CVE-2013-3663 + RESERVED +CVE-2013-3662 + RESERVED +CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP ...) + TODO: check +CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in Microsoft ...) + TODO: check CVE-2013-XXXX [libraw: multiple issues] - libraw <unfixed> NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3 @@ -73,10 +117,10 @@ RESERVED CVE-2013-3635 RESERVED -CVE-2013-3634 - RESERVED -CVE-2013-3633 - RESERVED +CVE-2013-3634 (The SNMPv3 functionality on Siemens Scalance X200 IRT switches with ...) + TODO: check +CVE-2013-3633 (The web interface on Siemens Scalance X200 IRT switches with firmware ...) + TODO: check CVE-2013-3632 RESERVED CVE-2013-3631 @@ -221,44 +265,36 @@ RESERVED CVE-2013-3563 RESERVED -CVE-2013-3562 [wireshark: Websocket dissector crash] - RESERVED +CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in ...) - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html -CVE-2013-3561 [wireshark: Websocket dissector crash] - RESERVED +CVE-2013-3561 (Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow ...) - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html -CVE-2013-3560 [wireshark: MPEG DSM-CC dissector crash] - RESERVED +CVE-2013-3560 (The dissect_dsmcc_un_download function in ...) - wireshark 1.8.7-1 (unimportant; bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html NOTE: Not suitable for code injection -CVE-2013-3559 [wireshark: DCP ETSI dissector crash] - RESERVED +CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in ...) - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html -CVE-2013-3558 [wireshark: PPP CCP dissector crash] - RESERVED +CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c ...) - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html -CVE-2013-3557 [wireshark: ASN.1 BER dissector crash] - RESERVED +CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ...) - wireshark 1.8.7-1 (bug #709167) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html -CVE-2013-3556 [wireshark: ASN.1 BER dissector crash] - RESERVED +CVE-2013-3556 (The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 ...) - wireshark <not-affected> (Only affected the dev trunk) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html (r48943) -CVE-2013-3555 [wireshark: GTPv2 dissector crash] - RESERVED +CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark ...) - wireshark 1.8.7-1 (bug #709167) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html @@ -1534,20 +1570,20 @@ RESERVED CVE-2013-2960 RESERVED -CVE-2013-2959 - RESERVED +CVE-2013-2959 (The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business ...) + TODO: check CVE-2013-2958 RESERVED -CVE-2013-2957 - RESERVED -CVE-2013-2956 - RESERVED -CVE-2013-2955 - RESERVED -CVE-2013-2954 - RESERVED -CVE-2013-2953 - RESERVED +CVE-2013-2957 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data ...) + TODO: check +CVE-2013-2956 (SQL injection vulnerability in the Console in IBM InfoSphere Optim ...) + TODO: check +CVE-2013-2955 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data ...) + TODO: check +CVE-2013-2954 (The login page in the Console in IBM InfoSphere Optim Data Growth for ...) + TODO: check +CVE-2013-2953 (IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, ...) + TODO: check CVE-2013-2952 RESERVED CVE-2013-2951 @@ -3601,27 +3637,22 @@ - owncloud <not-affected> (Only affects 5.0.x) CVE-2013-2084 RESERVED -CVE-2013-2083 [Form filtering issue] - RESERVED +CVE-2013-2083 (The MoodleQuickForm class in lib/formslib.php in Moodle through ...) - moodle <unfixed> (low) [squeeze] - moodle <no-dsa> (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885 -CVE-2013-2082 [Permission issue in blog comments] - RESERVED +CVE-2013-2082 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and ...) - moodle <unfixed> NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245 -CVE-2013-2081 [Information leak in hub registration] - RESERVED +CVE-2013-2081 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and ...) - moodle <unfixed> (low) [squeeze] - moodle <no-dsa> (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822 -CVE-2013-2080 [Potential information leak in Gradebook] - RESERVED +CVE-2013-2080 (The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, ...) - moodle <unfixed> (low) [squeeze] - moodle <no-dsa> (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475 -CVE-2013-2079 [Capability issue in Assignment] - RESERVED +CVE-2013-2079 (mod/assign/locallib.php in the assignment module in Moodle 2.3.x ...) - moodle <not-affected> (Only affects 2.3 and later) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443 CVE-2013-2078 @@ -7995,8 +8026,8 @@ RESERVED CVE-2012-6400 RESERVED -CVE-2012-6399 - RESERVED +CVE-2012-6399 (Cisco WebEx 4.1 on iOS does not verify that the server hostname ...) + TODO: check CVE-2012-6398 RESERVED CVE-2012-6397 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Social ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits