Author: joeyh Date: 2013-06-17 21:14:25 +0000 (Mon, 17 Jun 2013) New Revision: 22656
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-06-17 20:02:20 UTC (rev 22655) +++ data/CVE/list 2013-06-17 21:14:25 UTC (rev 22656) @@ -1,3 +1,27 @@ +CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before ...) + TODO: check +CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow ...) + TODO: check +CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in data-entry ...) + TODO: check +CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain ...) + TODO: check +CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows ...) + TODO: check +CVE-2013-4607 + RESERVED +CVE-2013-4606 + RESERVED +CVE-2013-4605 + RESERVED +CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to execute ...) + TODO: check +CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 ...) + TODO: check +CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 ...) + TODO: check +CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 ...) + TODO: check CVE-2013-4604 RESERVED CVE-2013-4603 @@ -1041,13 +1065,16 @@ CVE-2013-4084 RESERVED CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717 CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) [squeeze] - wireshark <not-affected> (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760 CVE-2013-4081 (The http_payload_subdissector function in ...) + {DSA-2709-1} - wireshark <unfixed> (unimportant; bug #711918) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 NOTE: Not suitable for code injection @@ -1062,25 +1089,30 @@ [squeeze] - wireshark <not-affected> (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730 CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) [squeeze] - wireshark <not-affected> (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729 CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x before ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) [squeeze] - wireshark <not-affected> (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697 CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) [squeeze] - wireshark <not-affected> (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727 CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) [squeeze] - wireshark <not-affected> (Only affects 1.8+) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726 CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in ...) + {DSA-2709-1} - wireshark <unfixed> (bug #711918) [squeeze] - wireshark <not-affected> (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725 @@ -1312,12 +1344,12 @@ RESERVED CVE-2013-3960 RESERVED -CVE-2013-3959 - RESERVED -CVE-2013-3958 - RESERVED -CVE-2013-3957 - RESERVED +CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in ...) + TODO: check +CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before ...) + TODO: check +CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web Navigator ...) + TODO: check CVE-2013-3956 RESERVED CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x ...) @@ -2005,10 +2037,10 @@ NOT-FOR-US: Orchard CVE-2013-3644 RESERVED -CVE-2013-3643 - RESERVED -CVE-2013-3642 - RESERVED +CVE-2013-3643 (The Galapagos Browser application for Android does not properly ...) + TODO: check +CVE-2013-3642 (The Angel Browser application 1.47b and earlier for Android 1.6 ...) + TODO: check CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a for ...) NOT-FOR-US: The Pizza Hut Japan Official Order for Android CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...) @@ -2139,8 +2171,8 @@ RESERVED CVE-2013-3577 RESERVED -CVE-2013-3576 - RESERVED +CVE-2013-3576 (ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote ...) + TODO: check CVE-2013-3575 (hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics ...) NOT-FOR-US: HP Insight Diagnostics CVE-2013-3574 (Absolute path traversal vulnerability in ...) @@ -2283,8 +2315,8 @@ NOT-FOR-US: phpVMS CVE-2013-3521 RESERVED -CVE-2013-3520 - RESERVED +CVE-2013-3520 (VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not ...) + TODO: check CVE-2013-3519 RESERVED CVE-2013-3518 @@ -3350,8 +3382,8 @@ RESERVED CVE-2013-3027 RESERVED -CVE-2013-3026 - RESERVED +CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in ...) + TODO: check CVE-2013-3025 RESERVED CVE-2013-3024 @@ -3440,10 +3472,10 @@ RESERVED CVE-2013-2982 RESERVED -CVE-2013-2981 - RESERVED -CVE-2013-2980 - RESERVED +CVE-2013-2981 (Directory traversal vulnerability in the Web Console in IBM Data ...) + TODO: check +CVE-2013-2980 (Cross-site request forgery (CSRF) vulnerability in the Web Console in ...) + TODO: check CVE-2013-2979 RESERVED CVE-2013-2978 @@ -3891,8 +3923,8 @@ RESERVED CVE-2013-2784 RESERVED -CVE-2013-2783 - RESERVED +CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers ...) + TODO: check CVE-2013-2782 RESERVED CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S CODESYS ...) @@ -5011,12 +5043,12 @@ RESERVED CVE-2013-2339 RESERVED -CVE-2013-2338 - RESERVED -CVE-2013-2337 - RESERVED -CVE-2013-2336 - RESERVED +CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) ...) + TODO: check +CVE-2013-2337 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, ...) + TODO: check +CVE-2013-2336 (HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter ...) + TODO: check CVE-2013-2335 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...) NOT-FOR-US: HP Storage Data Protector CVE-2013-2334 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...) @@ -5067,10 +5099,10 @@ NOT-FOR-US: LOCKON EC-CUBE CVE-2013-2311 (Cross-site scripting (XSS) vulnerability in static/js/share.js (aka ...) - web2py <not-affected> (Vulnerable code not present) -CVE-2013-2310 - RESERVED -CVE-2013-2309 - RESERVED +CVE-2013-2310 (SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP ...) + TODO: check +CVE-2013-2309 (Cross-site scripting (XSS) vulnerability in the management screen in ...) + TODO: check CVE-2013-2308 (The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online ...) NOT-FOR-US: SoftBank Online Service Gate CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows remote ...) @@ -5774,24 +5806,20 @@ CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...) - tomcat7 7.0.33 - tomcat6 <unfixed> -CVE-2013-2066 - RESERVED +CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to ...) {DSA-2674-1} - libxv 2:1.0.7-1+deb7u1 CVE-2013-2065 RESERVED - ruby1.9.1 <unfixed> - ruby1.8 <not-affected> (Only affects 1.9 and 2.x) -CVE-2013-2064 - RESERVED +CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to ...) {DSA-2686-1} - libxcb 1.8.1-2+deb7u1 -CVE-2013-2063 - RESERVED +CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers ...) {DSA-2689-1} - libxtst 2:1.2.1-1+deb7u1 -CVE-2013-2062 - RESERVED +CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X ...) {DSA-2685-1} - libxp 1:1.0.1-2+deb7u1 CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt] @@ -6011,104 +6039,79 @@ NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py NOTE: https://bugs.launchpad.net/keystone/+bug/1172195 TODO: check -CVE-2013-2005 - RESERVED +CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the ...) {DSA-2680-1} - libxt 1:1.1.3-1+deb7u1 -CVE-2013-2004 - RESERVED +CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in X.org ...) {DSA-2693-1} - libx11 2:1.5.0-1+deb7u1 -CVE-2013-2003 - RESERVED +CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows X ...) {DSA-2681-1} - libxcursor 1:1.1.13-1+deb7u1 -CVE-2013-2002 - RESERVED +CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to ...) {DSA-2680-1} - libxt 1:1.1.3-1+deb7u1 -CVE-2013-2001 - RESERVED +CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers ...) {DSA-2692-1} - libxxf86vm 1:1.1.2-1+deb7u1 -CVE-2013-2000 - RESERVED +CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow ...) {DSA-2690-1} - libxxf86dga 2:1.1.3-2+deb7u1 -CVE-2013-1999 - RESERVED +CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to ...) {DSA-2675-1} - libxvmc 2:1.0.7-1+deb7u1 -CVE-2013-1998 - RESERVED +CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X ...) {DSA-2683-1} - libxi 2:1.6.1-1+deb7u1 -CVE-2013-1997 - RESERVED +CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ...) {DSA-2693-1} - libx11 2:1.5.0-1+deb7u1 -CVE-2013-1996 - RESERVED +CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger allocation ...) {DSA-2687-1} - libfs 2:1.0.4-1+deb7u1 -CVE-2013-1995 - RESERVED +CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger allocation ...) {DSA-2683-1} - libxi 2:1.6.1-1+deb7u1 -CVE-2013-1994 - RESERVED +CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro ...) {DSA-2679-1} - xserver-xorg-video-openchrome 1:0.2.906-2+deb7u1 -CVE-2013-1993 - RESERVED +CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier ...) {DSA-2678-1} - mesa 8.0.5-6 -CVE-2013-1992 - RESERVED +CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X ...) {DSA-2673-1} - libdmx 1:1.1.2-1+deb7u1 -CVE-2013-1991 - RESERVED +CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier ...) {DSA-2690-1} - libxxf86dga 2:1.1.3-2+deb7u1 -CVE-2013-1990 - RESERVED +CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X ...) {DSA-2675-1} - libxvmc 2:1.0.7-1+deb7u1 -CVE-2013-1989 - RESERVED +CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X ...) {DSA-2674-1} - libxv 2:1.0.7-1+deb7u1 -CVE-2013-1988 - RESERVED +CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X ...) {DSA-2688-1} - libxres 2:1.0.6-1+deb7u1 -CVE-2013-1987 - RESERVED +CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow ...) {DSA-2677-1} - libxrender 1:0.9.7-1+deb7u1 -CVE-2013-1986 - RESERVED +CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow ...) {DSA-2684-1} - libxrandr 2:1.3.2-2+deb7u1 -CVE-2013-1985 - RESERVED +CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows X ...) {DSA-2691-1} - libxinerama 2:1.1.2-1+deb7u1 -CVE-2013-1984 - RESERVED +CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X ...) {DSA-2683-1} - libxi 2:1.6.1-1+deb7u1 -CVE-2013-1983 - RESERVED +CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X servers ...) {DSA-2676-1} - libxfixes 1:5.0-4+deb7u1 -CVE-2013-1982 - RESERVED +CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X ...) {DSA-2682-1} - libxext 2:1.3.1-2+deb7u1 -CVE-2013-1981 - RESERVED +CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ...) {DSA-2693-1} - libx11 2:1.5.0-1+deb7u1 CVE-2013-1980 @@ -8517,16 +8520,16 @@ RESERVED CVE-2013-1098 RESERVED -CVE-2013-1097 - RESERVED +CVE-2013-1097 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...) + TODO: check CVE-2013-1096 RESERVED -CVE-2013-1095 - RESERVED -CVE-2013-1094 - RESERVED -CVE-2013-1093 - RESERVED +CVE-2013-1095 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...) + TODO: check +CVE-2013-1094 (Cross-site scripting (XSS) vulnerability in a ZCC page in ...) + TODO: check +CVE-2013-1093 (Open redirect vulnerability in the fwdToURL function in the ZCC login ...) + TODO: check CVE-2013-1092 (Multiple unquoted Windows search path vulnerabilities in Novell ...) NOT-FOR-US: Novell ZENworks Desktop Management CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 allows ...) @@ -11559,8 +11562,8 @@ RESERVED CVE-2013-0149 RESERVED -CVE-2013-0148 - RESERVED +CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm in ...) + TODO: check CVE-2013-0147 RESERVED CVE-2013-0146 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits