Author: joeyh
Date: 2013-06-17 21:14:25 +0000 (Mon, 17 Jun 2013)
New Revision: 22656
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-17 20:02:20 UTC (rev 22655)
+++ data/CVE/list 2013-06-17 21:14:25 UTC (rev 22656)
@@ -1,3 +1,27 @@
+CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap
before ...)
+ TODO: check
+CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1
allow ...)
+ TODO: check
+CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in
data-entry ...)
+ TODO: check
+CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject
certain ...)
+ TODO: check
+CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6
allows ...)
+ TODO: check
+CVE-2013-4607
+ RESERVED
+CVE-2013-4606
+ RESERVED
+CVE-2013-4605
+ RESERVED
+CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to
execute ...)
+ TODO: check
+CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before
4.14.2 ...)
+ TODO: check
+CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before
4.14.3 ...)
+ TODO: check
+CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before
4.14.5 ...)
+ TODO: check
CVE-2013-4604
RESERVED
CVE-2013-4603
@@ -1041,13 +1065,16 @@
CVE-2013-4084
RESERVED
CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c
in the ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717
CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave
file ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
CVE-2013-4081 (The http_payload_subdissector function in ...)
+ {DSA-2709-1}
- wireshark <unfixed> (unimportant; bug #711918)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
NOTE: Not suitable for code injection
@@ -1062,25 +1089,30 @@
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730
CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark
1.8.x ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x
before ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697
CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727
CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector
in ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
[squeeze] - wireshark <not-affected> (Only affects 1.8+)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726
CVE-2013-4074 (The dissect_capwap_data function in
epan/dissectors/packet-capwap.c in ...)
+ {DSA-2709-1}
- wireshark <unfixed> (bug #711918)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
@@ -1312,12 +1344,12 @@
RESERVED
CVE-2013-3960
RESERVED
-CVE-2013-3959
- RESERVED
-CVE-2013-3958
- RESERVED
-CVE-2013-3957
- RESERVED
+CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used
in ...)
+ TODO: check
+CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC
before ...)
+ TODO: check
+CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web
Navigator ...)
+ TODO: check
CVE-2013-3956
RESERVED
CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x
and 6.x ...)
@@ -2005,10 +2037,10 @@
NOT-FOR-US: Orchard
CVE-2013-3644
RESERVED
-CVE-2013-3643
- RESERVED
-CVE-2013-3642
- RESERVED
+CVE-2013-3643 (The Galapagos Browser application for Android does not properly
...)
+ TODO: check
+CVE-2013-3642 (The Angel Browser application 1.47b and earlier for Android 1.6
...)
+ TODO: check
CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a
for ...)
NOT-FOR-US: The Pizza Hut Japan Official Order for Android
CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web
Publish ...)
@@ -2139,8 +2171,8 @@
RESERVED
CVE-2013-3577
RESERVED
-CVE-2013-3576
- RESERVED
+CVE-2013-3576 (ginkgosnmp.inc in HP System Management Homepage (SMH) allows
remote ...)
+ TODO: check
CVE-2013-3575 (hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics
...)
NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3574 (Absolute path traversal vulnerability in ...)
@@ -2283,8 +2315,8 @@
NOT-FOR-US: phpVMS
CVE-2013-3521
RESERVED
-CVE-2013-3520
- RESERVED
+CVE-2013-3520 (VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does
not ...)
+ TODO: check
CVE-2013-3519
RESERVED
CVE-2013-3518
@@ -3350,8 +3382,8 @@
RESERVED
CVE-2013-3027
RESERVED
-CVE-2013-3026
- RESERVED
+CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control
in ...)
+ TODO: check
CVE-2013-3025
RESERVED
CVE-2013-3024
@@ -3440,10 +3472,10 @@
RESERVED
CVE-2013-2982
RESERVED
-CVE-2013-2981
- RESERVED
-CVE-2013-2980
- RESERVED
+CVE-2013-2981 (Directory traversal vulnerability in the Web Console in IBM
Data ...)
+ TODO: check
+CVE-2013-2980 (Cross-site request forgery (CSRF) vulnerability in the Web
Console in ...)
+ TODO: check
CVE-2013-2979
RESERVED
CVE-2013-2978
@@ -3891,8 +3923,8 @@
RESERVED
CVE-2013-2784
RESERVED
-CVE-2013-2783
- RESERVED
+CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote
attackers ...)
+ TODO: check
CVE-2013-2782
RESERVED
CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S
CODESYS ...)
@@ -5011,12 +5043,12 @@
RESERVED
CVE-2013-2339
RESERVED
-CVE-2013-2338
- RESERVED
-CVE-2013-2337
- RESERVED
-CVE-2013-2336
- RESERVED
+CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka
iLO3) ...)
+ TODO: check
+CVE-2013-2337 (Cross-site scripting (XSS) vulnerability in HP Service Manager
7.11, ...)
+ TODO: check
+CVE-2013-2336 (HP Service Manager 7.11, 9.21, 9.30, and 9.31, and
ServiceCenter ...)
+ TODO: check
CVE-2013-2335 (Unspecified vulnerability in HP Storage Data Protector 6.20,
6.21, ...)
NOT-FOR-US: HP Storage Data Protector
CVE-2013-2334 (Unspecified vulnerability in HP Storage Data Protector 6.20,
6.21, ...)
@@ -5067,10 +5099,10 @@
NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2311 (Cross-site scripting (XSS) vulnerability in static/js/share.js
(aka ...)
- web2py <not-affected> (Vulnerable code not present)
-CVE-2013-2310
- RESERVED
-CVE-2013-2309
- RESERVED
+CVE-2013-2310 (SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank
SHARP ...)
+ TODO: check
+CVE-2013-2309 (Cross-site scripting (XSS) vulnerability in the management
screen in ...)
+ TODO: check
CVE-2013-2308 (The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online
...)
NOT-FOR-US: SoftBank Online Service Gate
CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows
remote ...)
@@ -5774,24 +5806,20 @@
CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java
in the ...)
- tomcat7 7.0.33
- tomcat6 <unfixed>
-CVE-2013-2066
- RESERVED
+CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X
servers to ...)
{DSA-2674-1}
- libxv 2:1.0.7-1+deb7u1
CVE-2013-2065
RESERVED
- ruby1.9.1 <unfixed>
- ruby1.8 <not-affected> (Only affects 1.9 and 2.x)
-CVE-2013-2064
- RESERVED
+CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X
servers to ...)
{DSA-2686-1}
- libxcb 1.8.1-2+deb7u1
-CVE-2013-2063
- RESERVED
+CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X
servers ...)
{DSA-2689-1}
- libxtst 2:1.2.1-1+deb7u1
-CVE-2013-2062
- RESERVED
+CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier
allow X ...)
{DSA-2685-1}
- libxp 1:1.0.1-2+deb7u1
CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in
openvpn_decrypt]
@@ -6011,104 +6039,79 @@
NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py
NOTE: https://bugs.launchpad.net/keystone/+bug/1172195
TODO: check
-CVE-2013-2005
- RESERVED
+CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value
of the ...)
{DSA-2680-1}
- libxt 1:1.1.3-1+deb7u1
-CVE-2013-2004
- RESERVED
+CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in
X.org ...)
{DSA-2693-1}
- libx11 2:1.5.0-1+deb7u1
-CVE-2013-2003
- RESERVED
+CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows
X ...)
{DSA-2681-1}
- libxcursor 1:1.1.13-1+deb7u1
-CVE-2013-2002
- RESERVED
+CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X
servers to ...)
{DSA-2680-1}
- libxt 1:1.1.3-1+deb7u1
-CVE-2013-2001
- RESERVED
+CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X
servers ...)
{DSA-2692-1}
- libxxf86vm 1:1.1.2-1+deb7u1
-CVE-2013-2000
- RESERVED
+CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and
earlier allow ...)
{DSA-2690-1}
- libxxf86dga 2:1.1.3-2+deb7u1
-CVE-2013-1999
- RESERVED
+CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X
servers to ...)
{DSA-2675-1}
- libxvmc 2:1.0.7-1+deb7u1
-CVE-2013-1998
- RESERVED
+CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier
allow X ...)
{DSA-2683-1}
- libxi 2:1.6.1-1+deb7u1
-CVE-2013-1997
- RESERVED
+CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1)
and ...)
{DSA-2693-1}
- libx11 2:1.5.0-1+deb7u1
-CVE-2013-1996
- RESERVED
+CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger
allocation ...)
{DSA-2687-1}
- libfs 2:1.0.4-1+deb7u1
-CVE-2013-1995
- RESERVED
+CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger
allocation ...)
{DSA-2683-1}
- libxi 2:1.6.1-1+deb7u1
-CVE-2013-1994
- RESERVED
+CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and
libchromeXvMCPro ...)
{DSA-2679-1}
- xserver-xorg-video-openchrome 1:0.2.906-2+deb7u1
-CVE-2013-1993
- RESERVED
+CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and
earlier ...)
{DSA-2678-1}
- mesa 8.0.5-6
-CVE-2013-1992
- RESERVED
+CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier
allow X ...)
{DSA-2673-1}
- libdmx 1:1.1.2-1+deb7u1
-CVE-2013-1991
- RESERVED
+CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and
earlier ...)
{DSA-2690-1}
- libxxf86dga 2:1.1.3-2+deb7u1
-CVE-2013-1990
- RESERVED
+CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier
allow X ...)
{DSA-2675-1}
- libxvmc 2:1.0.7-1+deb7u1
-CVE-2013-1989
- RESERVED
+CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier
allow X ...)
{DSA-2674-1}
- libxv 2:1.0.7-1+deb7u1
-CVE-2013-1988
- RESERVED
+CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier
allow X ...)
{DSA-2688-1}
- libxres 2:1.0.6-1+deb7u1
-CVE-2013-1987
- RESERVED
+CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and
earlier allow ...)
{DSA-2677-1}
- libxrender 1:0.9.7-1+deb7u1
-CVE-2013-1986
- RESERVED
+CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier
allow ...)
{DSA-2684-1}
- libxrandr 2:1.3.2-2+deb7u1
-CVE-2013-1985
- RESERVED
+CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows
X ...)
{DSA-2691-1}
- libxinerama 2:1.1.2-1+deb7u1
-CVE-2013-1984
- RESERVED
+CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier
allow X ...)
{DSA-2683-1}
- libxi 2:1.6.1-1+deb7u1
-CVE-2013-1983
- RESERVED
+CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X
servers ...)
{DSA-2676-1}
- libxfixes 1:5.0-4+deb7u1
-CVE-2013-1982
- RESERVED
+CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier
allow X ...)
{DSA-2682-1}
- libxext 2:1.3.1-2+deb7u1
-CVE-2013-1981
- RESERVED
+CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1)
and ...)
{DSA-2693-1}
- libx11 2:1.5.0-1+deb7u1
CVE-2013-1980
@@ -8517,16 +8520,16 @@
RESERVED
CVE-2013-1098
RESERVED
-CVE-2013-1097
- RESERVED
+CVE-2013-1097 (Cross-site scripting (XSS) vulnerability in a ZCC page in
njwc.jar in ...)
+ TODO: check
CVE-2013-1096
RESERVED
-CVE-2013-1095
- RESERVED
-CVE-2013-1094
- RESERVED
-CVE-2013-1093
- RESERVED
+CVE-2013-1095 (Cross-site scripting (XSS) vulnerability in a ZCC page in
njwc.jar in ...)
+ TODO: check
+CVE-2013-1094 (Cross-site scripting (XSS) vulnerability in a ZCC page in ...)
+ TODO: check
+CVE-2013-1093 (Open redirect vulnerability in the fwdToURL function in the ZCC
login ...)
+ TODO: check
CVE-2013-1092 (Multiple unquoted Windows search path vulnerabilities in Novell
...)
NOT-FOR-US: Novell ZENworks Desktop Management
CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90
allows ...)
@@ -11559,8 +11562,8 @@
RESERVED
CVE-2013-0149
RESERVED
-CVE-2013-0148
- RESERVED
+CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm
in ...)
+ TODO: check
CVE-2013-0147
RESERVED
CVE-2013-0146
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
