Author: joeyh Date: 2013-10-01 21:14:37 +0000 (Tue, 01 Oct 2013) New Revision: 23851
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2013-10-01 20:13:22 UTC (rev 23850) +++ data/CVE/list 2013-10-01 21:14:37 UTC (rev 23851) @@ -1,3 +1,17 @@ +CVE-2013-5967 + RESERVED +CVE-2013-5966 + RESERVED +CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal ...) + TODO: check +CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration page in ...) + TODO: check +CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple Dropbox ...) + TODO: check +CVE-2013-5962 (Unrestricted file upload vulnerability in frames/upload-images.php in ...) + TODO: check +CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO ...) + TODO: check CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption ...) NOT-FOR-US: OWASP Enterprise Security API for Java CVE-2013-5958 @@ -480,8 +494,7 @@ RESERVED CVE-2013-5726 RESERVED -CVE-2013-5725 - RESERVED +CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require ...) NOT-FOR-US: Byword for iOS CVE-2013-5724 (Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable ...) {DSA-2752-1} @@ -555,8 +568,7 @@ RESERVED CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...) - open-xchange <itp> (bug #269329) -CVE-2013-5697 [Blind SQL Injection] - RESERVED +CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting ...) - libapache-mod-acct <removed> CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...) - glpi <unfixed> (bug #723837) @@ -565,11 +577,9 @@ RESERVED CVE-2013-5694 RESERVED -CVE-2013-5693 [Cross-Site Scripting] - RESERVED +CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 ...) NOT-FOR-US: X2CRM -CVE-2013-5692 [PHP File Inclusion] - RESERVED +CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows ...) NOT-FOR-US: X2CRM CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in ...) - kfreebsd-9 9.2~svn255465-1 (bug #722338) @@ -705,8 +715,7 @@ CVE-2013-5654 RESERVED NOT-FOR-US: YingZhi Python for iOS -CVE-2013-5651 [virBitmapParse out-of-bounds read access] - RESERVED +CVE-2013-5651 (The virBitmapParse function in util/virbitmap.c in libvirt before ...) - libvirt 1.1.2~rc1-1 [squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1) [wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1) @@ -864,8 +873,7 @@ RESERVED CVE-2013-5573 RESERVED -CVE-2013-5572 [password leak] - RESERVED +CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the LDAP ...) - zabbix <unfixed> (unimportant) NOTE: http://seclists.org/fulldisclosure/2013/Sep/151 NOTE: Non-issue @@ -1021,8 +1029,8 @@ RESERVED CVE-2013-5517 RESERVED -CVE-2013-5516 - RESERVED +CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence Multipoint ...) + TODO: check CVE-2013-5515 RESERVED CVE-2013-5514 @@ -1263,8 +1271,8 @@ RESERVED CVE-2013-5396 RESERVED -CVE-2013-5395 - RESERVED +CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) + TODO: check CVE-2013-5394 RESERVED CVE-2013-5393 @@ -1287,14 +1295,14 @@ RESERVED CVE-2013-5384 RESERVED -CVE-2013-5383 - RESERVED -CVE-2013-5382 - RESERVED -CVE-2013-5381 - RESERVED -CVE-2013-5380 - RESERVED +CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) + TODO: check +CVE-2013-5382 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) + TODO: check +CVE-2013-5381 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...) + TODO: check +CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) + TODO: check CVE-2013-5379 RESERVED CVE-2013-5378 @@ -1313,8 +1321,8 @@ RESERVED CVE-2013-5371 RESERVED -CVE-2013-5370 - RESERVED +CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...) + TODO: check CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before ...) NOT-FOR-US: IBM SPSS Analytical Decision Management CVE-2013-5368 @@ -2960,8 +2968,7 @@ NOT-FOR-US: WordPress plugin Duplicator CVE-2013-4624 RESERVED -CVE-2013-4623 [polarssl: DoS through Certificate message during handshake] - RESERVED +CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 ...) - polarssl 1.2.8-1 (low; bug #719954) [squeeze] - polarssl <no-dsa> (Minor issue) [wheezy] - polarssl <no-dsa> (Minor issue) @@ -3431,15 +3438,19 @@ RESERVED NOT-FOR-US: Simple Machines Forum CVE-2013-4394 [systemd: Improper sanitization of invalid XKB layouts descriptions] + RESERVED - systemd <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324 CVE-2013-4393 [systemd: Possibility of denial of logging service by processing native messages from file] + RESERVED - systemd <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104 CVE-2013-4392 [systemd: TOCTOU race condition when updating file permissions and SELinux security contexts] + RESERVED - systemd <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060 CVE-2013-4391 [systemd: Integer overflow, leading to heap-based buffer overflow by processing native messages] + RESERVED - systemd <unfixed> [wheezy] - systemd <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051 @@ -3481,8 +3492,7 @@ CVE-2013-4379 RESERVED NOT-FOR-US: Drupal module -CVE-2013-4378 [blind XSS through X-Forwarded-For header] - RESERVED +CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Javamelody CVE-2013-4377 [qemu host crash from within guest] RESERVED @@ -3500,8 +3510,7 @@ RESERVED CVE-2013-4373 RESERVED -CVE-2013-4372 - RESERVED +CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...) NOT-FOR-US: JBoss Fuse CVE-2013-4371 RESERVED @@ -3527,8 +3536,7 @@ NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing NOTE: it a potential elevated CPU consumption doesn't add any extra harm NOTE: CVE for incomplete fix for CVE-2013-4287 -CVE-2013-4362 [Insecure use of system] - RESERVED +CVE-2013-4362 (WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users ...) {DSA-2765-1} - davfs2 1.4.7-3 (bug #723034) NOTE: http://savannah.nongnu.org/bugs/?40034 @@ -3537,8 +3545,7 @@ - xen <unfixed> CVE-2013-4360 RESERVED -CVE-2013-4359 [mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication] - RESERVED +CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...) {DSA-2767-1} - proftpd-dfsg <unfixed> (bug #723179) CVE-2013-4358 @@ -3685,15 +3692,13 @@ NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9 CVE-2013-4317 RESERVED -CVE-2013-4316 - RESERVED +CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...) - libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1) NOTE: http://struts.apache.org/release/2.3.x/docs/s2-019.html CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...) {DSA-2755-1} - python-django 1.5.3-1 (bug #722605) -CVE-2013-4314 [hostname check bypassing vulnerability] - RESERVED +CVE-2013-4314 (The X509Extension in pyOpenSSL before 0.13.1 does not properly handle ...) {DSA-2763-1} - pyopenssl 0.13-2.1 (bug #722055) CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...) @@ -3705,8 +3710,7 @@ RESERVED - libvirt <unfixed> (unimportant) NOTE: polkit support not activated in Debian build, will be fixed in point update -CVE-2013-4310 - RESERVED +CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...) - libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1) NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html CVE-2013-4309 @@ -3746,16 +3750,14 @@ - linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32) CVE-2013-4299 RESERVED -CVE-2013-4297 - RESERVED +CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt ...) - libvirt 1.1.2-2 [jessie] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a) [wheezy] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a) [squeeze] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2 NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6 -CVE-2013-4296 [libvirt remote crash] - RESERVED +CVE-2013-4296 (The remoteDispatchDomainMemoryStats function in daemon/remote.c in ...) {DSA-2764-1} - libvirt <unfixed> [squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a) @@ -3768,14 +3770,12 @@ [wheezy] - keystone <not-affected> (only affects Folsom release and above) CVE-2013-4293 RESERVED -CVE-2013-4292 [unbounded RPC arrays in remote protocol] - RESERVED +CVE-2013-4292 (libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of ...) - libvirt 1.1.2~rc2-1 (bug #721325) [squeeze] - libvirt <not-affected> (Introduced with 1.1.0) [wheezy] - libvirt <not-affected> (Introduced with 1.1.0) [jessie] - libvirt <not-affected> (Introduced with 1.1.0) -CVE-2013-4291 - RESERVED +CVE-2013-4291 (The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, ...) - libvirt 1.1.2-2 [squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1) [wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1) @@ -3943,8 +3943,7 @@ CVE-2013-4240 RESERVED NOT-FOR-US: WordPress plugin HMS Testimonials -CVE-2013-4239 [memory corruption in xenDaemonListDefinedDomains function] - RESERVED +CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c in ...) - libvirt 1.1.2~rc1-1 (bug #719533) [wheezy] - libvirt <not-affected> (Introduced in 1.1.1) [squeeze] - libvirt <not-affected> (Introduced in 1.1.1) @@ -4017,8 +4016,7 @@ [squeeze] - nullmailer <no-dsa> (Minor issue) NOTE: CVE request originally for /etc/nullmailer/remotes permissions in gentoo, but Debian NOTE: had the same problem until 1:1.11-2 -CVE-2013-4222 [Keystone disabling a tenant does not disable a user token] - RESERVED +CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, ...) - keystone 2013.1.3-1 (bug #719290) [wheezy] - keystone <not-affected> (Vulnerable code not present in Openstack Essex) NOTE: http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html @@ -4239,14 +4237,12 @@ CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows ...) {DSA-2737-1} - swift 1.8.0-7 (bug #719008) -CVE-2013-4154 [libvirt: crash of libvirtd without guest agent configuration] - RESERVED +CVE-2013-4154 (The qemuAgentCommand function in libvirt before 1.1.1, when a guest ...) - libvirt 1.1.0-4 (low; bug #717355) [squeeze] - libvirt <no-dsa> (Minor issue) [wheezy] - libvirt <no-dsa> (Minor issue) NOTE: http://openwall.com/lists/oss-security/2013/07/19/12 -CVE-2013-4153 [libvirt: double free of returned JSON array in qemuAgentGetVCPUs] - RESERVED +CVE-2013-4153 (Double free vulnerability in the qemuAgentGetVCPUs function in ...) - libvirt 1.1.0-4 (bug #717354) [squeeze] - libvirt <not-affected> (Introduced in 1.0.6) [wheezy] - libvirt <not-affected> (Introduced in 1.0.6) @@ -4290,8 +4286,7 @@ CVE-2013-4137 [SQL Injection] RESERVED - statusnet <itp> (bug #491723) -CVE-2013-4136 [passenger insecure tmp files usage] - RESERVED +CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 ...) - passenger <removed> - ruby-passenger 3.0.13debian-1.2 (low; bug #717176) [squeeze] - passenger <no-dsa> (minor, local, issue) @@ -4593,8 +4588,8 @@ RESERVED CVE-2013-4043 RESERVED -CVE-2013-4042 - RESERVED +CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...) + TODO: check CVE-2013-4041 RESERVED CVE-2013-4040 @@ -4623,8 +4618,8 @@ RESERVED CVE-2013-4028 RESERVED -CVE-2013-4027 - RESERVED +CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...) + TODO: check CVE-2013-4026 RESERVED CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...) @@ -4635,24 +4630,24 @@ RESERVED CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...) NOT-FOR-US: IBM -CVE-2013-4021 - RESERVED -CVE-2013-4020 - RESERVED -CVE-2013-4019 - RESERVED -CVE-2013-4018 - RESERVED -CVE-2013-4017 - RESERVED +CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) + TODO: check +CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...) + TODO: check +CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) + TODO: check +CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...) + TODO: check +CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...) + TODO: check CVE-2013-4016 RESERVED CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to bypass ...) NOT-FOR-US: MS IE -CVE-2013-4014 - RESERVED -CVE-2013-4013 - RESERVED +CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) + TODO: check +CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...) + TODO: check CVE-2013-4012 RESERVED CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand subsystem in ...) @@ -4731,12 +4726,12 @@ RESERVED CVE-2013-3974 RESERVED -CVE-2013-3973 - RESERVED -CVE-2013-3972 - RESERVED -CVE-2013-3971 - RESERVED +CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...) + TODO: check +CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...) + TODO: check +CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before ...) + TODO: check CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS ...) NOT-FOR-US: Juniper Junos Pulse Secure Access Service CVE-2013-3969 @@ -6267,8 +6262,7 @@ RESERVED CVE-2013-3279 RESERVED -CVE-2013-3278 - RESERVED +CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...) NOT-FOR-US: EMC CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 ...) NOT-FOR-US: EMC @@ -6794,12 +6788,12 @@ NOT-FOR-US: TrustZone kernel CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows remote ...) NOT-FOR-US: ZAPms -CVE-2013-3049 - RESERVED -CVE-2013-3048 - RESERVED -CVE-2013-3047 - RESERVED +CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before ...) + TODO: check +CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) + TODO: check +CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...) + TODO: check CVE-2013-3046 RESERVED CVE-2013-3045 @@ -6810,8 +6804,8 @@ RESERVED CVE-2013-3042 RESERVED -CVE-2013-3041 - RESERVED +CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 ...) + TODO: check CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not properly ...) @@ -8901,8 +8895,7 @@ {DSA-2766-1} - linux-2.6 <removed> (low) - linux <not-affected> (openvz flavour no longer included after Squeeze) -CVE-2013-2238 [buffer overflow] - RESERVED +CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function ...) - freeswitch <itp> (bug #389591) CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...) {DSA-2766-1 DSA-2745-1} @@ -8930,8 +8923,7 @@ CVE-2013-2231 [qemu-ga win32 service unquoted search path] RESERVED - qemu <not-affected> (Only affects win32 build) -CVE-2013-2230 - RESERVED +CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows ...) - libvirt 1.1.0-3 (bug #715559) [squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea) [wheezy] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea) @@ -8977,8 +8969,7 @@ NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2 CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...) - 389-ds-base <unfixed> (bug #718325) -CVE-2013-2218 [crash when listing network interfaces with filters] - RESERVED +CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...) - libvirt 1.1.0-1 (bug #714699) [squeeze] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6) [wheezy] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6) @@ -10314,8 +10305,7 @@ NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and ...) - glance 2012.1.1-5 (bug #703063) -CVE-2013-1839 [DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc] - RESERVED +CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x ...) - squid3 <not-affected> (the errors were introduced in trunk rev.11496 in 3.2.0.9) NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not affecting 3.1? NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796 @@ -11643,16 +11633,14 @@ RESERVED CVE-2013-1445 RESERVED -CVE-2013-1444 [txt2man: Unsafe use of /tmp] - RESERVED +CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, ...) - txt2man 1.5.5-4.1 (bug #724614) [wheezy] - txt2man <no-dsa> (Minor issue) [squeeze] - txt2man <no-dsa> (Minor issue) CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x ...) {DSA-2758-1} - python-django 1.5.4-1 (bug #723043) -CVE-2013-1442 [Information leak on AVX and/or LWP capable CPUs] - RESERVED +CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not ...) - xen <unfixed> TODO: check, see NOTE NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default @@ -14325,8 +14313,8 @@ NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software Use ...) NOT-FOR-US: IBM Tivoli Endpoint Manager -CVE-2013-0451 - RESERVED +CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...) + TODO: check CVE-2012-6425 RESERVED CVE-2012-6424 @@ -15233,8 +15221,7 @@ - samba 2:3.6.6-5 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) ...) - glance 2012.1.1-4 -CVE-2013-0211 - RESERVED +CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function in ...) - libarchive 3.0.4-3 (bug #703957) [squeeze] - libarchive <not-affected> (Vulnerable code not present) CVE-2013-0210 @@ -21957,8 +21944,8 @@ RESERVED CVE-2012-4097 RESERVED -CVE-2012-4096 - RESERVED +CVE-2012-4096 (The local file editor in the Baseboard Management Controller (BMC) in ...) + TODO: check CVE-2012-4095 RESERVED CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric ...) @@ -23969,8 +23956,8 @@ NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 ...) NOT-FOR-US: IBM DB2 -CVE-2012-3323 - RESERVED +CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and ...) + TODO: check CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated users to ...) @@ -34105,61 +34092,61 @@ CVE-2011-4403 RESERVED CVE-2011-4402 - RESERVED + REJECTED CVE-2011-4401 - RESERVED + REJECTED CVE-2011-4400 - RESERVED + REJECTED CVE-2011-4399 - RESERVED + REJECTED CVE-2011-4398 - RESERVED + REJECTED CVE-2011-4397 - RESERVED + REJECTED CVE-2011-4396 - RESERVED + REJECTED CVE-2011-4395 - RESERVED + REJECTED CVE-2011-4394 - RESERVED + REJECTED CVE-2011-4393 - RESERVED + REJECTED CVE-2011-4392 - RESERVED + REJECTED CVE-2011-4391 - RESERVED + REJECTED CVE-2011-4390 - RESERVED + REJECTED CVE-2011-4389 - RESERVED + REJECTED CVE-2011-4388 - RESERVED + REJECTED CVE-2011-4387 - RESERVED + REJECTED CVE-2011-4386 - RESERVED + REJECTED CVE-2011-4385 - RESERVED + REJECTED CVE-2011-4384 - RESERVED + REJECTED CVE-2011-4383 - RESERVED + REJECTED CVE-2011-4382 - RESERVED + REJECTED CVE-2011-4381 - RESERVED + REJECTED CVE-2011-4380 - RESERVED + REJECTED CVE-2011-4379 - RESERVED + REJECTED CVE-2011-4378 - RESERVED + REJECTED CVE-2011-4377 - RESERVED + REJECTED CVE-2011-4376 - RESERVED + REJECTED CVE-2011-4375 - RESERVED + REJECTED CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows ...) NOT-FOR-US: Adobe Reader CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits