Author: joeyh
Date: 2013-03-29 21:14:24 +0000 (Fri, 29 Mar 2013)
New Revision: 21779
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-03-29 13:51:06 UTC (rev 21778)
+++ data/CVE/list 2013-03-29 21:14:24 UTC (rev 21779)
@@ -1,3 +1,47 @@
+CVE-2013-2737
+ RESERVED
+CVE-2013-2736
+ RESERVED
+CVE-2013-2735
+ RESERVED
+CVE-2013-2734
+ RESERVED
+CVE-2013-2733
+ RESERVED
+CVE-2013-2732
+ RESERVED
+CVE-2013-2731
+ RESERVED
+CVE-2013-2730
+ RESERVED
+CVE-2013-2729
+ RESERVED
+CVE-2013-2728
+ RESERVED
+CVE-2013-2727
+ RESERVED
+CVE-2013-2726
+ RESERVED
+CVE-2013-2725
+ RESERVED
+CVE-2013-2724
+ RESERVED
+CVE-2013-2723
+ RESERVED
+CVE-2013-2722
+ RESERVED
+CVE-2013-2721
+ RESERVED
+CVE-2013-2720
+ RESERVED
+CVE-2013-2719
+ RESERVED
+CVE-2013-2718
+ RESERVED
+CVE-2013-2717 (Multiple unspecified vulnerabilities in the System Management
(aka ...)
+ TODO: check
+CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard
before 1.0.8 ...)
+ TODO: check
CVE-2013-2716
RESERVED
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in
the ...)
@@ -50,8 +94,8 @@
RESERVED
CVE-2013-2691
RESERVED
-CVE-2013-2690
- RESERVED
+CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb
Technology ...)
+ TODO: check
CVE-2013-2689
RESERVED
CVE-2013-2688
@@ -512,8 +556,7 @@
CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg
through ...)
- libav 6:0.8.6-1 (bug #703200)
- ffmpeg <removed>
-CVE-2013-2494
- RESERVED
+CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name
servers to ...)
- isc-dhcp <unfixed> (low)
[squeeze] - isc-dhcp <not-affected> (Only affects 4.2.x)
CVE-2013-2493 (The Hook_Terminate function in
chrome_frame/protocol_sink_wrap.cc in ...)
@@ -973,8 +1016,8 @@
RESERVED
CVE-2013-2302
RESERVED
-CVE-2013-2301
- RESERVED
+CVE-2013-2301 (The OMRON OpenWnn application before 1.3.6 for Android uses
weak ...)
+ TODO: check
CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and
earlier ...)
TODO: check
CVE-2013-2299
@@ -996,8 +1039,8 @@
- bitcoin <unfixed>
CVE-2013-2291
RESERVED
-CVE-2013-2290
- RESERVED
+CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of
the ...)
+ TODO: check
CVE-2013-2289
RESERVED
CVE-2013-2288
@@ -1049,12 +1092,12 @@
- chromium-browser 25.0.1364.97-1
[squeeze] - chromium-browser <not-affected> (Vulnerable code not
present)
NOTE: MathML added in chromium 24.x, disabled again in 25.x
-CVE-2012-6534
- RESERVED
+CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote
attackers to ...)
+ TODO: check
CVE-2013-2267
RESERVED
-CVE-2013-2266
- RESERVED
+CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5
before ...)
+ {DSA-2656-1}
- bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174)
CVE-2013-2265
RESERVED
@@ -1897,8 +1940,7 @@
NOTE: http://www.samba.org/samba/security/CVE-2013-1863
CVE-2013-1862
RESERVED
-CVE-2013-1861 [geometry query crashes mysqld]
- RESERVED
+CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before
5.2.15, ...)
- mysql-5.5 <unfixed>
- mysql-5.1 <removed>
NOTE: https://mariadb.atlassian.net/browse/MDEV-4252
@@ -2088,8 +2130,7 @@
- gambas2 <removed>
[squeeze] - gambas2 <no-dsa> (Minor issue)
NOTE: https://code.google.com/p/gambas/issues/detail?id=365
-CVE-2013-1808
- RESERVED
+CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf
and ...)
- db4o <unfixed>
CVE-2013-1807
RESERVED
@@ -2111,8 +2152,8 @@
CVE-2013-1800 [YAML parameter parsing vulnerability]
RESERVED
- ruby-crack <itp> (bug #623900)
-CVE-2013-1799
- RESERVED
+CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before
...)
+ TODO: check
CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the
Linux ...)
- linux 3.2.41-2
- linux-2.6 <removed>
@@ -2253,8 +2294,7 @@
RESERVED
CVE-2012-6533 (Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and
...)
NOT-FOR-US: Symantec PGP Desktop
-CVE-2013-1747
- RESERVED
+CVE-2013-1747 (channel.c in ngIRCd 20 and 20.1 allows remote attackers to
cause a ...)
- ngircd <not-affected> (Vulnerable version was only in experimental,
introduced in 20.1-1~exp1 and fixed in 20.2-1~exp1)
CVE-2013-1746
RESERVED
@@ -2830,8 +2870,8 @@
CVE-2013-1493 (The color management (CMM) functionality in the 2D component in
Oracle ...)
- openjdk-6 6b27-1.12.4-1
- openjdk-7 <unfixed>
-CVE-2013-1492
- RESERVED
+CVE-2013-1492 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68
and ...)
+ TODO: check
CVE-2013-1491 (Oracle Java 7 Update 17, and possibly other versions, allows
remote ...)
- openjdk-7 <undetermined>
CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE
...)
@@ -3356,8 +3396,8 @@
RESERVED
CVE-2013-1300
RESERVED
-CVE-2013-1299
- RESERVED
+CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof
link ...)
+ TODO: check
CVE-2013-1298
RESERVED
CVE-2013-1297
@@ -3672,20 +3712,20 @@
RESERVED
CVE-2013-1149
RESERVED
-CVE-2013-1148
- RESERVED
-CVE-2013-1147
- RESERVED
-CVE-2013-1146
- RESERVED
-CVE-2013-1145
- RESERVED
-CVE-2013-1144
- RESERVED
-CVE-2013-1143
- RESERVED
-CVE-2013-1142
- RESERVED
+CVE-2013-1148 (The General Responder implementation in the IP Service Level
Agreement ...)
+ TODO: check
+CVE-2013-1147 (The Protocol Translation (PT) functionality in Cisco IOS 12.3
through ...)
+ TODO: check
+CVE-2013-1146 (The Smart Install client functionality in Cisco IOS 12.2 and
15.0 ...)
+ TODO: check
+CVE-2013-1145 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when
Zone-Based ...)
+ TODO: check
+CVE-2013-1144 (Memory leak in the IKEv1 implementation in Cisco IOS 15.1
allows ...)
+ TODO: check
+CVE-2013-1143 (The RSVP protocol implementation in Cisco IOS 12.2 and 15.0
through ...)
+ TODO: check
+CVE-2013-1142 (Race condition in the VRF-aware NAT feature in Cisco IOS 12.2
through ...)
+ TODO: check
CVE-2013-1141 (The mDNS snooping functionality on Cisco Wireless LAN
Controller (WLC) ...)
NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1140 (The XML parser in Cisco Security Monitoring, Analysis, and
Response ...)
@@ -3798,20 +3838,20 @@
RESERVED
CVE-2013-1086
RESERVED
-CVE-2013-1085
- RESERVED
+CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in
Novell ...)
+ TODO: check
CVE-2013-1084
RESERVED
-CVE-2013-1083
- RESERVED
-CVE-2013-1082
- RESERVED
+CVE-2013-1083 (Unspecified vulnerability in the login functionality in the
Reporting ...)
+ TODO: check
+CVE-2013-1082 (Directory traversal vulnerability in DUSAP.php in Novell
ZENworks ...)
+ TODO: check
CVE-2013-1081 (Directory traversal vulnerability in MDM.php in Novell ZENworks
Mobile ...)
NOT-FOR-US: Novell ZENworks
-CVE-2013-1080
- RESERVED
-CVE-2013-1079
- RESERVED
+CVE-2013-1080 (The web server in Novell ZENworks Configuration Management
(ZCM) 10.3 ...)
+ TODO: check
+CVE-2013-1079 (Directory traversal vulnerability in the ISCreateObject method
in an ...)
+ TODO: check
CVE-2013-1078
RESERVED
CVE-2013-1077
@@ -4100,10 +4140,10 @@
RESERVED
CVE-2013-0937
RESERVED
-CVE-2013-0936
- RESERVED
-CVE-2013-0935
- RESERVED
+CVE-2013-0936 (Cross-site scripting (XSS) vulnerability in EMC Smarts IP
Manager, ...)
+ TODO: check
+CVE-2013-0935 (EMC Smarts Network Configuration Manager (NCM) before 9.2 does
not ...)
+ TODO: check
CVE-2013-0934
RESERVED
CVE-2013-0933
@@ -5178,8 +5218,8 @@
RESERVED
CVE-2013-0533
RESERVED
-CVE-2013-0532
- RESERVED
+CVE-2013-0532 (Cross-site request forgery (CSRF) vulnerability in IBM Security
...)
+ TODO: check
CVE-2013-0531
RESERVED
CVE-2013-0530
@@ -5216,14 +5256,14 @@
RESERVED
CVE-2013-0514
RESERVED
-CVE-2013-0513
- RESERVED
-CVE-2013-0512
- RESERVED
-CVE-2013-0511
- RESERVED
-CVE-2013-0510
- RESERVED
+CVE-2013-0513 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM
...)
+ TODO: check
+CVE-2013-0512 (Stack-based buffer overflow in the Manual Explore browser
plug-in for ...)
+ TODO: check
+CVE-2013-0511 (Multiple SQL injection vulnerabilities in IBM Security AppScan
...)
+ TODO: check
+CVE-2013-0510 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes
a ...)
+ TODO: check
CVE-2013-0509
RESERVED
CVE-2013-0508
@@ -5294,10 +5334,10 @@
RESERVED
CVE-2013-0475
RESERVED
-CVE-2013-0474
- RESERVED
-CVE-2013-0473
- RESERVED
+CVE-2013-0474 (The Manual Explore browser plug-in in IBM Security AppScan
Enterprise ...)
+ TODO: check
+CVE-2013-0473 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Security ...)
+ TODO: check
CVE-2013-0472 (The Web GUI in the client in IBM Tivoli Storage Manager (TSM)
6.3 ...)
NOT-FOR-US: IBM
CVE-2013-0471 (The traditional scheduler in the client in IBM Tivoli Storage
Manager ...)
@@ -5334,13 +5374,13 @@
RESERVED
CVE-2013-0455
RESERVED
-CVE-2013-0454 (Samba before 3.6.6, as used on the IBM Storwize V7000 Unified
1.3 ...)
+CVE-2013-0454 (The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on
the ...)
- samba <undetermined>
NOTE: Security impact should be clarified with upstream, might be
specific to the IBM appliance
CVE-2013-0453 (Cross-site scripting (XSS) vulnerability in Web Reports in IBM
Tivoli ...)
NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2013-0452
- RESERVED
+CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software
Use ...)
+ TODO: check
CVE-2013-0451
RESERVED
CVE-2012-6425
@@ -6158,8 +6198,7 @@
- xserver-xorg-video-qxl 0.0.17-1 (bug #699396)
NOTE: http://seclists.org/oss-sec/2013/q1/204
TODO: check, whether this affects Stable, does qemu-KVM in Stable
enable SPICE?
-CVE-2013-0240 [Does not check SSL certificates when creating Windows Live or
Facebook accounts]
- RESERVED
+CVE-2013-0240 (Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and
3.7.x ...)
- gnome-online-accounts 3.4.2-2 (bug #699825)
CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before
2.7.3, ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
@@ -7901,8 +7940,8 @@
- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5880
RESERVED
-CVE-2012-5879
- RESERVED
+CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual
Technician ...)
+ TODO: check
CVE-2012-5878
RESERVED
CVE-2012-5877
@@ -9635,8 +9674,8 @@
RESERVED
CVE-2012-5217
RESERVED
-CVE-2012-5216
- RESERVED
+CVE-2012-5216 (Cross-site request forgery (CSRF) vulnerability on HP ProCurve
1700-8 ...)
+ TODO: check
CVE-2012-5215 (Unspecified vulnerability on the HP LaserJet Pro M1212nf,
M1213nf, ...)
NOT-FOR-US: HP LaserJet Pro
CVE-2012-5214 (Unspecified vulnerability in HP ServiceCenter 6.2.8 before
6.2.8.10 ...)
@@ -21610,8 +21649,8 @@
NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology
...)
NOT-FOR-US: Oracle Fusion Middleware
-CVE-2012-0553
- RESERVED
+CVE-2012-0553 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68
and ...)
+ TODO: check
CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE)
in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
