Author: joeyh
Date: 2013-08-19 21:14:33 +0000 (Mon, 19 Aug 2013)
New Revision: 23356
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-08-19 18:40:14 UTC (rev 23355)
+++ data/CVE/list 2013-08-19 21:14:33 UTC (rev 23356)
@@ -1,3 +1,23 @@
+CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe)
extension ...)
+ TODO: check
+CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL
Management ...)
+ TODO: check
+CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search
...)
+ TODO: check
+CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP
...)
+ TODO: check
+CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator
...)
+ TODO: check
+CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator)
extension ...)
+ TODO: check
+CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator)
extension ...)
+ TODO: check
+CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search)
...)
+ TODO: check
+CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport
Webfilter ...)
+ TODO: check
CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in
AlienVault Open ...)
NOT-FOR-US: AlienVault OSSIM
CVE-2013-5299
@@ -903,8 +923,8 @@
NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-4882 (Multiple SQL injection vulnerabilities in McAfee ePolicy
Orchestrator ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
-CVE-2013-4881
- RESERVED
+CVE-2013-4881 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2013-4880 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: BigTree CMS
CVE-2013-4879 (SQL injection vulnerability in core/inc/bigtree/cms.php in
BigTree CMS ...)
@@ -1058,8 +1078,8 @@
RESERVED
CVE-2013-4809
RESERVED
-CVE-2013-4808
- RESERVED
+CVE-2013-4808 (Unspecified vulnerability in HP Service Manager 7.11, 9.21,
9.30, and ...)
+ TODO: check
CVE-2013-4807 (Unspecified vulnerability on the HP LaserJet Pro P1102w,
P1606dn, ...)
NOT-FOR-US: HP
CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A,
J484#B, ...)
@@ -2267,8 +2287,7 @@
CVE-2013-4249 [django Cross-site scripting (XSS) in admin interface]
RESERVED
- python-django 1.5.2-1
-CVE-2013-4248 [php invalid handling of certs with null bytes]
- RESERVED
+CVE-2013-4248 (The openssl_x509_parse function in openssl.c in the OpenSSL
module in ...)
- php5 <unfixed> (bug #719765)
CVE-2013-4247 [linux: cifs: off-by-one bug in build_unc_path_to_root]
RESERVED
@@ -2306,8 +2325,7 @@
[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
NOTE: Introduced by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
NOTE: Fixed by:
http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
-CVE-2013-4238 [Python SSL module does not handle certificates that contain
hostnames with NULL bytes]
- RESERVED
+CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6
...)
- python2.5 <removed>
- python2.6 <removed>
- python2.7 <unfixed> (bug #719566)
@@ -2402,8 +2420,7 @@
- nagios3 <unfixed> (low; bug #719056)
[wheezy] - nagios3 <no-dsa> (Minor issue)
[squeeze] - nagios3 <not-affected> (html/rss-newsfeed.php not present)
-CVE-2013-4213
- RESERVED
+CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does
not ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2013-4212
RESERVED
@@ -2680,8 +2697,7 @@
CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through
3.10.3 ...)
- linux <not-affected> (Introduced in 3.11-rc1)
- linux-2.6 <not-affected> (Introduced in 3.11-rc1)
-CVE-2013-4128
- RESERVED
+CVE-2013-4128 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does
not ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend
function in ...)
- linux 3.10.5-1
@@ -2741,8 +2757,7 @@
[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
[squeeze] - squid3 <not-affected> (Only affects 3.2 onwards)
NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
-CVE-2013-4114 [nagstamon: credentials exposure]
- RESERVED
+CVE-2013-4114 (The automatic update request in Nagstamont before 0.9.10 uses a
...)
- nagstamon 0.9.9-2 (low; bug #716718)
[wheezy] - nagstamon <no-dsa> (Minor issue)
[squeeze] - nagstamon <no-dsa> (Minor issue)
@@ -2882,8 +2897,7 @@
- wireshark 1.10.0-1 (bug #711918)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
-CVE-2013-4073 [Hostname check bypassing vulnerability in SSL client]
- RESERVED
+CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in ...)
{DSA-2738-1}
- ruby1.8 1.8.7.358-7.1 (bug #714541)
- ruby1.9.1 1.9.3.194-8.2 (bug #714543)
@@ -4547,8 +4561,8 @@
RESERVED
CVE-2013-3320
RESERVED
-CVE-2013-3319
- RESERVED
+CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP
...)
+ TODO: check
CVE-2013-3318
RESERVED
CVE-2013-3317
@@ -7451,8 +7465,7 @@
CVE-2013-2176
RESERVED
NOT-FOR-US: Red Hat Enterprise Virtualization Apt service
-CVE-2013-2175
- RESERVED
+CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when
configured to ...)
{DSA-2711-1}
- haproxy 1.4.24-1
CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function
in ...)
@@ -7492,8 +7505,7 @@
RESERVED
- monkey <removed> (low)
[squeeze] - monkey <no-dsa> (Minor issue)
-CVE-2013-2162 [mysql insecure conffile creation]
- RESERVED
+CVE-2013-2162 (Race condition in the post-installation script ...)
- mysql-5.5 <unfixed> (low; bug #711600)
[wheezy] - mysql-5.5 <no-dsa> (Minor issue, can be included in a future
DSA)
- mysql-5.1 <removed> (low)
@@ -8010,8 +8022,7 @@
- jquery-jplayer 2.1.0-2
NOTE: used for jPlayer 2.2.23 XSS
NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
-CVE-2013-2022
- RESERVED
+CVE-2013-2022 (Cross-site scripting (XSS) vulnerability in
actionscript/Jplayer.as in ...)
- jquery-jplayer 2.1.0-2
NOTE:
https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
NOTE: used for jPlayer 2.2.20 XSS
@@ -120093,7 +120104,7 @@
NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows
Server ...)
NOT-FOR-US: MS Windows issue
-CVE-2006-0987 (The default configuration of ISC BIND, when configured as a
caching ...)
+CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when
configured ...)
- bind <unfixed> (bug #355787; unimportant)
- bind9 1:9.4.0-1 (bug #356266; unimportant)
NOTE: This is within the responsibilities of a local admin, especially
when
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
