Author: joeyh
Date: 2013-10-10 21:14:29 +0000 (Thu, 10 Oct 2013)
New Revision: 23950
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-10 18:07:39 UTC (rev 23949)
+++ data/CVE/list 2013-10-10 21:14:29 UTC (rev 23950)
@@ -1,3 +1,155 @@
+CVE-2013-6063
+ RESERVED
+CVE-2013-6062
+ RESERVED
+CVE-2013-6061
+ RESERVED
+CVE-2013-6060
+ RESERVED
+CVE-2013-6059
+ RESERVED
+CVE-2013-6058
+ RESERVED
+CVE-2013-6057
+ RESERVED
+CVE-2013-6056
+ RESERVED
+CVE-2013-6055
+ RESERVED
+CVE-2013-6054
+ RESERVED
+CVE-2013-6053
+ RESERVED
+CVE-2013-6052
+ RESERVED
+CVE-2013-6051
+ RESERVED
+CVE-2013-6050
+ RESERVED
+CVE-2013-6049
+ RESERVED
+CVE-2013-6048
+ RESERVED
+CVE-2013-6047
+ RESERVED
+CVE-2013-6046
+ RESERVED
+CVE-2013-6045
+ RESERVED
+CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x
before ...)
+ TODO: check
+CVE-2013-6043
+ RESERVED
+CVE-2013-6042
+ RESERVED
+CVE-2013-6041
+ RESERVED
+CVE-2013-6040
+ RESERVED
+CVE-2013-6039
+ RESERVED
+CVE-2013-6038
+ RESERVED
+CVE-2013-6037
+ RESERVED
+CVE-2013-6036
+ RESERVED
+CVE-2013-6035
+ RESERVED
+CVE-2013-6034
+ RESERVED
+CVE-2013-6033
+ RESERVED
+CVE-2013-6032
+ RESERVED
+CVE-2013-6031
+ RESERVED
+CVE-2013-6030
+ RESERVED
+CVE-2013-6029
+ RESERVED
+CVE-2013-6028
+ RESERVED
+CVE-2013-6027
+ RESERVED
+CVE-2013-6026
+ RESERVED
+CVE-2013-6025
+ RESERVED
+CVE-2013-6024
+ RESERVED
+CVE-2013-6023
+ RESERVED
+CVE-2013-6022
+ RESERVED
+CVE-2013-6021
+ RESERVED
+CVE-2013-6020
+ RESERVED
+CVE-2013-6019
+ RESERVED
+CVE-2013-6018
+ RESERVED
+CVE-2013-6017
+ RESERVED
+CVE-2013-6016
+ RESERVED
+CVE-2013-6015
+ RESERVED
+CVE-2013-6014
+ RESERVED
+CVE-2013-6013
+ RESERVED
+CVE-2013-6012
+ RESERVED
+CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0
before ...)
+ TODO: check
+CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment
Attachment ...)
+ TODO: check
+CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before
7.2.2, ...)
+ TODO: check
+CVE-2013-6008
+ RESERVED
+CVE-2013-6007
+ RESERVED
+CVE-2013-6006
+ RESERVED
+CVE-2013-6005
+ RESERVED
+CVE-2013-6004
+ RESERVED
+CVE-2013-6003
+ RESERVED
+CVE-2013-6002
+ RESERVED
+CVE-2013-6001
+ RESERVED
+CVE-2013-6000
+ RESERVED
+CVE-2013-5999
+ RESERVED
+CVE-2013-5998
+ RESERVED
+CVE-2013-5997
+ RESERVED
+CVE-2013-5996
+ RESERVED
+CVE-2013-5995
+ RESERVED
+CVE-2013-5994
+ RESERVED
+CVE-2013-5993
+ RESERVED
+CVE-2013-5992
+ RESERVED
+CVE-2013-5991
+ RESERVED
+CVE-2013-5990
+ RESERVED
+CVE-2013-5989
+ RESERVED
+CVE-2013-5988
+ RESERVED
CVE-2013-5987
RESERVED
CVE-2013-5986
@@ -38,8 +190,8 @@
RESERVED
CVE-2013-5968
RESERVED
-CVE-2013-5967
- RESERVED
+CVE-2013-5967 (Multiple SQL injection vulnerabilities in AlienVault Open
Source ...)
+ TODO: check
CVE-2013-5966
RESERVED
CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for
Drupal ...)
@@ -143,8 +295,7 @@
CVE-2013-5916
RESERVED
NOT-FOR-US: WordPress plugin wp-e-commerce
-CVE-2013-5915 [Timing Attack against protected RSA-CRT implementation]
- RESERVED
+CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not
properly ...)
- polarssl <unfixed> (bug #725359)
NOTE:
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
CVE-2013-5914 [Buffer overflow in ssl_read_record()]
@@ -604,8 +755,7 @@
RESERVED
CVE-2013-5702
RESERVED
-CVE-2013-5701
- RESERVED
+CVE-2013-5701 (Multiple untrusted search path vulnerabilities in (1)
Watchguard Log ...)
NOT-FOR-US: Watchguard Server Center
CVE-2013-5700 (The Bloom Filter implementation in bitcoind and Bitcoin-Qt
0.8.x ...)
- bitcoin 0.8.4-1
@@ -632,8 +782,7 @@
{DSA-2769-1}
- kfreebsd-9 9.2~svn255465-1 (bug #722338)
- kfreebsd-8 <removed>
-CVE-2013-5690
- RESERVED
+CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in
Open-Xchange ...)
- open-xchange <itp> (bug #269329)
CVE-2013-5687
RESERVED
@@ -968,8 +1117,7 @@
CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result
functions in ...)
- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
NOTE:
http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
-CVE-2013-5576 [Joomla unauthorised uploads]
- RESERVED
+CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the
media ...)
- joomla <itp> (bug #571794)
CVE-2013-5575 [integer overflow]
REJECTED
@@ -1056,16 +1204,16 @@
RESERVED
CVE-2013-5528
RESERVED
-CVE-2013-5527
- RESERVED
-CVE-2013-5526
- RESERVED
-CVE-2013-5525
- RESERVED
-CVE-2013-5524
- RESERVED
-CVE-2013-5523
- RESERVED
+CVE-2013-5527 (The OSPF functionality in Cisco IOS and IOS XE allows remote
attackers ...)
+ TODO: check
+CVE-2013-5526 (Cisco 9900 fourth-generation IP phones do not properly perform
SDP ...)
+ TODO: check
+CVE-2013-5525 (SQL injection vulnerability in the web framework in Cisco
Identity ...)
+ TODO: check
+CVE-2013-5524 (Cross-site scripting (XSS) vulnerability in the troubleshooting
page ...)
+ TODO: check
+CVE-2013-5523 (The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2
and ...)
+ TODO: check
CVE-2013-5522
RESERVED
CVE-2013-5521
@@ -1112,8 +1260,8 @@
NOT-FOR-US: Cisco MediaSense
CVE-2013-5500 (Multiple cross-site scripting (XSS) vulnerabilities in the
oraadmin ...)
NOT-FOR-US: Cisco MediaSense
-CVE-2013-5499
- RESERVED
+CVE-2013-5499 (The remember feature in the DHCP server in Cisco IOS allows
remote ...)
+ TODO: check
CVE-2013-5498 (The PPTP-ALG component in CRS Carrier Grade Services Engine
(CGSE) and ...)
NOT-FOR-US: Cisco IOS XR
CVE-2013-5497 (The authentication manager process in the web framework in
Cisco ...)
@@ -1272,8 +1420,8 @@
RESERVED
CVE-2013-5420
RESERVED
-CVE-2013-5419
- RESERVED
+CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in ...)
+ TODO: check
CVE-2013-5418
RESERVED
CVE-2013-5417
@@ -1456,12 +1604,12 @@
RESERVED
CVE-2013-5328
RESERVED
-CVE-2013-5327
- RESERVED
+CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute
arbitrary ...)
+ TODO: check
CVE-2013-5326
RESERVED
-CVE-2013-5325
- RESERVED
+CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow
remote ...)
+ TODO: check
CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before
11.8.800.168 ...)
NOT-FOR-US: Adobe Flash
CVE-2013-5323 (Cross-site scripting (XSS) vulnerability in the Static Info
Tables ...)
@@ -1788,8 +1936,7 @@
RESERVED
CVE-2013-5164
RESERVED
-CVE-2013-5163
- RESERVED
+CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental
Update ...)
NOT-FOR-US: Apple OS X
CVE-2013-5162
RESERVED
@@ -1942,8 +2089,8 @@
NOTE:
http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
CVE-2013-5092
RESERVED
-CVE-2013-5091
- RESERVED
+CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM
5.4.0 ...)
+ TODO: check
CVE-2013-5090
RESERVED
CVE-2013-5089
@@ -2114,8 +2261,8 @@
RESERVED
CVE-2013-5009
RESERVED
-CVE-2013-5008
- RESERVED
+CVE-2013-5008 (The agent and task-agent components in Symantec Management
Platform ...)
+ TODO: check
CVE-2013-5007
RESERVED
CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750
with ...)
@@ -2141,8 +2288,7 @@
CVE-2013-4987
RESERVED
NOT-FOR-US: PinApp
-CVE-2013-4986
- RESERVED
+CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll
7.22.1125.2121 ...)
NOT-FOR-US: PDFCool
CVE-2013-4985
RESERVED
@@ -2536,11 +2682,9 @@
RESERVED
CVE-2013-4830
RESERVED
-CVE-2013-4829
- RESERVED
+CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c;
LaserJet ...)
NOT-FOR-US: HP
-CVE-2013-4828
- RESERVED
+CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c;
LaserJet ...)
NOT-FOR-US: HP
CVE-2013-4827
RESERVED
@@ -2628,8 +2772,7 @@
- open-xchange <itp> (bug #269329)
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti
before ...)
NOT-FOR-US: Cotonti
-CVE-2013-4788 [Eglibc PTR MANGLE bug]
- RESERVED
+CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc
or ...)
- eglibc <unfixed> (low; bug #717178)
[squeeze] - eglibc <no-dsa> (Incorrect hardening, only applies to
statically linked binaries)
[wheezy] - eglibc <no-dsa> (Incorrect hardening, only applies to
statically linked binaries)
@@ -2675,8 +2818,8 @@
RESERVED
CVE-2013-4768
RESERVED
-CVE-2013-4767
- RESERVED
+CVE-2013-4767 (Unspecified vulnerability in Eucalyptus before 3.3.2 has
unknown ...)
+ TODO: check
CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote
...)
- eucalyptus <removed>
CVE-2013-4765
@@ -2699,8 +2842,7 @@
RESERVED
CVE-2013-4756
RESERVED
-CVE-2013-4758 [Double Free Memory Corruption in ElasticSearch Plugin]
- RESERVED
+CVE-2013-4758 (Double free vulnerability in the writeDataError function in the
...)
- rsyslog <not-affected> (omelasticsearch plugin not enabled; see
#715009)
[squeeze] - rsyslog <not-affected> (omelasticsearch plugin not yet
present)
[wheezy] - rsyslog <not-affected> (omelasticsearch plugin not yet
present)
@@ -2833,8 +2975,8 @@
RESERVED
CVE-2013-4712
RESERVED
-CVE-2013-4711
- RESERVED
+CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch
3.2 on ...)
+ TODO: check
CVE-2013-4710
RESERVED
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the
SEIL/x86 ...)
@@ -3490,6 +3632,7 @@
RESERVED
CVE-2013-4402 [infinite recursion in the compressed packet parser]
RESERVED
+ {DSA-2774-1 DSA-2773-1}
- gnupg2 2.0.22-1 (bug #725433)
- gnupg 1.4.15-1 (bug #725439)
CVE-2013-4401
@@ -3507,8 +3650,7 @@
CVE-2013-4397 [Integer overflow]
RESERVED
- libtar 1.2.20-1 (bug #725938)
-CVE-2013-4396 [Use after free in Xserver handling of ImageText requests]
- RESERVED
+CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in ...)
- xorg-server 2:1.14.3-4
CVE-2013-4395
RESERVED
@@ -3542,20 +3684,17 @@
RESERVED
- vlc <unfixed>
NOTE:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
-CVE-2013-4387 [memory corruption with ipv6 udp offloading]
- RESERVED
+CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does
not ...)
- linux-2.6 <removed>
- linux <unfixed>
CVE-2013-4386
RESERVED
-CVE-2013-4385 [Buffer overrun]
- RESERVED
+CVE-2013-4385 (Buffer overflow in the "read-string!" procedure in
the "extras" unit ...)
- chicken <unfixed> (bug #724740; low)
[wheezy] - chicken <no-dsa> (Minor issue)
[squeeze] - chicken <no-dsa> (Minor issue)
NOTE:
http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
-CVE-2013-4384
- RESERVED
+CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search
module ...)
NOT-FOR-US: Drupal module
CVE-2013-4383
RESERVED
@@ -3569,8 +3708,7 @@
CVE-2013-4380
RESERVED
NOT-FOR-US: Drupal module
-CVE-2013-4379
- RESERVED
+CVE-2013-4379 (The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for
Drupal ...)
NOT-FOR-US: Drupal module
CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Javamelody
@@ -3586,6 +3724,7 @@
RESERVED
- x2goserver <itp> (bug #465821)
CVE-2013-4375 [qemu disk backend (qdisk) resource leak]
+ RESERVED
- xen <unfixed>
[squeeze] - xen <not-affected> (potentially affected by 4.1 versions
and above)
- qemu <unfixed>
@@ -3593,7 +3732,6 @@
- qemu-kvm <removed>
[squeeze] - qemu-kvm <not-affected> (vulnerable from version 1.1
onwards)
TODO: check
- RESERVED
CVE-2013-4374
RESERVED
CVE-2013-4373
@@ -3660,8 +3798,7 @@
- eglibc <unfixed>
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
TODO: check
-CVE-2013-4356 [Memory accessible by 64-bit PV guests under live migration]
- RESERVED
+CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow
pagetables when ...)
- xen <unfixed>
[wheezy] - xen <not-affected> (Only affects 4.3+)
[squeeze] - xen <not-affected> (Only affects 4.3+)
@@ -3675,8 +3812,8 @@
RESERVED
CVE-2013-4352
RESERVED
-CVE-2013-4351 [GnuPG treats no-usage-permitted keys as all-usages-permitted]
- RESERVED
+CVE-2013-4351 (GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with
all ...)
+ {DSA-2774-1 DSA-2773-1}
- gnupg 1.4.15-1 (low; bug #722722)
- gnupg2 2.0.22-1 (low; bug #722724)
CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux
kernel ...)
@@ -3704,12 +3841,10 @@
[wheezy] - python-oauth2 <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
NOTE: https://github.com/simplegeo/python-oauth2/issues/129
-CVE-2013-4345 [ansi_cprng off-by-one]
- RESERVED
+CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in
crypto/ansi_cprng.c ...)
- linux-2.6 <removed>
- linux <unfixed>
-CVE-2013-4344 [buffer overflow in scsi_target_emulate_report_luns]
- RESERVED
+CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in
Xen, ...)
- xen 4.2-1
- qemu <unfixed> (bug #725944)
- qemu-kvm <removed>
@@ -3721,8 +3856,7 @@
- linux <unfixed>
[wheezy] - linux <not-affected> (Introduced in 3.8)
- linux-2.6 <not-affected> (Introduced in 3.8)
-CVE-2013-4342 [xinetd: ignores user and group directives for tcpmux services]
- RESERVED
+CVE-2013-4342 (xinetd does not enforce the user and group configuration
directives ...)
- xinetd 1:2.3.15-2 (bug #324678)
[wheezy] - xinetd <no-dsa> (Minor issue)
[squeeze] - xinetd <no-dsa> (Minor issue)
@@ -3752,15 +3886,13 @@
RESERVED
CVE-2013-4333
RESERVED
-CVE-2013-4332 [integer overflows in glibc memory allocator]
- RESERVED
+CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C
Library ...)
- eglibc 2.17-93 (bug #722536)
CVE-2013-4331 [incorrect .Xauthority permissions]
RESERVED
- lightdm 1.6.2-1 (bug #721744)
[wheezy] - lightdm <not-affected> (Introduced in 1.4)
-CVE-2013-4330
- RESERVED
+CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before
2.11.2, ...)
NOT-FOR-US: Apache Camel
CVE-2013-4329 (The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when
IOMMU is ...)
- xen 4.3.0-1
@@ -3768,17 +3900,14 @@
NOTE:
http://lists.xen.org/archives/html/xen-announce/2013-09/msg00001.html
CVE-2013-4328
REJECTED
-CVE-2013-4327 [use of insecure polkit DBUS API]
- RESERVED
+CVE-2013-4327 (systemd does not properly use D-Bus for communication with a
polkit ...)
- systemd 204-5 (bug #723713)
-CVE-2013-4326 [use of insecure polkit DBUS API]
- RESERVED
+CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for ...)
- rtkit 0.10-3 (bug #723714)
[wheezy] - rtkit <no-dsa> (user can get realtime scheduling privileges)
CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux
Imaging ...)
- hplip 3.13.9-1 (bug #723716)
-CVE-2013-4324 [Insecure calling of polkit via polkit_unix_process_new()]
- RESERVED
+CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit
...)
- spice-gtk <unfixed>
CVE-2013-4323
RESERVED
@@ -3815,8 +3944,7 @@
[squeeze] - moodle <not-affected>
CVE-2013-4312
RESERVED
-CVE-2013-4311 [insecure calling of polkit via libgobject API]
- RESERVED
+CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and
0.9.12.x ...)
- libvirt <unfixed> (unimportant)
NOTE: polkit support not activated in Debian build, will be fixed in
point update
CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to
bypass ...)
@@ -3896,8 +4024,7 @@
CVE-2013-4289 [heap-based buffer overflows]
RESERVED
- openjpeg <unfixed> (bug #722540)
-CVE-2013-4288 [unix-process subject for authorization is racy]
- RESERVED
+CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to
bypass ...)
- policykit-1 <unfixed> (bug #723717)
CVE-2013-4287 [Algorithmic complexity vulnerability]
RESERVED
@@ -3909,8 +4036,7 @@
RESERVED
CVE-2013-4285
RESERVED
-CVE-2013-4284
- RESERVED
+CVE-2013-4284 (Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote
attackers ...)
NOT-FOR-US: Cumin
CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote
...)
- 389-ds-base <unfixed> (bug #721222)
@@ -3945,8 +4071,7 @@
RESERVED
CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6,
7.x-2.x ...)
NOT-FOR-US: Drupal addon
-CVE-2013-4271
- RESERVED
+CVE-2013-4271 (The default configuration of the ObjectRepresentation class in
Restlet ...)
- restlet <itp> (bug #596472)
CVE-2013-4270
RESERVED
@@ -3992,16 +4117,14 @@
CVE-2013-4259 (runner/connection_plugins/ssh.py in Ansible before 1.2.3, when
using ...)
- ansible <unfixed> (bug #721766)
NOTE: upstream commit:
https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0
-CVE-2013-4258 [Format string]
- RESERVED
+CVE-2013-4258 (Format string vulnerability in the osLogMsg function in ...)
{DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
CVE-2013-4257 [Heap Overflow]
- RESERVED
+ REJECTED
{DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
-CVE-2013-4256 [Buffer Overflows]
- RESERVED
+CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network
Audio ...)
{DSA-2771-1}
- nas 1.9.3-6 (bug #720287)
CVE-2013-4255 [condor_startd DoS when parsing policy definition that evaluates
to ERROR or UNDEFINED]
@@ -4020,8 +4143,7 @@
CVE-2013-4250 [Vulnerable subcomponent: Backend File Upload / File Abstraction
Layer]
RESERVED
- typo3 <not-affected> (All versions from 6.0.0 up to the development
branch of 6.2)
-CVE-2013-4249 [django Cross-site scripting (XSS) in admin interface]
- RESERVED
+CVE-2013-4249 (Cross-site scripting (XSS) vulnerability in the
AdminURLFieldWidget ...)
- python-django 1.5.2-1
[wheezy] - python-django <not-affected> (1.4.x not affected)
[squeeze] - python-django <not-affected> (1.2.x not affected)
@@ -4078,8 +4200,7 @@
- python3.3 3.3.2-6 (low; bug #719567)
NOTE: http://bugs.python.org/issue18709
NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
-CVE-2013-4237 [Buffer overwrite when using readdir_r on file systems returning
file names longer than NAME_MAX characters]
- RESERVED
+CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or
libc6) ...)
- eglibc <unfixed> (bug #719558)
[wheezy] - eglibc <unfixed> (low; bug #719558)
[squeeze] - eglibc <unfixed> (low; bug #719558)
@@ -4134,8 +4255,7 @@
- keystone 2013.1.3-1 (bug #719290)
[wheezy] - keystone <not-affected> (Vulnerable code not present in
Openstack Essex)
NOTE:
http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html
-CVE-2013-4221 [remote code execution due to XML deserialization in Restlet]
- RESERVED
+CVE-2013-4221 (The default configuration of the ObjectRepresentation class in
Restlet ...)
- restlet <itp> (bug #596472)
NOTE:
http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
NOTE: https://github.com/o2platform/DefCon_RESTing
@@ -4340,8 +4460,7 @@
- smokeping <not-affected> (fix for CVE-2012-0790/DSA-2651-1 uses
regexp from 2.6.9 upstream release)
NOTE: CVE is for incomplete fix for CVE-2012-0790
NOTE: Debian package applied already the more complete fix, see #659899
-CVE-2013-4157
- RESERVED
+CVE-2013-4157 (Red Hat Storage 2.0 allows local users to overwrite arbitrary
files ...)
NOT-FOR-US: Red Hat Storage Server
CVE-2013-4156 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers
to ...)
- libreoffice 1:4.1.0-1 (unimportant)
@@ -4992,60 +5111,60 @@
RESERVED
CVE-2013-3898
RESERVED
-CVE-2013-3897
- RESERVED
-CVE-2013-3896
- RESERVED
-CVE-2013-3895
- RESERVED
-CVE-2013-3894
- RESERVED
+CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in
...)
+ TODO: check
+CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly
validate ...)
+ TODO: check
+CVE-2013-3895 (Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2
allows ...)
+ TODO: check
+CVE-2013-3894 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows ...)
+ TODO: check
CVE-2013-3893 (Use-after-free vulnerability in the SetMouseCapture
implementation in ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2013-3892
- RESERVED
-CVE-2013-3891
- RESERVED
-CVE-2013-3890
- RESERVED
-CVE-2013-3889
- RESERVED
-CVE-2013-3888
- RESERVED
+CVE-2013-3892 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow
remote ...)
+ TODO: check
+CVE-2013-3891 (Microsoft Word 2003 SP3 allows remote attackers to execute
arbitrary ...)
+ TODO: check
+CVE-2013-3890 (Microsoft Excel 2007 SP3, Excel Viewer, and Office
Compatibility Pack ...)
+ TODO: check
+CVE-2013-3889 (Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT;
Office ...)
+ TODO: check
+CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows
Vista SP2, ...)
+ TODO: check
CVE-2013-3887
RESERVED
-CVE-2013-3886
- RESERVED
-CVE-2013-3885
- RESERVED
+CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to
...)
+ TODO: check
+CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
+ TODO: check
CVE-2013-3884
RESERVED
CVE-2013-3883
RESERVED
-CVE-2013-3882
- RESERVED
-CVE-2013-3881
- RESERVED
-CVE-2013-3880
- RESERVED
-CVE-2013-3879
- RESERVED
+CVE-2013-3882 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2013-3881 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7
SP1 and ...)
+ TODO: check
+CVE-2013-3880 (The App Container feature in the kernel-mode drivers in
Microsoft ...)
+ TODO: check
+CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+ TODO: check
CVE-2013-3878
RESERVED
CVE-2013-3877
RESERVED
CVE-2013-3876
RESERVED
-CVE-2013-3875
- RESERVED
-CVE-2013-3874
- RESERVED
-CVE-2013-3873
- RESERVED
-CVE-2013-3872
- RESERVED
-CVE-2013-3871
- RESERVED
+CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2013-3873 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2013-3872 (Microsoft Internet Explorer 10 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2013-3871 (Microsoft Internet Explorer 6 through 10 allows remote
attackers to ...)
+ TODO: check
CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and
2010 SP1 ...)
NOT-FOR-US: Microsoft Outlook
CVE-2013-3869
@@ -5064,10 +5183,10 @@
NOT-FOR-US: Microsoft
CVE-2013-3862 (Double free vulnerability in Microsoft Windows 7 and Server
2008 R2 ...)
NOT-FOR-US: Microsoft
-CVE-2013-3861
- RESERVED
-CVE-2013-3860
- RESERVED
+CVE-2013-3861 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and
4.5 ...)
+ TODO: check
+CVE-2013-3860 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and
4.5 does ...)
+ TODO: check
CVE-2013-3859 (Microsoft Pinyin IME 2010, when used in conjunction with
Microsoft ...)
NOT-FOR-US: Microsoft Pinyin IME
CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010
SP1, Word ...)
@@ -5469,8 +5588,8 @@
RESERVED
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in
cgi-bin/users.cgi ...)
NOT-FOR-US: Brickcom
-CVE-2013-3689
- RESERVED
+CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae,
OSD-040E, ...)
+ TODO: check
CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G,
TL-SC3171G, ...)
NOT-FOR-US: TP-Link
CVE-2013-3687
@@ -5622,8 +5741,8 @@
RESERVED
CVE-2013-3628
RESERVED
-CVE-2013-3627
- RESERVED
+CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee
Managed ...)
+ TODO: check
CVE-2013-3626
RESERVED
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5
through 8.9 ...)
@@ -5654,10 +5773,11 @@
NOT-FOR-US: Dahua DVR
CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root
...)
NOT-FOR-US: Dahua DVR
-CVE-2013-3611 (NETELLER Direct Payment API 4.1.6 allows remote authenticated
users to ...)
+CVE-2013-3611
+ REJECTED
NOT-FOR-US: NETELLER Direct Payment API
-CVE-2013-3610
- RESERVED
+CVE-2013-3610 (qis/QIS_finish.htm on the ASUS RT-N10E router with firmware
before ...)
+ TODO: check
CVE-2013-3609 (The web interface in the Intelligent Platform Management
Interface ...)
NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3608 (The web interface in the Intelligent Platform Management
Interface ...)
@@ -5823,14 +5943,14 @@
RESERVED
CVE-2013-3544
REJECTED
-CVE-2013-3543
- RESERVED
+CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control
(AxisMediaControlEmb.dll) ...)
+ TODO: check
CVE-2013-3542
RESERVED
-CVE-2013-3541
- RESERVED
-CVE-2013-3540
- RESERVED
+CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in
AirLive ...)
+ TODO: check
+CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the ...)
NOT-FOR-US: Sony
CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in
todooforum.php ...)
@@ -6095,8 +6215,8 @@
NOT-FOR-US: Cisco
CVE-2013-3410 (Cisco Intrusion Prevention System (IPS) Software on IPS NME
devices ...)
NOT-FOR-US: Cisco
-CVE-2013-3409
- RESERVED
+CVE-2013-3409 (The portal in Cisco Prime Central for Hosted Collaboration
Solution ...)
+ TODO: check
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000
devices ...)
NOT-FOR-US: Cisco
CVE-2013-3407
@@ -6450,8 +6570,8 @@
NOT-FOR-US: WP Maintenance Mode plugin for Wordpress
CVE-2013-3249
RESERVED
-CVE-2013-3248
- RESERVED
+CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11
allows ...)
+ TODO: check
CVE-2013-3247
RESERVED
CVE-2013-3246
@@ -6594,8 +6714,8 @@
NOT-FOR-US: Microsoft
CVE-2013-3201 (Microsoft Internet Explorer 9 and 10 allows remote attackers to
...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2013-3200
- RESERVED
+CVE-2013-3200 (The USB drivers in the kernel-mode drivers in Microsoft Windows
XP SP2 ...)
+ TODO: check
CVE-2013-3199 (Microsoft Internet Explorer 6 through 10 allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3198 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in
...)
@@ -6604,8 +6724,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2013-3196 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in
...)
NOT-FOR-US: Microsoft Windows
-CVE-2013-3195
- RESERVED
+CVE-2013-3195 (The DSA_InsertItem function in Comctl32.dll in the Windows
common ...)
+ TODO: check
CVE-2013-3194 (Microsoft Internet Explorer 9 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3193 (Microsoft Internet Explorer 9 and 10 allows remote attackers to
...)
@@ -6738,8 +6858,8 @@
REJECTED
CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5;
Silverlight ...)
NOT-FOR-US: Microsoft
-CVE-2013-3128
- RESERVED
+CVE-2013-3128 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3,
Windows ...)
+ TODO: check
CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in
Windows ...)
NOT-FOR-US: Microsoft
CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is
...)
@@ -7071,8 +7191,8 @@
RESERVED
CVE-2013-2965
RESERVED
-CVE-2013-2964
- RESERVED
+CVE-2013-2964 (Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM)
through ...)
+ TODO: check
CVE-2013-2963
RESERVED
CVE-2013-2962
@@ -7518,8 +7638,8 @@
RESERVED
CVE-2013-2809
RESERVED
-CVE-2013-2808
- RESERVED
+CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information
...)
+ TODO: check
CVE-2013-2807
RESERVED
CVE-2013-2806
@@ -9008,11 +9128,9 @@
- moodle 2.5.1-1 (low)
[squeeze] - moodle <no-dsa> (Minor issue)
NOTE: https://moodle.org/mod/forum/discuss.php?d=232498
-CVE-2013-2241 [information exposure]
- RESERVED
+CVE-2013-2241 (modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9
allows ...)
- gallery3 <itp> (bug #511715)
-CVE-2013-2240 [Improper stripping of URL fragments in flowplayer SWF file]
- RESERVED
+CVE-2013-2240 (lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not
properly ...)
- gallery3 <itp> (bug #511715)
CVE-2013-2239
RESERVED
@@ -9071,18 +9189,15 @@
CVE-2013-2224 (A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat
...)
- linux-2.6 <not-affected> (Caused by RHEL backport)
- linux <not-affected> (Caused by RHEL backport)
-CVE-2013-2223 [Multiple remote heap memory disclosures]
- RESERVED
+CVE-2013-2223 (GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain
sensitive ...)
- libzrtpcpp 2.3.4-1 (bug #714650)
[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
-CVE-2013-2222 [Multiple remote stack overflows]
- RESERVED
+CVE-2013-2222 (Multiple stack-based buffer overflows in GNU ZRTPCPP before
3.2.0 ...)
- libzrtpcpp 2.3.4-1 (bug #714650)
[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
-CVE-2013-2221 [Remote heap overflow]
- RESERVED
+CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function
in GNU ...)
- libzrtpcpp 2.3.4-1 (bug #714650)
[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
@@ -9131,8 +9246,7 @@
- tpp 1.3.1-3 (low; bug #706644)
[squeeze] - tpp <no-dsa> (Minor issue)
[wheezy] - tpp <no-dsa> (Minor issue)
-CVE-2013-2207
- RESERVED
+CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does
not ...)
- eglibc <unfixed> (low; bug #717544)
[squeeze] - eglibc <no-dsa> (Minor issue)
[wheezy] - eglibc <no-dsa> (Minor issue)
@@ -9359,8 +9473,7 @@
CVE-2013-2139 [srtp: buffer overflow]
RESERVED
- srtp 1.4.5~20130609~dfsg-1 (bug #711163)
-CVE-2013-2138 [gallery: improper stripping of URL fragments might lead to
replay attacks]
- RESERVED
+CVE-2013-2138 (The (1) uploadify and (2) flowplayer SWF files in Gallery 3
before ...)
- gallery <not-affected> (Old 1.5 version not affected)
CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View
Log" screen in ...)
NOT-FOR-US: Apache OFBiz
@@ -9504,8 +9617,7 @@
CVE-2013-2100
RESERVED
NOT-FOR-US: Gentoo Portage binary package installer
-CVE-2013-2099 [ssl.match_hostname denial of service]
- RESERVED
+CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname
...)
- python2.7 2.7.5-5 (low; bug #709066)
[wheezy] - python2.7 <no-dsa> (Minor issue)
- linkchecker <unfixed> (low; bug #709067)
@@ -9529,7 +9641,7 @@
[squeeze] - w3af <no-dsa> (Minor issue)
[wheezy] - w3af <no-dsa> (Minor issue)
CVE-2013-2098
- RESERVED
+ REJECTED
NOTE: http://www.openwall.com/lists/oss-security/2013/05/16/5
NOTE: This ID is solely for the backport, CVE-2013-2099 is for standard
Python
CVE-2013-2097 [zPanel themes remote command execution as root]
@@ -10273,8 +10385,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3
CVE-2013-1882
RESERVED
-CVE-2013-1881 [local resource access vulnerability due to XXE]
- RESERVED
+CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read
arbitrary ...)
- librsvg <unfixed> (bug #724741)
CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application]
RESERVED
@@ -11715,6 +11826,7 @@
CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in
CubeCart ...)
NOT-FOR-US: CubeCart
CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in
the ...)
+ {DSA-2772-1}
- typo3-src 4.5.29+dfsg1-1
CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: WordPress plugin
@@ -12631,23 +12743,18 @@
RESERVED
CVE-2013-1067
RESERVED
-CVE-2013-1066
- RESERVED
+CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1,
and ...)
NOT-FOR-US: language-selector
-CVE-2013-1065
- RESERVED
+CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly
use ...)
NOT-FOR-US: jockey
-CVE-2013-1064
- RESERVED
+CVE-2013-1064 (apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and ...)
- apt-xapian-index <unfixed> (low; bug #724837)
-CVE-2013-1063
- RESERVED
+CVE-2013-1063 (usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before
0.2.40ubuntu2, and ...)
NOT-FOR-US: usb-creator
-CVE-2013-1062
- RESERVED
+CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before
0.2.3.1, and ...)
NOT-FOR-US: ubuntu-system-service
-CVE-2013-1061
- RESERVED
+CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17
before ...)
+ TODO: check
CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in
the Linux ...)
NOT-FOR-US: Ubuntu packaging specific
CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows
remote ...)
@@ -13701,8 +13808,8 @@
[wheezy] - nss 2:3.13.6-2
NOTE:
http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html
NOTE:
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
-CVE-2013-0742
- RESERVED
+CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows
remote ...)
+ TODO: check
CVE-2013-0741
RESERVED
CVE-2013-0740
@@ -13713,8 +13820,8 @@
RESERVED
CVE-2013-0737
RESERVED
-CVE-2013-0736
- RESERVED
+CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
CVE-2013-0735
RESERVED
CVE-2013-0734
@@ -14177,14 +14284,14 @@
NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Business ...)
NOT-FOR-US: IBM
-CVE-2013-0580
- RESERVED
-CVE-2013-0579
- RESERVED
+CVE-2013-0580 (Cross-site request forgery (CSRF) vulnerability in the Optim
...)
+ TODO: check
+CVE-2013-0579 (The Optim E-Business Console in IBM Data Growth Solution for
Oracle ...)
+ TODO: check
CVE-2013-0578 (The Sterling Order Management APIs in IBM Sterling
Multi-Channel ...)
NOT-FOR-US: IBM
-CVE-2013-0577
- RESERVED
+CVE-2013-0577 (The Optim E-Business Console in IBM Data Growth Solution for
Oracle ...)
+ TODO: check
CVE-2013-0576 (Cross-site scripting (XSS) vulnerability in the Tivoli
Enterprise ...)
NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-0575
@@ -15414,7 +15521,7 @@
RESERVED
NOT-FOR-US: Simple Machines Forum
CVE-2013-0188
- RESERVED
+ REJECTED
CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel
2.6.23 ...)
- linux 3.2.39-1
- linux-2.6 <removed>
@@ -21163,8 +21270,7 @@
CVE-2012-4425 (libgio, when used in setuid or other privileged programs in
spice-gtk ...)
- spice-gtk 0.12-5 (bug #689155)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
-CVE-2012-4424 [alloca buffer overflow via strcoll]
- RESERVED
+CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C
Library ...)
- eglibc <unfixed> (low; bug #689423)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -21206,8 +21312,7 @@
CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens
when ...)
- keystone 2012.1.1-6 (bug #687428)
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
-CVE-2012-4412 [strcoll int->buffer overflow]
- RESERVED
+CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library
(aka glibc ...)
- eglibc <unfixed> (low; bug #687530)
[wheezy] - eglibc <no-dsa> (Minor issue)
[squeeze] - eglibc <no-dsa> (Minor issue)
@@ -21977,8 +22082,8 @@
CVE-2012-XXXX [insecure default configuration / authentication bypass]
- munin 2.0.5-1 (bug #682869)
[squeeze] - munin <no-dsa> (Minor issue)
-CVE-2012-4141
- RESERVED
+CVE-2012-4141 (Directory traversal vulnerability in the CLI parser in Cisco
NX-OS ...)
+ TODO: check
CVE-2012-4140
RESERVED
CVE-2012-4139
@@ -22015,8 +22120,8 @@
RESERVED
CVE-2012-4123
RESERVED
-CVE-2012-4122
- RESERVED
+CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass
intended ...)
+ TODO: check
CVE-2012-4121
RESERVED
CVE-2012-4120
@@ -22063,8 +22168,8 @@
RESERVED
CVE-2012-4099
RESERVED
-CVE-2012-4098
- RESERVED
+CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter
AS ...)
+ TODO: check
CVE-2012-4097
RESERVED
CVE-2012-4096 (The local file editor in the Baseboard Management Controller
(BMC) in ...)
@@ -22077,10 +22182,10 @@
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4092 (The management interface in the Central Software component in
Cisco ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2012-4091
- RESERVED
-CVE-2012-4090
- RESERVED
+CVE-2012-4091 (The RIP service engine in Cisco NX-OS allows remote attackers
to cause ...)
+ TODO: check
+CVE-2012-4090 (The management interface in Cisco NX-OS on Nexus 7000 devices
allows ...)
+ TODO: check
CVE-2012-4089 (MCTOOLS in the fabric interconnect in Cisco Unified Computing
System ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4088 (The FTP server in Cisco Unified Computing System (UCS) has a
hardcoded ...)
@@ -22091,8 +22196,8 @@
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI)
implementation in ...)
NOT-FOR-US: Cisco Unified Computing System
-CVE-2012-4084
- RESERVED
+CVE-2012-4084 (Cross-site request forgery (CSRF) vulnerability in the
web-management ...)
+ TODO: check
CVE-2012-4083 (Multiple buffer overflows in the administrative web interface
in Cisco ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4082 (MCTools in the Cisco Management Controller in Cisco Unified
Computing ...)
@@ -22109,8 +22214,8 @@
RESERVED
CVE-2012-4076
RESERVED
-CVE-2012-4075
- RESERVED
+CVE-2012-4075 (Cisco NX-OS allows local users to gain privileges and execute
...)
+ TODO: check
CVE-2012-4074 (The Board Management Controller (BMC) in the Serial over LAN
(SoL) ...)
NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4073 (The KVM subsystem in the client in Cisco Unified Computing
System ...)
@@ -26750,29 +26855,29 @@
CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix
Server and ...)
NOT-FOR-US: RealNetworks Helix
CVE-2012-2266
- RESERVED
+ REJECTED
CVE-2012-2265
- RESERVED
+ REJECTED
CVE-2012-2264
- RESERVED
+ REJECTED
CVE-2012-2263
- RESERVED
+ REJECTED
CVE-2012-2262
- RESERVED
+ REJECTED
CVE-2012-2261
- RESERVED
+ REJECTED
CVE-2012-2260
- RESERVED
+ REJECTED
CVE-2012-2259
- RESERVED
+ REJECTED
CVE-2012-2258
- RESERVED
+ REJECTED
CVE-2012-2257
- RESERVED
+ REJECTED
CVE-2012-2256
- RESERVED
+ REJECTED
CVE-2012-2255
- RESERVED
+ REJECTED
CVE-2012-2254
RESERVED
CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php
in ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
