diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2013-12-13 07:28:16 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2013-12-13 07:28:16 +0000 |
commit | c5cfef1711cb70b29b33a355cbb47e906dac697e (patch) | |
tree | 1da207002907e13bea596fbcfd6a3cd75b8d4e8d | |
parent | 414c62bea01afd49c5e51a489b54902d3850341a (diff) |
Add new CVE identifiers
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@24731 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2004.list | 1 | ||||
-rw-r--r-- | data/CVE/2011.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 354 |
4 files changed, 207 insertions, 155 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 0e6ef37374..9cbe625e4a 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,6 +1,7 @@ CVE-2004-XXXX [base-passwd: sets valid shells for system services] - bass-passwd <unfixed> (low; bug #274229) CVE-2004-2776 + RESERVED NOT-FOR-US: Montitorix CVE-2004-2775 RESERVED diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 5fbc7d1b25..db8386355c 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -644,8 +644,7 @@ CVE-2011-4973 [mod_nss FakeBasicAuth authentication bypass] CVE-2011-4972 [CKEditor module for Drupal access bypass] RESERVED NOT-FOR-US: Drupal module -CVE-2011-4971 [memcached: remote DoS] - RESERVED +CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ...) - memcached <unfixed> (bug #706426) CVE-2011-4970 [Multiple SQL Injection vulnerabilities in Disk Pool Manager (DPM)] RESERVED diff --git a/data/CVE/2012.list b/data/CVE/2012.list index e40c899d13..f401371f56 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -8792,8 +8792,8 @@ CVE-2012-3049 RESERVED CVE-2012-3048 RESERVED -CVE-2012-3047 - RESERVED +CVE-2012-3047 (Cross-site scripting (XSS) vulnerability in the web-wizard setup page ...) + TODO: check CVE-2012-3046 RESERVED CVE-2012-3045 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 9675a36a59..0b97833ca5 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,3 +1,71 @@ +CVE-2013-7083 + RESERVED +CVE-2013-7068 + RESERVED +CVE-2013-7067 + RESERVED +CVE-2013-7066 + RESERVED +CVE-2013-7065 + RESERVED +CVE-2013-7064 + RESERVED +CVE-2013-7063 + RESERVED +CVE-2013-7059 + RESERVED +CVE-2013-7058 + RESERVED +CVE-2013-7057 + RESERVED +CVE-2013-7056 + RESERVED +CVE-2013-7055 + RESERVED +CVE-2013-7054 + RESERVED +CVE-2013-7053 + RESERVED +CVE-2013-7052 + RESERVED +CVE-2013-7051 + RESERVED +CVE-2013-7047 + RESERVED +CVE-2013-7046 + RESERVED +CVE-2013-7045 + RESERVED +CVE-2013-7044 + RESERVED +CVE-2013-7043 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...) + TODO: check +CVE-2013-7042 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses ...) + TODO: check +CVE-2013-7037 + RESERVED +CVE-2013-7036 + RESERVED +CVE-2013-7035 + RESERVED +CVE-2013-7034 + RESERVED +CVE-2013-7033 + RESERVED +CVE-2013-7032 + RESERVED +CVE-2013-7031 + RESERVED +CVE-2013-7030 (** DISPUTED ** The TFTP service in Cisco Unified Communications ...) + TODO: check +CVE-2013-7029 + RESERVED +CVE-2013-7028 + RESERVED +CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in ...) + TODO: check +CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...) + TODO: check CVE-2013-7089 [dbg_printhex possible information leak] - clamav 0.97.7+dfsg-1 NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804 @@ -16,51 +84,71 @@ CVE-2013-7085 [uscan: broken handling of filenames with whitespace] [wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5) [squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5) CVE-2013-7082 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7081 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7080 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7079 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7078 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7077 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7076 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7075 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7074 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7073 + RESERVED - typo3-src <unfixed> (bug #731999) CVE-2013-7072 + RESERVED NOT-FOR-US: Monitorix CVE-2013-7071 + RESERVED NOT-FOR-US: Monitorix CVE-2013-7070 + RESERVED NOT-FOR-US: Monitorix CVE-2013-7062 [XSS] + RESERVED TODO: check plone/zope CVE-2013-7061 [Privilege escalation through exposed underlying API] + RESERVED TODO: check plone/zope CVE-2013-7060 [Filesystem path information leak] + RESERVED TODO: check plone/zope CVE-2013-7049 [ZNC IRC Bouncer DoS in FiSH Plugin] + RESERVED NOTE: vulnerable code not found in Debian NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14 NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer CVE-2013-7048 [Nova live snapshots use an insecure local directory] + RESERVED - nova <unfixed> (bug #732022) [wheezy] - nova <not-affected> (Support for live snapshots added later) NOTE: https://bugs.launchpad.net/nova/+bug/1227027 CVE-2013-7050 [uscan: arbitrary code execution] + RESERVED - devscripts 2.13.8 (bug #731849) [wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5) [squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5) NOTE: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5 CVE-2013-7069 [remote code execution via per-project .ackrc files] + RESERVED - ack-grep 2.12-1 (bug #731848) [wheezy] - ack-grep <not-affected> (don't support per-project .ackrc files) [squeeze] - ack-grep <not-affected> (don't support per-project .ackrc files) @@ -79,8 +167,10 @@ CVE-2013-7003 RESERVED NOT-FOR-US: LiveZilla CVE-2013-7041 [password hashes aren't compared case-sensitively] + RESERVED - pam <unfixed> (bug #731368) CVE-2013-7040 + RESERVED - python2.5 <removed> - python2.6 <removed> - python2.7 <unfixed> @@ -89,11 +179,13 @@ CVE-2013-7040 - python3.3 <unfixed> TODO: check CVE-2013-7039 [stack overflow in MHD_digest_auth_check()] + RESERVED - libmicrohttpd 0.9.32-1 (low; bug #731933) [squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases) [wheezy] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390 CVE-2013-7038 [out-of-bounds read in MHD_http_unescape()] + RESERVED - libmicrohttpd 0.9.32-1 (low; bug #731933) [squeeze] - libmicrohttpd <no-dsa> (Minor issue) [wheezy] - libmicrohttpd <no-dsa> (Minor issue) @@ -224,8 +316,7 @@ CVE-2013-6988 RESERVED CVE-2013-6987 RESERVED -CVE-2013-6986 - RESERVED +CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...) NOT-FOR-US: ZippyYum CVE-2013-6984 RESERVED @@ -355,8 +446,7 @@ CVE-2013-6922 RESERVED CVE-2013-6921 RESERVED -CVE-2013-6985 - RESERVED +CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth ...) NOT-FOR-US: Enorth Webpublisher CMS CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not ...) NOT-FOR-US: Siemens @@ -500,8 +590,8 @@ CVE-2013-6842 RESERVED CVE-2013-6841 RESERVED -CVE-2013-6840 - RESERVED +CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 ...) + TODO: check CVE-2013-6839 RESERVED NOT-FOR-US: InstantCMS @@ -571,8 +661,7 @@ CVE-2013-6812 RESERVED CVE-2013-6811 RESERVED -CVE-2013-6810 - RESERVED +CVE-2013-6810 (The server in EMC Connectrix Manager Converged Network Edition (CMCNE) ...) NOT-FOR-US: EMC Connectrix Manager Converged Network Edition CVE-2013-6809 RESERVED @@ -806,8 +895,8 @@ CVE-2013-6710 RESERVED CVE-2013-6709 RESERVED -CVE-2013-6708 - RESERVED +CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of ...) + TODO: check CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows ...) @@ -876,20 +965,17 @@ CVE-2013-6675 RESERVED CVE-2013-6674 RESERVED -CVE-2013-6673 - RESERVED +CVE-2013-6673 (Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> [squeeze] - iceape <end-of-life> -CVE-2013-6672 - RESERVED +CVE-2013-6672 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow ...) - iceweasel <not-affected> (Only affects Firefox 25) - iceape <not-affected> (Only affects Firefox 25) -CVE-2013-6671 - RESERVED +CVE-2013-6671 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> @@ -1443,15 +1529,13 @@ CVE-2013-6434 RESERVED CVE-2013-6433 RESERVED -CVE-2013-6432 [ping: NULL pointer dereference on write to msg_name] - RESERVED +CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...) - linux <unfixed> [wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11) - linux-2.6 <not-affected> (Vulnerable code introduced in 3.11) NOTE: Introduced by https://git.kernel.org/linus/6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67 NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0 -CVE-2013-6431 [net: fib: fib6_add: potential NULL pointer dereference] - RESERVED +CVE-2013-6431 (The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before ...) - linux-2.6 <removed> (low) - linux <unfixed> (low) NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2 @@ -1463,8 +1547,7 @@ CVE-2013-6428 [Heat ReST API doesn't respect tenant scoping] RESERVED - heat <unfixed> (bug #732033) NOTE: https://launchpad.net/bugs/1256983 -CVE-2013-6427 [insecure auto update feature] - RESERVED +CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing ...) - hplip <unfixed> (bug #731480) [squeeze] - hplip <not-affected> (Vulnerable code not present) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405 @@ -1483,8 +1566,7 @@ CVE-2013-6423 RESERVED CVE-2013-6422 RESERVED -CVE-2013-6421 [Command injection] - RESERVED +CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem ...) NOT-FOR-US: Ruby Gem sprout CVE-2013-6420 [php: memory corruption in openssl_x509_parse()] RESERVED @@ -1713,7 +1795,7 @@ CVE-2013-6358 CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: Disputed non-issue in Tomcat CVE-2013-6356 - RESERVED + REJECTED CVE-2013-6355 RESERVED CVE-2013-6354 @@ -1986,8 +2068,7 @@ CVE-2013-6239 RESERVED CVE-2013-6238 RESERVED -CVE-2013-6237 [Clipboard security issue] - RESERVED +CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 ...) NOT-FOR-US: ISL Light CVE-2013-6236 RESERVED @@ -2015,8 +2096,7 @@ CVE-2013-6226 (Directory traversal vulnerability in ...) NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin CVE-2013-6225 RESERVED -CVE-2013-6224 - RESERVED +CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...) NOT-FOR-US: Livezilla CVE-2013-6223 RESERVED @@ -2105,8 +2185,7 @@ CVE-2013-6182 RESERVED CVE-2013-6181 RESERVED -CVE-2013-6180 - RESERVED +CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness ...) NOT-FOR-US: RSA Security Analytics CVE-2013-6179 RESERVED @@ -2374,15 +2453,13 @@ CVE-2013-6056 RESERVED CVE-2013-6055 RESERVED -CVE-2013-6054 - RESERVED +CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...) {DSA-2808-1} - openjpeg <unfixed> (bug #731237) CVE-2013-6053 RESERVED - openjpeg <not-affected> (only affects 1.5, in experimental) -CVE-2013-6052 - RESERVED +CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive ...) {DSA-2808-1} - openjpeg <unfixed> (bug #731237) CVE-2013-6051 [bgpd crash on valid BGP updates] @@ -2409,8 +2486,7 @@ CVE-2013-6047 [XSS in site creation interface] [wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS) CVE-2013-6046 RESERVED -CVE-2013-6045 - RESERVED +CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might ...) {DSA-2808-1} - openjpeg <unfixed> (bug #731237) CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before ...) @@ -2424,8 +2500,7 @@ CVE-2013-6041 RESERVED CVE-2013-6040 RESERVED -CVE-2013-6039 - RESERVED +CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...) NOT-FOR-US: NagiosQL CVE-2013-6038 RESERVED @@ -3052,8 +3127,8 @@ CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTool NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-5764 RESERVED -CVE-2013-5763 - RESERVED +CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology ...) + TODO: check CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in ...) NOT-FOR-US: Oracle Siebel CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...) @@ -3404,12 +3479,10 @@ CVE-2013-5621 REJECTED CVE-2013-5620 REJECTED -CVE-2013-5619 - RESERVED +CVE-2013-5619 (Multiple integer overflows in the binary-search implementation in ...) - iceweasel <not-affected> (Only affects Firefox 25) - iceape <not-affected> (Only affects Firefox 25) -CVE-2013-5618 - RESERVED +CVE-2013-5618 (Use-after-free vulnerability in the nsNodeUtils::LastRelease function ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> @@ -3418,46 +3491,38 @@ CVE-2013-5618 [squeeze] - iceape <end-of-life> CVE-2013-5617 RESERVED -CVE-2013-5616 - RESERVED +CVE-2013-5616 (Use-after-free vulnerability in the ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> [squeeze] - iceape <end-of-life> -CVE-2013-5615 - RESERVED +CVE-2013-5615 (The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> [squeeze] - iceape <end-of-life> -CVE-2013-5614 - RESERVED +CVE-2013-5614 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly ...) - iceweasel <not-affected> (Only affects Firefox 25) -CVE-2013-5613 - RESERVED +CVE-2013-5613 (Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> [squeeze] - iceweasel <end-of-life> [squeeze] - icedove <end-of-life> [squeeze] - iceape <end-of-life> -CVE-2013-5612 - RESERVED +CVE-2013-5612 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) - iceweasel <not-affected> (Only affects Firefox 25) -CVE-2013-5611 - RESERVED +CVE-2013-5611 (Mozilla Firefox before 26.0 does not properly remove the Application ...) - iceweasel <not-affected> (Only affects Firefox 25) -CVE-2013-5610 - RESERVED +CVE-2013-5610 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <not-affected> (Only affects Firefox 25) - iceape <not-affected> (Only affects Firefox 25) - icedove <not-affected> (Only affects Firefox 25) -CVE-2013-5609 - RESERVED +CVE-2013-5609 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel <unfixed> - icedove <unfixed> - iceape <unfixed> @@ -3875,8 +3940,8 @@ CVE-2013-5449 (Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM NOT-FOR-US: IBM CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin ...) NOT-FOR-US: IBM Security QRadar SIEM -CVE-2013-5447 - RESERVED +CVE-2013-5447 (Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and ...) + TODO: check CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...) NOT-FOR-US: IBM WebSphere DataPower XC10 appliances CVE-2013-5445 @@ -3961,8 +4026,8 @@ CVE-2013-5406 RESERVED CVE-2013-5405 RESERVED -CVE-2013-5404 - RESERVED +CVE-2013-5404 (Cross-site scripting (XSS) vulnerability in the search implementation ...) + TODO: check CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...) NOT-FOR-US: IBM WebSphere CVE-2013-5402 @@ -4059,10 +4124,10 @@ CVE-2013-5357 RESERVED CVE-2013-5356 RESERVED -CVE-2013-5355 - RESERVED -CVE-2013-5354 - RESERVED +CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check +CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow ...) + TODO: check CVE-2013-5353 RESERVED CVE-2013-5352 @@ -4101,15 +4166,13 @@ CVE-2013-5336 RESERVED CVE-2013-5335 RESERVED -CVE-2013-5334 - RESERVED -CVE-2013-5333 - RESERVED -CVE-2013-5332 - RESERVED +CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...) + TODO: check +CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...) + TODO: check +CVE-2013-5332 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...) NOT-FOR-US: Adobe Flash Player -CVE-2013-5331 - RESERVED +CVE-2013-5331 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...) NOT-FOR-US: Adobe Flash @@ -4641,8 +4704,8 @@ CVE-2013-5074 RESERVED CVE-2013-5073 RESERVED -CVE-2013-5072 - RESERVED +CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in ...) + TODO: check CVE-2013-5071 RESERVED CVE-2013-5070 @@ -4667,43 +4730,42 @@ CVE-2013-5061 RESERVED CVE-2013-5060 RESERVED -CVE-2013-5059 - RESERVED -CVE-2013-5058 - RESERVED +CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...) + TODO: check +CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows Kernel -CVE-2013-5057 - RESERVED -CVE-2013-5056 - RESERVED +CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not ...) + TODO: check +CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...) + TODO: check CVE-2013-5055 RESERVED -CVE-2013-5054 - RESERVED +CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...) + TODO: check CVE-2013-5053 RESERVED -CVE-2013-5052 - RESERVED -CVE-2013-5051 - RESERVED +CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute ...) + TODO: check +CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...) + TODO: check CVE-2013-5050 RESERVED -CVE-2013-5049 - RESERVED -CVE-2013-5048 - RESERVED -CVE-2013-5047 - RESERVED -CVE-2013-5046 - RESERVED -CVE-2013-5045 - RESERVED +CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...) + TODO: check +CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) + TODO: check +CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...) + TODO: check +CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass ...) + TODO: check +CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...) + TODO: check CVE-2013-5044 RESERVED CVE-2013-5043 RESERVED -CVE-2013-5042 - RESERVED +CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...) + TODO: check CVE-2013-5041 RESERVED CVE-2013-5040 @@ -5787,8 +5849,7 @@ CVE-2013-4567 RESERVED - mediawiki <unfixed> (bug #729629) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 -CVE-2013-4566 [incorrect handling of NSSVerifyClient in directory context] - RESERVED +CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...) - libapache2-mod-nss <unfixed> (low; bug #731627) [wheezy] - libapache2-mod-nss <no-dsa> (Minor issue) CVE-2013-4565 [heap-based buffer overflow] @@ -6148,8 +6209,7 @@ CVE-2013-4460 [XSS in account_sponsor_page.php project names] NOTE: http://www.mantisbt.org/bugs/view.php?id=16513 CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...) - lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch) -CVE-2013-4458 [Stack (frame) overflow in getaddrinfo() when called with AF_INET6] - RESERVED +CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...) - eglibc <unfixed> (low; bug #727181) [wheezy] - eglibc <no-dsa> (Minor issue) [squeeze] - eglibc <no-dsa> (Minor issue) @@ -6309,8 +6369,7 @@ CVE-2013-4409 [unsanitized eval() vulnerability] - python-django-djblets <removed> (low) [squeeze] - python-django-djblets <no-dsa> (Minor issue) NOTE: Fix: https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269 -CVE-2013-4408 - RESERVED +CVE-2013-4408 (Buffer overflow in the dcerpc_read_ncacn_packet_done function in ...) {DSA-2812-1} - samba 2:4.0.13+dfsg-1 - samba4 <removed> @@ -6775,8 +6834,7 @@ CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x NOT-FOR-US: Drupal addon CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...) - restlet <itp> (bug #596472) -CVE-2013-4270 [net: permissions flaw in /proc/sys/net] - RESERVED +CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux ...) - linux-2.6 <not-affected> (Introduced in 3.8) - linux 3.11.5-1 [wheezy] - linux <not-affected> (Introduced in 3.8) @@ -6801,7 +6859,7 @@ CVE-2013-4264 (The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg b - ffmpeg <not-affected> (g2meet codec not present in 0.5 ffmpeg) - libav <not-affected> (g2meet codec not present in libav) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1 -CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 allows has unspecified impact and ...) +CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote ...) - ffmpeg <not-affected> (Affected video filters not present in ffmpeg 0.5) - libav <unfixed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc @@ -7753,8 +7811,8 @@ CVE-2013-3931 RESERVED CVE-2013-3930 RESERVED -CVE-2013-3929 - RESERVED +CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...) + TODO: check CVE-2013-3928 RESERVED CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...) @@ -7795,24 +7853,24 @@ CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers t NOT-FOR-US: Microsoft CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...) NOT-FOR-US: Microsoft -CVE-2013-3907 - RESERVED +CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) + TODO: check CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...) NOT-FOR-US: Microsoft CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...) NOT-FOR-US: Microsoft CVE-2013-3904 RESERVED -CVE-2013-3903 - RESERVED -CVE-2013-3902 - RESERVED +CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in ...) + TODO: check +CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) + TODO: check CVE-2013-3901 RESERVED -CVE-2013-3900 - RESERVED -CVE-2013-3899 - RESERVED +CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, ...) + TODO: check +CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) + TODO: check CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...) NOT-FOR-US: Microsoft CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...) @@ -7853,8 +7911,8 @@ CVE-2013-3880 (The App Container feature in the kernel-mode drivers in Microsoft NOT-FOR-US: Microsoft Windows CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows -CVE-2013-3878 - RESERVED +CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...) + TODO: check CVE-2013-3877 RESERVED CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) @@ -8255,8 +8313,8 @@ CVE-2013-3712 RESERVED CVE-2013-3711 RESERVED -CVE-2013-3710 - RESERVED +CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...) + TODO: check CVE-2013-3709 RESERVED CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...) @@ -8443,10 +8501,10 @@ CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through NOT-FOR-US: Baramundi Management Suite CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...) NOT-FOR-US: Baramundi Management Suite -CVE-2013-3623 - RESERVED -CVE-2013-3622 - RESERVED +CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in the ...) + TODO: check +CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management ...) + TODO: check CVE-2013-3621 RESERVED CVE-2013-3620 @@ -9950,14 +10008,12 @@ CVE-2013-2931 (Multiple unspecified vulnerabilities in Google Chrome before ...) {DSA-2799-1} - chromium-browser 31.0.1650.57-1 [squeeze] - chromium-browser <end-of-life> -CVE-2013-2930 - RESERVED +CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c ...) - linux-2.6 <not-affected> (Introduced in v3.4) [wheezy] - linux <not-affected> (Introduced in v3.4) - linux 3.11.8-1 NOTE: Introduced by ced39002f5ea -CVE-2013-2929 - RESERVED +CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable ...) - linux-2.6 <removed> - linux 3.11.10-1 CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before ...) @@ -10502,10 +10558,10 @@ CVE-2013-2754 RESERVED CVE-2013-2753 RESERVED -CVE-2013-2752 - RESERVED -CVE-2013-2751 - RESERVED +CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in ...) + TODO: check +CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the ...) + TODO: check CVE-2013-2750 RESERVED CVE-2013-2749 @@ -11889,7 +11945,7 @@ CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local u CVE-2013-2216 RESERVED CVE-2013-2215 - RESERVED + REJECTED NOTE: Asked to be rejected in oss-security mailing list CVE-2013-2214 [REJECTED: nagios3: information leak; works as designed] RESERVED @@ -12724,8 +12780,7 @@ CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kerne {DSA-2669-1} - linux 3.8.11-1 - linux-2.6 <not-affected> (Introduced in 2.6.36) -CVE-2013-1978 [XWD plugin color map heap-based buffer overflow] - RESERVED +CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c ...) {DSA-2813-1} - gimp <unfixed> (bug #731305) CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...) @@ -12948,8 +13003,7 @@ CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...) - eglibc 2.17-2 (low; bug #704623) [wheezy] - eglibc <no-dsa> (Minor issue) [squeeze] - eglibc <no-dsa> (Minor issue) -CVE-2013-1913 [xwd plugin g_new() integer overflow] - RESERVED +CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...) {DSA-2813-1} - gimp <unfixed> (bug #731305) CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...) @@ -13297,8 +13351,7 @@ CVE-2013-1813 (util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions - busybox 1:1.20.0-8 (low; bug #701965) [wheezy] - busybox <no-dsa> (Minor issue) [squeeze] - busybox <no-dsa> (Minor issue) -CVE-2013-1812 - RESERVED +CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID ...) - ruby-openid 2.1.8debian-6 (bug #702217) - libopenid-ruby <removed> (bug #702217) [squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1 @@ -14503,8 +14556,7 @@ CVE-2013-1449 RESERVED CVE-2013-1448 RESERVED -CVE-2013-1447 - RESERVED +CVE-2013-1447 (OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of ...) {DSA-2808-1} - openjpeg <unfixed> (bug #731237) CVE-2013-1446 |