automatic update

1 files changed, 27 insertions, 36 deletions

diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 21546b70e3..fa695695ce 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -373,14 +373,14 @@ CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to caus
 	- unrealircd <itp> (bug #515130)
 CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...)
 	NOT-FOR-US: VICIDIAL
-CVE-2013-7381
-	RESERVED
+CVE-2013-7381 (libnotify before 1.0.4 for Node.js allows remote attackers to execute  ...)
+	TODO: check
 CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...)
 	NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin
 CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...)
 	NOT-FOR-US: tomato module for Node.js
-CVE-2013-7378
-	RESERVED
+CVE-2013-7378 (scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node ...)
+	TODO: check
 CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is e ...)
 	NOT-FOR-US: codem-transcode Node module
 CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...)
@@ -664,8 +664,8 @@ CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.p
 	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
 CVE-2013-7287
 	RESERVED
-CVE-2013-7286
-	RESERVED
+CVE-2013-7286 (MobileIron VSP &lt; 5.9.1 and Sentry &lt; 5.0 has a weak password obfu ...)
+	TODO: check
 CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...)
 	- libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems)
 CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...)
@@ -2197,8 +2197,8 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n
 	NOT-FOR-US: Cisco NX-OS
 CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliance
-CVE-2013-6681
-	RESERVED
+CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...)
+	TODO: check
 CVE-2013-6680
 	REJECTED
 CVE-2013-6679
@@ -3535,8 +3535,7 @@ CVE-2013-6238
 	RESERVED
 CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...)
 	NOT-FOR-US: ISL Light
-CVE-2013-6236
-	RESERVED
+CVE-2013-6236 (IZON IP 2.0.2: hard-coded password vulnerability ...)
 	NOT-FOR-US: Stem Innovations IZON
 CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...)
 	- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
@@ -8051,8 +8050,7 @@ CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c
 CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfon ...)
 	{DSA-2784-1}
 	- xorg-server 2:1.14.3-4
-CVE-2013-4395
-	RESERVED
+CVE-2013-4395 (Simple Machines Forum (SMF) through 2.0.5 has XSS ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...)
 	{DSA-2777-1}
@@ -8673,8 +8671,7 @@ CVE-2013-4227
 CVE-2013-4226
 	RESERVED
 	NOT-FOR-US: Authenticated User Page Caching Drupal contributed module
-CVE-2013-4225
-	RESERVED
+CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...)
 	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
 CVE-2013-4224
 	REJECTED
@@ -9104,8 +9101,8 @@ CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Im
 	NOT-FOR-US: Imperva SecureSphere
 CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
 	NOT-FOR-US: Imperva SecureSphere
-CVE-2013-4090
-	RESERVED
+CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...)
+	TODO: check
 CVE-2013-4089
 	RESERVED
 CVE-2013-4088 [Information Disclosure]
@@ -9965,8 +9962,8 @@ CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows
 	NOT-FOR-US: Kasseler CMS
 CVE-2013-3726
 	REJECTED
-CVE-2013-3725
-	RESERVED
+CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...)
+	TODO: check
 CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...)
 	- monkey <removed> (low)
 	[squeeze] - monkey <no-dsa> (Minor issue)
@@ -10049,8 +10046,7 @@ CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-20
 	NOT-FOR-US: AirLive cameras
 CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera  ...)
 	NOT-FOR-US: AirLive
-CVE-2013-3685
-	RESERVED
+CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...)
 	NOT-FOR-US: Sprite Software's backup softare for Android
 CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...)
 	TODO: check
@@ -10488,8 +10484,8 @@ CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordin
 CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x a ...)
 	- xen 4.4.1-3 (unimportant)
 	NOTE: Hardware design flaw, no software solution
-CVE-2013-3494
-	RESERVED
+CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...)
+	TODO: check
 CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...)
 	NOT-FOR-US: XnView
 CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...)
@@ -12498,8 +12494,8 @@ CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage O
 	NOT-FOR-US: CTERA Cloud Storage OS
 CVE-2013-2638
 	RESERVED
-CVE-2013-2637
-	RESERVED
+CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...)
+	TODO: check
 CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...)
 	- linux <not-affected> (Introduced in 3.8)
 	- linux-2.6 <not-affected> (Introduced in 3.8)
@@ -13652,8 +13648,7 @@ CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 do
 	[wheezy] - nagios3 3.4.1-3+deb7u1
 	[squeeze] - nagios3 <no-dsa> (disputed, minor issue)
 	NOTE: Disputed issue; claimed work as designed, may be rejected
-CVE-2013-2213 [KRandom::random() Small Space of Random Values]
-	RESERVED
+CVE-2013-2213 (The KRandom::random function in KDE Paste Applet after 4.10.5 in kdepl ...)
 	- kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied)
 CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ca ...)
 	- xen 4.3.0-1 (unimportant)
@@ -14057,8 +14052,7 @@ CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname fu
 	- u1db 13.10-1 (low; bug #709486)
 CVE-2013-2098
 	REJECTED
-CVE-2013-2097 [zPanel themes remote command execution as root]
-	RESERVED
+CVE-2013-2097 (ZPanel through 10.1.0 has Remote Command Execution ...)
 	NOT-FOR-US: zPanel
 CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify t ...)
 	- nova 2013.1.2-2 (low; bug #710157)
@@ -14354,8 +14348,7 @@ CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via
 CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...)
 	NOT-FOR-US: WP Super Cache
 	NOTE: this issue exists because of an incomplete fix for CVE-2013-2009
-CVE-2013-2010
-	RESERVED
+CVE-2013-2010 (WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Executio ...)
 	NOT-FOR-US: W3 Total Cache
 CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...)
 	NOT-FOR-US: WP Super Cache
@@ -14582,8 +14575,7 @@ CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.
 	- owncloud <not-affected> (Windows version only)
 	- php-sabredav <not-affected> (running in Windows hosts)
 	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/
-CVE-2013-1938
-	RESERVED
+CVE-2013-1938 (Zimbra 2013 has XSS in aspell.php ...)
 	NOT-FOR-US: Zimbra
 CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in  ...)
 	- phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable)
@@ -14623,8 +14615,7 @@ CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses t
 	- icedtea-web 1.3.2-1
 CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...)
 	NOT-FOR-US: CTools module for Drupal
-CVE-2013-1924
-	RESERVED
+CVE-2013-1924 (Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerabi ...)
 	NOT-FOR-US: Commerce Skrill Drupal module
 CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...)
 	- nfs-utils 1:1.2.8-1 (low; bug #707401)
@@ -16457,8 +16448,8 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi
 	NOT-FOR-US: DataLife Engine
 CVE-2013-1411
 	RESERVED
-CVE-2013-1410
-	RESERVED
+CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...)
+	TODO: check
 CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...)
 	NOT-FOR-US: CommentLuv plugin for Wordpress
 CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...)