diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-12 20:10:26 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-12 20:10:26 +0000 |
commit | 21629a91bd6b31f6d0b865e36d074e56f3723afa (patch) | |
tree | ec748e0f5153083172134b63128259d55d79c504 /data/CVE/2013.list | |
parent | 599c1dbbfd254204f570933072ff03d490facde0 (diff) |
automatic update
Diffstat (limited to 'data/CVE/2013.list')
-rw-r--r-- | data/CVE/2013.list | 63 |
1 files changed, 27 insertions, 36 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 21546b70e3..fa695695ce 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -373,14 +373,14 @@ CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to caus - unrealircd <itp> (bug #515130) CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and e ...) NOT-FOR-US: VICIDIAL -CVE-2013-7381 - RESERVED +CVE-2013-7381 (libnotify before 1.0.4 for Node.js allows remote attackers to execute ...) + TODO: check CVE-2013-7380 (The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injectio ...) NOT-FOR-US: Etherpad Lite ep_imageconvert Plugin CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not p ...) NOT-FOR-US: tomato module for Node.js -CVE-2013-7378 - RESERVED +CVE-2013-7378 (scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node ...) + TODO: check CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is e ...) NOT-FOR-US: codem-transcode Node module CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2. ...) @@ -664,8 +664,8 @@ CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.p NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb) CVE-2013-7287 RESERVED -CVE-2013-7286 - RESERVED +CVE-2013-7286 (MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfu ...) + TODO: check CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise Linu ...) - libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems) CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with fir ...) @@ -2197,8 +2197,8 @@ CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle n NOT-FOR-US: Cisco NX-OS CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance (A ...) NOT-FOR-US: Cisco Adaptive Security Appliance -CVE-2013-6681 - RESERVED +CVE-2013-6681 (Tube Map Live Underground for Android before 3.0.22 has an Information ...) + TODO: check CVE-2013-6680 REJECTED CVE-2013-6679 @@ -3535,8 +3535,7 @@ CVE-2013-6238 RESERVED CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 an ...) NOT-FOR-US: ISL Light -CVE-2013-6236 - RESERVED +CVE-2013-6236 (IZON IP 2.0.2: hard-coded password vulnerability ...) NOT-FOR-US: Stem Innovations IZON CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java App ...) - libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh) @@ -8051,8 +8050,7 @@ CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in dix/dixfon ...) {DSA-2784-1} - xorg-server 2:1.14.3-4 -CVE-2013-4395 - RESERVED +CVE-2013-4395 (Simple Machines Forum (SMF) through 2.0.5 has XSS ...) NOT-FOR-US: Simple Machines Forum CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...) {DSA-2777-1} @@ -8673,8 +8671,7 @@ CVE-2013-4227 CVE-2013-4226 RESERVED NOT-FOR-US: Authenticated User Page Caching Drupal contributed module -CVE-2013-4225 - RESERVED +CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...) NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-4224 REJECTED @@ -9104,8 +9101,8 @@ CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Im NOT-FOR-US: Imperva SecureSphere CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...) NOT-FOR-US: Imperva SecureSphere -CVE-2013-4090 - RESERVED +CVE-2013-4090 (Varnish HTTP cache before 3.0.4: ACL bug ...) + TODO: check CVE-2013-4089 RESERVED CVE-2013-4088 [Information Disclosure] @@ -9965,8 +9962,8 @@ CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows NOT-FOR-US: Kasseler CMS CVE-2013-3726 REJECTED -CVE-2013-3725 - RESERVED +CVE-2013-3725 (Invision Power Board (IPB) through 3.x allows admin account takeover l ...) + TODO: check CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...) - monkey <removed> (low) [squeeze] - monkey <no-dsa> (Minor issue) @@ -10049,8 +10046,7 @@ CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-20 NOT-FOR-US: AirLive cameras CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera ...) NOT-FOR-US: AirLive -CVE-2013-3685 - RESERVED +CVE-2013-3685 (A Privilege Escalation Vulnerability exists in Sprite Software Spriteb ...) NOT-FOR-US: Sprite Software's backup softare for Android CVE-2013-3684 (NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php fil ...) TODO: check @@ -10488,8 +10484,8 @@ CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordin CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x a ...) - xen 4.4.1-3 (unimportant) NOTE: Hardware design flaw, no software solution -CVE-2013-3494 - RESERVED +CVE-2013-3494 (A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll ...) + TODO: check CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...) NOT-FOR-US: XnView CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...) @@ -12498,8 +12494,8 @@ CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage O NOT-FOR-US: CTERA Cloud Storage OS CVE-2013-2638 RESERVED -CVE-2013-2637 - RESERVED +CVE-2013-2637 (A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior t ...) + TODO: check CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initiali ...) - linux <not-affected> (Introduced in 3.8) - linux-2.6 <not-affected> (Introduced in 3.8) @@ -13652,8 +13648,7 @@ CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 do [wheezy] - nagios3 3.4.1-3+deb7u1 [squeeze] - nagios3 <no-dsa> (disputed, minor issue) NOTE: Disputed issue; claimed work as designed, may be rejected -CVE-2013-2213 [KRandom::random() Small Space of Random Values] - RESERVED +CVE-2013-2213 (The KRandom::random function in KDE Paste Applet after 4.10.5 in kdepl ...) - kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied) CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ca ...) - xen 4.3.0-1 (unimportant) @@ -14057,8 +14052,7 @@ CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname fu - u1db 13.10-1 (low; bug #709486) CVE-2013-2098 REJECTED -CVE-2013-2097 [zPanel themes remote command execution as root] - RESERVED +CVE-2013-2097 (ZPanel through 10.1.0 has Remote Command Execution ...) NOT-FOR-US: zPanel CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify t ...) - nova 2013.1.2-2 (low; bug #710157) @@ -14354,8 +14348,7 @@ CVE-2013-2012 (autojump before 21.5.8 allows local users to gain privileges via CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execu ...) NOT-FOR-US: WP Super Cache NOTE: this issue exists because of an incomplete fix for CVE-2013-2009 -CVE-2013-2010 - RESERVED +CVE-2013-2010 (WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Executio ...) NOT-FOR-US: W3 Total Cache CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...) NOT-FOR-US: WP Super Cache @@ -14582,8 +14575,7 @@ CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1. - owncloud <not-affected> (Windows version only) - php-sabredav <not-affected> (running in Windows hosts) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/ -CVE-2013-1938 - RESERVED +CVE-2013-1938 (Zimbra 2013 has XSS in aspell.php ...) NOT-FOR-US: Zimbra CVE-2013-1937 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) - phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable) @@ -14623,8 +14615,7 @@ CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses t - icedtea-web 1.3.2-1 CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...) NOT-FOR-US: CTools module for Drupal -CVE-2013-1924 - RESERVED +CVE-2013-1924 (Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerabi ...) NOT-FOR-US: Commerce Skrill Drupal module CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...) - nfs-utils 1:1.2.8-1 (low; bug #707401) @@ -16457,8 +16448,8 @@ CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbi NOT-FOR-US: DataLife Engine CVE-2013-1411 RESERVED -CVE-2013-1410 - RESERVED +CVE-2013-1410 (Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities ...) + TODO: check CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin befo ...) NOT-FOR-US: CommentLuv plugin for Wordpress CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters plugi ...) |