automatic update

1 files changed, 25 insertions, 30 deletions

diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index e30cdb449d..36110a0979 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -8305,11 +8305,9 @@ CVE-2013-4337
 	REJECTED
 CVE-2013-4336
 	REJECTED
-CVE-2013-4335
-	RESERVED
+CVE-2013-4335 (opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML  ...)
 	NOT-FOR-US: opOpenSocialPlugin
-CVE-2013-4334
-	RESERVED
+CVE-2013-4334 (opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities ...)
 	NOT-FOR-US: opWebAPIPlugin
 CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...)
 	NOT-FOR-US: OpenPNE
@@ -10176,12 +10174,12 @@ CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4
 	NOT-FOR-US: Xaraya
 CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remo ...)
 	TODO: check
-CVE-2013-3637
-	RESERVED
-CVE-2013-3636
-	RESERVED
-CVE-2013-3635
-	RESERVED
+CVE-2013-3637 (ProjectPier 0.8.8 does not use the Secure flag for cookies ...)
+	TODO: check
+CVE-2013-3636 (ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because ...)
+	TODO: check
+CVE-2013-3635 (ProjectPier 0.8.8 has stored XSS ...)
+	TODO: check
 CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens switches
 CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
@@ -10194,10 +10192,10 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t
 	NOTE: For Moodle: Not a securiy issue according to upstream, only applicable to administrators, see bug #775842
 	NOTE: https://tracker.moodle.org/browse/MDL-41449
 	NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
-CVE-2013-3629
-	RESERVED
-CVE-2013-3628
-	RESERVED
+CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...)
+	TODO: check
+CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...)
+	TODO: check
 CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...)
 	NOT-FOR-US: McAfee
 CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate  ...)
@@ -10270,8 +10268,8 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1)
 	NOT-FOR-US: Baramundi Management Suite
 CVE-2013-3592
 	RESERVED
-CVE-2013-3591
-	RESERVED
+CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...)
+	TODO: check
 CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...)
 	NOT-FOR-US: SearchBlox
 CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...)
@@ -11366,8 +11364,8 @@ CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRE
 	NOT-FOR-US: TRENDnet TEW-812DRU router
 CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...)
 	NOT-FOR-US: Verizon
-CVE-2013-3096
-	RESERVED
+CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...)
+	TODO: check
 CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...)
 	NOT-FOR-US: D-Link
 CVE-2013-3094
@@ -11376,8 +11374,8 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...)
 	NOT-FOR-US: ASUS RT-N56U devices
 CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...)
 	NOT-FOR-US: Belkin router
-CVE-2013-3091
-	RESERVED
+CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...)
+	TODO: check
 CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...)
 	NOT-FOR-US: Belkin N300 router
 CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
@@ -11431,8 +11429,8 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WN
 	NOT-FOR-US: NETGEAR devices
 CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...)
 	NOT-FOR-US: Linksys
-CVE-2013-3067
-	RESERVED
+CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...)
+	TODO: check
 CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict  ...)
 	NOT-FOR-US: Linksys
 CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...)
@@ -14374,11 +14372,9 @@ CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-
 CVE-2013-2010
 	RESERVED
 	NOT-FOR-US: W3 Total Cache
-CVE-2013-2009
-	RESERVED
+CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...)
 	NOT-FOR-US: WP Super Cache
-CVE-2013-2008
-	RESERVED
+CVE-2013-2008 (WordPress Super Cache Plugin 1.3 has XSS. ...)
 	NOT-FOR-US: WP Super Cache
 CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when s ...)
 	- qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental)
@@ -16897,8 +16893,8 @@ CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote att
 	NOT-FOR-US: Cisco IOS XR
 CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...)
 	NOT-FOR-US: Cisco ASA
-CVE-2013-1202
-	RESERVED
+CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...)
+	TODO: check
 CVE-2013-1201
 	RESERVED
 CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...)
@@ -19586,8 +19582,7 @@ CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote a
 CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...)
 	- piwik <itp> (bug #506933)
 	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
-CVE-2013-0192
-	RESERVED
+CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) &lt;= 2.0.3: Forum admin ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2013-0188
 	REJECTED