[Secure-testing-commits] r19940 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Aug 13 21:14:18 UTC 2012 

Author: joeyh
Date: 2012-08-13 21:14:18 +0000 (Mon, 13 Aug 2012)
New Revision: 19940

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-13 20:15:25 UTC (rev 19939)
+++ data/CVE/list	2012-08-13 21:14:18 UTC (rev 19940)
@@ -1,3 +1,13 @@
+CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on the ...)
+	TODO: check
+CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...)
+	TODO: check
+CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2012-4245
+	RESERVED
 CVE-2012-XXXX [fetchmail segfault in NTLM protocol exchange]
 	NOTE: CVE-identifier requested http://www.openwall.com/lists/oss-security/2012/08/13/9
 	NOTE: http://www.fetchmail.info/fetchmail-SA-2012-02.txt
@@ -376,10 +386,10 @@
 	RESERVED
 CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...)
 	TODO: check
-CVE-2012-4070
-	RESERVED
-CVE-2012-4069
-	RESERVED
+CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...)
+	TODO: check
+CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with ...)
+	TODO: check
 CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix ...)
 	NOT-FOR-US: Citrix
 CVE-2012-4067
@@ -447,10 +457,10 @@
 	- transmission 2.52-3 (bug #683380)
 CVE-2012-4036
 	RESERVED
-CVE-2012-4035
-	RESERVED
-CVE-2012-4034
-	RESERVED
+CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to ...)
+	TODO: check
+CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote ...)
+	TODO: check
 CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before ...)
 	NOT-FOR-US: Google Chrome OS
 CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x ...)
@@ -638,10 +648,10 @@
 	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
 	- isc-dhcp <unfixed>
 	NOTE: https://kb.isc.org/article/AA-00737
-CVE-2012-3953
-	RESERVED
-CVE-2012-3952
-	RESERVED
+CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before ...)
+	TODO: check
+CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...)
+	TODO: check
 CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL ...)
 	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-3950
@@ -1628,24 +1638,24 @@
 	- rssh 2.3.3-5
 CVE-2012-3477
 	RESERVED
-CVE-2012-3476
-	RESERVED
-CVE-2012-3475
-	RESERVED
-CVE-2012-3474
-	RESERVED
-CVE-2012-3473
-	RESERVED
-CVE-2012-3472
-	RESERVED
-CVE-2012-3471
-	RESERVED
-CVE-2012-3470
-	RESERVED
-CVE-2012-3469
-	RESERVED
-CVE-2012-3468
-	RESERVED
+CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	TODO: check
+CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls ...)
+	TODO: check
+CVE-2012-3474 (The comments API in ...)
+	TODO: check
+CVE-2012-3473 (The (1) reports API and (2) administration feature in the comments API ...)
+	TODO: check
+CVE-2012-3472 (The email API in application/libraries/api/MY_Email_Api_Object.php in ...)
+	TODO: check
+CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in (1) ...)
+	TODO: check
+CVE-2012-3470 (Multiple SQL injection vulnerabilities in ...)
+	TODO: check
+CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
+	TODO: check
+CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
+	TODO: check
 CVE-2012-3467
 	RESERVED
 	- qpid-cpp 0.16-7 (bug #684456)
@@ -1676,8 +1686,7 @@
 	RESERVED
 CVE-2012-3458
 	RESERVED
-CVE-2012-3457
-	RESERVED
+CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...)
 	- pnp4nagios <unfixed> (low; bug #683879)
 CVE-2012-3456
 	RESERVED
@@ -1694,6 +1703,7 @@
 CVE-2012-3451
 	RESERVED
 CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...)
+	{DSA-2527-1}
 	- php5 <unfixed> (bug #683694)
 	NOTE: http://seclists.org/bugtraq/2012/Jun/60
 	NOTE: https://bugs.php.net/bug.php?id=61755
@@ -2500,8 +2510,8 @@
 	NOT-FOR-US: Oracle Database Server
 CVE-2012-3133
 	RESERVED
-CVE-2012-3132
-	RESERVED
+CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3, ...)
+	TODO: check
 CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...)
 	NOT-FOR-US: Oracle Sun Solaris
 CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
@@ -2832,20 +2842,20 @@
 	RESERVED
 CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attackers ...)
 	NOT-FOR-US: Synel terminal
-CVE-2012-2969
-	RESERVED
-CVE-2012-2968
-	RESERVED
-CVE-2012-2967
-	RESERVED
-CVE-2012-2966
-	RESERVED
-CVE-2012-2965
-	RESERVED
-CVE-2012-2964
-	RESERVED
-CVE-2012-2963
-	RESERVED
+CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows remote ...)
+	TODO: check
+CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as distributed in ...)
+	TODO: check
+CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not ...)
+	TODO: check
+CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29, overwrites ...)
+	TODO: check
+CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not ...)
+	TODO: check
+CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext ...)
+	TODO: check
+CVE-2012-2963 (The administrative interface in the embedded web server on the ...)
+	TODO: check
 CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer ...)
 	NOT-FOR-US: Dell SonicWALL Scrutinizer
 CVE-2012-2961 (SQL injection vulnerability in the management console in Symantec Web ...)
@@ -3510,6 +3520,7 @@
 CVE-2012-2689
 	RESERVED
 CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the ...)
+	{DSA-2527-1}
 	- php5 5.4.4-4 (low; bug #683274)
 CVE-2012-2687 [apache mod_negotiation XSS]
 	RESERVED
@@ -3722,8 +3733,8 @@
 	NOT-FOR-US: Bradford Network Sentry
 CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote ...)
 	NOT-FOR-US: CollabNet ScrumWorks Pro
-CVE-2012-2602
-	RESERVED
+CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
 CVE-2012-2601
 	RESERVED
 CVE-2012-2600
@@ -3746,20 +3757,20 @@
 	RESERVED
 CVE-2012-2591
 	RESERVED
-CVE-2012-2590
-	RESERVED
+CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...)
+	TODO: check
 CVE-2012-2589
 	RESERVED
 CVE-2012-2588
 	RESERVED
-CVE-2012-2587
-	RESERVED
+CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...)
+	TODO: check
 CVE-2012-2586
 	RESERVED
-CVE-2012-2585
-	RESERVED
-CVE-2012-2584
-	RESERVED
+CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
+	TODO: check
+CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...)
+	TODO: check
 CVE-2012-2583
 	RESERVED
 CVE-2012-2582
@@ -3772,21 +3783,20 @@
 	RESERVED
 CVE-2012-2578
 	RESERVED
-CVE-2012-2577
-	RESERVED
+CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
+	TODO: check
 CVE-2012-2576
 	RESERVED
 CVE-2012-2575
 	RESERVED
 CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)
 	NOT-FOR-US: Symantec Web Gateway
-CVE-2012-2573
-	RESERVED
+CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-2572
 	RESERVED
-CVE-2012-2571
-	RESERVED
+CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail ...)
+	TODO: check
 CVE-2012-2570
 	RESERVED
 CVE-2012-2569

More information about the Secure-testing-commits mailing list