[Secure-testing-commits] r19958 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Aug 15 21:14:18 UTC 2012
Author: joeyh
Date: 2012-08-15 21:14:18 +0000 (Wed, 15 Aug 2012)
New Revision: 19958
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-15 19:00:50 UTC (rev 19957)
+++ data/CVE/list 2012-08-15 21:14:18 UTC (rev 19958)
@@ -1,3 +1,109 @@
+CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) ...)
+ TODO: check
+CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method in the ...)
+ TODO: check
+CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers ...)
+ TODO: check
+CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x ...)
+ TODO: check
+CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote ...)
+ TODO: check
+CVE-2012-4329 (The Samsung D6000 TV and possibly other products allow remote ...)
+ TODO: check
+CVE-2012-4328 (Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through ...)
+ TODO: check
+CVE-2012-4327 (Unspecified vulnerability in the Image News slider plugin before 3.3 ...)
+ TODO: check
+CVE-2012-4326 (Cross-site request forgery (CSRF) vulnerability in commonsettings.php ...)
+ TODO: check
+CVE-2012-4325 (Cross-site request forgery (CSRF) vulnerability in upload/users.php in ...)
+ TODO: check
+CVE-2012-4324 (Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation ...)
+ TODO: check
+CVE-2012-4323
+ RESERVED
+CVE-2012-4322
+ RESERVED
+CVE-2012-4321
+ RESERVED
+CVE-2012-4320
+ RESERVED
+CVE-2012-4319
+ RESERVED
+CVE-2012-4318
+ RESERVED
+CVE-2012-4317
+ RESERVED
+CVE-2012-4316
+ RESERVED
+CVE-2012-4315
+ RESERVED
+CVE-2012-4314
+ RESERVED
+CVE-2012-4313
+ RESERVED
+CVE-2012-4312
+ RESERVED
+CVE-2012-4311
+ RESERVED
+CVE-2012-4310
+ RESERVED
+CVE-2012-4309
+ RESERVED
+CVE-2012-4308
+ RESERVED
+CVE-2012-4307
+ RESERVED
+CVE-2012-4306
+ RESERVED
+CVE-2012-4305
+ RESERVED
+CVE-2012-4304
+ RESERVED
+CVE-2012-4303
+ RESERVED
+CVE-2012-4302
+ RESERVED
+CVE-2012-4301
+ RESERVED
+CVE-2012-4300
+ RESERVED
+CVE-2012-4299
+ RESERVED
+CVE-2012-4298
+ RESERVED
+CVE-2012-4297
+ RESERVED
+CVE-2012-4296
+ RESERVED
+CVE-2012-4295
+ RESERVED
+CVE-2012-4294
+ RESERVED
+CVE-2012-4293
+ RESERVED
+CVE-2012-4292
+ RESERVED
+CVE-2012-4291
+ RESERVED
+CVE-2012-4290
+ RESERVED
+CVE-2012-4289
+ RESERVED
+CVE-2012-4288
+ RESERVED
+CVE-2012-4287
+ RESERVED
+CVE-2012-4286
+ RESERVED
+CVE-2012-4285
+ RESERVED
+CVE-2012-4284
+ RESERVED
+CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter ...)
+ TODO: check
CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...)
TODO: check
CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows ...)
@@ -251,38 +357,38 @@
RESERVED
CVE-2012-4163
RESERVED
-CVE-2012-4162
- RESERVED
-CVE-2012-4161
- RESERVED
-CVE-2012-4160
- RESERVED
-CVE-2012-4159
- RESERVED
-CVE-2012-4158
- RESERVED
-CVE-2012-4157
- RESERVED
-CVE-2012-4156
- RESERVED
-CVE-2012-4155
- RESERVED
-CVE-2012-4154
- RESERVED
-CVE-2012-4153
- RESERVED
-CVE-2012-4152
- RESERVED
-CVE-2012-4151
- RESERVED
-CVE-2012-4150
- RESERVED
-CVE-2012-4149
- RESERVED
-CVE-2012-4148
- RESERVED
-CVE-2012-4147
- RESERVED
+CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef ...)
- chef 0.10.10-1
CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef ...)
@@ -1709,6 +1815,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
CVE-2012-3478
RESERVED
+ {DSA-2530-1}
- rssh 2.3.3-5
CVE-2012-3477
RESERVED
@@ -3955,20 +4062,20 @@
RESERVED
CVE-2012-2528
RESERVED
-CVE-2012-2527
- RESERVED
-CVE-2012-2526
- RESERVED
+CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
+ TODO: check
+CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
+ TODO: check
CVE-2012-2525
RESERVED
-CVE-2012-2524
- RESERVED
-CVE-2012-2523
- RESERVED
-CVE-2012-2522
- RESERVED
-CVE-2012-2521
- RESERVED
+CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...)
+ TODO: check
+CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...)
+ TODO: check
+CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
+ TODO: check
+CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
+ TODO: check
CVE-2012-2520
RESERVED
CVE-2012-2519
@@ -4631,8 +4738,7 @@
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node Gallery ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2304 [Drupal SA-CONTRIB-2012-067 - Linkit - Access bypass]
- RESERVED
+CVE-2012-2304 (The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce ...)
NOT-FOR-US: Drupal addon not packaged
@@ -4641,14 +4747,11 @@
CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution]
RESERVED
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2300 [Drupal SA-CONTRIB-2012-064 - Ubercart - XSS]
- RESERVED
+CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2299 [Drupal SA-CONTRIB-2012-064 - Ubercart - failure to encrypt data]
- RESERVED
+CVE-2012-2299 (The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2298 [Drupal SA-CONTRIB-2012-063 - RealName - XSS]
- RESERVED
+CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the RealName ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2297 [Drupal SA-CONTRIB-2012-062 - Creative Commons - XSS]
RESERVED
@@ -4848,10 +4951,10 @@
NOTE: CVE id requested
CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a ...)
NOT-FOR-US: Sony Bravia
-CVE-2012-2209
- RESERVED
-CVE-2012-2208
- RESERVED
+CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
+ TODO: check
+CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...)
+ TODO: check
CVE-2012-2207
RESERVED
CVE-2012-2206
@@ -4956,11 +5059,9 @@
RESERVED
CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 ...)
NOT-FOR-US: Plume CMS
-CVE-2012-2155 [Drupal SA-CONTRIB-2012-050 - CDN2 Video - CSRF]
- RESERVED
+CVE-2012-2155 (Cross-site request forgery (CSRF) vulnerability in the CDN2 Video ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2154 [Drupal SA-CONTRIB-2012-050 - CDN2 Video - XSS]
- RESERVED
+CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2153
RESERVED
@@ -4968,8 +5069,7 @@
{DSA-2498-1}
- dhcpcd 1:3.2.3-11 (bug #671265)
NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
-CVE-2012-2151 [multiple XSS]
- RESERVED
+CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x ...)
{DSA-2461-1}
- spip 2.1.13-1 (low; bug #671264)
CVE-2012-2150
@@ -5001,8 +5101,7 @@
NOTE: Uses the unaffected system libraries since 5.3.3
CVE-2012-2142
RESERVED
-CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read (snmpd crash)]
- RESERVED
+CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in ...)
- net-snmp 5.4.3~dfsg-2.5 (bug #672492)
NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...)
@@ -5017,8 +5116,7 @@
- linux 3.2.20-1
CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux ...)
- linux 3.2.20-1
-CVE-2012-2135 [Python UTF-16 decoder crasher]
- RESERVED
+CVE-2012-2135 (The utf-16 decoder in Python 3.1 through 3.3 does not update the ...)
- python3.1 <unfixed> (bug #670389)
- python3.2 3.2.3-1 (bug #670389)
- python3.3 <unfixed>
@@ -5159,10 +5257,10 @@
CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms in ...)
- libcommons-compress-java 1.4.1-1 (low; bug #674448)
[squeeze] - libcommons-compress-java <no-dsa> (Minor issue)
-CVE-2012-2097
- RESERVED
-CVE-2012-2096
- RESERVED
+CVE-2012-2097 (Cross-site request forgery (CSRF) vulnerability in the Autosave module ...)
+ TODO: check
+CVE-2012-2096 (The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not ...)
+ TODO: check
CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh mechanism in ...)
- horizon 2012.1-3
CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to overwrite ...)
@@ -5201,14 +5299,11 @@
CVE-2012-2083
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2082
- RESERVED
+CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2081
- RESERVED
+CVE-2012-2081 (The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2080
- RESERVED
+CVE-2012-2080 (Cross-site request forgery (CSRF) vulnerability in the Node Limit ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2079
RESERVED
@@ -5216,29 +5311,21 @@
CVE-2012-2078
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2077
- RESERVED
+CVE-2012-2077 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2076
- RESERVED
+CVE-2012-2076 (Cross-site scripting (XSS) vulnerability in the administration forms ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2075
- RESERVED
+CVE-2012-2075 (Cross-site scripting (XSS) vulnerability in the Contact Save module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2074
- RESERVED
+CVE-2012-2074 (Unspecified vulnerability in certain default views in the Ubercart ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2073
- RESERVED
+CVE-2012-2073 (The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2072
- RESERVED
+CVE-2012-2072 (Cross-site scripting (XSS) vulnerability in the Share Buttons ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2071
- RESERVED
+CVE-2012-2071 (Cross-site scripting (XSS) vulnerability in the Contact Forms module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2070
- RESERVED
+CVE-2012-2070 (Cross-site scripting (XSS) vulnerability in the MultiBlock module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2069
RESERVED
@@ -5296,24 +5383,24 @@
NOT-FOR-US: F5 Firepass
CVE-2012-2052
RESERVED
-CVE-2012-2051
- RESERVED
-CVE-2012-2050
- RESERVED
-CVE-2012-2049
- RESERVED
+CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
+ TODO: check
+CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...)
+ TODO: check
+CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
+ TODO: check
CVE-2012-2048
RESERVED
-CVE-2012-2047
- RESERVED
-CVE-2012-2046
- RESERVED
-CVE-2012-2045
- RESERVED
-CVE-2012-2044
- RESERVED
-CVE-2012-2043
- RESERVED
+CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
+ TODO: check
+CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
+ TODO: check
+CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
+ TODO: check
+CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
+ TODO: check
+CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
+ TODO: check
CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
NOT-FOR-US: Adobe Illustrator
CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ...)
@@ -5692,8 +5779,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...)
NOT-FOR-US: Microsoft XML Core Services
-CVE-2012-1888
- RESERVED
+CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...)
+ TODO: check
CVE-2012-1887
RESERVED
CVE-2012-1886
@@ -5756,20 +5843,20 @@
NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync
CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal ...)
NOT-FOR-US: Microsoft Dynamics AX
-CVE-2012-1856
- RESERVED
+CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in ...)
+ TODO: check
CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office ...)
NOT-FOR-US: Microsoft Office
-CVE-2012-1853
- RESERVED
-CVE-2012-1852
- RESERVED
-CVE-2012-1851
- RESERVED
-CVE-2012-1850
- RESERVED
+CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration Protocol ...)
+ TODO: check
+CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol (RAP) ...)
+ TODO: check
+CVE-2012-1851 (Format string vulnerability in the Print Spooler service in Microsoft ...)
+ TODO: check
+CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the ...)
+ TODO: check
CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 ...)
NOT-FOR-US: Microsoft Lync, Attendee,, Attendant
CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
@@ -5801,8 +5888,8 @@
CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow ...)
{DSA-2448-1}
- inspircd 2.0.5-0.1 (bug #667914)
-CVE-2012-1835
- RESERVED
+CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One ...)
+ TODO: check
CVE-2012-1834
RESERVED
CVE-2012-1833
@@ -6545,8 +6632,8 @@
RESERVED
CVE-2012-1536
RESERVED
-CVE-2012-1535
- RESERVED
+CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...)
+ TODO: check
CVE-2012-1534
RESERVED
CVE-2012-1533
@@ -6563,10 +6650,10 @@
RESERVED
CVE-2012-1527
RESERVED
-CVE-2012-1526
- RESERVED
-CVE-2012-1525
- RESERVED
+CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
+ TODO: check
+CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
+ TODO: check
CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
More information about the Secure-testing-commits
mailing list