[Secure-testing-commits] r19995 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Aug 20 21:14:21 UTC 2012
Author: joeyh
Date: 2012-08-20 21:14:21 +0000 (Mon, 20 Aug 2012)
New Revision: 19995
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-20 16:43:33 UTC (rev 19994)
+++ data/CVE/list 2012-08-20 21:14:21 UTC (rev 19995)
@@ -1,3 +1,19 @@
+CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
+ TODO: check
+CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
+ TODO: check
+CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 ...)
+ TODO: check
+CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog ...)
+ TODO: check
+CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...)
+ TODO: check
+CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...)
+ TODO: check
+CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog ...)
+ TODO: check
+CVE-2012-4352
+ RESERVED
CVE-2012-XXXX [geshi XSS in contrib/langwiz.php]
- geshi <unfixed> (bug #685323)
[squeeze] - geshi <no-dsa> (shipped as example/.gz)
@@ -753,10 +769,10 @@
RESERVED
CVE-2012-4008
RESERVED
-CVE-2012-4007
- RESERVED
-CVE-2012-4006
- RESERVED
+CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...)
+ TODO: check
+CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...)
+ TODO: check
CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...)
NOT-FOR-US: NHN Japan NAVER LINE
CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...)
@@ -1171,7 +1187,7 @@
- packagekit <unfixed> (bug #678189)
CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
NOT-FOR-US: WinRadius
-CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14 and ...)
+CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA ...)
NOT-FOR-US: Sielco Sistemi Winlog
CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...)
NOT-FOR-US: Wordpress plugin
@@ -1795,10 +1811,12 @@
CVE-2012-3509
RESERVED
CVE-2012-3508 [SA50279: roundcube multiple XSS]
+ RESERVED
- roundcube <unfixed>
NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/08/20/2
NOTE: http://trac.roundcube.net/ticket/1488613
CVE-2012-3507 [SA50212: roundcube 0.8 XSS]
+ RESERVED
- roundcube <not-affected> (only affects rc versions of 0.8)
NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/08/20/2
NOTE: http://trac.roundcube.net/ticket/1488519
@@ -1815,6 +1833,7 @@
CVE-2012-3502
RESERVED
CVE-2012-3501
+ RESERVED
- squidclamav <unfixed> (bug #685398)
CVE-2012-3500
RESERVED
@@ -2126,6 +2145,7 @@
RESERVED
- gimp <unfixed> (bug #685397)
CVE-2012-3402 [Gimp PSD plug-in Heap-buffer overflow by decoding certain PSD headers]
+ RESERVED
- gimp 2.4.0~rc1-1
NOTE: Only affects 2.2 series
CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...)
@@ -2426,8 +2446,8 @@
RESERVED
CVE-2012-3297
RESERVED
-CVE-2012-3296
- RESERVED
+CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...)
+ TODO: check
CVE-2012-3295
RESERVED
CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...)
@@ -5020,8 +5040,8 @@
RESERVED
CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)
NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
-CVE-2012-2205
- RESERVED
+CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
+ TODO: check
CVE-2012-2204
RESERVED
CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...)
@@ -5092,18 +5112,18 @@
NOT-FOR-US: IBM System Storage DS Storage Manager
CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...)
NOT-FOR-US: WebSphere
-CVE-2012-2169
- RESERVED
-CVE-2012-2168
- RESERVED
+CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload ...)
+ TODO: check
+CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 ...)
+ TODO: check
CVE-2012-2167
RESERVED
CVE-2012-2166
RESERVED
-CVE-2012-2165
- RESERVED
-CVE-2012-2164
- RESERVED
+CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, ...)
+ TODO: check
+CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...)
+ TODO: check
CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 ...)
NOT-FOR-US: IBM Scale Out Network Attached Storage
CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...)
@@ -8640,8 +8660,8 @@
RESERVED
CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...)
NOT-FOR-US: IBM AIX
-CVE-2012-0744
- RESERVED
+CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...)
+ TODO: check
CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...)
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
More information about the Secure-testing-commits
mailing list