[Secure-testing-commits] r20041 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Aug 28 09:14:23 UTC 2012
Author: joeyh
Date: 2012-08-28 09:14:23 +0000 (Tue, 28 Aug 2012)
New Revision: 20041
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-28 05:55:58 UTC (rev 20040)
+++ data/CVE/list 2012-08-28 09:14:23 UTC (rev 20041)
@@ -1,7 +1,279 @@
+CVE-2012-4681 (Oracle Java 7 Update 6, and possibly other versions, allows remote ...)
+ TODO: check
+CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...)
+ TODO: check
+CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
+ TODO: check
+CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, ...)
+ TODO: check
+CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...)
+ TODO: check
+CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and ...)
+ TODO: check
+CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
+ TODO: check
+CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
+ TODO: check
+CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...)
+ TODO: check
+CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
+ TODO: check
+CVE-2012-4671 (psyced before 20120821 does not verify that a request was made for an ...)
+ TODO: check
+CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request was ...)
+ TODO: check
+CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify ...)
+ TODO: check
+CVE-2012-4666
+ RESERVED
+CVE-2012-4665
+ RESERVED
+CVE-2012-4664
+ RESERVED
+CVE-2012-4663
+ RESERVED
+CVE-2012-4662
+ RESERVED
+CVE-2012-4661
+ RESERVED
+CVE-2012-4660
+ RESERVED
+CVE-2012-4659
+ RESERVED
+CVE-2012-4658
+ RESERVED
+CVE-2012-4657
+ RESERVED
+CVE-2012-4656
+ RESERVED
+CVE-2012-4655
+ RESERVED
+CVE-2012-4654
+ RESERVED
+CVE-2012-4653
+ RESERVED
+CVE-2012-4652
+ RESERVED
+CVE-2012-4651
+ RESERVED
+CVE-2012-4650
+ RESERVED
+CVE-2012-4649
+ RESERVED
+CVE-2012-4648
+ RESERVED
+CVE-2012-4647
+ RESERVED
+CVE-2012-4646
+ RESERVED
+CVE-2012-4645
+ RESERVED
+CVE-2012-4644
+ RESERVED
+CVE-2012-4643
+ RESERVED
+CVE-2012-4642
+ RESERVED
+CVE-2012-4641
+ RESERVED
+CVE-2012-4640
+ RESERVED
+CVE-2012-4639
+ RESERVED
+CVE-2012-4638
+ RESERVED
+CVE-2012-4637
+ RESERVED
+CVE-2012-4636
+ RESERVED
+CVE-2012-4635
+ RESERVED
+CVE-2012-4634
+ RESERVED
+CVE-2012-4633
+ RESERVED
+CVE-2012-4632
+ RESERVED
+CVE-2012-4631
+ RESERVED
+CVE-2012-4630
+ RESERVED
+CVE-2012-4629
+ RESERVED
+CVE-2012-4628
+ RESERVED
+CVE-2012-4627
+ RESERVED
+CVE-2012-4626
+ RESERVED
+CVE-2012-4625
+ RESERVED
+CVE-2012-4624
+ RESERVED
+CVE-2012-4623
+ RESERVED
+CVE-2012-4622
+ RESERVED
+CVE-2012-4621
+ RESERVED
+CVE-2012-4620
+ RESERVED
+CVE-2012-4619
+ RESERVED
+CVE-2012-4618
+ RESERVED
+CVE-2012-4617
+ RESERVED
+CVE-2012-4616
+ RESERVED
+CVE-2012-4615
+ RESERVED
+CVE-2012-4614
+ RESERVED
+CVE-2012-4613
+ RESERVED
+CVE-2012-4612
+ RESERVED
+CVE-2012-4611
+ RESERVED
+CVE-2012-4610
+ RESERVED
+CVE-2012-4609
+ RESERVED
+CVE-2012-4608
+ RESERVED
+CVE-2012-4607
+ RESERVED
+CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before ...)
+ TODO: check
+CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 ...)
+ TODO: check
+CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before ...)
+ TODO: check
+CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...)
+ TODO: check
+CVE-2011-5123 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2011-5122 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2011-5121 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2011-5120 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before ...)
+ TODO: check
+CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before ...)
+ TODO: check
+CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management ...)
+ TODO: check
+CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...)
+ TODO: check
+CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG ...)
+ TODO: check
+CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 ...)
+ TODO: check
+CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain ...)
+ TODO: check
+CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running ...)
+ TODO: check
+CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...)
+ TODO: check
+CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials ...)
+ TODO: check
+CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite ...)
+ TODO: check
+CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on ...)
+ TODO: check
+CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows ...)
+ TODO: check
+CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro ...)
+ TODO: check
+CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP ...)
+ TODO: check
+CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control ...)
+ TODO: check
+CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on ...)
+ TODO: check
+CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows ...)
+ TODO: check
+CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows ...)
+ TODO: check
+CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on ...)
+ TODO: check
+CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...)
+ TODO: check
+CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...)
+ TODO: check
+CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite ...)
+ TODO: check
+CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on ...)
+ TODO: check
+CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security ...)
+ TODO: check
+CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on ...)
+ TODO: check
+CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...)
+ TODO: check
+CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP ...)
+ TODO: check
+CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus ...)
+ TODO: check
+CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 ...)
+ TODO: check
+CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP ...)
+ TODO: check
+CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...)
+ TODO: check
+CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on ...)
+ TODO: check
+CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...)
+ TODO: check
+CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...)
+ TODO: check
+CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on ...)
+ TODO: check
+CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 ...)
+ TODO: check
+CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows ...)
+ TODO: check
+CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 ...)
+ TODO: check
+CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite ...)
+ TODO: check
+CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on ...)
+ TODO: check
+CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on ...)
+ TODO: check
+CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 ...)
+ TODO: check
+CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before ...)
+ TODO: check
+CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not ...)
+ TODO: check
+CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote ...)
+ TODO: check
+CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...)
+ TODO: check
+CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...)
+ TODO: check
+CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers ...)
+ TODO: check
+CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
+CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...)
+ TODO: check
CVE-2012-XXXX [letodms XSS and CSRF]
- letodms <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2012/08/27/10
-CVE-2012-4667 [squidclamav XSS]
+CVE-2012-4667 (Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x ...)
- squidclamav <unfixed> (bug #685398)
CVE-2012-4606
RESERVED
@@ -1248,8 +1520,8 @@
RESERVED
CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
- transmission 2.52-3 (bug #683380)
-CVE-2012-4036
- RESERVED
+CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 ...)
+ TODO: check
CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to ...)
NOT-FOR-US: PBBoard
CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote ...)
@@ -2340,8 +2612,7 @@
RESERVED
{DSA-2532-1}
- libapache2-mod-rpaf 0.6-1
-CVE-2012-3525
- RESERVED
+CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
- jabberd2 <unfixed> (bug #685666)
CVE-2012-3524
RESERVED
@@ -2361,24 +2632,20 @@
RESERVED
- linux <unfixed>
- linux-2.6 <not-affected> (Introduced in 3.1)
-CVE-2012-3519
- RESERVED
+CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time ...)
- tor 0.2.3.20-rc-1 (low)
[squeeze] - tor <no-dsa> (Will be fixed in stable-proposed-updates)
-CVE-2012-3518
- RESERVED
+CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in ...)
- tor 0.2.3.20-rc-1 (low)
[squeeze] - tor <no-dsa> (Will be fixed in stable-proposed-updates)
-CVE-2012-3517
- RESERVED
+CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...)
- tor 0.2.3.20-rc-1 (low)
[squeeze] - tor <no-dsa> (Will be fixed in stable-proposed-updates)
CVE-2012-3516
RESERVED
CVE-2012-3515
RESERVED
-CVE-2012-3514
- RESERVED
+CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without ...)
- xml-light <unfixed> (bug #685584)
CVE-2012-3513 [remote execution as www-data]
RESERVED
@@ -2399,17 +2666,15 @@
- linux-2.6 2.6.20-1
CVE-2012-3509
RESERVED
-CVE-2012-4668 [SA50279: roundcube self XSS/issue 2b]
+CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...)
- roundcube <unfixed> (bug #685475)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
NOTE: http://trac.roundcube.net/ticket/1488613
-CVE-2012-3508 [SA50279: roundcube stored XSS/issue 2a]
- RESERVED
+CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...)
- roundcube 0.7.2-4 (bug #685475)
[squeeze] - roundcube <not-affected> (Vulnerable code not present)
NOTE: http://trac.roundcube.net/ticket/1488613
-CVE-2012-3507 [SA50212: roundcube 0.8 XSS]
- RESERVED
+CVE-2012-3507 (Cross-site scripting (XSS) vulnerability in ...)
- roundcube <not-affected> (only affects rc versions of 0.8)
NOTE: http://trac.roundcube.net/ticket/1488519
CVE-2012-3506
@@ -2420,14 +2685,12 @@
NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
CVE-2012-3504
RESERVED
-CVE-2012-3503
- RESERVED
+CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly ...)
NOT-FOR-US: Katello
CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp ...)
- apache2 <not-affected> (Only affects 2.4 from experimental)
NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
-CVE-2012-3501
- RESERVED
+CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c in ...)
- squidclamav <unfixed> (bug #685398)
CVE-2012-3500
RESERVED
@@ -2461,31 +2724,28 @@
{DSA-2534-1}
- postgresql-9.1 9.1.5-1
- postgresql-8.4 8.4.12-2
-CVE-2012-3487
- RESERVED
-CVE-2012-3486
- RESERVED
-CVE-2012-3485
- RESERVED
-CVE-2012-3484
- RESERVED
-CVE-2012-3483
- RESERVED
+CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local users ...)
+ TODO: check
+CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...)
+ TODO: check
+CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the ...)
+ TODO: check
+CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific ...)
+ TODO: check
+CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and ...)
+ TODO: check
CVE-2012-3482 [fetchmail segfault in NTLM protocol exchange]
RESERVED
- fetchmail <unfixed> (low)
NOTE: http://www.fetchmail.info/fetchmail-SA-2012-02.txt
-CVE-2012-3481 [gimp gif plug-in heap-based buffer overflow]
- RESERVED
+CVE-2012-3481 (Integer overflow in the ReadImage function in ...)
- gimp <unfixed> (bug #685397)
NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572
-CVE-2012-3480
- RESERVED
+CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
- eglibc <unfixed> (bug #684889)
- glibc <removed>
-CVE-2012-3479 [GNU Emacs file-local variables]
- RESERVED
+CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically ...)
- emacs23 <unfixed> (bug #684695)
- emacs24 <unfixed> (bug #684694)
NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
@@ -2494,8 +2754,8 @@
RESERVED
{DSA-2530-1}
- rssh 2.3.3-5
-CVE-2012-3477
- RESERVED
+CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows ...)
+ TODO: check
CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Ushahidi
CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls ...)
@@ -2514,8 +2774,7 @@
NOT-FOR-US: Ushahidi
CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
NOT-FOR-US: Ushahidi
-CVE-2012-3467
- RESERVED
+CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...)
- qpid-cpp 0.16-7 (bug #684456)
CVE-2012-3466 [gpg passphrases cached forever]
RESERVED
@@ -2597,8 +2856,7 @@
NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
-CVE-2012-3441 [insecure permissions in DB creation script]
- RESERVED
+CVE-2012-3441 (The database creation script ...)
- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux ...)
- sudo <not-affected> (Red Hat-specific postinst script)
@@ -2653,27 +2911,22 @@
- icedtea-web <unfixed>
CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin before ...)
- icedtea-web <unfixed>
-CVE-2012-3421 [pcp: incorrect event-driven programming]
- RESERVED
+CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) ...)
{DSA-2533-1}
- pcp 3.6.5 (bug #685476)
-CVE-2012-3420 [pcp: memory leaks]
- RESERVED
+CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow ...)
{DSA-2533-1}
- pcp 3.6.5 (bug #685476)
-CVE-2012-3419 [pcp: information disclosure]
- RESERVED
+CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file ...)
{DSA-2533-1}
- pcp 3.6.5 (bug #685476)
-CVE-2012-3418 [pcp: multiple integer and heap-based overflows]
- RESERVED
+CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote ...)
{DSA-2533-1}
- pcp 3.6.5 (bug #685476)
CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota ...)
- quota 4.00~pre1-1
NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version
-CVE-2012-3416
- RESERVED
+CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based ...)
- condor 7.8.2~dfsg.1-1 (bug #685366)
CVE-2012-3415
RESERVED
@@ -2696,8 +2949,7 @@
RESERVED
- dnsmasq <unfixed> (low; bug #683372)
[squeeze] - dnsmasq <no-dsa> (Minor issue)
-CVE-2012-3410
- RESERVED
+CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...)
- bash 4.2-4 (low)
[squeeze] - bash <no-dsa> (Minor issue)
CVE-2012-3409
@@ -2739,11 +2991,9 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
-CVE-2012-3403 [Gimp CEL plug-in heap buffer overflow when loading external palette files]
- RESERVED
+CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
- gimp <unfixed> (bug #685397)
-CVE-2012-3402 [Gimp PSD plug-in Heap-buffer overflow by decoding certain PSD headers]
- RESERVED
+CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD ...)
- gimp 2.4.0~rc1-1
NOTE: Only affects 2.2 series
CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...)
@@ -3663,8 +3913,8 @@
RESERVED
CVE-2012-2991
RESERVED
-CVE-2012-2990
- RESERVED
+CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
+ TODO: check
CVE-2012-2989
RESERVED
CVE-2012-2988
@@ -3675,8 +3925,8 @@
NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in ...)
NOT-FOR-US: CuteSoft Cute Editor
-CVE-2012-2984
- RESERVED
+CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2012-2983
RESERVED
CVE-2012-2982
@@ -5087,40 +5337,31 @@
- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5096 (** DISPUTED ** ...)
NOT-FOR-US: MyBB
-CVE-2010-5095 [SilverStripe escaping exploit]
- RESERVED
+CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under certain conditions]
- RESERVED
+CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5093 [SilverStripe privilege escalation exploit]
- RESERVED
+CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5092 [SilverStripe fixed password encryption when saving members through the "Add Member" dialog in the "Security" admin. The saving process was disregarding password encyrption and saving them as plaintext]
- RESERVED
+CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5091 [SilverStripe fixed a security issue where logged-in CMS authors were allowed to rename files with harmful extensions]
- RESERVED
+CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5090 [SilverStripe fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password]
- RESERVED
+CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5089 [SilverStripe information disclosure]
- RESERVED
+CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5088 [SilverStripe CSRF]
- RESERVED
+CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action requests through controller]
- RESERVED
+CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
@@ -5431,8 +5672,7 @@
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the RealName ...)
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2297 [Drupal SA-CONTRIB-2012-062 - Creative Commons - XSS]
- RESERVED
+CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the Creative ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x ...)
NOT-FOR-US: Drupal addon not packaged
@@ -5448,8 +5688,8 @@
RESERVED
CVE-2012-2290
RESERVED
-CVE-2012-2289
- RESERVED
+CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender ...)
+ TODO: check
CVE-2012-2288
RESERVED
CVE-2012-2287
@@ -5582,8 +5822,8 @@
RESERVED
CVE-2012-2228
RESERVED
-CVE-2012-2227
- RESERVED
+CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...)
+ TODO: check
CVE-2012-2226
RESERVED
CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...)
@@ -5759,12 +5999,10 @@
CVE-2012-2148
RESERVED
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2012-2147
- RESERVED
+CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a ...)
- munin 2.0~rc6-1 (bug #670811)
[squeeze] - munin <not-affected> (Vulnerable code not present)
-CVE-2012-2146
- RESERVED
+CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique ...)
- elixir <unfixed> (low; bug #670919)
CVE-2012-2145 [qpid DoS]
RESERVED
@@ -5817,13 +6055,11 @@
RESERVED
- polarssl 1.1.2-1
[squeeze] - polarssl <not-affected> (Introduced in 0.99-pre4)
-CVE-2012-2129 [dokuwiki doku.php 'target' param xss]
- RESERVED
+CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki ...)
- dokuwiki 0.0.20120125a-1 (low; bug #670917)
[squeeze] - dokuwiki <not-affected>
NOTE: http://secunia.com/advisories/48848/
-CVE-2012-2128
- RESERVED
+CVE-2012-2128 (** DISPUTED ** ...)
- dokuwiki 0.0.20120125a-1
NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
@@ -5876,8 +6112,7 @@
NOT-FOR-US: musl libc not in Debian
CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow ...)
- tiff 4.0.2-1 (bug #678140)
-CVE-2012-2112
- RESERVED
+CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in ...)
{DSA-2455-1}
- typo3-src 4.5.15+dfsg1-1 (bug #669158)
NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
@@ -5908,13 +6143,11 @@
CVE-2012-2105
RESERVED
NOT-FOR-US: tsheetx
-CVE-2012-2104
- RESERVED
+CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without ...)
- munin 2.0~rc6-1 (bug #668666)
[squeeze] - munin <not-affected> (Vulnerable code not present)
[lenny] - munin <not-affected> (Vulnerable code not present)
-CVE-2012-2103
- RESERVED
+CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite ...)
- munin 2.0~rc6-1 (bug #668778)
[squeeze] - munin <not-affected> (Vulnerable code not present)
[lenny] - munin <not-affected> (Vulnerable code not present)
@@ -6352,12 +6585,12 @@
- icedove 10.0.5-1
CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...)
NOT-FOR-US: Disputed Wordpress issue
-CVE-2012-1935
- RESERVED
-CVE-2012-1934
- RESERVED
-CVE-2012-1933
- RESERVED
+CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x ...)
+ TODO: check
+CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop ...)
+ TODO: check
+CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x ...)
+ TODO: check
CVE-2012-1932
RESERVED
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft ...)
@@ -6382,8 +6615,8 @@
NOT-FOR-US: RealNetworks Helix
CVE-2012-1922
RESERVED
-CVE-2012-1921
- RESERVED
+CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows ...)
NOT-FOR-US: AtMail
CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client in ...)
@@ -6435,8 +6668,7 @@
RESERVED
CVE-2012-1897
RESERVED
-CVE-2012-1586 [file enumeration possibility via mount.cifs]
- RESERVED
+CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the ...)
- cifs-utils 2:5.3-2 (low; bug #665923)
[squeeze] - cifs-utils <no-dsa> (Minor issue)
CVE-2012-1896
@@ -7181,7 +7413,7 @@
RESERVED
- drupal7 7.14-1 (bug #671402)
CVE-2012-1587
- RESERVED
+ REJECTED
NOTE: To be rejected
CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...)
- nova 2012-1~rc3-1 (bug #666888)
@@ -7797,8 +8029,8 @@
RESERVED
CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in main.php ...)
NOT-FOR-US: Contao
-CVE-2012-1296
- RESERVED
+CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2012-1295
RESERVED
CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote ...)
@@ -8074,17 +8306,14 @@
- pidgin 2.10.2-1 (low; bug #664030)
[squeeze] - pidgin <no-dsa> (Only exploitable by malicious server)
NOTE: http://pidgin.im/news/security/?id=61
-CVE-2012-1177 [libgdata did not verify SSL]
- RESERVED
+CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL ...)
{DSA-2482-1}
- libgdata 0.10.2-1 (bug #664032)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
-CVE-2012-1176 [buffer overflow in python-pyfribidi]
- RESERVED
+CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi ...)
- pyfribidi 0.11.0-1 (bug #663189)
[squeeze] - pyfribidi <no-dsa> (Minor issue)
-CVE-2012-1175 [gnash integer overflow]
- RESERVED
+CVE-2012-1175 (Integer overflow in the GnashImage::size method in ...)
{DSA-2435-1}
- gnash 0.8.10-5 (bug #664023)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
@@ -8935,8 +9164,7 @@
CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in ...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0855
- RESERVED
+CVE-2012-0855 (Heap-based buffer overflow in the get_sot function in the J2K decoder ...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before ...)
@@ -8957,8 +9185,7 @@
CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before ...)
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0849
- RESERVED
+CVE-2012-0849 (Integer overflow in the ff_j2k_dwt_init function in ...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function in ...)
@@ -10787,8 +11014,7 @@
RESERVED
- policykit-1 0.103-1
[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
-CVE-2011-4944 [python2.6: distutils world-readable password]
- RESERVED
+CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable ...)
- python2.7 2.7.3~rc2-2 (low; bug #650555)
- python2.6 <unfixed> (unimportant; bug #615118)
[squeeze] - python2.6 <no-dsa> (Minor issue)
@@ -11154,8 +11380,7 @@
- tomcat7 7.0.26-1
CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp before ...)
NOT-FOR-US: Winamp
-CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
- RESERVED
+CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts]
@@ -12003,8 +12228,8 @@
- openttd 1.1.5-1 (low)
NOTE: http://vcs.openttd.org/svn/changeset/23764
NOTE: http://security.openttd.org/en/CVE-2012-0049
-CVE-2012-0048
- RESERVED
+CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
NOT-FOR-US: Apache Wicket
CVE-2012-0046 [mediawiki info leak]
More information about the Secure-testing-commits
mailing list