[Secure-testing-commits] r20050 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Aug 30 06:44:21 UTC 2012
Author: jmm
Date: 2012-08-30 06:44:20 +0000 (Thu, 30 Aug 2012)
New Revision: 20050
Modified:
data/CVE/list
Log:
new munin issue (not in stable)
NFUs
ITP issues in silverstripe and newscoop
filed bugs for isc-dhcp
remove stray mod-rpaf temp entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-29 21:14:27 UTC (rev 20049)
+++ data/CVE/list 2012-08-30 06:44:20 UTC (rev 20050)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX
+ - juju 0.5.1-2 (bug #685728)
CVE-2012-4681 (Oracle Java 7 Update 6, and possibly other versions, allows remote ...)
- openjdk-7 <unfixed>
- openjdk-6 <unfixed>
@@ -2,25 +4,26 @@
CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...)
- TODO: check
+ NOT-FOR-US: IOServer
CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
- TODO: check
+ - newscoop <itp> (bug #604113)
CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, ...)
- TODO: check
+ - munin 2.0~rc6-1 (low; bug #668667)
+ [squeeze] - munin <not-affected> (Only affects 2.x branch)
CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
- TODO: check
+ NOT-FOR-US: PluXml
CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
- TODO: check
+ NOT-FOR-US: PluXml
CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...)
- TODO: check
+ NOT-FOR-US: Neoinvoice
CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
- TODO: check
+ NOT-FOR-US: Apple iChat Server
CVE-2012-4671 (psyced before 20120821 does not verify that a request was made for an ...)
- TODO: check
+ NOT-FOR-US: psyced
CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request was ...)
- TODO: check
+ NOT-FOR-US: Tigase
CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify ...)
- TODO: check
+ NOT-FOR-US: M-Link
CVE-2012-4666
@@ -146,131 +149,131 @@
CVE-2012-4607
RESERVED
CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2011-5123 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2011-5122 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2011-5121 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2011-5120 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 ...)
- TODO: check
+ NOT-FOR-US: Blue Coat
CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain ...)
- TODO: check
+ - silverstripe <itp> (bug #528461)
CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running ...)
- TODO: check
+ - silverstripe <itp> (bug #528461)
CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 ...)
- TODO: check
+ NOT-FOR-US: Anti virus snake oil
CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...)
- TODO: check
+ NOT-FOR-US: Comodo Internet Security
CVE-2012-XXXX [letodms XSS and CSRF]
- letodms 3.3.7+dfsg-1
NOTE: http://www.openwall.com/lists/oss-security/2012/08/27/10
@@ -279,35 +282,35 @@
CVE-2012-4606
RESERVED
CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, ...)
- TODO: check
+ NOT-FOR-US: Sophos SafeGuard
CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, ...)
- TODO: check
+ NOT-FOR-US: SetSeed CMS
CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and ...)
- TODO: check
+ NOT-FOR-US: DLguard
CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: DLguard
CVE-2011-5113 (SQL injection vulnerability in frontend/models/techfoliodetail.php in ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component before ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang ...)
- TODO: check
+ NOT-FOR-US: Kajian Website CMS
CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and ...)
- TODO: check
+ NOT-FOR-US: Blogs Manager
CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and ...)
- TODO: check
+ NOT-FOR-US: Freelancer calendar
CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS ...)
- TODO: check
+ NOT-FOR-US: AdaptCMS
CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus
CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script ...)
- TODO: check
+ NOT-FOR-US: Alurian Prismotube PHP Video Script
CVE-2012-4605 (The default configuration of the SMTP component in Websense Email ...)
NOT-FOR-US: Websense Email Security
CVE-2012-4604 (The TRITON management console in Websense Web Security before 7.6 ...)
@@ -321,29 +324,29 @@
CVE-2012-4600
RESERVED
CVE-2011-5102 (The Investigative Reports web interface in the TRITON management ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5122 (The Personal Email Manager component in Websense Email Security before ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager in ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3 does not ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2012-4599 (McAfee SmartFilter Administration, and SmartFilter Administration Bess ...)
NOT-FOR-US: McAfee SmartFilter Administration
CVE-2012-4598 (An unspecified ActiveX control in McAfee Virtual Technician (MVT) ...)
@@ -819,19 +822,19 @@
CVE-2012-4364
RESERVED
CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13 does not ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan Enterprise ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss Prevention ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 ...)
NOT-FOR-US: Adobe Reader
CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has ...)
@@ -1001,7 +1004,7 @@
CVE-2012-4284
RESERVED
CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...)
NOT-FOR-US: Login With Ajax plugin for Wordpress
CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows ...)
@@ -1060,19 +1063,17 @@
CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote ...)
NOT-FOR-US: jNews for Joomla!
CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: MySQLDumper
CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: MySQLDumper
CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 ...)
- TODO: check
+ NOT-FOR-US: MySQLDumper
CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: MySQLDumper
CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper ...)
- TODO: check
+ NOT-FOR-US: MySQLDumper
CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization function ...)
NOT-FOR-US: Samsung NET-i viewer
-CVE-2012-XXXX
- - libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on the ...)
NOT-FOR-US: Kindle Touch
CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...)
@@ -1098,11 +1099,11 @@
CVE-2012-4239
RESERVED
CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow ...)
- TODO: check
+ NOT-FOR-US: TCExam
CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page function ...)
- TODO: check
+ NOT-FOR-US: Total Shop UK eCommerce
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...)
NOT-FOR-US: Joomla addon
CVE-2012-4234
@@ -1491,7 +1492,7 @@
CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash player ...)
NOT-FOR-US: eZOE flash player not in Debian
CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before ...)
- TODO: check
+ NOT-FOR-US: Jease
CVE-2012-4051
RESERVED
CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for ...)
@@ -1523,7 +1524,7 @@
CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
- transmission 2.52-3 (bug #683380)
CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 ...)
- TODO: check
+ NOT-FOR-US: PBBoard
CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to ...)
NOT-FOR-US: PBBoard
CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote ...)
@@ -1776,8 +1777,7 @@
RESERVED
CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...)
{DSA-2519-2 DSA-2519-1 DSA-2516-1}
- - isc-dhcp <unfixed>
- NOTE: https://kb.isc.org/article/AA-00737
+ - isc-dhcp <unfixed> (bug #686174)
CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before ...)
NOT-FOR-US: phplist
CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...)
@@ -2573,12 +2573,10 @@
NOTE: Disputed NSS issue
CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows ...)
{DSA-2519-2 DSA-2519-1 DSA-2516-1}
- - isc-dhcp <unfixed>
- NOTE: https://kb.isc.org/article/AA-00712
+ - isc-dhcp <unfixed> (bug #686174)
CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is ...)
- - isc-dhcp <unfixed>
+ - isc-dhcp <unfixed> (bug #686174)
[squeeze] - isc-dhcp <not-affected> (Vulnerable code not present)
- NOTE: https://kb.isc.org/article/AA-00714
CVE-2012-3569
RESERVED
CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
@@ -2684,7 +2682,7 @@
CVE-2012-3526 [mod_rpaf dos]
RESERVED
{DSA-2532-1}
- - libapache2-mod-rpaf 0.6-1
+ - libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
- jabberd2 <unfixed> (bug #685666)
CVE-2012-3524
@@ -2801,15 +2799,15 @@
- postgresql-9.1 9.1.5-1
- postgresql-8.4 8.4.12-2
CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local users ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and ...)
- TODO: check
+ NOT-FOR-US: Tunnelblick
CVE-2012-3482 [fetchmail segfault in NTLM protocol exchange]
RESERVED
- fetchmail <unfixed> (low)
@@ -2831,7 +2829,7 @@
{DSA-2530-1}
- rssh 2.3.3-5
CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows ...)
- TODO: check
+ NOT-FOR-US: Neoinvoice
CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOT-FOR-US: Ushahidi
CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls ...)
@@ -3378,7 +3376,7 @@
CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...)
NOT-FOR-US: IBM WebSphere
CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...)
{DSA-2523-1}
- globus-gridftp-server 6.5-1
@@ -3991,7 +3989,7 @@
CVE-2012-2991
RESERVED
CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
- TODO: check
+ NOT-FOR-US: MarkAny ContentSAFER
CVE-2012-2989
RESERVED
CVE-2012-2988
@@ -4003,7 +4001,7 @@
CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in ...)
NOT-FOR-US: CuteSoft Cute Editor
CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2012-2983
RESERVED
CVE-2012-2982
@@ -5688,7 +5686,7 @@
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2012-2323
RESERVED
CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c ...)
@@ -5767,7 +5765,7 @@
CVE-2012-2290
RESERVED
CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2012-2288
RESERVED
CVE-2012-2287
@@ -5901,7 +5899,7 @@
CVE-2012-2228
RESERVED
CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...)
- TODO: check
+ NOT-FOR-US: PluXml
CVE-2012-2226
RESERVED
CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...)
@@ -6684,11 +6682,11 @@
CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...)
NOT-FOR-US: Disputed Wordpress issue
CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x ...)
- TODO: check
+ - newscoop <itp> (bug #604113)
CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop ...)
- TODO: check
+ - newscoop <itp> (bug #604113)
CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x ...)
- TODO: check
+ - newscoop <itp> (bug #604113)
CVE-2012-1932
RESERVED
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft ...)
More information about the Secure-testing-commits
mailing list