[Secure-testing-commits] r20607 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Dec 4 21:14:18 UTC 2012
Author: joeyh
Date: 2012-12-04 21:14:18 +0000 (Tue, 04 Dec 2012)
New Revision: 20607
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-04 18:09:54 UTC (rev 20606)
+++ data/CVE/list 2012-12-04 21:14:18 UTC (rev 20607)
@@ -1,5 +1,8 @@
+CVE-2012-6065 (The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the ...)
+ TODO: check
+CVE-2012-6064 (Directory traversal vulnerability in ...)
+ TODO: check
CVE-2012-6063 (Double free vulnerability in the sftp_mkdir function in sftp.c in ...)
- {DSA-2577-1}
- libssh 0.5.3-1
CVE-2012-6062
RESERVED
@@ -663,10 +666,10 @@
NOT-FOR-US: ID-One COSMO
CVE-2012-XXXX [xscreensaver lock bypass]
- libpam-rsa <unfixed> (high; bug #693087)
-CVE-2012-5859
- RESERVED
-CVE-2012-5858
- RESERVED
+CVE-2012-5859 (Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to ...)
+ TODO: check
+CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address ...)
+ TODO: check
CVE-2012-5857
RESERVED
CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...)
@@ -1411,8 +1414,8 @@
- keystone 2012.1.1-11 (bug #694433)
CVE-2012-5570
RESERVED
-CVE-2012-5569
- RESERVED
+CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic ...)
+ TODO: check
CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...)
- tomcat6 <unfixed> (low)
[squeeze] - tomcat6 <no-dsa> (Minor issue)
@@ -1441,60 +1444,58 @@
CVE-2012-5560
RESERVED
NOT-FOR-US: MATE gnome fork
-CVE-2012-5559
- RESERVED
+CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...)
NOT-FOR-US: Drupal chaos tool addon
CVE-2012-5558
RESERVED
-CVE-2012-5557
- RESERVED
-CVE-2012-5556
- RESERVED
+CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before ...)
+ TODO: check
+CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2012-5555
RESERVED
-CVE-2012-5554
- RESERVED
-CVE-2012-5553
- RESERVED
-CVE-2012-5552
- RESERVED
-CVE-2012-5551
- RESERVED
-CVE-2012-5550
- RESERVED
-CVE-2012-5549
- RESERVED
-CVE-2012-5548
- RESERVED
-CVE-2012-5547
- RESERVED
+CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module ...)
+ TODO: check
+CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...)
+ TODO: check
+CVE-2012-5552 (The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before ...)
+ TODO: check
+CVE-2012-5551 (Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp ...)
+ TODO: check
+CVE-2012-5550 (SQL injection vulnerability in the Time Spent module 6.x and 7.x for ...)
+ TODO: check
+CVE-2012-5549 (Cross-site request forgery (CSRF) vulnerability in the Time Spent ...)
+ TODO: check
+CVE-2012-5548 (Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x ...)
+ TODO: check
+CVE-2012-5547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
CVE-2012-5546
RESERVED
-CVE-2012-5545
- RESERVED
-CVE-2012-5544
- RESERVED
-CVE-2012-5543
- RESERVED
-CVE-2012-5542
- RESERVED
-CVE-2012-5541
- RESERVED
-CVE-2012-5540
- RESERVED
-CVE-2012-5539
- RESERVED
-CVE-2012-5538
- RESERVED
-CVE-2012-5537
- RESERVED
+CVE-2012-5545 (Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis ...)
+ TODO: check
+CVE-2012-5544 (The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...)
+ TODO: check
+CVE-2012-5543 (The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a ...)
+ TODO: check
+CVE-2012-5542 (Cross-site request forgery (CSRF) vulnerability in the Commerce Extra ...)
+ TODO: check
+CVE-2012-5541 (Cross-site scripting (XSS) vulnerability in the Twitter Pull module ...)
+ TODO: check
+CVE-2012-5540 (Multiple cross-site scripting (XSS) vulnerabilities in the Hostip ...)
+ TODO: check
+CVE-2012-5539 (The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does ...)
+ TODO: check
+CVE-2012-5538 (Cross-site scripting (XSS) vulnerability in the FileField Sources ...)
+ TODO: check
+CVE-2012-5537 (The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal ...)
+ TODO: check
CVE-2012-5536
RESERVED
CVE-2012-5535
RESERVED
- gnome-system-log <not-affected> (Fedora-specific issue)
-CVE-2012-5534
- RESERVED
+CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through ...)
- weechat <unfixed>
CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd 1.4.32 ...)
- lighttpd 1.4.31-2
@@ -1754,8 +1755,8 @@
NOT-FOR-US: Subrion CMS
CVE-2012-5451
RESERVED
-CVE-2012-5450
- RESERVED
+CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
CVE-2012-5449
RESERVED
CVE-2012-5448
@@ -1911,8 +1912,8 @@
RESERVED
CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained ...)
- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
-CVE-2012-5367
- RESERVED
+CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow ...)
+ TODO: check
CVE-2012-5366
RESERVED
NOT-FOR-US: Mac OS X
@@ -2447,11 +2448,9 @@
RESERVED
CVE-2012-5139
RESERVED
-CVE-2012-5138
- RESERVED
+CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file paths, ...)
- chromium-browser <unfixed>
-CVE-2012-5137
- RESERVED
+CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before 23.0.1271.95 ...)
- chromium-browser <unfixed>
CVE-2012-5136 (Google Chrome before 23.0.1271.91 does not properly perform a cast of ...)
- chromium-browser <unfixed>
@@ -2468,8 +2467,8 @@
- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...)
- chromium-browser <unfixed>
-CVE-2012-5129
- RESERVED
+CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...)
+ TODO: check
CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
- libv8 <unfixed> (bug #694808)
CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...)
@@ -7042,8 +7041,7 @@
CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of ...)
{DSA-2531-1}
- xen 4.1.3-1 (bug #683279)
-CVE-2012-3432 [XSA-10: HVM guest user mode MMIO emulation DoS vulnerability]
- RESERVED
+CVE-2012-3432 (The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations ...)
{DSA-2531-1}
- xen 4.1.3-1 (bug #683279)
CVE-2012-3431 (The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss ...)
@@ -8223,8 +8221,7 @@
NOT-FOR-US: Pligg
CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: OSCommerce Online Merchant
-CVE-2012-2934
- RESERVED
+CVE-2012-2934 (Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, ...)
{DSA-2501-1}
- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-2933
@@ -11590,10 +11587,10 @@
RESERVED
- phppgadmin 5.0.4-1
[squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update)
-CVE-2012-1599
- RESERVED
-CVE-2012-1598
- RESERVED
+CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...)
+ TODO: check
+CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...)
+ TODO: check
CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...)
NOT-FOR-US: eZ Publish
CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
@@ -15681,8 +15678,7 @@
CVE-2012-0219 (Heap-based buffer overflow in the xioscan_readline function in ...)
- socat 1.7.1.3-1.3 (bug #672994)
NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
-CVE-2012-0218
- RESERVED
+CVE-2012-0218 (Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler ...)
{DSA-2501-1}
- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-0217 (The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, ...)
More information about the Secure-testing-commits
mailing list