[Secure-testing-commits] r20680 - data/CVE

Wed Dec 19 21:14:43 UTC 2012

Author: joeyh
Date: 2012-12-19 21:14:43 +0000 (Wed, 19 Dec 2012)
New Revision: 20680

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-12-19 15:48:07 UTC (rev 20679)
+++ data/CVE/list	2012-12-19 21:14:43 UTC (rev 20680)
@@ -1,4 +1,109 @@
+CVE-2013-0650
+	RESERVED
+CVE-2013-0649
+	RESERVED
+CVE-2013-0648
+	RESERVED
+CVE-2013-0647
+	RESERVED
+CVE-2013-0646
+	RESERVED
+CVE-2013-0645
+	RESERVED
+CVE-2013-0644
+	RESERVED
+CVE-2013-0643
+	RESERVED
+CVE-2013-0642
+	RESERVED
+CVE-2013-0641
+	RESERVED
+CVE-2013-0640
+	RESERVED
+CVE-2013-0639
+	RESERVED
+CVE-2013-0638
+	RESERVED
+CVE-2013-0637
+	RESERVED
+CVE-2013-0636
+	RESERVED
+CVE-2013-0635
+	RESERVED
+CVE-2013-0634
+	RESERVED
+CVE-2013-0633
+	RESERVED
+CVE-2013-0632
+	RESERVED
+CVE-2013-0631
+	RESERVED
+CVE-2013-0630
+	RESERVED
+CVE-2013-0629
+	RESERVED
+CVE-2013-0628
+	RESERVED
+CVE-2013-0627
+	RESERVED
+CVE-2013-0626
+	RESERVED
+CVE-2013-0625
+	RESERVED
+CVE-2013-0624
+	RESERVED
+CVE-2013-0623
+	RESERVED
+CVE-2013-0622
+	RESERVED
+CVE-2013-0621
+	RESERVED
+CVE-2013-0620
+	RESERVED
+CVE-2013-0619
+	RESERVED
+CVE-2013-0618
+	RESERVED
+CVE-2013-0617
+	RESERVED
+CVE-2013-0616
+	RESERVED
+CVE-2013-0615
+	RESERVED
+CVE-2013-0614
+	RESERVED
+CVE-2013-0613
+	RESERVED
+CVE-2013-0612
+	RESERVED
+CVE-2013-0611
+	RESERVED
+CVE-2013-0610
+	RESERVED
+CVE-2013-0609
+	RESERVED
+CVE-2013-0608
+	RESERVED
+CVE-2013-0607
+	RESERVED
+CVE-2013-0606
+	RESERVED
+CVE-2013-0605
+	RESERVED
+CVE-2013-0604
+	RESERVED
+CVE-2013-0603
+	RESERVED
+CVE-2013-0602
+	RESERVED
+CVE-2013-0601
+	RESERVED
+CVE-2012-6428
+	RESERVED
+CVE-2012-6427
+	RESERVED
 CVE-2012-6426 [lemonldap-ng: SAML messages signatures are not verified]
+	RESERVED
 	- lemonldap-ng <unfixed> (bug #696329)
 CVE-2013-0600
 	RESERVED
@@ -2111,8 +2216,8 @@
 	RESERVED
 CVE-2012-6008
 	RESERVED
-CVE-2012-6007
-	RESERVED
+CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2012-6006
 	RESERVED
 CVE-2012-6005
@@ -2141,10 +2246,10 @@
 	RESERVED
 CVE-2012-5993
 	RESERVED
-CVE-2012-5992
-	RESERVED
-CVE-2012-5991
-	RESERVED
+CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...)
+	TODO: check
+CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller ...)
+	TODO: check
 CVE-2012-5990
 	RESERVED
 CVE-2012-5989
@@ -2167,8 +2272,8 @@
 	RESERVED
 CVE-2012-5980
 	RESERVED
-CVE-2012-5978
-	RESERVED
+CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View ...)
+	TODO: check
 CVE-2012-5977
 	RESERVED
 CVE-2012-5976
@@ -2183,14 +2288,14 @@
 	RESERVED
 CVE-2012-5971
 	RESERVED
-CVE-2012-5970
-	RESERVED
-CVE-2012-5969
-	RESERVED
-CVE-2012-5968
-	RESERVED
-CVE-2012-5967
-	RESERVED
+CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 device ...)
+	TODO: check
+CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...)
+	TODO: check
+CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through ...)
+	TODO: check
 CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows ...)
 	NOT-FOR-US: D-Link DSL2730U router
 CVE-2012-5965
@@ -2833,10 +2938,10 @@
 	RESERVED
 CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision ...)
 	NOT-FOR-US: Invision Power Board
-CVE-2012-5691
-	RESERVED
-CVE-2012-5690
-	RESERVED
+CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and ...)
+	TODO: check
+CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 ...)
+	TODO: check
 CVE-2012-5689
 	RESERVED
 CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 ...)
@@ -4140,10 +4245,10 @@
 	RESERVED
 CVE-2012-5179
 	RESERVED
-CVE-2012-5178
-	RESERVED
-CVE-2012-5177
-	RESERVED
+CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin ...)
+	TODO: check
+CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before ...)
+	TODO: check
 CVE-2012-5176 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT ...)
 	NOT-FOR-US: KENT-WEB ACCESS REPORT
 CVE-2012-5175 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 ...)
@@ -4918,12 +5023,12 @@
 	NOT-FOR-US: Websphere
 CVE-2012-4849
 	RESERVED
-CVE-2012-4848
-	RESERVED
+CVE-2012-4848 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
+	TODO: check
 CVE-2012-4847 (IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote ...)
 	NOT-FOR-US: IBM Cognos Business Intelligence
-CVE-2012-4846
-	RESERVED
+CVE-2012-4846 (IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly ...)
+	TODO: check
 CVE-2012-4845 (The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does ...)
 	NOT-FOR-US: AIX
 CVE-2012-4844
@@ -6016,8 +6121,7 @@
 CVE-2012-4535 (Xen 3.4 through 4.2, and possibly earlier versions, allows local guest ...)
 	{DSA-2582-1}
 	- xen 4.1.3-4
-CVE-2012-4534
-	RESERVED
+CVE-2012-4534 (org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x ...)
 	- tomcat7 7.0.28-1 (bug #695251)
 	- tomcat6 6.0.35-6 (bug #695250)
 CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the ...)
@@ -6313,8 +6417,7 @@
 	NOTE: http://seclists.org/oss-sec/2012/q4/215
 CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x ...)
 	- optipng <not-affected> (Introduced in 0.7, bug #687998)
-CVE-2012-4431
-	RESERVED
+CVE-2012-4431 (org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...)
 	- tomcat7 7.0.28-4 (bug #695251)
 	- tomcat6 6.0.35-6 (bug #695250)
 CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...)
@@ -6569,13 +6672,13 @@
 	RESERVED
 CVE-2012-4351
 	RESERVED
-CVE-2012-4350
-	RESERVED
-CVE-2012-4349 (Unspecified vulnerability in Symantec Network Access Control allows ...)
+CVE-2012-4350 (Multiple unquoted Windows search path vulnerabilities in the (1) ...)
+	TODO: check
+CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access ...)
 	NOT-FOR-US: Symantec Network Access Control
-CVE-2012-4348
-	RESERVED
-CVE-2012-4347 (Multiple directory traversal vulnerabilities in Symantec Messaging ...)
+CVE-2012-4348 (The management console in Symantec Endpoint Protection (SEP) 11.0 ...)
+	TODO: check
+CVE-2012-4347 (Multiple directory traversal vulnerabilities in the management console ...)
 	NOT-FOR-US: Symantec
 CVE-2012-4346
 	RESERVED
@@ -8430,11 +8533,11 @@
 	RESERVED
 CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...)
 	NOT-FOR-US: Symantec PGP Universal Server
-CVE-2012-3581 (Symantec Messaging Gateway before 10.0 allows remote attackers to ...)
+CVE-2012-3581 (Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers ...)
 	NOT-FOR-US: Symantec Messaging Gateway
-CVE-2012-3580 (Symantec Messaging Gateway before 10.0 allows remote authenticated ...)
+CVE-2012-3580 (Symantec Messaging Gateway (SMG) before 10.0 allows remote ...)
 	NOT-FOR-US: Symantec Messaging Gateway
-CVE-2012-3579 (Symantec Messaging Gateway before 10.0 has a default password for an ...)
+CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password ...)
 	NOT-FOR-US: Symantec Messaging Gateway
 CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the ...)
 	NOT-FOR-US: Wordpress plugin
@@ -8511,8 +8614,7 @@
 CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...)
 	{DSA-2546-1}
 	- freeradius 2.1.12+dfsg-1.1 (medium; bug #687175)
-CVE-2012-3546
-	RESERVED
+CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before ...)
 	- tomcat7 7.0.28-4 (bug #695251)
 	- tomcat6 6.0.35-6 (bug #695250)
 CVE-2012-3545
@@ -9189,8 +9291,8 @@
 	RESERVED
 CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before ...)
 	NOT-FOR-US: IBM WebSphere Application Server
-CVE-2012-3329
-	RESERVED
+CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 ...)
+	TODO: check
 CVE-2012-3328
 	RESERVED
 CVE-2012-3327
@@ -78296,7 +78398,7 @@
 	[etch] - vmware-package <no-dsa> (Contrib not supported)
 	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
 	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
-CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...)
+CVE-2007-5618 (Unquoted Windows search path vulnerability in the Authorization and ...)
 	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 	[etch] - vmware-package <no-dsa> (Contrib not supported)
 CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)


