[Secure-testing-commits] r20729 - data/CVE

Fri Dec 28 21:14:31 UTC 2012

Author: joeyh
Date: 2012-12-28 21:14:31 +0000 (Fri, 28 Dec 2012)
New Revision: 20729

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-12-28 21:11:12 UTC (rev 20728)
+++ data/CVE/list	2012-12-28 21:14:31 UTC (rev 20729)
@@ -647,8 +647,8 @@
 	RESERVED
 CVE-2012-6370
 	RESERVED
-CVE-2012-6369
-	RESERVED
+CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting ...)
+	TODO: check
 CVE-2012-6368
 	RESERVED
 CVE-2012-6367
@@ -3806,8 +3806,8 @@
 	RESERVED
 CVE-2012-5446
 	RESERVED
-CVE-2012-5445
-	RESERVED
+CVE-2012-5445 (The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 ...)
+	TODO: check
 CVE-2012-5444
 	RESERVED
 CVE-2012-5443
@@ -4972,8 +4972,8 @@
 	NOT-FOR-US: TomatoCart
 CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...)
 	NOT-FOR-US: Novell ZENworks
-CVE-2012-4932
-	RESERVED
+CVE-2012-4932 (Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices ...)
+	TODO: check
 CVE-2012-4931
 	RESERVED
 CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
@@ -6309,8 +6309,7 @@
 CVE-2012-4529
 	RESERVED
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
-CVE-2012-4528
-	RESERVED
+CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server ...)
 	- modsecurity-apache 2.6.6-5 (bug #691146)
 	- libapache-mod-security <removed>
 CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows ...)
@@ -8104,14 +8103,14 @@
 	RESERVED
 CVE-2012-3874
 	RESERVED
-CVE-2012-3873
-	RESERVED
-CVE-2012-3872
-	RESERVED
-CVE-2012-3871
-	RESERVED
-CVE-2012-3870
-	RESERVED
+CVE-2012-3873 (Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 ...)
+	TODO: check
+CVE-2012-3872 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...)
+	TODO: check
+CVE-2012-3871 (Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php ...)
+	TODO: check
+CVE-2012-3870 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: REDAXO
 CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...)
@@ -15801,14 +15800,14 @@
 	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
 	NOT-FOR-US: IBM Tivoli Event Pump
-CVE-2012-0741
-	RESERVED
+CVE-2012-0741 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy ...)
+	TODO: check
 CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...)
 	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0739
 	RESERVED
-CVE-2012-0738
-	RESERVED
+CVE-2012-0738 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy ...)
+	TODO: check
 CVE-2012-0737 (Cross-site scripting (XSS) vulnerability in IBM Rational AppScan ...)
 	NOT-FOR-US: IBM Rational AppScan
 CVE-2012-0736 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...)
@@ -24060,7 +24059,7 @@
 	- xpdf 3.02-19 (low; bug #635849)
 	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
 	[squeeze] - xpdf 3.02-12+squeeze1
-CVE-2011-2901 (Xen <= 3.3 DoS due to incorrect virtual address validation)
+CVE-2011-2901
 	RESERVED
 	- xen <not-affected> (Only affects Xen <= 3.3)
 	- xen-3 <removed>


