[Secure-testing-commits] r18410 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Feb 9 20:05:33 UTC 2012
Author: jmm
Date: 2012-02-09 20:05:33 +0000 (Thu, 09 Feb 2012)
New Revision: 18410
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
new issues in struts and acidbase (impact needs to be checked for both)
new issue in libcap2 (no-dsa, fixed in sid)
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-09 15:46:10 UTC (rev 18409)
+++ data/CVE/list 2012-02-09 20:05:33 UTC (rev 18410)
@@ -1,39 +1,39 @@
CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...)
- TODO: check
+ NOT-FOR-US: EPiServer CMS
CVE-2012-1033
RESERVED
CVE-2012-1032
RESERVED
CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in ...)
- TODO: check
+ NOT-FOR-US: EPiServer CMS
CVE-2012-1030
RESERVED
CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube Ace ...)
- TODO: check
+ NOT-FOR-US: Tube Ace
CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in ...)
- TODO: check
+ NOT-FOR-US: SimpleGroupWare
CVE-2012-1027 (Cross-site scripting (XSS) vulnerability in account-closed.tcl in ...)
- TODO: check
+ NOT-FOR-US: project-open
CVE-2012-1026 (Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 ...)
- TODO: check
+ NOT-FOR-US: XRay CMS
CVE-2012-1025 (Absolute path traversal vulnerability in file in Enigma2 Webinterface ...)
- TODO: check
+ NOT-FOR-US: Enigma2
CVE-2012-1024 (Directory traversal vulnerability in file in Enigma2 Webinterface ...)
- TODO: check
+ NOT-FOR-US: Enigma2
CVE-2012-1023 (Open redirect vulnerability in admin/index.php in 4images 1.7.10 ...)
- TODO: check
+ NOT-FOR-US: 4images
CVE-2012-1022 (SQL injection vulnerability in admin/categories.php in 4images 1.7.10 ...)
- TODO: check
+ NOT-FOR-US: 4images
CVE-2012-1021 (Cross-site scripting (XSS) vulnerability in admin/categories.php in ...)
- TODO: check
+ NOT-FOR-US: 4images
CVE-2012-1020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
- TODO: check
+ NOT-FOR-US: NexorONE Online Banking
CVE-2012-1019 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki ...)
- TODO: check
+ NOT-FOR-US: Xwiki Enterprise
CVE-2012-1018 (Cross-site scripting (XSS) vulnerability in includes/convert.php in ...)
- TODO: check
+ NOT-FOR-US: Joomla addon
CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic ...)
- TODO: check
+ - acidbase <unfixed>
CVE-2012-1016
RESERVED
CVE-2012-1015
@@ -45,29 +45,29 @@
CVE-2012-1012
RESERVED
CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki ...)
- TODO: check
+ NOT-FOR-US: HDWiki
CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...)
- TODO: check
+ NOT-FOR-US: HDWiki
CVE-2012-1009
RESERVED
CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: OfficeSIP Server
CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
- TODO: check
+ - libstruts1.2-java <unfixed>
CVE-2012-1006 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
- TODO: check
+ - libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2012-1005 (Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software ...)
- TODO: check
+ NOT-FOR-US: Sphinx Software Mobile Web Server
CVE-2012-1004 (Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm ...)
- TODO: check
+ NOT-FOR-US: Foswiki
CVE-2010-XXXX [pam_shield default configuration does not take any action]
- pam-shield <unfixed> (medium; bug #658830)
CVE-2012-1003 (Multiple integer overflows in Opera 11.60 and earlier allow remote ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2002-2483
- linux-2.6 2.4.20
CVE-2012-1002 (Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown ...)
@@ -4989,6 +4989,8 @@
NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
CVE-2011-4099
RESERVED
+ - libcap2 1:2.22-1 (low)
+ [squeeze] - libcap2 <no-dsa> (Minor issue)
CVE-2011-4098
RESERVED
CVE-2011-4097
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2012-02-09 15:46:10 UTC (rev 18409)
+++ data/spu-candidates.txt 2012-02-09 20:05:33 UTC (rev 18410)
@@ -118,6 +118,11 @@
--
+libcap2 (CVE-2011-4099)
+maintainer notified
+
+--
+
loggerhead (CVE-2011-0728)
--
More information about the Secure-testing-commits
mailing list