[Secure-testing-commits] r19627 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jun 29 16:28:14 UTC 2012
Author: jmm
Date: 2012-06-29 16:28:14 +0000 (Fri, 29 Jun 2012)
New Revision: 19627
Modified:
data/CVE/list
Log:
new packagekit issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-06-29 16:27:30 UTC (rev 19626)
+++ data/CVE/list 2012-06-29 16:28:14 UTC (rev 19627)
@@ -1,9 +1,11 @@
+CVE-2012-XXXX [packagekit insecure temp file]
+ - packagekit <unfixed> (bug #678189)
CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: WinRadius
CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14 and ...)
- TODO: check
+ NOT-FOR-US: Sielco Sistemi Winlog
CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2012-3813
RESERVED
CVE-2012-3812
@@ -27,16 +29,15 @@
CVE-2012-3803
RESERVED
CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for ...)
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
+ NOT-FOR-US: Drupal module
CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not ...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic ...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when ...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
@@ -1207,7 +1208,7 @@
CVE-2012-3232
RESERVED
CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web at all ...)
- TODO: check
+ NOT-FOR-US: web at all
CVE-2012-3230
RESERVED
CVE-2012-3229
@@ -2293,7 +2294,7 @@
CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows ...)
NOT-FOR-US: Drupal module
CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobile ...)
- TODO: check
+ NOT-FOR-US: Drupal module
CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment ...)
NOT-FOR-US: Drupal module
CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...)
@@ -2574,11 +2575,11 @@
CVE-2012-2607
RESERVED
CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not require ...)
- TODO: check
+ NOT-FOR-US: Bradford Network Sentry
CVE-2012-2605 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Bradford Network Sentry
CVE-2012-2604 (Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp ...)
- TODO: check
+ NOT-FOR-US: Bradford Network Sentry
CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote ...)
NOT-FOR-US: CollabNet ScrumWorks Pro
CVE-2012-2602
@@ -2590,13 +2591,13 @@
CVE-2012-2599
RESERVED
CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-2596 (The XPath functionality in unspecified web applications in Siemens ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified web ...)
- TODO: check
+ NOT-FOR-US: Siemens WinCC
CVE-2012-2594
RESERVED
CVE-2012-2593
@@ -2654,13 +2655,13 @@
CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses ...)
NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2566 (Bloxx Web Filtering before 5.0.14 does not properly interpret ...)
- TODO: check
+ NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2565 (Bloxx Web Filtering before 5.0.14 does not use a salt during ...)
- TODO: check
+ NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2564 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web ...)
- TODO: check
+ NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android does ...)
NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...)
@@ -2794,13 +2795,13 @@
CVE-2012-2497
RESERVED
CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2012-2492
RESERVED
CVE-2012-2491
@@ -3683,7 +3684,7 @@
CVE-2012-2201
RESERVED
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
- TODO: check
+ NOT-FOR-US: sendmail configuration in AIX
CVE-2012-2199
RESERVED
CVE-2012-2198
@@ -3699,7 +3700,7 @@
CVE-2012-2193
RESERVED
CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2012-2191
RESERVED
CVE-2012-2190
@@ -3725,7 +3726,7 @@
CVE-2012-2180 (The chaining functionality in the Distributed Relational Database ...)
TODO: check
CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...)
- TODO: check
+ NOT-FOR-US: AIX
CVE-2012-2178
RESERVED
CVE-2012-2177
@@ -3735,15 +3736,15 @@
CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX ...)
TODO: check
CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote ...)
- TODO: check
+ NOT-FOR-US: Notes
CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 ...)
- TODO: check
+ NOT-FOR-US: AppScan
CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...)
TODO: check
CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...)
- TODO: check
+ NOT-FOR-US: IBM System Storage DS Storage Manager
CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...)
- TODO: check
+ NOT-FOR-US: WebSphere
CVE-2012-2169
RESERVED
CVE-2012-2168
More information about the Secure-testing-commits
mailing list