[Secure-testing-commits] r20436 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Nov 1 21:14:21 UTC 2012 

Author: joeyh
Date: 2012-11-01 21:14:21 +0000 (Thu, 01 Nov 2012)
New Revision: 20436

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-01 17:30:17 UTC (rev 20435)
+++ data/CVE/list	2012-11-01 21:14:21 UTC (rev 20436)
@@ -1,3 +1,19 @@
+CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page ...)
+	TODO: check
+CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...)
+	TODO: check
+CVE-2012-5703
+	RESERVED
+CVE-2012-5702
+	RESERVED
+CVE-2012-5701
+	RESERVED
+CVE-2012-5700
+	RESERVED
+CVE-2012-5699
+	RESERVED
+CVE-2012-5698
+	RESERVED
 CVE-2012-5979
 	REJECTED
 	TODO: check
@@ -21,8 +37,8 @@
 	RESERVED
 CVE-2012-5688
 	RESERVED
-CVE-2012-5687
-	RESERVED
+CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...)
+	TODO: check
 CVE-2012-5686
 	RESERVED
 CVE-2012-5685
@@ -100,8 +116,7 @@
 	TODO: check
 CVE-2012-5672 (Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office ...)
 	TODO: check
-CVE-2012-5671 [exim4 heap overflow]
-	RESERVED
+CVE-2012-5671 (Heap-based buffer overflow in the dkim_exim_query_dns_txt function in ...)
 	{DSA-2566-1}
 	- exim4 4.80-5.1 (medium)
 CVE-2012-5670
@@ -630,8 +645,8 @@
 	RESERVED
 CVE-2012-5410
 	RESERVED
-CVE-2012-5409
-	RESERVED
+CVE-2012-5409 (AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and ...)
+	TODO: check
 CVE-2012-5408
 	RESERVED
 CVE-2012-5407
@@ -1692,10 +1707,10 @@
 	RESERVED
 CVE-2012-4941
 	RESERVED
-CVE-2012-4940
-	RESERVED
-CVE-2012-4939
-	RESERVED
+CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files ...)
+	TODO: check
+CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in ...)
+	TODO: check
 CVE-2012-4938
 	RESERVED
 CVE-2012-4937
@@ -2988,8 +3003,7 @@
 CVE-2012-4545
 	RESERVED
 	- elinks 0.12~pre5-9
-CVE-2012-4544
-	RESERVED
+CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the ...)
 	- xen <unfixed> (low; bug #688125)
 CVE-2012-4543
 	RESERVED
@@ -3015,10 +3029,10 @@
 	RESERVED
 	{DSA-2563-1}
 	- viewvc 1.1.5-1.4 (low; bug #691062)
-CVE-2012-4532
-	RESERVED
-CVE-2012-4531
-	RESERVED
+CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...)
+	TODO: check
 CVE-2012-4530 [kernel: stack disclosure in binfmt_script load_script()]
 	RESERVED
 	- linux <unfixed>
@@ -3126,44 +3140,44 @@
 	RESERVED
 CVE-2012-4501 (Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows ...)
 	TODO: check
-CVE-2012-4500
-	RESERVED
-CVE-2012-4499
-	RESERVED
+CVE-2012-4500 (The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows ...)
+	TODO: check
+CVE-2012-4499 (The contact formatter page in the Email Field module 6.x-1.x before ...)
+	TODO: check
 CVE-2012-4498
 	RESERVED
 CVE-2012-4497
 	RESERVED
-CVE-2012-4496
-	RESERVED
-CVE-2012-4495
-	RESERVED
-CVE-2012-4494
-	RESERVED
+CVE-2012-4496 (Cross-site scripting (XSS) vulnerability in the Custom Publishing ...)
+	TODO: check
+CVE-2012-4495 (The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not ...)
+	TODO: check
+CVE-2012-4494 (The Shibboleth authentication module 7.x-4.0 for Drupal does not ...)
+	TODO: check
 CVE-2012-4493
 	RESERVED
-CVE-2012-4492
-	RESERVED
-CVE-2012-4491
-	RESERVED
-CVE-2012-4490
-	RESERVED
-CVE-2012-4489
-	RESERVED
-CVE-2012-4488
-	RESERVED
+CVE-2012-4492 (Multiple cross-site scripting (XSS) vulnerabilities in the Shorten ...)
+	TODO: check
+CVE-2012-4491 (The Monthly Archive by Node Type module 6.x for Drupal does not ...)
+	TODO: check
+CVE-2012-4490 (Multiple cross-site scripting (XSS) vulnerabilities in the Excluded ...)
+	TODO: check
+CVE-2012-4489 (Open redirect vulnerability in the securelogin_secure_redirect ...)
+	TODO: check
+CVE-2012-4488 (The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 ...)
+	TODO: check
 CVE-2012-4487
 	RESERVED
 CVE-2012-4486
 	RESERVED
-CVE-2012-4485
-	RESERVED
-CVE-2012-4484
-	RESERVED
-CVE-2012-4483
-	RESERVED
-CVE-2012-4482
-	RESERVED
+CVE-2012-4485 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2012-4484 (Cross-site scripting (XSS) vulnerability in the administrative ...)
+	TODO: check
+CVE-2012-4483 (The commons_discussion_views_default_views function in ...)
+	TODO: check
+CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal does ...)
+	TODO: check
 CVE-2012-4481
 	RESERVED
 	- ruby1.8 1.8.7.358-5 (bug #689945)
@@ -6773,8 +6787,8 @@
 	NOT-FOR-US: Siemens WinCC
 CVE-2012-3027
 	RESERVED
-CVE-2012-3026
-	RESERVED
+CVE-2012-3026 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...)
+	TODO: check
 CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6 ...)
 	NOT-FOR-US: Tridium Niagara AX Framework
 CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ...)
@@ -6783,8 +6797,8 @@
 	RESERVED
 CVE-2012-3022
 	RESERVED
-CVE-2012-3021
-	RESERVED
+CVE-2012-3021 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...)
+	TODO: check
 CVE-2012-3020 (The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and ...)
 	NOT-FOR-US: Siemens Synco OZW Web Server
 CVE-2012-3019
@@ -6805,8 +6819,8 @@
 	NOT-FOR-US: Arbiter Power Sentinel 1133A
 CVE-2012-3011 (Directory traversal vulnerability in the web server in Fultek WinTr ...)
 	NOT-FOR-US: Fultek WinTr Scada web server
-CVE-2012-3010
-	RESERVED
+CVE-2012-3010 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...)
+	TODO: check
 CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, ...)
 	NOT-FOR-US: Siemens COMOS
 CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...)
@@ -7763,8 +7777,7 @@
 	NOT-FOR-US: Plixer Scrutinizer
 CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell ...)
 	NOT-FOR-US: Plixer Scrutinizer
-CVE-2012-2625 [xen: pv bootloader doesn't check the size of the bzip2 or lzma compressed kernel]
-	RESERVED
+CVE-2012-2625 (The PyGrub boot loader in Xen unstable before changeset ...)
 	- xen <unfixed> (low; bug #688125)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
 CVE-2012-2624

More information about the Secure-testing-commits mailing list