[Secure-testing-commits] r20448 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Nov 5 21:14:21 UTC 2012
Author: joeyh
Date: 2012-11-05 21:14:20 +0000 (Mon, 05 Nov 2012)
New Revision: 20448
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-05 08:38:00 UTC (rev 20447)
+++ data/CVE/list 2012-11-05 21:14:20 UTC (rev 20448)
@@ -1,3 +1,243 @@
+CVE-2012-5825 (Tweepy does not verify that the server hostname matches a domain name ...)
+ TODO: check
+CVE-2012-5824 (Trillian 5.1.0.19 does not verify that the server hostname matches a ...)
+ TODO: check
+CVE-2012-5823 (Open Source Classifieds does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5822 (The contribution feature in Zamboni does not verify that the server ...)
+ TODO: check
+CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a ...)
+ TODO: check
+CVE-2012-5820 (The developer-account sample code in Google AdMob does not verify that ...)
+ TODO: check
+CVE-2012-5819 (FilesAnywhere does not verify that the server hostname matches a ...)
+ TODO: check
+CVE-2012-5818 (ElephantDrive does not verify that the server hostname matches a ...)
+ TODO: check
+CVE-2012-5817 (Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools ...)
+ TODO: check
+CVE-2012-5816 (AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server ...)
+ TODO: check
+CVE-2012-5815 (The Rackspace app 2.1.5 for iOS does not verify that the server ...)
+ TODO: check
+CVE-2012-5814 (Weberknecht, as used in GitHub Gaug.es and other products, does not ...)
+ TODO: check
+CVE-2012-5813 (The Android_Pusher library for Android does not verify that the server ...)
+ TODO: check
+CVE-2012-5812 (The ACRA library for Android does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5811 (The Breezy application for Android does not verify that the server ...)
+ TODO: check
+CVE-2012-5810 (The Chase mobile banking application for Android does not verify that ...)
+ TODO: check
+CVE-2012-5809 (The Groupon Redemptions application for Android does not verify that ...)
+ TODO: check
+CVE-2012-5808 (The LinkPoint module in Zen Cart does not verify that the server ...)
+ TODO: check
+CVE-2012-5807 (The Authorize.Net eCheck module in Zen Cart does not verify that the ...)
+ TODO: check
+CVE-2012-5806 (The PayPal Payments Pro module in Zen Cart does not verify that the ...)
+ TODO: check
+CVE-2012-5805 (The PayPal IPN functionality in Zen Cart does not verify that the ...)
+ TODO: check
+CVE-2012-5804 (The CyberSource module in Ubercart does not verify that the server ...)
+ TODO: check
+CVE-2012-5803 (The Authorize.Net module in Ubercart does not verify that the server ...)
+ TODO: check
+CVE-2012-5802 (The PayPal module in Ubercart does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5801 (The PayPal module in PrestaShop does not verify that the server ...)
+ TODO: check
+CVE-2012-5800 (The eBay module in PrestaShop does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5799 (The Canada Post (aka CanadaPost) module in PrestaShop does not verify ...)
+ TODO: check
+CVE-2012-5798 (The PayPal Pro PayFlow EC module in osCommerce does not verify that ...)
+ TODO: check
+CVE-2012-5797 (The PayPal Pro PayFlow module in osCommerce does not verify that the ...)
+ TODO: check
+CVE-2012-5796 (The PayPal Pro module in osCommerce does not verify that the server ...)
+ TODO: check
+CVE-2012-5795 (The PayPal Express module in osCommerce does not verify that the ...)
+ TODO: check
+CVE-2012-5794 (The MoneyBookers module in osCommerce does not verify that the server ...)
+ TODO: check
+CVE-2012-5793 (The Authorize.Net module in osCommerce does not verify that the server ...)
+ TODO: check
+CVE-2012-5792 (The Sage Pay Direct module in osCommerce does not verify that the ...)
+ TODO: check
+CVE-2012-5791 (PayPal Invoicing does not verify that the server hostname matches a ...)
+ TODO: check
+CVE-2012-5790 (PayPal Payments Standard PHP Library 20120427 does not verify that the ...)
+ TODO: check
+CVE-2012-5789 (PayPal Payments Standard PHP Library before 20120427 does not verify ...)
+ TODO: check
+CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5786 (The wsdl_first_https sample code in ...)
+ TODO: check
+CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ...)
+ TODO: check
+CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
+ TODO: check
+CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
+ TODO: check
+CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify ...)
+ TODO: check
+CVE-2012-5781 (Amazon Elastic Load Balancing API Tools does not verify that the ...)
+ TODO: check
+CVE-2012-5780 (The Amazon merchant SDK does not verify that the server hostname ...)
+ TODO: check
+CVE-2012-5779
+ RESERVED
+CVE-2012-5778
+ RESERVED
+CVE-2012-5777
+ RESERVED
+CVE-2012-5776
+ RESERVED
+CVE-2012-5775
+ RESERVED
+CVE-2012-5774
+ RESERVED
+CVE-2012-5773
+ RESERVED
+CVE-2012-5772
+ RESERVED
+CVE-2012-5771
+ RESERVED
+CVE-2012-5770
+ RESERVED
+CVE-2012-5769
+ RESERVED
+CVE-2012-5768
+ RESERVED
+CVE-2012-5767
+ RESERVED
+CVE-2012-5766
+ RESERVED
+CVE-2012-5765
+ RESERVED
+CVE-2012-5764
+ RESERVED
+CVE-2012-5763
+ RESERVED
+CVE-2012-5762
+ RESERVED
+CVE-2012-5761
+ RESERVED
+CVE-2012-5760
+ RESERVED
+CVE-2012-5759
+ RESERVED
+CVE-2012-5758
+ RESERVED
+CVE-2012-5757
+ RESERVED
+CVE-2012-5756
+ RESERVED
+CVE-2012-5755
+ RESERVED
+CVE-2012-5754
+ RESERVED
+CVE-2012-5753
+ RESERVED
+CVE-2012-5752
+ RESERVED
+CVE-2012-5751
+ RESERVED
+CVE-2012-5750
+ RESERVED
+CVE-2012-5749
+ RESERVED
+CVE-2012-5748
+ RESERVED
+CVE-2012-5747
+ RESERVED
+CVE-2012-5746
+ RESERVED
+CVE-2012-5745
+ RESERVED
+CVE-2012-5744
+ RESERVED
+CVE-2012-5743
+ RESERVED
+CVE-2012-5742
+ RESERVED
+CVE-2012-5741
+ RESERVED
+CVE-2012-5740
+ RESERVED
+CVE-2012-5739
+ RESERVED
+CVE-2012-5738
+ RESERVED
+CVE-2012-5737
+ RESERVED
+CVE-2012-5736
+ RESERVED
+CVE-2012-5735
+ RESERVED
+CVE-2012-5734
+ RESERVED
+CVE-2012-5733
+ RESERVED
+CVE-2012-5732
+ RESERVED
+CVE-2012-5731
+ RESERVED
+CVE-2012-5730
+ RESERVED
+CVE-2012-5729
+ RESERVED
+CVE-2012-5728
+ RESERVED
+CVE-2012-5727
+ RESERVED
+CVE-2012-5726
+ RESERVED
+CVE-2012-5725
+ RESERVED
+CVE-2012-5724
+ RESERVED
+CVE-2012-5723
+ RESERVED
+CVE-2012-5722
+ RESERVED
+CVE-2012-5721
+ RESERVED
+CVE-2012-5720
+ RESERVED
+CVE-2012-5719
+ RESERVED
+CVE-2012-5718
+ RESERVED
+CVE-2012-5717
+ RESERVED
+CVE-2012-5716
+ RESERVED
+CVE-2012-5715
+ RESERVED
+CVE-2012-5714
+ RESERVED
+CVE-2012-5713
+ RESERVED
+CVE-2012-5712
+ RESERVED
+CVE-2012-5711
+ RESERVED
+CVE-2012-5710
+ RESERVED
+CVE-2012-5709
+ RESERVED
+CVE-2012-5708
+ RESERVED
+CVE-2012-5707
+ RESERVED
+CVE-2012-5706
+ RESERVED
CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page ...)
TODO: check
CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...)
@@ -73,7 +313,8 @@
NOT-FOR-US: Social Network Community
CVE-2011-5233 (Heap-based buffer overflow in IrfanView before 4.32 allows remote ...)
NOT-FOR-US: IrfanView
-CVE-2011-5232 (Double free vulnerability in the Free_All_Memory function in ...)
+CVE-2011-5232
+ REJECTED
TODO: check
CVE-2011-5231
REJECTED
@@ -1187,8 +1428,8 @@
RESERVED
CVE-2012-5171
RESERVED
-CVE-2012-5170
- RESERVED
+CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
+ TODO: check
CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: ATutor AContent
CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify ...)
@@ -1593,8 +1834,8 @@
NOT-FOR-US: OpenX
CVE-2012-4988
RESERVED
-CVE-2012-4987
- RESERVED
+CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 ...)
+ TODO: check
CVE-2012-4986
RESERVED
CVE-2012-4985
@@ -3149,18 +3390,18 @@
TODO: check
CVE-2012-4499 (The contact formatter page in the Email Field module 6.x-1.x before ...)
TODO: check
-CVE-2012-4498
- RESERVED
-CVE-2012-4497
- RESERVED
+CVE-2012-4498 (The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not ...)
+ TODO: check
+CVE-2012-4497 (Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in ...)
+ TODO: check
CVE-2012-4496 (Cross-site scripting (XSS) vulnerability in the Custom Publishing ...)
TODO: check
CVE-2012-4495 (The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not ...)
TODO: check
CVE-2012-4494 (The Shibboleth authentication module 7.x-4.0 for Drupal does not ...)
TODO: check
-CVE-2012-4493
- RESERVED
+CVE-2012-4493 (Cross-site scripting (XSS) vulnerability in the administrative ...)
+ TODO: check
CVE-2012-4492 (Multiple cross-site scripting (XSS) vulnerabilities in the Shorten ...)
TODO: check
CVE-2012-4491 (The Monthly Archive by Node Type module 6.x for Drupal does not ...)
@@ -3171,10 +3412,10 @@
TODO: check
CVE-2012-4488 (The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 ...)
TODO: check
-CVE-2012-4487
- RESERVED
-CVE-2012-4486
- RESERVED
+CVE-2012-4487 (The Subuser module before 6.x-1.8 for Drupal does not properly check ...)
+ TODO: check
+CVE-2012-4486 (Cross-site request forgery (CSRF) vulnerability in the Subuser module ...)
+ TODO: check
CVE-2012-4485 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
TODO: check
CVE-2012-4484 (Cross-site scripting (XSS) vulnerability in the administrative ...)
@@ -5053,12 +5294,12 @@
RESERVED
CVE-2012-3751
RESERVED
-CVE-2012-3750
- RESERVED
-CVE-2012-3749
- RESERVED
-CVE-2012-3748
- RESERVED
+CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not ...)
+ TODO: check
+CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ...)
+ TODO: check
+CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before ...)
+ TODO: check
CVE-2012-3747 (WebKit, as used in Apple iOS before 6, allows remote attackers to ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the ...)
@@ -5764,8 +6005,7 @@
- ganglia 3.3.8-1 (bug #683584)
CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 ...)
- nova 2012.1.1-6 (bug #684256)
-CVE-2012-3446 [MITM in TLS/SSL certificates verification]
- RESERVED
+CVE-2012-3446 (Apache Libcloud before 0.11.1 uses an incorrect regular expression ...)
- libcloud 0.5.0-1.1 (bug #683927)
CVE-2012-3445 (The virTypedParameterArrayClear function in libvirt 0.9.13 does not ...)
- libvirt 0.9.12-4 (bug #683483)
@@ -13801,7 +14041,7 @@
NOT-FOR-US: Novell Sentinel Log Manager
CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...)
- zabbix 1:1.8.10-1 (bug #652664)
-CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in Winn GuestBook before ...)
+CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in the addPost function in ...)
NOT-FOR-US: Winn Guestbook
CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki ...)
- yaws 1.92-1 (bug #653966)
@@ -15261,8 +15501,7 @@
[squeeze] - openssl <not-affected> (no GOST support)
CVE-2012-0026
REJECTED
-CVE-2012-0025
- RESERVED
+CVE-2012-0025 (Double free vulnerability in the Free_All_Memory function in ...)
NOT-FOR-US: libfpx
CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values ...)
- maradns 1.4.09-1
@@ -18634,7 +18873,7 @@
- phppgadmin 5.0.3-1 (low; bug #644290)
[squeeze] - phppgadmin 4.2.3-1.1squeeze1
[lenny] - phppgadmin 4.2.2-1lenny1
-CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows ...)
+CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for Perl ...)
- libdigest-perl 1.17-1 (low; bug #644108)
[squeeze] - libdigest-perl 1.16-1+squeeze1
[lenny] - libdigest-perl 1.15-2+lenny1
More information about the Secure-testing-commits
mailing list