[Secure-testing-commits] r20518 - data/CVE
Yves-Alexis Perez
corsac at alioth.debian.org
Tue Nov 20 06:38:16 UTC 2012
Author: corsac
Date: 2012-11-20 06:38:15 +0000 (Tue, 20 Nov 2012)
New Revision: 20518
Modified:
data/CVE/list
Log:
NFUs update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-19 21:14:21 UTC (rev 20517)
+++ data/CVE/list 2012-11-20 06:38:15 UTC (rev 20518)
@@ -1,67 +1,67 @@
CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 ...)
- TODO: check
+ NOT-FOR-US: havalite
CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: SnackAmp
CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the sed_import ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress Integrator plugin
CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow ...)
- TODO: check
+ NOT-FOR-US: PicoPublisher
CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in ...)
- TODO: check
+ NOT-FOR-US: b2evolution
CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution ...)
- TODO: check
+ NOT-FOR-US: b2evolution
CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart 1.2.0 ...)
- TODO: check
+ NOT-FOR-US: TomatoCart
CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser ...)
- TODO: check
+ NOT-FOR-US: GreenBrowser
CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: KnFTPd
CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows remote ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
- TODO: check
+ NOT-FOR-US: Simple Machine Forum
CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php ...)
- TODO: check
+ NOT-FOR-US: DFLabs PTK
CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under the ...)
- TODO: check
+ NOT-FOR-US: DFLabs PTK
CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow ...)
- TODO: check
+ NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in admin/action/objects.php ...)
- TODO: check
+ NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop ...)
- TODO: check
+ NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classees in the ARDoc ActiveX ...)
- TODO: check
+ NOT-FOR-US: Quest in Trust
CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in ...)
- TODO: check
+ NOT-FOR-US: Quest in Trust
CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown ...)
- TODO: check
+ NOT-FOR-US: iRODS
CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Havalite CMS
CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in Havalite ...)
- TODO: check
+ NOT-FOR-US: Havalite CMS
CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: Havalite CMS
CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Dalbum
CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension (sr_feuser_register)
CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension (powermail)
CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension (seo_basics)
CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
TODO: check
CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
@@ -70,6 +70,7 @@
TODO: check
CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken ...)
TODO: check
+ NOTE: new vulnerability in afmparse.c?
CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
@@ -134,7 +135,7 @@
CVE-2012-5857
RESERVED
CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin (uk cookie)
CVE-2012-5855
RESERVED
- vlc <unfixed> (unimportant)
@@ -1734,7 +1735,7 @@
CVE-2012-5173
RESERVED
CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows ...)
- TODO: check
+ NOT-FOR-US: Asial Monaca Debugger
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
NOT-FOR-US: Be Graph's BeZIP
CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
@@ -2222,13 +2223,13 @@
CVE-2012-4960
RESERVED
CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server ...)
NOT-FOR-US: Dell OpenManage SA
CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote ...)
@@ -2240,37 +2241,37 @@
CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in ...)
NOT-FOR-US: VeriFone VeriCentre Web Console
CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search page in ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote ...)
NOT-FOR-US: ESRI ArcGIS
CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses ...)
NOT-FOR-US: Fortinet Fortigate UTM applianced
CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in Agile ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander and ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files ...)
NOT-FOR-US: Axigen Free Mail Server
CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in ...)
NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern Insight ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled ...)
NOT-FOR-US: TomatoCart
CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...)
@@ -3564,7 +3565,7 @@
CVE-2012-4542
RESERVED
CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows ...)
- TODO: check
+ NOT-FOR-US: Piwik
CVE-2012-4540 (Off-by-one error in the invoke function in ...)
- icedtea-web 1.3.1-1 (bug #692608)
NOTE: http://seclists.org/oss-sec/2012/q4/237
More information about the Secure-testing-commits
mailing list