[Secure-testing-commits] r20518 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Tue Nov 20 06:38:16 UTC 2012


Author: corsac
Date: 2012-11-20 06:38:15 +0000 (Tue, 20 Nov 2012)
New Revision: 20518

Modified:
   data/CVE/list
Log:
NFUs update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-11-19 21:14:21 UTC (rev 20517)
+++ data/CVE/list	2012-11-20 06:38:15 UTC (rev 20518)
@@ -1,67 +1,67 @@
 CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 ...)
-	TODO: check
+	NOT-FOR-US: havalite
 CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...)
-	TODO: check
+	NOT-FOR-US: razorCMS
 CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: SnackAmp
 CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: Neocrome Seditio
 CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Neocrome Seditio
 CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the sed_import ...)
-	TODO: check
+	NOT-FOR-US: Neocrome Seditio
 CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress Integrator plugin
 CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow ...)
-	TODO: check
+	NOT-FOR-US: PicoPublisher
 CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in ...)
-	TODO: check
+	NOT-FOR-US: b2evolution
 CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution ...)
-	TODO: check
+	NOT-FOR-US: b2evolution
 CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in MyBB ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart 1.2.0 ...)
-	TODO: check
+	NOT-FOR-US: TomatoCart
 CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser ...)
-	TODO: check
+	NOT-FOR-US: GreenBrowser
 CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to ...)
-	TODO: check
+	NOT-FOR-US: KnFTPd
 CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows remote ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
-	TODO: check
+	NOT-FOR-US: Simple Machine Forum
 CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php ...)
-	TODO: check
+	NOT-FOR-US: DFLabs PTK
 CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under the ...)
-	TODO: check
+	NOT-FOR-US: DFLabs PTK
 CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow ...)
-	TODO: check
+	NOT-FOR-US: SAMEDIA LandShop
 CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in admin/action/objects.php ...)
-	TODO: check
+	NOT-FOR-US: SAMEDIA LandShop
 CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop ...)
-	TODO: check
+	NOT-FOR-US: SAMEDIA LandShop
 CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classees in the ARDoc ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Quest in Trust
 CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in ...)
-	TODO: check
+	NOT-FOR-US: Quest in Trust
 CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown ...)
-	TODO: check
+	NOT-FOR-US: iRODS
 CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Havalite CMS
 CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in Havalite ...)
-	TODO: check
+	NOT-FOR-US: Havalite CMS
 CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under the ...)
-	TODO: check
+	NOT-FOR-US: Havalite CMS
 CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Dalbum
 CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension (sr_feuser_register)
 CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension (powermail)
 CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features ...)
-	TODO: check
+	NOT-FOR-US: Typo3 extension (seo_basics)
 CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
 	TODO: check
 CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
@@ -70,6 +70,7 @@
 	TODO: check
 CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken ...)
 	TODO: check
+	NOTE: new vulnerability in afmparse.c?
 CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
@@ -134,7 +135,7 @@
 CVE-2012-5857
 	RESERVED
 CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin (uk cookie)
 CVE-2012-5855
 	RESERVED
 	- vlc <unfixed> (unimportant)
@@ -1734,7 +1735,7 @@
 CVE-2012-5173
 	RESERVED
 CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows ...)
-	TODO: check
+	NOT-FOR-US: Asial Monaca Debugger
 CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
 	NOT-FOR-US: Be Graph's BeZIP
 CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
@@ -2222,13 +2223,13 @@
 CVE-2012-4960
 	RESERVED
 CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
-	TODO: check
+	NOT-FOR-US: Novell File Reporter 
 CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
-	TODO: check
+	NOT-FOR-US: Novell File Reporter
 CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File ...)
-	TODO: check
+	NOT-FOR-US: Novell File Reporter
 CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
-	TODO: check
+	NOT-FOR-US: Novell File Reporter
 CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server ...)
 	NOT-FOR-US: Dell OpenManage SA
 CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote ...)
@@ -2240,37 +2241,37 @@
 CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in ...)
 	NOT-FOR-US: VeriFone VeriCentre Web Console
 CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search page in ...)
-	TODO: check
+	NOT-FOR-US: Pattern Insight
 CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote ...)
 	NOT-FOR-US: ESRI ArcGIS
 CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses ...)
 	NOT-FOR-US: Fortinet Fortigate UTM applianced
 CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in Agile ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander and ...)
-	TODO: check
+	NOT-FOR-US: FleetCommander
 CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files ...)
 	NOT-FOR-US: Axigen Free Mail Server
 CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in ...)
 	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
 CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
-	TODO: check
+	NOT-FOR-US: Pattern Insight
 CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern Insight ...)
-	TODO: check
+	NOT-FOR-US: Pattern Insight
 CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Pattern Insight
 CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
-	TODO: check
+	NOT-FOR-US: Pattern Insight
 CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled ...)
 	NOT-FOR-US: TomatoCart
 CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...)
@@ -3564,7 +3565,7 @@
 CVE-2012-4542
 	RESERVED
 CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows ...)
-	TODO: check
+	NOT-FOR-US: Piwik
 CVE-2012-4540 (Off-by-one error in the invoke function in ...)
 	- icedtea-web 1.3.1-1 (bug #692608)
 	NOTE: http://seclists.org/oss-sec/2012/q4/237




More information about the Secure-testing-commits mailing list