[Secure-testing-commits] r20281 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Oct 2 21:14:18 UTC 2012
Author: joeyh
Date: 2012-10-02 21:14:17 +0000 (Tue, 02 Oct 2012)
New Revision: 20281
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-02 14:32:47 UTC (rev 20280)
+++ data/CVE/list 2012-10-02 21:14:17 UTC (rev 20281)
@@ -1,3 +1,79 @@
+CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before 7.1.6 ...)
+ TODO: check
+CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote module ...)
+ TODO: check
+CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form component ...)
+ TODO: check
+CVE-2012-5231 (miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP ...)
+ TODO: check
+CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) ...)
+ TODO: check
+CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...)
+ TODO: check
+CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...)
+ TODO: check
+CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING ...)
+ TODO: check
+CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING ...)
+ TODO: check
+CVE-2012-5225 (Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart ...)
+ TODO: check
+CVE-2012-5224 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2012-5223 (The proc_deutf function in includes/functions_vbseocp_abstract.php in ...)
+ TODO: check
+CVE-2012-5222
+ RESERVED
+CVE-2012-5221
+ RESERVED
+CVE-2012-5220
+ RESERVED
+CVE-2012-5219
+ RESERVED
+CVE-2012-5218
+ RESERVED
+CVE-2012-5217
+ RESERVED
+CVE-2012-5216
+ RESERVED
+CVE-2012-5215
+ RESERVED
+CVE-2012-5214
+ RESERVED
+CVE-2012-5213
+ RESERVED
+CVE-2012-5212
+ RESERVED
+CVE-2012-5211
+ RESERVED
+CVE-2012-5210
+ RESERVED
+CVE-2012-5209
+ RESERVED
+CVE-2012-5208
+ RESERVED
+CVE-2012-5207
+ RESERVED
+CVE-2012-5206
+ RESERVED
+CVE-2012-5205
+ RESERVED
+CVE-2012-5204
+ RESERVED
+CVE-2012-5203
+ RESERVED
+CVE-2012-5202
+ RESERVED
+CVE-2012-5201
+ RESERVED
+CVE-2012-5200
+ RESERVED
+CVE-2012-5199
+ RESERVED
+CVE-2012-5198
+ RESERVED
+CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a ...)
+ TODO: check
CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...)
TODO: check
CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x ...)
@@ -818,14 +894,14 @@
RESERVED
CVE-2012-4834
RESERVED
-CVE-2012-4833
- RESERVED
+CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not ...)
+ TODO: check
CVE-2012-4832
RESERVED
CVE-2012-4831
RESERVED
-CVE-2012-4830
- RESERVED
+CVE-2012-4830 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 through ...)
+ TODO: check
CVE-2012-4829
RESERVED
CVE-2012-4828
@@ -2554,8 +2630,8 @@
- bind9 <unfixed>
CVE-2012-4243
RESERVED
-CVE-2012-4242
- RESERVED
+CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...)
+ TODO: check
CVE-2012-4241
RESERVED
CVE-2012-4240
@@ -2928,12 +3004,12 @@
RESERVED
CVE-2012-4066
RESERVED
-CVE-2012-4065
- RESERVED
-CVE-2012-4064
- RESERVED
-CVE-2012-4063
- RESERVED
+CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
+ TODO: check
+CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
+ TODO: check
+CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1 does not ...)
+ TODO: check
CVE-2012-4062
RESERVED
CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow ...)
@@ -4823,8 +4899,8 @@
RESERVED
CVE-2012-3320
RESERVED
-CVE-2012-3319
- RESERVED
+CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows remote ...)
+ TODO: check
CVE-2012-3318
RESERVED
CVE-2012-3317
@@ -5399,8 +5475,8 @@
NOT-FOR-US: Siemens SIMATIC PLC
CVE-2012-3036
RESERVED
-CVE-2012-3035
- RESERVED
+CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows ...)
+ TODO: check
CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
NOT-FOR-US: Siemens WinCC
CVE-2012-3033
@@ -8285,10 +8361,10 @@
RESERVED
CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Webfolio CMS
-CVE-2012-1898
- RESERVED
-CVE-2012-1897
- RESERVED
+CVE-2012-1898 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-1897 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS ...)
+ TODO: check
CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the ...)
- cifs-utils 2:5.3-2 (low; bug #665923)
[squeeze] - cifs-utils <no-dsa> (Minor issue)
@@ -8862,16 +8938,14 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1640 (Multiple cross-site scripting (XSS) vulnerabilities in the Managesite ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1639
- RESERVED
+CVE-2012-1639 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1638 (SQL injection vulnerability in the Search Autocomplete module before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1637
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1636
- RESERVED
+CVE-2012-1636 (Cross-site request forgery (CSRF) vulnerability in the stickynote ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -8948,12 +9022,12 @@
- typo3-src 4.5.14+dfsg1-1
CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 ...)
- typo3-src <not-affected> (vulnerable code not yet present)
-CVE-2012-1604
- RESERVED
-CVE-2012-1603
- RESERVED
-CVE-2012-1602
- RESERVED
+CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote ...)
+ TODO: check
+CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS ...)
+ TODO: check
+CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass ...)
+ TODO: check
CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...)
{DSA-2469-1}
- linux-2.6 3.2.17-1 (low)
@@ -9013,8 +9087,8 @@
CVE-2012-1577
RESERVED
- dietlibc 0.33~cvs20120325-1 (unimportant)
-CVE-2012-1576
- RESERVED
+CVE-2012-1576 (The myuser_delete function in libathemecore/account.c in Atheme 5.x ...)
+ TODO: check
CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
NOT-FOR-US: cumin
CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...)
@@ -9244,10 +9318,10 @@
RESERVED
CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not ...)
NOT-FOR-US: VMware vCenter Chargeback Manager
-CVE-2012-1471
- RESERVED
-CVE-2012-1470
- RESERVED
+CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in ocPortal ...)
+ TODO: check
+CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...)
+ TODO: check
CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
- ojs <removed>
CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...)
@@ -10396,8 +10470,8 @@
NOT-FOR-US: OpenEMR
CVE-2012-0990 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: DClassifieds
-CVE-2012-0989
- RESERVED
+CVE-2012-0989 (Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial ...)
+ TODO: check
CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: KnowledgeTree
CVE-2012-0987
@@ -11018,8 +11092,8 @@
RESERVED
CVE-2012-0749
RESERVED
-CVE-2012-0748
- RESERVED
+CVE-2012-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
@@ -12578,8 +12652,7 @@
NOT-FOR-US: e107
CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 ...)
NOT-FOR-US: e107
-CVE-2011-4945
- RESERVED
+CVE-2011-4945 (PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which ...)
- policykit-1 0.103-1
[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable ...)
More information about the Secure-testing-commits
mailing list