[Secure-testing-commits] r20314 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Oct 9 21:14:23 UTC 2012
Author: joeyh
Date: 2012-10-09 21:14:23 +0000 (Tue, 09 Oct 2012)
New Revision: 20314
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-09 11:47:11 UTC (rev 20313)
+++ data/CVE/list 2012-10-09 21:14:23 UTC (rev 20314)
@@ -1,3 +1,93 @@
+CVE-2012-5340
+ RESERVED
+CVE-2012-5339
+ RESERVED
+CVE-2012-5338
+ RESERVED
+CVE-2012-5337
+ RESERVED
+CVE-2012-5336
+ RESERVED
+CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote ...)
+ TODO: check
+CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing Press ...)
+ TODO: check
+CVE-2012-5333 (SQL injection vulnerability in page.php in Pre Printing Press allows ...)
+ TODO: check
+CVE-2012-5332 (at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2012-5331 (Directory traversal vulnerability in asaanCart 0.9 allows remote ...)
+ TODO: check
+CVE-2012-5330 (Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 ...)
+ TODO: check
+CVE-2012-5329 (Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated ...)
+ TODO: check
+CVE-2012-5328 (Multiple SQL injection vulnerabilities in the Mingle Forum plugin ...)
+ TODO: check
+CVE-2012-5327 (Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the ...)
+ TODO: check
+CVE-2012-5326 (Cross-site request forgery (CSRF) vulnerability in admin/function.php ...)
+ TODO: check
+CVE-2012-5325 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2012-5324 (Multiple buffer overflows in the Pdf Printer Preferences ActiveX ...)
+ TODO: check
+CVE-2012-5323 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2012-5322 (Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 ...)
+ TODO: check
+CVE-2012-5321 (tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote ...)
+ TODO: check
+CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi in ...)
+ TODO: check
+CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in setup/security.cgi ...)
+ TODO: check
+CVE-2012-5318 (Unrestricted file upload vulnerability in ...)
+ TODO: check
+CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware Shop ...)
+ TODO: check
+CVE-2012-5316 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam ...)
+ TODO: check
+CVE-2012-5315 (Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 ...)
+ TODO: check
+CVE-2012-5314 (Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier ...)
+ TODO: check
+CVE-2012-5313 (SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows ...)
+ TODO: check
+CVE-2012-5312 (SQL injection vulnerability in Tribiq CMS allows remote attackers to ...)
+ TODO: check
+CVE-2012-5311 (Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ...)
+ TODO: check
+CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...)
+ TODO: check
+CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim ...)
+ TODO: check
+CVE-2012-5308 (Cross-site request forgery (CSRF) vulnerability in servlet/traveler in ...)
+ TODO: check
+CVE-2012-5307 (Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM ...)
+ TODO: check
+CVE-2012-5306 (Stack-based buffer overflow in the SelectDirectory method in ...)
+ TODO: check
+CVE-2012-5305 (Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC ...)
+ TODO: check
+CVE-2012-5304 (Static code injection vulnerability in administration/install.php in ...)
+ TODO: check
+CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite ...)
+ TODO: check
+CVE-2012-5302
+ RESERVED
+CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin ...)
+ TODO: check
+CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
+ TODO: check
+CVE-2010-5278 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...)
+ TODO: check
+CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for ...)
+ TODO: check
+CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...)
+ TODO: check
CVE-2012-XXXX [claws-mail null ptr crash]
- claws-mail <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862578
@@ -74,56 +164,56 @@
RESERVED
CVE-2012-5273
RESERVED
-CVE-2012-5272
- RESERVED
-CVE-2012-5271
- RESERVED
-CVE-2012-5270
- RESERVED
-CVE-2012-5269
- RESERVED
-CVE-2012-5268
- RESERVED
-CVE-2012-5267
- RESERVED
-CVE-2012-5266
- RESERVED
-CVE-2012-5265
- RESERVED
-CVE-2012-5264
- RESERVED
-CVE-2012-5263
- RESERVED
-CVE-2012-5262
- RESERVED
-CVE-2012-5261
- RESERVED
-CVE-2012-5260
- RESERVED
-CVE-2012-5259
- RESERVED
-CVE-2012-5258
- RESERVED
-CVE-2012-5257
- RESERVED
-CVE-2012-5256
- RESERVED
-CVE-2012-5255
- RESERVED
-CVE-2012-5254
- RESERVED
-CVE-2012-5253
- RESERVED
-CVE-2012-5252
- RESERVED
-CVE-2012-5251
- RESERVED
-CVE-2012-5250
- RESERVED
-CVE-2012-5249
- RESERVED
-CVE-2012-5248
- RESERVED
+CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5270 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5269 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5268 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5267 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5266 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5265 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5264 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5263 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5262 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5261 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5260 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5259 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5258 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5257 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5256 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5255 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5254 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5253 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5252 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+ TODO: check
+CVE-2012-5251 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5250 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5249 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
+CVE-2012-5248 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+ TODO: check
CVE-2012-5247
RESERVED
CVE-2012-5246
@@ -399,17 +489,13 @@
RESERVED
CVE-2012-5112
RESERVED
-CVE-2012-5111
- RESERVED
+CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of ...)
- chromium-browser <unfixed>
-CVE-2012-5110
- RESERVED
+CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote ...)
- chromium-browser <unfixed>
-CVE-2012-5109
- RESERVED
+CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...)
- chromium-browser <unfixed>
-CVE-2012-5108
- RESERVED
+CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote ...)
- chromium-browser <unfixed>
CVE-2012-5107
RESERVED
@@ -525,10 +611,10 @@
RESERVED
CVE-2012-5052
RESERVED
-CVE-2012-5051
- RESERVED
-CVE-2012-5050
- RESERVED
+CVE-2012-5051 (Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows ...)
+ TODO: check
+CVE-2012-5050 (Cross-site scripting (XSS) vulnerability in the server in VMware ...)
+ TODO: check
CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...)
NOT-FOR-US: Optimalog Optima PLC
CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...)
@@ -919,8 +1005,8 @@
RESERVED
CVE-2012-4898
RESERVED
-CVE-2012-4897
- RESERVED
+CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie ...)
+ TODO: check
CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
TODO: check
CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
@@ -1069,10 +1155,10 @@
RESERVED
CVE-2012-4826
RESERVED
-CVE-2012-4825
- RESERVED
-CVE-2012-4824
- RESERVED
+CVE-2012-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-4824 (Open redirect vulnerability in servlet/traveler in IBM Lotus Notes ...)
+ TODO: check
CVE-2012-4823
RESERVED
CVE-2012-4822
@@ -2273,11 +2359,9 @@
- wpa 1.0-3 (bug #689990)
CVE-2012-4444
RESERVED
-CVE-2012-4443 [monkey: CGI scripts executed without dropping RUID/RGID root]
- RESERVED
+CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of ...)
- monkey <removed> (bug #688008)
-CVE-2012-4442 [monkey: Fails to drop supplemental groups when lowering privileges]
- RESERVED
+CVE-2012-4442 (Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the ...)
- monkey <removed> (bug #688007)
NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/09/20/7
CVE-2012-4441 [jenkins XSS in CI game plugin]
@@ -3397,7 +3481,7 @@
- icedove 10.0.7-1
- iceape 2.7.7-1
CVE-2012-3977
- RESERVED
+ REJECTED
CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and ...)
- iceweasel 10.0.7esr-1
- iceape 2.7.7-1
@@ -5933,8 +6017,7 @@
NOT-FOR-US: Joomla JCE
CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the ...)
NOT-FOR-US: Joomla JCE
-CVE-2012-2900
- RESERVED
+CVE-2012-2900 (Skia, as used in Google Chrome before 22.0.1229.92, does not properly ...)
- chromium-browser <unfixed>
CVE-2012-2899
RESERVED
@@ -9042,8 +9125,8 @@
NOT-FOR-US: e-ticketing
CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 ...)
NOT-FOR-US: Hotel Booking Portal
-CVE-2012-1671
- RESERVED
+CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and ...)
+ TODO: check
CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote ...)
NOT-FOR-US: PHP Grade Book
CVE-2012-1669
@@ -9121,8 +9204,7 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1634
- RESERVED
+CVE-2012-1634 (Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -9142,11 +9224,9 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1624
- RESERVED
+CVE-2012-1624 (Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1623
- RESERVED
+CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does not ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1622
RESERVED
@@ -9158,8 +9238,7 @@
- suckless-tools <unfixed> (unimportant; bug #667796)
CVE-2012-1619
RESERVED
-CVE-2012-1618 [jdbc pgsql SQL injection]
- RESERVED
+CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...)
- libpgjava <not-affected> (Even the version in oldstable had 8.2)
CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...)
NOT-FOR-US: OSClass not in Debian
@@ -9290,11 +9369,10 @@
CVE-2012-1566
RESERVED
NOT-FOR-US: LinuxMint
-CVE-2012-1565
- RESERVED
+CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...)
NOT-FOR-US: eZ Publish
-CVE-2012-1564
- RESERVED
+CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2012-1563
RESERVED
NOT-FOR-US: Joomla!
@@ -9604,12 +9682,12 @@
NOT-FOR-US: Chrome books
CVE-2012-1417
RESERVED
-CVE-2012-1416
- RESERVED
+CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
CVE-2012-1415
RESERVED
-CVE-2012-1414
- RESERVED
+CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...)
+ TODO: check
CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Zen Cart
CVE-2012-1412
@@ -9821,8 +9899,8 @@
NOT-FOR-US: Cisco IOS
CVE-2012-1309
RESERVED
-CVE-2012-1308
- RESERVED
+CVE-2012-1308 (Cross-site request forgery (CSRF) vulnerability in redpass.cgi in ...)
+ TODO: check
CVE-2012-1307
RESERVED
CVE-2012-1306
@@ -10076,8 +10154,7 @@
[lenny] - phpmyadmin <not-affected>
[squeeze] - phpmyadmin <not-affected>
NOTE: hypothetical issue
-CVE-2012-1189
- RESERVED
+CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in ...)
- torcs 1.3.3-1 (low; bug #660555)
[squeeze] - torcs <no-dsa> (Minor issue)
- speed-dreams <itp> (bug #599884)
@@ -10197,8 +10274,7 @@
CVE-2012-1154
RESERVED
NOT-FOR-US: mod_cluster
-CVE-2012-1153
- RESERVED
+CVE-2012-1153 (Unrestricted file upload vulnerability in ...)
NOT-FOR-US: AppRain CMS, not in Debian
CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting ...)
{DSA-2432-1}
@@ -10206,8 +10282,7 @@
CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka ...)
{DSA-2431-1}
- libdbd-pg-perl 2.19.0-1 (bug #661536)
-CVE-2012-1150
- RESERVED
+CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x ...)
- python2.5 <removed> (low)
- python2.6 2.6.8-0.1 (low)
- python2.7 2.7.3~rc1-1 (low)
@@ -10290,8 +10365,7 @@
CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
- freetype 2.4.9-1 (unimportant; bug #662864)
NOTE: Crash only
-CVE-2012-1125
- RESERVED
+CVE-2012-1125 (Unrestricted file upload vulnerability in ...)
NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian)
CVE-2012-1124
RESERVED
@@ -10646,10 +10720,10 @@
TODO: check
CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: KnowledgeTree
-CVE-2012-0987
- RESERVED
-CVE-2012-0986
- RESERVED
+CVE-2012-0987 (Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x ...)
+ TODO: check
+CVE-2012-0986 (Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS ...)
+ TODO: check
CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control ...)
NOT-FOR-US: Sony VAIO wireless LAN management ActiveX
CVE-2012-0984
@@ -11001,11 +11075,9 @@
CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples function in ...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0846
- RESERVED
+CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
- webcalendar <removed>
-CVE-2012-0845
- RESERVED
+CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, ...)
- python3.1 <removed> (low)
[squeeze] - python3.1 <no-dsa> (Minor issue)
- python3.2 3.2.3~rc1-1
@@ -12866,8 +12938,7 @@
CVE-2011-4933
RESERVED
- joomla <itp> (bug #571794)
-CVE-2011-4932
- RESERVED
+CVE-2011-4932 (Eval injection vulnerability in ...)
NOT-FOR-US: ImpressPages CMS not in Debian
CVE-2011-4931
RESERVED
@@ -12876,18 +12947,15 @@
CVE-2011-4930
RESERVED
- condor <not-affected> (Fixed before initial release)
-CVE-2011-4929
- RESERVED
+CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
{DSA-2261-1}
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
-CVE-2011-4928
- RESERVED
+CVE-2011-4928 (Cross-site scripting (XSS) vulnerability in the textile formatter in ...)
{DSA-2261-1}
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
-CVE-2011-4927
- RESERVED
+CVE-2011-4927 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
{DSA-2261-1}
- redmine 1.0.5-1 (bug #608397)
NOTE: http://www.redmine.org/news/49
@@ -12943,14 +13011,11 @@
CVE-2011-4912
RESERVED
NOT-FOR-US: Joomla
-CVE-2011-4911
- RESERVED
+CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified ...)
NOT-FOR-US: Joomla
-CVE-2011-4910
- RESERVED
+CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 ...)
NOT-FOR-US: Joomla
-CVE-2011-4909
- RESERVED
+CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
NOT-FOR-US: Joomla
CVE-2011-4908
RESERVED
@@ -13973,8 +14038,7 @@
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
-CVE-2012-0065
- RESERVED
+CVE-2012-0065 (Heap-based buffer overflow in the receive_packet function in ...)
- usbmuxd 1.0.7-2 (medium; bug #656581)
[lenny] - usbmuxd <not-affected> (introduced in 1.0.7)
[squeeze] - usbmuxd <not-affected> (introduced in 1.0.7)
@@ -14273,12 +14337,12 @@
RESERVED
CVE-2011-4641
RESERVED
-CVE-2011-4640
- RESERVED
-CVE-2011-4639
- RESERVED
-CVE-2011-4638
- RESERVED
+CVE-2011-4640 (Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan ...)
+ TODO: check
+CVE-2011-4639 (The (1) Traceroute and (2) Ping implementations in tools.php in ...)
+ TODO: check
+CVE-2011-4638 (Multiple SQL injection vulnerabilities in SpamTitan WebTitan before ...)
+ TODO: check
CVE-2011-4637
RESERVED
CVE-2011-4636
@@ -14542,16 +14606,16 @@
RESERVED
CVE-2011-4549
RESERVED
-CVE-2010-5067
- RESERVED
-CVE-2010-5066
- RESERVED
-CVE-2010-5065
- RESERVED
-CVE-2010-5064
- RESERVED
-CVE-2010-5063
- RESERVED
+CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that ...)
+ TODO: check
+CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in ...)
+ TODO: check
+CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
+ TODO: check
+CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War ...)
+ TODO: check
+CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) ...)
+ TODO: check
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <not-affected>
- webkit <not-affected>
@@ -15033,8 +15097,7 @@
- ffmpeg-debian <end-of-life>
NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
-CVE-2011-4363
- RESERVED
+CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when ...)
- libproc-processtable-perl <unfixed> (low; bug #650500)
[squeeze] - libproc-processtable-perl <no-dsa> (Minor issue)
[lenny] - libproc-processtable-perl <no-dsa> (Minor issue)
@@ -15121,8 +15184,7 @@
CVE-2011-4343
RESERVED
NOT-FOR-US: Apache MyFaces
-CVE-2011-4342
- RESERVED
+CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the ...)
NOT-FOR-US: Wordpress plugin
CVE-2011-4341 (Multiple SQL injection vulnerabilities in ...)
- symfony <removed>
@@ -16590,8 +16652,8 @@
- chromium-browser 16.0.912.75~r116452-1
- webkit <undetermined>
- libxml2 2.7.8.dfsg-7 (bug #656377)
-CVE-2011-3918
- RESERVED
+CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests ...)
+ TODO: check
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before ...)
- chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
More information about the Secure-testing-commits
mailing list