[Secure-testing-commits] r20314 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Oct 9 21:14:23 UTC 2012


Author: joeyh
Date: 2012-10-09 21:14:23 +0000 (Tue, 09 Oct 2012)
New Revision: 20314

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-09 11:47:11 UTC (rev 20313)
+++ data/CVE/list	2012-10-09 21:14:23 UTC (rev 20314)
@@ -1,3 +1,93 @@
+CVE-2012-5340
+	RESERVED
+CVE-2012-5339
+	RESERVED
+CVE-2012-5338
+	RESERVED
+CVE-2012-5337
+	RESERVED
+CVE-2012-5336
+	RESERVED
+CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote ...)
+	TODO: check
+CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing Press ...)
+	TODO: check
+CVE-2012-5333 (SQL injection vulnerability in page.php in Pre Printing Press allows ...)
+	TODO: check
+CVE-2012-5332 (at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2012-5331 (Directory traversal vulnerability in asaanCart 0.9 allows remote ...)
+	TODO: check
+CVE-2012-5330 (Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 ...)
+	TODO: check
+CVE-2012-5329 (Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated ...)
+	TODO: check
+CVE-2012-5328 (Multiple SQL injection vulnerabilities in the Mingle Forum plugin ...)
+	TODO: check
+CVE-2012-5327 (Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the ...)
+	TODO: check
+CVE-2012-5326 (Cross-site request forgery (CSRF) vulnerability in admin/function.php ...)
+	TODO: check
+CVE-2012-5325 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2012-5324 (Multiple buffer overflows in the Pdf Printer Preferences ActiveX ...)
+	TODO: check
+CVE-2012-5323 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2012-5322 (Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 ...)
+	TODO: check
+CVE-2012-5321 (tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote ...)
+	TODO: check
+CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi in ...)
+	TODO: check
+CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in setup/security.cgi ...)
+	TODO: check
+CVE-2012-5318 (Unrestricted file upload vulnerability in ...)
+	TODO: check
+CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware Shop ...)
+	TODO: check
+CVE-2012-5316 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam ...)
+	TODO: check
+CVE-2012-5315 (Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 ...)
+	TODO: check
+CVE-2012-5314 (Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier ...)
+	TODO: check
+CVE-2012-5313 (SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows ...)
+	TODO: check
+CVE-2012-5312 (SQL injection vulnerability in Tribiq CMS allows remote attackers to ...)
+	TODO: check
+CVE-2012-5311 (Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ...)
+	TODO: check
+CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...)
+	TODO: check
+CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim ...)
+	TODO: check
+CVE-2012-5308 (Cross-site request forgery (CSRF) vulnerability in servlet/traveler in ...)
+	TODO: check
+CVE-2012-5307 (Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM ...)
+	TODO: check
+CVE-2012-5306 (Stack-based buffer overflow in the SelectDirectory method in ...)
+	TODO: check
+CVE-2012-5305 (Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC ...)
+	TODO: check
+CVE-2012-5304 (Static code injection vulnerability in administration/install.php in ...)
+	TODO: check
+CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite ...)
+	TODO: check
+CVE-2012-5302
+	RESERVED
+CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin ...)
+	TODO: check
+CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
+	TODO: check
+CVE-2010-5278 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...)
+	TODO: check
+CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for ...)
+	TODO: check
+CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...)
+	TODO: check
 CVE-2012-XXXX [claws-mail null ptr crash]
 	- claws-mail <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862578
@@ -74,56 +164,56 @@
 	RESERVED
 CVE-2012-5273
 	RESERVED
-CVE-2012-5272
-	RESERVED
-CVE-2012-5271
-	RESERVED
-CVE-2012-5270
-	RESERVED
-CVE-2012-5269
-	RESERVED
-CVE-2012-5268
-	RESERVED
-CVE-2012-5267
-	RESERVED
-CVE-2012-5266
-	RESERVED
-CVE-2012-5265
-	RESERVED
-CVE-2012-5264
-	RESERVED
-CVE-2012-5263
-	RESERVED
-CVE-2012-5262
-	RESERVED
-CVE-2012-5261
-	RESERVED
-CVE-2012-5260
-	RESERVED
-CVE-2012-5259
-	RESERVED
-CVE-2012-5258
-	RESERVED
-CVE-2012-5257
-	RESERVED
-CVE-2012-5256
-	RESERVED
-CVE-2012-5255
-	RESERVED
-CVE-2012-5254
-	RESERVED
-CVE-2012-5253
-	RESERVED
-CVE-2012-5252
-	RESERVED
-CVE-2012-5251
-	RESERVED
-CVE-2012-5250
-	RESERVED
-CVE-2012-5249
-	RESERVED
-CVE-2012-5248
-	RESERVED
+CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5270 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5269 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5268 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5267 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5266 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5265 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5264 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5263 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5262 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5261 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5260 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5259 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5258 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5257 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5256 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5255 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5254 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5253 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5252 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
+	TODO: check
+CVE-2012-5251 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5250 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5249 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
+CVE-2012-5248 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
+	TODO: check
 CVE-2012-5247
 	RESERVED
 CVE-2012-5246
@@ -399,17 +489,13 @@
 	RESERVED
 CVE-2012-5112
 	RESERVED
-CVE-2012-5111
-	RESERVED
+CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of ...)
 	- chromium-browser <unfixed>
-CVE-2012-5110
-	RESERVED
+CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote ...)
 	- chromium-browser <unfixed>
-CVE-2012-5109
-	RESERVED
+CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...)
 	- chromium-browser <unfixed>
-CVE-2012-5108
-	RESERVED
+CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote ...)
 	- chromium-browser <unfixed>
 CVE-2012-5107
 	RESERVED
@@ -525,10 +611,10 @@
 	RESERVED
 CVE-2012-5052
 	RESERVED
-CVE-2012-5051
-	RESERVED
-CVE-2012-5050
-	RESERVED
+CVE-2012-5051 (Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows ...)
+	TODO: check
+CVE-2012-5050 (Cross-site scripting (XSS) vulnerability in the server in VMware ...)
+	TODO: check
 CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...)
 	NOT-FOR-US: Optimalog Optima PLC
 CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...)
@@ -919,8 +1005,8 @@
 	RESERVED
 CVE-2012-4898
 	RESERVED
-CVE-2012-4897
-	RESERVED
+CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie ...)
+	TODO: check
 CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
 	TODO: check
 CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
@@ -1069,10 +1155,10 @@
 	RESERVED
 CVE-2012-4826
 	RESERVED
-CVE-2012-4825
-	RESERVED
-CVE-2012-4824
-	RESERVED
+CVE-2012-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2012-4824 (Open redirect vulnerability in servlet/traveler in IBM Lotus Notes ...)
+	TODO: check
 CVE-2012-4823
 	RESERVED
 CVE-2012-4822
@@ -2273,11 +2359,9 @@
 	- wpa 1.0-3 (bug #689990)
 CVE-2012-4444
 	RESERVED
-CVE-2012-4443 [monkey: CGI scripts executed without dropping RUID/RGID root]
-	RESERVED
+CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of ...)
 	- monkey <removed> (bug #688008)
-CVE-2012-4442 [monkey: Fails to drop supplemental groups when lowering privileges]
-	RESERVED
+CVE-2012-4442 (Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the ...)
 	- monkey <removed> (bug #688007)
 	NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/09/20/7
 CVE-2012-4441 [jenkins XSS in CI game plugin]
@@ -3397,7 +3481,7 @@
 	- icedove 10.0.7-1
 	- iceape 2.7.7-1
 CVE-2012-3977
-	RESERVED
+	REJECTED
 CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and ...)
 	- iceweasel 10.0.7esr-1
 	- iceape 2.7.7-1
@@ -5933,8 +6017,7 @@
 	NOT-FOR-US: Joomla JCE
 CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the ...)
 	NOT-FOR-US: Joomla JCE
-CVE-2012-2900
-	RESERVED
+CVE-2012-2900 (Skia, as used in Google Chrome before 22.0.1229.92, does not properly ...)
 	- chromium-browser <unfixed>
 CVE-2012-2899
 	RESERVED
@@ -9042,8 +9125,8 @@
 	NOT-FOR-US: e-ticketing
 CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 ...)
 	NOT-FOR-US: Hotel Booking Portal
-CVE-2012-1671
-	RESERVED
+CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and ...)
+	TODO: check
 CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote ...)
 	NOT-FOR-US: PHP Grade Book
 CVE-2012-1669
@@ -9121,8 +9204,7 @@
 	NOT-FOR-US: Drupal addon module not packaged in Debian
 CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1634
-	RESERVED
+CVE-2012-1634 (Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
 CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -9142,11 +9224,9 @@
 	NOT-FOR-US: Drupal addon module not packaged in Debian
 CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1624
-	RESERVED
+CVE-2012-1624 (Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1623
-	RESERVED
+CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does not ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
 CVE-2012-1622
 	RESERVED
@@ -9158,8 +9238,7 @@
 	- suckless-tools <unfixed> (unimportant; bug #667796)
 CVE-2012-1619
 	RESERVED
-CVE-2012-1618 [jdbc pgsql SQL injection]
-	RESERVED
+CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...)
 	- libpgjava <not-affected> (Even the version in oldstable had 8.2)
 CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...)
 	NOT-FOR-US: OSClass not in Debian
@@ -9290,11 +9369,10 @@
 CVE-2012-1566
 	RESERVED
 	NOT-FOR-US: LinuxMint
-CVE-2012-1565
-	RESERVED
+CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...)
 	NOT-FOR-US: eZ Publish
-CVE-2012-1564
-	RESERVED
+CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2012-1563
 	RESERVED
 	NOT-FOR-US: Joomla!
@@ -9604,12 +9682,12 @@
 	NOT-FOR-US: Chrome books
 CVE-2012-1417
 	RESERVED
-CVE-2012-1416
-	RESERVED
+CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
 CVE-2012-1415
 	RESERVED
-CVE-2012-1414
-	RESERVED
+CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...)
+	TODO: check
 CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Zen Cart
 CVE-2012-1412
@@ -9821,8 +9899,8 @@
 	NOT-FOR-US: Cisco IOS
 CVE-2012-1309
 	RESERVED
-CVE-2012-1308
-	RESERVED
+CVE-2012-1308 (Cross-site request forgery (CSRF) vulnerability in redpass.cgi in ...)
+	TODO: check
 CVE-2012-1307
 	RESERVED
 CVE-2012-1306
@@ -10076,8 +10154,7 @@
 	[lenny] - phpmyadmin <not-affected>
 	[squeeze] - phpmyadmin <not-affected>
 	NOTE: hypothetical issue
-CVE-2012-1189
-	RESERVED
+CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in ...)
 	- torcs 1.3.3-1 (low; bug #660555)
 	[squeeze] - torcs <no-dsa> (Minor issue)
 	- speed-dreams <itp> (bug #599884)
@@ -10197,8 +10274,7 @@
 CVE-2012-1154
 	RESERVED
 	NOT-FOR-US: mod_cluster
-CVE-2012-1153
-	RESERVED
+CVE-2012-1153 (Unrestricted file upload vulnerability in ...)
 	NOT-FOR-US: AppRain CMS, not in Debian
 CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting ...)
 	{DSA-2432-1}
@@ -10206,8 +10282,7 @@
 CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka ...)
 	{DSA-2431-1}
 	- libdbd-pg-perl 2.19.0-1 (bug #661536)
-CVE-2012-1150
-	RESERVED
+CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x ...)
 	- python2.5 <removed> (low)
 	- python2.6 2.6.8-0.1 (low)
 	- python2.7 2.7.3~rc1-1 (low)
@@ -10290,8 +10365,7 @@
 CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
 	- freetype 2.4.9-1 (unimportant; bug #662864)
 	NOTE: Crash only
-CVE-2012-1125
-	RESERVED
+CVE-2012-1125 (Unrestricted file upload vulnerability in ...)
 	NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian)
 CVE-2012-1124
 	RESERVED
@@ -10646,10 +10720,10 @@
 	TODO: check
 CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: KnowledgeTree
-CVE-2012-0987
-	RESERVED
-CVE-2012-0986
-	RESERVED
+CVE-2012-0987 (Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x ...)
+	TODO: check
+CVE-2012-0986 (Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS ...)
+	TODO: check
 CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control ...)
 	NOT-FOR-US: Sony VAIO wireless LAN management ActiveX
 CVE-2012-0984
@@ -11001,11 +11075,9 @@
 CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples function in ...)
 	- libav <not-affected> (Vulnerable code not present)
 	- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0846
-	RESERVED
+CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
 	- webcalendar <removed>
-CVE-2012-0845
-	RESERVED
+CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, ...)
 	- python3.1 <removed> (low)
 	[squeeze] - python3.1 <no-dsa> (Minor issue)
 	- python3.2 3.2.3~rc1-1
@@ -12866,8 +12938,7 @@
 CVE-2011-4933
 	RESERVED
 	- joomla <itp> (bug #571794)
-CVE-2011-4932
-	RESERVED
+CVE-2011-4932 (Eval injection vulnerability in ...)
 	NOT-FOR-US: ImpressPages CMS not in Debian
 CVE-2011-4931
 	RESERVED
@@ -12876,18 +12947,15 @@
 CVE-2011-4930
 	RESERVED
 	- condor <not-affected> (Fixed before initial release)
-CVE-2011-4929
-	RESERVED
+CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
 	{DSA-2261-1}
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
-CVE-2011-4928
-	RESERVED
+CVE-2011-4928 (Cross-site scripting (XSS) vulnerability in the textile formatter in ...)
 	{DSA-2261-1}
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
-CVE-2011-4927
-	RESERVED
+CVE-2011-4927 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
 	{DSA-2261-1}
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
@@ -12943,14 +13011,11 @@
 CVE-2011-4912
 	RESERVED
 	NOT-FOR-US: Joomla
-CVE-2011-4911
-	RESERVED
+CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified ...)
 	NOT-FOR-US: Joomla
-CVE-2011-4910
-	RESERVED
+CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 ...)
 	NOT-FOR-US: Joomla
-CVE-2011-4909
-	RESERVED
+CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
 	NOT-FOR-US: Joomla
 CVE-2011-4908
 	RESERVED
@@ -13973,8 +14038,7 @@
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
-CVE-2012-0065
-	RESERVED
+CVE-2012-0065 (Heap-based buffer overflow in the receive_packet function in ...)
 	- usbmuxd 1.0.7-2 (medium; bug #656581)
 	[lenny] - usbmuxd <not-affected> (introduced in 1.0.7)
 	[squeeze] - usbmuxd <not-affected> (introduced in 1.0.7)
@@ -14273,12 +14337,12 @@
 	RESERVED
 CVE-2011-4641
 	RESERVED
-CVE-2011-4640
-	RESERVED
-CVE-2011-4639
-	RESERVED
-CVE-2011-4638
-	RESERVED
+CVE-2011-4640 (Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan ...)
+	TODO: check
+CVE-2011-4639 (The (1) Traceroute and (2) Ping implementations in tools.php in ...)
+	TODO: check
+CVE-2011-4638 (Multiple SQL injection vulnerabilities in SpamTitan WebTitan before ...)
+	TODO: check
 CVE-2011-4637
 	RESERVED
 CVE-2011-4636
@@ -14542,16 +14606,16 @@
 	RESERVED
 CVE-2011-4549
 	RESERVED
-CVE-2010-5067
-	RESERVED
-CVE-2010-5066
-	RESERVED
-CVE-2010-5065
-	RESERVED
-CVE-2010-5064
-	RESERVED
-CVE-2010-5063
-	RESERVED
+CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that ...)
+	TODO: check
+CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in ...)
+	TODO: check
+CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
+	TODO: check
+CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War ...)
+	TODO: check
+CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) ...)
+	TODO: check
 CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	- chromium-browser <not-affected>
 	- webkit <not-affected>
@@ -15033,8 +15097,7 @@
 	- ffmpeg-debian <end-of-life>
 	NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
-CVE-2011-4363
-	RESERVED
+CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when ...)
 	- libproc-processtable-perl <unfixed> (low; bug #650500)
 	[squeeze] - libproc-processtable-perl <no-dsa> (Minor issue)
 	[lenny] - libproc-processtable-perl <no-dsa> (Minor issue)
@@ -15121,8 +15184,7 @@
 CVE-2011-4343
 	RESERVED
 	NOT-FOR-US: Apache MyFaces
-CVE-2011-4342
-	RESERVED
+CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-4341 (Multiple SQL injection vulnerabilities in ...)
 	- symfony <removed>
@@ -16590,8 +16652,8 @@
 	- chromium-browser 16.0.912.75~r116452-1
 	- webkit <undetermined>
 	- libxml2 2.7.8.dfsg-7 (bug #656377)
-CVE-2011-3918
-	RESERVED
+CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests ...)
+	TODO: check
 CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before ...)
 	- chromium-browser 16.0.912.63~r113337-1
 	- webkit <undetermined>




More information about the Secure-testing-commits mailing list