[Secure-testing-commits] r20327 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Oct 10 21:14:34 UTC 2012
Author: joeyh
Date: 2012-10-10 21:14:33 +0000 (Wed, 10 Oct 2012)
New Revision: 20327
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-10 18:48:37 UTC (rev 20326)
+++ data/CVE/list 2012-10-10 21:14:33 UTC (rev 20327)
@@ -1,3 +1,33 @@
+CVE-2012-5353 (Eduserv allows remote attackers to forge messages and bypass ...)
+ TODO: check
+CVE-2012-5352 (Java Open Single Sign-On Project Home (JOSSO) allows remote attackers ...)
+ TODO: check
+CVE-2012-5351 (Apache Axis2 allows remote attackers to forge messages and bypass ...)
+ TODO: check
+CVE-2012-5350 (SQL injection vulnerability in the Pay With Tweet plugin before 1.2 ...)
+ TODO: check
+CVE-2012-5349 (Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the ...)
+ TODO: check
+CVE-2012-5348 (SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote ...)
+ TODO: check
+CVE-2012-5347 (TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code ...)
+ TODO: check
+CVE-2012-5346 (Cross-site scripting (XSS) vulnerability in wp-live.php in the WP ...)
+ TODO: check
+CVE-2012-5345 (Buffer overflow in the Remote command server (Rcmd.bat) in IpTools ...)
+ TODO: check
+CVE-2012-5344 (Directory traversal vulnerability in the WebServer (Thttpd.bat) in ...)
+ TODO: check
+CVE-2012-5343 (Cross-site scripting (XSS) vulnerability in admin/login.php in Limny ...)
+ TODO: check
+CVE-2012-5342 (Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS ...)
+ TODO: check
+CVE-2012-5341 (Multiple cross-site scripting (XSS) vulnerabilities in statistik.php ...)
+ TODO: check
+CVE-2011-5210 (Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 ...)
+ TODO: check
+CVE-2011-5209 (Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone ...)
+ TODO: check
CVE-2012-5340
RESERVED
CVE-2012-5339
@@ -2322,11 +2352,9 @@
RESERVED
CVE-2012-4458
RESERVED
-CVE-2012-4457
- RESERVED
+CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
- keystone 2012.1.1-9 (bug #689210)
-CVE-2012-4456
- RESERVED
+CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...)
- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4455
RESERVED
@@ -2334,11 +2362,9 @@
CVE-2012-4454
RESERVED
- opencryptoki <unfixed> (bug #689417)
-CVE-2012-4453 [dracut creates non-world readable initramfs images]
- RESERVED
+CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...)
- dracut <unfixed> (bug #688956)
-CVE-2012-4452
- RESERVED
+CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local ...)
- mysql-dfsg-5.0 <not-affected> (Debian never included that 5.0.88 release)
CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03]
RESERVED
@@ -2460,8 +2486,7 @@
NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
-CVE-2012-4418 [Apache Axis2 XML Signature Wrapping Attack]
- RESERVED
+CVE-2012-4418 (Apache Axis2 allows remote attackers to forge messages and bypass ...)
NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis
CVE-2012-4417
RESERVED
@@ -2519,8 +2544,7 @@
CVE-2012-4400 (repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x ...)
- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
[squeeze] - moodle <not-affected> (Only affects >= 2.2)
-CVE-2012-4399 [cakephp XXE injection]
- RESERVED
+CVE-2012-4399 (The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 ...)
- cakephp <not-affected> (Does not affect 1.3)
NOTE: http://seclists.org/bugtraq/2012/Jul/101
NOTE: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
@@ -3441,14 +3465,12 @@
NOT-FOR-US: NHN Japan NAVER LINE
CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...)
NOT-FOR-US: Sleipnir Mobile
-CVE-2012-4003
- RESERVED
+CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT ...)
- glpi 0.83.31-1 (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
NOTE: https://forge.indepnet.net/projects/glpi/versions/771
NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
-CVE-2012-4002
- RESERVED
+CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI ...)
- glpi 0.83.31-1 (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
NOTE: https://forge.indepnet.net/projects/glpi/versions/771
@@ -4509,8 +4531,7 @@
NOT-FOR-US: Crowbar
CVE-2012-3550
RESERVED
-CVE-2012-3549 [FreeBSD kernel SCTP DoS]
- RESERVED
+CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to ...)
- kfreebsd-8 <unfixed> (bug #686961)
- kfreebsd-9 <unfixed> (bug #686962)
- kfreebsd-10 <unfixed> (bug #686963)
@@ -4648,8 +4669,7 @@
NOTE: http://trac.roundcube.net/ticket/1488519
CVE-2012-3506
RESERVED
-CVE-2012-3505 [tinyproxy DoS]
- RESERVED
+CVE-2012-3505 (tinyproxy before 1.8.3-3 allows remote attackers to cause a denial of ...)
- tinyproxy 1.8.3-3 (bug #685281)
NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
CVE-2012-3504
@@ -4851,8 +4871,7 @@
CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 ...)
- imagemagick 8:6.7.7.10-3 (low; bug #683285)
[squeeze] - imagemagick <no-dsa> (Minor issue)
-CVE-2012-3436 [OpenTTD DoS]
- RESERVED
+CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to ...)
{DSA-2524-1}
- openttd 1.2.1-2 (low; bug #683258)
CVE-2012-3435 (SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...)
@@ -6960,12 +6979,12 @@
RESERVED
CVE-2012-2553
RESERVED
-CVE-2012-2552
- RESERVED
-CVE-2012-2551
- RESERVED
-CVE-2012-2550
- RESERVED
+CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report ...)
+ TODO: check
+CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...)
+ TODO: check
+CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or ...)
+ TODO: check
CVE-2012-2549
RESERVED
CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
@@ -7006,10 +7025,10 @@
RESERVED
CVE-2012-2530
RESERVED
-CVE-2012-2529
- RESERVED
-CVE-2012-2528
- RESERVED
+CVE-2012-2529 (Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and ...)
+ TODO: check
CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
@@ -7024,8 +7043,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2012-2520
- RESERVED
+CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 ...)
+ TODO: check
CVE-2012-2519
RESERVED
CVE-2012-2518
@@ -13607,8 +13626,8 @@
NOT-FOR-US: Microsoft Excel
CVE-2012-0183 (Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for ...)
NOT-FOR-US: Microsoft Word
-CVE-2012-0182
- RESERVED
+CVE-2012-0182 (Microsoft Word 2007 SP2 and SP3 does not properly handle memory during ...)
+ TODO: check
CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
More information about the Secure-testing-commits
mailing list