[Secure-testing-commits] r20091 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Sep 4 21:14:19 UTC 2012
Author: joeyh
Date: 2012-09-04 21:14:18 +0000 (Tue, 04 Sep 2012)
New Revision: 20091
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-04 13:27:15 UTC (rev 20090)
+++ data/CVE/list 2012-09-04 21:14:18 UTC (rev 20091)
@@ -1,3 +1,55 @@
+CVE-2012-4747 (Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, ...)
+ TODO: check
+CVE-2012-4746 (Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi ...)
+ TODO: check
+CVE-2012-4745 (Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity ...)
+ TODO: check
+CVE-2012-4744 (Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche ...)
+ TODO: check
+CVE-2012-4743 (Multiple SQL injection vulnerabilities in ssearch.php in Siche search ...)
+ TODO: check
+CVE-2012-4742 (The web_node_register function in web.pm in PacketFence before 3.0.2 ...)
+ TODO: check
+CVE-2012-4741 (The RADIUS extension in PacketFence before 3.3.0 uses a different user ...)
+ TODO: check
+CVE-2012-4740 (Cross-site scripting (XSS) vulnerability in the captive portal in ...)
+ TODO: check
+CVE-2012-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL ...)
+ TODO: check
+CVE-2012-4738
+ RESERVED
+CVE-2011-5150 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 ...)
+ TODO: check
+CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 ...)
+ TODO: check
+CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File ...)
+ TODO: check
+CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax ...)
+ TODO: check
+CVE-2011-5146 (Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users ...)
+ TODO: check
+CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management ...)
+ TODO: check
+CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote ...)
+ TODO: check
+CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
+ TODO: check
+CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
+ TODO: check
+CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in ...)
+ TODO: check
+CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for ...)
+ TODO: check
+CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards ...)
+ TODO: check
+CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum ...)
+ TODO: check
+CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote ...)
+ TODO: check
+CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the ...)
+ TODO: check
+CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the ...)
+ TODO: check
CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterprise ...)
NOT-FOR-US: Sophos SafeGuard Enterprise
CVE-2012-4735
@@ -126,8 +178,7 @@
- xchat <unfixed> (bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
NOT-FOR-US: Adminimize plugin for Wordpress
-CVE-2012-4737
- RESERVED
+CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...)
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-XXXX
- juju 0.5.1-2 (bug #685728)
@@ -449,8 +500,8 @@
RESERVED
CVE-2012-4601
RESERVED
-CVE-2012-4600
- RESERVED
+CVE-2012-4600 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
+ TODO: check
CVE-2011-5102 (The Investigative Reports web interface in the TRITON management ...)
NOT-FOR-US: Websense
CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x ...)
@@ -1252,8 +1303,7 @@
NOT-FOR-US: phplist
CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: phplist
-CVE-2012-4245
- RESERVED
+CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require ...)
- gimp <unfixed> (unimportant)
NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
CVE-2012-4244
@@ -1409,23 +1459,23 @@
RESERVED
CVE-2012-4172
RESERVED
-CVE-2012-4171
- RESERVED
-CVE-2012-4170
- RESERVED
+CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
+ TODO: check
+CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows ...)
+ TODO: check
CVE-2012-4169
RESERVED
-CVE-2012-4168 (Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before ...)
+CVE-2012-4168 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2012-4167 (Integer overflow in Adobe Flash Player before 11.4.402.265 on Windows ...)
+CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x ...)
NOT-FOR-US: Adobe Flash
-CVE-2012-4166 (Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before ...)
+CVE-2012-4166 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2012-4165 (Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before ...)
+CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2012-4164 (Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before ...)
+CVE-2012-4164 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
NOT-FOR-US: Adobe Flash
-CVE-2012-4163 (Adobe Flash Player before 11.4.402.265 on Windows and Mac OS X, before ...)
+CVE-2012-4163 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
NOT-FOR-US: Adobe Flash
CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
NOT-FOR-US: Adobe Reader
@@ -1762,10 +1812,10 @@
RESERVED
CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar ...)
NOT-FOR-US: Opera
-CVE-2012-4009
- RESERVED
-CVE-2012-4008
- RESERVED
+CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...)
+ TODO: check
+CVE-2012-4008 (The Cybozu Live application 1.0.4 and earlier for Android allows ...)
+ TODO: check
CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...)
NOT-FOR-US: mixi application for Android
CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...)
@@ -1834,8 +1884,7 @@
- bugzilla4 <itp> (bug #669643)
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785522
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785511
-CVE-2012-3981
- RESERVED
+CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
- bugzilla4 <itp> (bug #669643)
@@ -2261,7 +2310,8 @@
RESERVED
CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for ...)
NOT-FOR-US: Drupal module
-CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not ...)
+CVE-2012-3801
+ REJECTED
NOT-FOR-US: Drupal module
CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic ...)
NOT-FOR-US: Drupal module
@@ -2703,8 +2753,8 @@
RESERVED
CVE-2012-3583
RESERVED
-CVE-2012-3582
- RESERVED
+CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...)
+ TODO: check
CVE-2012-3581 (Symantec Messaging Gateway before 10.0 allows remote attackers to ...)
NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3580 (Symantec Messaging Gateway before 10.0 allows remote authenticated ...)
@@ -2816,11 +2866,9 @@
CVE-2012-3535
RESERVED
- openjpeg <unfixed> (bug #685970)
-CVE-2012-3534 [gnugk connection overload DoS]
- RESERVED
+CVE-2012-3534 (GNU Gatekeeper before 3.1 does not limit the number of connections to ...)
- gnugk <unfixed> (bug #685969)
-CVE-2012-3533 [ovirt 3.1: does not validate server identity in new python SDK and CLI]
- RESERVED
+CVE-2012-3533 (The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 ...)
NOT-FOR-US: ovirt
CVE-2012-3532
RESERVED
@@ -2990,8 +3038,7 @@
- emacs24 <unfixed> (bug #684694)
NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
-CVE-2012-3478
- RESERVED
+CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended ...)
{DSA-2530-1}
- rssh 2.3.3-5
CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows ...)
@@ -3316,17 +3363,15 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
-CVE-2012-3380 [naxsi: file disclosure in nx_extract]
- RESERVED
+CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the ...)
- nginx 1.2.1-2
[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
CVE-2012-3379 [as31: insecure file creation in /tmp]
- RESERVED
+ REJECTED
- as31 2.3.1-5 (low; bug #655496)
[squeeze] - as31 <no-dsa> (Minor issue)
[lenny] - as31 <no-dsa> (Minor issue)
-CVE-2012-3378 [at-spi2-atk: insecure tempdir handling]
- RESERVED
+CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOME ...)
- at-spi2-atk 2.5.3-1 (bug #678026)
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
- vlc 2.0.2-1 (bug #680665)
@@ -4108,8 +4153,8 @@
NOT-FOR-US: Siemens SIMATIC
CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7 before ...)
NOT-FOR-US: Siemens SIMATIC
-CVE-2012-3014
- RESERVED
+CVE-2012-3014 (The Management Software application in GarrettCom Magnum MNS-6K before ...)
+ TODO: check
CVE-2012-3013
RESERVED
CVE-2012-3012
@@ -4414,29 +4459,21 @@
RESERVED
CVE-2012-2873
RESERVED
-CVE-2012-2872
- RESERVED
+CVE-2012-2872 (Cross-site scripting (XSS) vulnerability in an SSL interstitial page ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2871
- RESERVED
+CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2870
- RESERVED
+CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2869
- RESERVED
+CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2868
- RESERVED
+CVE-2012-2868 (Race condition in Google Chrome before 21.0.1180.89 allows remote ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2867
- RESERVED
+CVE-2012-2867 (The SPDY implementation in Google Chrome before 21.0.1180.89 allows ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2866
- RESERVED
+CVE-2012-2866 (Google Chrome before 21.0.1180.89 does not properly perform a cast of ...)
- chromium-browser 21.0.1180.89~r154005-1
-CVE-2012-2865
- RESERVED
+CVE-2012-2865 (Google Chrome before 21.0.1180.89 does not properly perform line ...)
- chromium-browser 21.0.1180.89~r154005-1
CVE-2012-2864 (Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, ...)
- mesa 8.0.4-2 (bug #685667)
@@ -4839,8 +4876,7 @@
NOT-FOR-US: Drupal module
CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module 6.x-1.x ...)
NOT-FOR-US: Drupal module
-CVE-2012-2704
- RESERVED
+CVE-2012-2704 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not ...)
NOT-FOR-US: Drupal Module
CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement module ...)
NOT-FOR-US: Drupal module
@@ -4965,12 +5001,10 @@
NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
RESERVED
-CVE-2012-2658
- RESERVED
+CVE-2012-2658 (** DISPUTED ** ...)
- unixodbc <unfixed> (unimportant; bug #675058)
NOTE: Only triggerable by trusted input, not a security issue
-CVE-2012-2657
- RESERVED
+CVE-2012-2657 (** DISPUTED ** ...)
- unixodbc <unfixed> (unimportant; bug #675058)
NOTE: Only triggerable by trusted input, not a security issue
CVE-2012-2656 [XXE vulnerability in Restlet]
@@ -5943,8 +5977,8 @@
RESERVED
CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender ...)
NOT-FOR-US: EMC
-CVE-2012-2288
- RESERVED
+CVE-2012-2288 (Format string vulnerability in the nsrd RPC service in EMC NetWorker ...)
+ TODO: check
CVE-2012-2287
RESERVED
CVE-2012-2286
@@ -6168,8 +6202,7 @@
NOT-FOR-US: IBM Power Hardware Management Console
CVE-2012-2187
RESERVED
-CVE-2012-2186
- RESERVED
+CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...)
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-2185
RESERVED
@@ -6352,17 +6385,14 @@
- xorg-server 2:1.12.1.902-1 (bug #673148)
[squeeze] - xorg-server <not-affected> (Introduced in 1.10)
NOTE: http://lists.x.org/pipermail/xorg-devel/2012-May/031411.html
-CVE-2012-2117
- RESERVED
+CVE-2012-2117 (Cross-site scripting (XSS) vulnerability in the Gigya - Social ...)
NOT-FOR-US: Drupal plugin (Gigya - Social Optimization) not in Debian
-CVE-2012-2116
- RESERVED
+CVE-2012-2116 (Cross-site request forgery (CSRF) vulnerability in the Commerce ...)
NOT-FOR-US: Drupal plugin (Commerce Reorder) not in Debian
CVE-2012-2115
RESERVED
NOT-FOR-US: OpenEMR not in Debian
-CVE-2012-2114
- RESERVED
+CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and ...)
NOT-FOR-US: musl libc not in Debian
CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow ...)
- tiff 4.0.2-1 (bug #678140)
@@ -6458,8 +6488,7 @@
CVE-2012-2084
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2083
- RESERVED
+CVE-2012-2083 (Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -11028,8 +11057,8 @@
NOT-FOR-US: XnView
CVE-2012-0276 (Multiple heap-based buffer overflows in XnView before 1.99 allow ...)
NOT-FOR-US: XnView
-CVE-2012-0275
- RESERVED
+CVE-2012-0275 (Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 ...)
+ TODO: check
CVE-2012-0274
RESERVED
CVE-2012-0273
@@ -11270,18 +11299,18 @@
CVE-2011-4952
RESERVED
- cobbler <itp> (bug #545583)
-CVE-2011-4951
- RESERVED
-CVE-2011-4950
- RESERVED
-CVE-2011-4949
- RESERVED
-CVE-2011-4948
- RESERVED
-CVE-2011-4947
- RESERVED
-CVE-2011-4946
- RESERVED
+CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware ...)
+ TODO: check
+CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2011-4949 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2011-4948 (Directory traversal vulnerability in admin/remote.php in EGroupware ...)
+ TODO: check
+CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 ...)
+ TODO: check
CVE-2011-4945
RESERVED
- policykit-1 0.103-1
More information about the Secure-testing-commits
mailing list