[Secure-testing-commits] r20113 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Sep 6 21:14:21 UTC 2012
Author: joeyh
Date: 2012-09-06 21:14:20 +0000 (Thu, 06 Sep 2012)
New Revision: 20113
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-06 20:55:09 UTC (rev 20112)
+++ data/CVE/list 2012-09-06 21:14:20 UTC (rev 20113)
@@ -1,9 +1,98 @@
+CVE-2012-4759 (Untrusted search path vulnerability in facebook_plugin.fpi in the ...)
+ TODO: check
+CVE-2012-4758 (Multiple untrusted search path vulnerabilities in CyberLink ...)
+ TODO: check
+CVE-2012-4757 (Multiple untrusted search path vulnerabilities in CyberLink ...)
+ TODO: check
+CVE-2012-4756 (Multiple untrusted search path vulnerabilities in CyberLink LabelPrint ...)
+ TODO: check
+CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before 2.6 ...)
+ TODO: check
+CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 ...)
+ TODO: check
+CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before ...)
+ TODO: check
+CVE-2011-5156 (Untrusted search path vulnerability in Effective File Search 6.7 ...)
+ TODO: check
+CVE-2011-5155 (Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 ...)
+ TODO: check
+CVE-2011-5154 (Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and ...)
+ TODO: check
+CVE-2011-5153 (Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows ...)
+ TODO: check
+CVE-2011-5152 (Multiple untrusted search path vulnerabilities in ACDSee Photo Editor ...)
+ TODO: check
+CVE-2011-5151 (Untrusted search path vulnerability in ACDSee Picture Frame Manager ...)
+ TODO: check
+CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local ...)
+ TODO: check
+CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker ...)
+ TODO: check
+CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project ...)
+ TODO: check
+CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local ...)
+ TODO: check
+CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows ...)
+ TODO: check
+CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 ...)
+ TODO: check
+CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows ...)
+ TODO: check
+CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows ...)
+ TODO: check
+CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities ...)
+ TODO: check
+CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 ...)
+ TODO: check
+CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 ...)
+ TODO: check
+CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 ...)
+ TODO: check
+CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer ...)
+ TODO: check
+CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 ...)
+ TODO: check
+CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local ...)
+ TODO: check
+CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...)
+ TODO: check
+CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader ...)
+ TODO: check
+CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) ...)
+ TODO: check
+CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...)
+ TODO: check
+CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...)
+ TODO: check
+CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...)
+ TODO: check
+CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony ...)
+ TODO: check
+CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure ...)
+ TODO: check
+CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic ...)
+ TODO: check
+CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 ...)
+ TODO: check
+CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before ...)
+ TODO: check
+CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 ...)
+ TODO: check
+CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks ...)
+ TODO: check
+CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users ...)
+ TODO: check
+CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before ...)
+ TODO: check
+CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local ...)
+ TODO: check
CVE-2012-4410 [blender /tmp/quit.blend temp file issue]
+ RESERVED
- blender <unfixed> (bug #584621)
-CVE-2012-4753 [ownCloud CSRF fixed by 4.0.5]
+CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- owncloud 4.0.5debian-1
NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
-CVE-2012-4752 [ownCloud registered user could change app configs without admin rights]
+CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict ...)
- owncloud 4.0.7debian-1
NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
CVE-2012-4751
@@ -956,43 +1045,32 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2012-4397
- RESERVED
+CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.1debian-1
-CVE-2012-4396
- RESERVED
+CVE-2012-4396 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 4.0.2debian-1
-CVE-2012-4395
- RESERVED
+CVE-2012-4395 (Cross-site scripting (XSS) vulnerability in index.php in ownCloud ...)
- owncloud 4.0.3debian-1
-CVE-2012-4394
- RESERVED
+CVE-2012-4394 (Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js ...)
- owncloud 4.0.5debian-1 (bug #686567)
-CVE-2012-4393
- RESERVED
+CVE-2012-4393 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
- owncloud 4.0.7debian-1 (bug #686567)
-CVE-2012-4392
- RESERVED
+CVE-2012-4392 (index.php in ownCloud 4.0.7 does not properly validate the oc_token ...)
- owncloud 4.0.7debian-1 (bug #686567)
-CVE-2012-4391
- RESERVED
+CVE-2012-4391 (Cross-site request forgery (CSRF) vulnerability in ...)
- owncloud 4.0.7debian-1 (bug #686567)
-CVE-2012-4390
- RESERVED
+CVE-2012-4390 ((1) apps/calendar/appinfo/remote.php and (2) ...)
- owncloud 4.0.7debian-1 (bug #686567)
-CVE-2012-4389
- RESERVED
+CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
- owncloud 4.0.7debian-1 (bug #686567)
CVE-2012-4388 [php5 incomplete fix of CVE-2011-1398]
RESERVED
- php5 5.4.1~rc1-1
[squeeze] - php5 <not-affected> (CVE-2011-1398 was never fixed in squeeze)
-CVE-2012-4387 [Apache Struts DoS]
- RESERVED
+CVE-2012-4387 (Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2)
NOTE: http://struts.apache.org/2.x/docs/s2-011.html
-CVE-2012-4386 [Apache Struts CSRF protection bypass]
- RESERVED
+CVE-2012-4386 (The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does ...)
- libstruts1.2-java <not-affected> (Only affects Struts 2)
NOTE: http://struts.apache.org/2.x/docs/s2-010.html
CVE-2012-4385 [letodms CSRF]
@@ -2837,8 +2915,8 @@
RESERVED
- linux 3.0-1
- linux-2.6 <removed>
-CVE-2012-3551
- RESERVED
+CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2012-3550
RESERVED
CVE-2012-3549 [FreeBSD kernel SCTP DoS]
@@ -2863,26 +2941,22 @@
CVE-2012-3543
RESERVED
- mono <unfixed> (bug #686562)
-CVE-2012-3542
- RESERVED
+CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and ...)
- keystone 2012.1.1-5
CVE-2012-3541
RESERVED
-CVE-2012-3540
- RESERVED
+CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...)
- horizon 2012.1.1-5 (bug #686050)
CVE-2012-3539
REJECTED
CVE-2012-3538
RESERVED
-CVE-2012-3537
- RESERVED
+CVE-2012-3537 (The Crowbar Ohai plugin ...)
NOT-FOR-US: crowbar ohai plugin
NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
CVE-2012-3536
RESERVED
-CVE-2012-3535
- RESERVED
+CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote ...)
- openjpeg <unfixed> (bug #685970)
CVE-2012-3534 (GNU Gatekeeper before 3.1 does not limit the number of connections to ...)
- gnugk <unfixed> (bug #685969)
@@ -2890,28 +2964,22 @@
NOT-FOR-US: ovirt
CVE-2012-3532
RESERVED
-CVE-2012-3531
- RESERVED
+CVE-2012-3531 (Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 ...)
{DSA-2537-1}
- typo3-src 4.5.19+dfsg1-1 (bug #685011)
-CVE-2012-3530
- RESERVED
+CVE-2012-3530 (Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API ...)
{DSA-2537-1}
- typo3-src 4.5.19+dfsg1-1 (bug #685011)
-CVE-2012-3529
- RESERVED
+CVE-2012-3529 (The configuration module in the backend in TYPO3 4.5.x before 4.5.19, ...)
{DSA-2537-1}
- typo3-src 4.5.19+dfsg1-1 (bug #685011)
-CVE-2012-3528
- RESERVED
+CVE-2012-3528 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
{DSA-2537-1}
- typo3-src 4.5.19+dfsg1-1 (bug #685011)
-CVE-2012-3527
- RESERVED
+CVE-2012-3527 (view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, ...)
{DSA-2537-1}
- typo3-src 4.5.19+dfsg1-1 (bug #685011)
-CVE-2012-3526 [mod_rpaf dos]
- RESERVED
+CVE-2012-3526 (The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the ...)
{DSA-2532-1}
- libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
@@ -2969,8 +3037,7 @@
RESERVED
- linux 2.6.20-1
- linux-2.6 2.6.20-1
-CVE-2012-3509 [libiberty _objalloc_alloc int overflow]
- RESERVED
+CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in ...)
- binutils <unfixed>
NOTE: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411
TODO: track down the affected packages
@@ -4187,8 +4254,8 @@
NOT-FOR-US: GarrettCom Magnum MNS-6K
CVE-2012-3013
RESERVED
-CVE-2012-3012
- RESERVED
+CVE-2012-3012 (The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 ...)
+ TODO: check
CVE-2012-3011
RESERVED
CVE-2012-3010
@@ -5692,7 +5759,7 @@
- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...)
- owncloud 3.0.3-1
-CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud 3.0.2 ...)
+CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud before ...)
- owncloud 3.0.3-1
CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...)
- vlc <unfixed> (unimportant; bug #671727)
@@ -6046,7 +6113,7 @@
NOT-FOR-US: SkinCrafter
CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ...)
- owncloud 3.0.3-1
-CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 3.0.0 ...)
+CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
- owncloud 3.0.2-1
CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS ...)
NOT-FOR-US: ICONICS, BizViz
@@ -13311,19 +13378,15 @@
NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
- pmwiki <itp> (bug #330117)
-CVE-2011-4452
- RESERVED
-CVE-2011-4451
- RESERVED
+CVE-2011-4452 (Cross-site request forgery (CSRF) vulnerability in the AdminUsers ...)
+ TODO: check
+CVE-2011-4451 (** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
NOT-FOR-US: WikkaWiki
-CVE-2011-4450
- RESERVED
+CVE-2011-4450 (Directory traversal vulnerability in handlers/files.xml/files.xml.php ...)
NOT-FOR-US: WikkaWiki
-CVE-2011-4449
- RESERVED
+CVE-2011-4449 (actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
NOT-FOR-US: WikkaWiki
-CVE-2011-4448
- RESERVED
+CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php ...)
NOT-FOR-US: WikkaWiki
CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do ...)
NOT-FOR-US: Apple Mac OS X
@@ -17300,13 +17363,11 @@
RESERVED
- ghostscript 8.71~dfsg2-6.1
[lenny] - ghostscript <no-dsa> (too risky for regressions)
-CVE-2010-4819 [X.org ProcRenderGlyps input sanitation issue]
- RESERVED
+CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension ...)
- xorg-server 2:1.9.0.901-1
[squeeze] - xorg-server 2:1.7.7-4
[lenny] - xorg-server <no-dsa> (Minor issue)
-CVE-2010-4818 [X.org multiple input sanitization flaws]
- RESERVED
+CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated ...)
- xorg-server 2:1.9.99.902-1
[squeeze] - xorg-server 2:1.7.7-4
[lenny] - xorg-server <no-dsa> (Minor issue)
@@ -17378,8 +17439,7 @@
[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3147
RESERVED
-CVE-2011-3146
- RESERVED
+CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, ...)
- librsvg 2.34.1-1
NOTE: http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=658014
More information about the Secure-testing-commits
mailing list