[Secure-testing-commits] r20149 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Sep 12 21:14:29 UTC 2012
Author: joeyh
Date: 2012-09-12 21:14:29 +0000 (Wed, 12 Sep 2012)
New Revision: 20149
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-12 19:50:54 UTC (rev 20148)
+++ data/CVE/list 2012-09-12 21:14:29 UTC (rev 20149)
@@ -1,3 +1,29 @@
+CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
+ TODO: check
+CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ...)
+ TODO: check
+CVE-2012-4890 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
+ TODO: check
+CVE-2012-4889 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
+ TODO: check
+CVE-2012-4888
+ RESERVED
+CVE-2012-4887
+ RESERVED
+CVE-2012-4886
+ RESERVED
+CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
+ TODO: check
+CVE-2012-4884
+ RESERVED
+CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph ...)
+ TODO: check
+CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 ...)
+ TODO: check
+CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...)
+ TODO: check
CVE-2012-4883 (Multiple untrusted search path vulnerabilities in 3DVIA Composer ...)
NOT-FOR-US: 3DVIA Composer V6R2012
CVE-2012-4882 (Multiple untrusted search path vulnerabilities in 3D XML Player ...)
@@ -1383,8 +1409,7 @@
- argyll 1.4.0-7 (bug #687275)
- ghostscript <unfixed> (bug #687274)
NOTE: isolated security fix
-CVE-2012-4404 [moinmoin virtual groups and ACLs evaluation issue]
- RESERVED
+CVE-2012-4404 (security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly ...)
{DSA-2538-1}
- moin 1.9.4-8
NOTE: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
@@ -1423,8 +1448,7 @@
- owncloud 4.0.7debian-1 (bug #686567)
CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
- owncloud 4.0.7debian-1 (bug #686567)
-CVE-2012-4388 [php5 incomplete fix of CVE-2011-1398]
- RESERVED
+CVE-2012-4388 (The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...)
- php5 5.4.1~rc1-1
[squeeze] - php5 <not-affected> (CVE-2011-1398 was never fixed in squeeze)
CVE-2012-4387 (Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a ...)
@@ -1766,6 +1790,7 @@
NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
CVE-2012-4244
RESERVED
+ {DSA-2547-1}
- bind9 <unfixed>
CVE-2012-4243
RESERVED
@@ -2265,10 +2290,10 @@
RESERVED
CVE-2012-4013
RESERVED
-CVE-2012-4012
- RESERVED
-CVE-2012-4011
- RESERVED
+CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for ...)
+ TODO: check
+CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote ...)
+ TODO: check
CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar ...)
NOT-FOR-US: Opera
CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...)
@@ -3233,8 +3258,8 @@
NOT-FOR-US: Wordpress plugin
CVE-2012-3573
RESERVED
-CVE-2012-3572
- RESERVED
+CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and ...)
+ TODO: check
CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with ...)
NOTE: Disputed NSS issue
CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows ...)
@@ -3990,8 +4015,8 @@
RESERVED
CVE-2012-3327
RESERVED
-CVE-2012-3326
- RESERVED
+CVE-2012-3326 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3324
@@ -4016,8 +4041,8 @@
RESERVED
CVE-2012-3314
RESERVED
-CVE-2012-3313
- RESERVED
+CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...)
NOT-FOR-US: IBM InfoSphere Guardium
CVE-2012-3311
@@ -4130,12 +4155,12 @@
RESERVED
CVE-2012-3258
RESERVED
-CVE-2012-3257
- RESERVED
-CVE-2012-3256
- RESERVED
-CVE-2012-3255
- RESERVED
+CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...)
+ TODO: check
+CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business ...)
+ TODO: check
+CVE-2012-3255 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
+ TODO: check
CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center ...)
NOT-FOR-US: HP iNode Management Center
CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management ...)
@@ -4177,8 +4202,8 @@
NOTE: Harmless crasher w/o security impact
CVE-2012-3235
RESERVED
-CVE-2012-3234
- RESERVED
+CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through ...)
+ TODO: check
CVE-2012-3233
RESERVED
CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web at all 2.0, ...)
@@ -4642,8 +4667,8 @@
NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch ...)
NOT-FOR-US: Wonderwar
-CVE-2012-3004
- RESERVED
+CVE-2012-3004 (Multiple untrusted search path vulnerabilities in RealFlex RealWin ...)
+ TODO: check
CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in ...)
NOT-FOR-US: WinCC
CVE-2012-3002
@@ -4684,12 +4709,12 @@
NOT-FOR-US: CuteSoft Cute Editor
CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Websense
-CVE-2012-2983
- RESERVED
-CVE-2012-2982
- RESERVED
-CVE-2012-2981
- RESERVED
+CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an ...)
+ TODO: check
+CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...)
+ TODO: check
+CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...)
+ TODO: check
CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...)
NOT-FOR-US: Samsung and HTC Android
CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
@@ -4702,8 +4727,8 @@
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
-CVE-2012-2975
- RESERVED
+CVE-2012-2975 (Cross-site scripting (XSS) vulnerability in the traffic overview page ...)
+ TODO: check
CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers ...)
NOT-FOR-US: SMC SMC8024L2 switch
CVE-2012-2973
@@ -5109,72 +5134,72 @@
- libjpeg-turbo <itp> (bug #612341)
CVE-2012-2805
RESERVED
-CVE-2012-2804
- RESERVED
-CVE-2012-2803
- RESERVED
-CVE-2012-2802
- RESERVED
-CVE-2012-2801
- RESERVED
-CVE-2012-2800
- RESERVED
-CVE-2012-2799
- RESERVED
-CVE-2012-2798
- RESERVED
-CVE-2012-2797
- RESERVED
-CVE-2012-2796
- RESERVED
-CVE-2012-2795
- RESERVED
-CVE-2012-2794
- RESERVED
-CVE-2012-2793
- RESERVED
-CVE-2012-2792
- RESERVED
-CVE-2012-2791
- RESERVED
-CVE-2012-2790
- RESERVED
-CVE-2012-2789
- RESERVED
-CVE-2012-2788
- RESERVED
-CVE-2012-2787
- RESERVED
-CVE-2012-2786
- RESERVED
-CVE-2012-2785
- RESERVED
-CVE-2012-2784
- RESERVED
-CVE-2012-2783
- RESERVED
-CVE-2012-2782
- RESERVED
+CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
+ TODO: check
+CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
+ TODO: check
+CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
+ TODO: check
+CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 ...)
+ TODO: check
+CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
+ TODO: check
+CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg ...)
+ TODO: check
+CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
+ TODO: check
+CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
+ TODO: check
+CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
+ TODO: check
+CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
+ TODO: check
+CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
+ TODO: check
+CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...)
+ TODO: check
+CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
+ TODO: check
+CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr ...)
+ TODO: check
+CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in ...)
+ TODO: check
+CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in ...)
+ TODO: check
+CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in ...)
+ TODO: check
+CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...)
+ TODO: check
+CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...)
+ TODO: check
+CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
+ TODO: check
+CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...)
+ TODO: check
+CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 ...)
+ TODO: check
+CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in ...)
+ TODO: check
CVE-2012-2781
RESERVED
CVE-2012-2780
RESERVED
-CVE-2012-2779
- RESERVED
+CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...)
+ TODO: check
CVE-2012-2778
RESERVED
-CVE-2012-2777
- RESERVED
-CVE-2012-2776
- RESERVED
-CVE-2012-2775
- RESERVED
-CVE-2012-2774
- RESERVED
+CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...)
+ TODO: check
+CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in ...)
+ TODO: check
+CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in ...)
+ TODO: check
+CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...)
+ TODO: check
CVE-2012-2773
RESERVED
-CVE-2012-2772
- RESERVED
+CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in ...)
+ TODO: check
CVE-2012-2771
RESERVED
CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical ...)
@@ -5729,8 +5754,8 @@
RESERVED
CVE-2012-2537
RESERVED
-CVE-2012-2536
- RESERVED
+CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems ...)
+ TODO: check
CVE-2012-2535
RESERVED
CVE-2012-2534
@@ -5981,14 +6006,14 @@
RESERVED
CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and ...)
NOT-FOR-US: RealNetworks RealPlayer
-CVE-2012-2410
- RESERVED
-CVE-2012-2409
- RESERVED
-CVE-2012-2408
- RESERVED
-CVE-2012-2407
- RESERVED
+CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
+ TODO: check
+CVE-2012-2409 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
+ TODO: check
+CVE-2012-2408 (The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP ...)
+ TODO: check
+CVE-2012-2407 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
+ TODO: check
CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 ...)
NOT-FOR-US: RealPlayer
CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...)
@@ -6383,11 +6408,9 @@
CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...)
- php5 5.3.6-1 (bug #581170)
[squeeze] - php5 5.3.3-7+squeeze4
-CVE-2012-2316 [OpenKM Arbitrary Admin User Creation CSRF]
- RESERVED
+CVE-2012-2316 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: OpenKM
-CVE-2012-2315 [OpenKM Permission Weakness Admin Privilege Escalation]
- RESERVED
+CVE-2012-2315 (admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not ...)
NOT-FOR-US: OpenKM
CVE-2012-2314 (The bootloader configuration module (pyanaconda/bootloader.py) in ...)
NOT-FOR-US: The anaconda installer
@@ -6673,12 +6696,12 @@
RESERVED
CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...)
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
-CVE-2012-2185
- RESERVED
-CVE-2012-2184
- RESERVED
-CVE-2012-2183
- RESERVED
+CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud ...)
+ TODO: check
+CVE-2012-2184 (Session fixation vulnerability in IBM Maximo Asset Management 7.1 ...)
+ TODO: check
+CVE-2012-2183 (Session fixation vulnerability in IBM Maximo Asset Management 6.2 ...)
+ TODO: check
CVE-2012-2182
RESERVED
CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...)
@@ -6858,8 +6881,7 @@
NOT-FOR-US: Drupal plugin (Gigya - Social Optimization) not in Debian
CVE-2012-2116 (Cross-site request forgery (CSRF) vulnerability in the Commerce ...)
NOT-FOR-US: Drupal plugin (Commerce Reorder) not in Debian
-CVE-2012-2115
- RESERVED
+CVE-2012-2115 (SQL injection vulnerability in interface/login/validateUser.php in ...)
NOT-FOR-US: OpenEMR not in Debian
CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and ...)
NOT-FOR-US: musl libc not in Debian
@@ -7040,8 +7062,8 @@
NOT-FOR-US: Adobe Reader
CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
NOT-FOR-US: Adobe Reader
-CVE-2012-2048
- RESERVED
+CVE-2012-2048 (Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows ...)
+ TODO: check
CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
@@ -7392,10 +7414,10 @@
RESERVED
CVE-2012-1913
REJECTED
-CVE-2012-1912
- RESERVED
-CVE-2012-1911
- RESERVED
+CVE-2012-1912 (Cross-site scripting (XSS) vulnerability in preferences.php in PHP ...)
+ TODO: check
+CVE-2012-1911 (Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and ...)
+ TODO: check
CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x ...)
- bitcoin <not-affected> (windows-only, qt gui not built)
CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, ...)
@@ -7436,8 +7458,8 @@
NOT-FOR-US: Microsoft Office
CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
NOT-FOR-US: Microsoft Windows
-CVE-2012-1892
- RESERVED
+CVE-2012-1892 (Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio ...)
+ TODO: check
CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...)
NOT-FOR-US: Microsoft Data Access Components
CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
@@ -7942,8 +7964,8 @@
- bind9 1:9.8.1.dfsg.P1-4.1
- isc-dhcp <unfixed>
[squeeze] - isc-dhcp <not-affected> (isc-dhcp started embedding bind with version 4.2.x and later)
-CVE-2012-1666
- RESERVED
+CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware ...)
+ TODO: check
CVE-2012-1665
RESERVED
CVE-2012-1664
@@ -7987,11 +8009,9 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1649
- RESERVED
+CVE-2012-1649 (Cool Aid module before 6.x-1.9 for Drupal does not enforce access ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1648
- RESERVED
+CVE-2012-1648 (Cross-site scripting (XSS) vulnerability in the Cool Aid module before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the "stand ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -8161,20 +8181,15 @@
[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in ...)
- linux-2.6 2.6.22-1
-CVE-2012-1582
- RESERVED
+CVE-2012-1582 (Cross-site scripting (XSS) vulnerability in the wikitext parser in ...)
- mediawiki 1:1.15.5-9 (bug #666269)
-CVE-2012-1581
- RESERVED
+CVE-2012-1581 (MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak ...)
- mediawiki 1:1.15.5-9 (bug #666269)
-CVE-2012-1580
- RESERVED
+CVE-2012-1580 (Cross-site request forgery (CSRF) vulnerability in Special:Upload in ...)
- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
-CVE-2012-1579
- RESERVED
+CVE-2012-1579 (The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
-CVE-2012-1578
- RESERVED
+CVE-2012-1578 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1577
RESERVED
@@ -9126,12 +9141,10 @@
CVE-2012-1153
RESERVED
NOT-FOR-US: AppRain CMS, not in Debian
-CVE-2012-1152 [multiple format strings in yaml perl serialization extension]
- RESERVED
+CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting ...)
{DSA-2432-1}
- libyaml-libyaml-perl 0.38-2 (bug #661548)
-CVE-2012-1151 [multiple format strings in postgresql perl DBI extension]
- RESERVED
+CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka ...)
{DSA-2431-1}
- libdbd-pg-perl 2.19.0-1 (bug #661536)
CVE-2012-1150
@@ -10190,10 +10203,10 @@
RESERVED
CVE-2012-0748
RESERVED
-CVE-2012-0747
- RESERVED
-CVE-2012-0746
- RESERVED
+CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
+ TODO: check
+CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...)
NOT-FOR-US: IBM AIX
CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...)
@@ -10228,10 +10241,10 @@
NOT-FOR-US: IBM Rational AppScan
CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan ...)
NOT-FOR-US: IBM Rational AppScan
-CVE-2012-0728
- RESERVED
-CVE-2012-0727
- RESERVED
+CVE-2012-0728 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
+ TODO: check
+CVE-2012-0727 (SQL injection vulnerability in IBM Maximo Asset Management 7.5, as ...)
+ TODO: check
CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...)
NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
@@ -10256,8 +10269,8 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...)
NOT-FOR-US: IBM Tivoli Change and Configuration Management Database
-CVE-2012-0714
- RESERVED
+CVE-2012-0714 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset ...)
+ TODO: check
CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 ...)
NOT-FOR-US: IBM DB2
CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 ...)
@@ -11764,8 +11777,8 @@
NOTE: Negligable impact
CVE-2011-4943
RESERVED
-CVE-2011-4942
- RESERVED
+CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2011-4941
RESERVED
NOT-FOR-US: piwik
@@ -11957,8 +11970,8 @@
CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...)
{DSA-2459-1}
- quagga 0.99.20.1-1
-CVE-2012-0254
- RESERVED
+CVE-2012-0254 (Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ...)
+ TODO: check
CVE-2012-0253 (Multiple cross-site scripting (XSS) vulnerabilities in Demand Media ...)
NOT-FOR-US: Demand Media Pluck SiteLife
CVE-2012-0252
@@ -22986,7 +22999,7 @@
- tex-common 2.09
CVE-2011-1399
RESERVED
-CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does ...)
+CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...)
- php5 5.4.0~rc5-1
CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
NOT-FOR-US: IBM Tivoli
@@ -47931,7 +47944,8 @@
- stardict 3.0.1-5 (low; bug #534731)
[etch] - stardict <not-affected> (netdict plugin not yet present)
[lenny] - stardict 3.0.1-4+lenny1
-CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...)
+CVE-2009-2259
+ REJECTED
NOT-FOR-US: PHP Address Book
CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
NOT-FOR-US: Netgear DG632
More information about the Secure-testing-commits
mailing list