[Secure-testing-commits] r20180 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Sep 17 21:14:27 UTC 2012


Author: joeyh
Date: 2012-09-17 21:14:27 +0000 (Mon, 17 Sep 2012)
New Revision: 20180

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-09-17 17:37:33 UTC (rev 20179)
+++ data/CVE/list	2012-09-17 21:14:27 UTC (rev 20180)
@@ -1,3 +1,71 @@
+CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
+	TODO: check
+CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
+	TODO: check
+CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
+	TODO: check
+CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
+	TODO: check
+CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
+	TODO: check
+CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...)
+	TODO: check
+CVE-2012-4924 (Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX ...)
+	TODO: check
+CVE-2012-4923 (Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall ...)
+	TODO: check
+CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and ...)
+	TODO: check
+CVE-2012-4921
+	RESERVED
+CVE-2012-4920
+	RESERVED
+CVE-2012-4919
+	RESERVED
+CVE-2012-4918
+	RESERVED
+CVE-2012-4917
+	RESERVED
+CVE-2012-4916
+	RESERVED
+CVE-2012-4915
+	RESERVED
+CVE-2012-4914
+	RESERVED
+CVE-2012-4913
+	RESERVED
+CVE-2012-4912
+	RESERVED
+CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
+	TODO: check
+CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly ...)
+	TODO: check
+CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT ...)
+	TODO: check
+CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows ...)
+	TODO: check
+CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and ...)
+	TODO: check
+CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build ...)
+	TODO: check
+CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 ...)
+	TODO: check
+CVE-2011-5169 (SQL injection vulnerability in ...)
+	TODO: check
+CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 ...)
+	TODO: check
+CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone ...)
+	TODO: check
+CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote ...)
+	TODO: check
+CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and ...)
+	TODO: check
+CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 ...)
+	TODO: check
+CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch ...)
+	TODO: check
+CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows ...)
+	TODO: check
 CVE-2012-XXXX [optipng palette reduction use-after-free]
 	- optipng <not-affected>
 	NOTE: http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
@@ -196,8 +264,8 @@
 	RESERVED
 CVE-2012-4818
 	RESERVED
-CVE-2012-4817
-	RESERVED
+CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
+	TODO: check
 CVE-2012-4816
 	RESERVED
 CVE-2012-4815
@@ -673,10 +741,10 @@
 	NOT-FOR-US: Arbor Networks Peakflow SP
 CVE-2012-4684
 	RESERVED
-CVE-2012-4683
-	RESERVED
-CVE-2012-4682
-	RESERVED
+CVE-2012-4683 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...)
+	TODO: check
+CVE-2012-4682 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...)
+	TODO: check
 CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, ...)
 	NOT-FOR-US: EPractize Labs Subscription Manager
 CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...)
@@ -1412,18 +1480,15 @@
 	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
-CVE-2012-4422
-	RESERVED
+CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite ...)
 	- wordpress 3.4.2+dfsg-1
-CVE-2012-4421
-	RESERVED
+CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in ...)
 	- wordpress 3.4.2+dfsg-1
 CVE-2012-4420
 	RESERVED
 	- openjdk-7 <unfixed> (bug #687486)
 	- openjdk-6 <not-affected> (Only affects Java 7)
-CVE-2012-4419
-	RESERVED
+CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor ...)
 	{DSA-2548-1}
 	- tor 0.2.3.22-rc-1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
@@ -1627,8 +1692,8 @@
 	NOT-FOR-US: HP Virtual SAN Appliance
 CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...)
 	NOT-FOR-US: HP Virtual SAN Appliance
-CVE-2012-4360
-	RESERVED
+CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
+	TODO: check
 CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
 	NOT-FOR-US: Sielco Sistemi Winlog SCADA
 CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
@@ -1676,8 +1741,8 @@
 	RESERVED
 CVE-2012-4337 (Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote ...)
 	NOT-FOR-US: Foxit Reader
-CVE-2012-4336
-	RESERVED
+CVE-2012-4336 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
 CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a ...)
 	NOT-FOR-US: Samsung NET-i
 CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) ...)
@@ -2373,8 +2438,8 @@
 	RESERVED
 CVE-2012-4014
 	RESERVED
-CVE-2012-4013
-	RESERVED
+CVE-2012-4013 (The WebView class in the Cybozu KUNAI Browser for Remote Service ...)
+	TODO: check
 CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for ...)
 	NOT-FOR-US: Cybozu KUNAI
 CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote ...)
@@ -2405,8 +2470,8 @@
 	NOTE: Only supported behind an authenticated HTTP zone
 	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
-CVE-2012-4001
-	RESERVED
+CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server ...)
+	TODO: check
 CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...)
 	{DSA-2522-1}
 	- fckeditor 1:2.6.6-3 (bug #683418)
@@ -2609,26 +2674,26 @@
 	RESERVED
 CVE-2012-3925
 	RESERVED
-CVE-2012-3924
-	RESERVED
-CVE-2012-3923
-	RESERVED
+CVE-2012-3924 (The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is ...)
+	TODO: check
+CVE-2012-3923 (The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, ...)
+	TODO: check
 CVE-2012-3922
 	RESERVED
 CVE-2012-3921
 	RESERVED
 CVE-2012-3920
 	RESERVED
-CVE-2012-3919
-	RESERVED
+CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco ...)
+	TODO: check
 CVE-2012-3918
 	RESERVED
 CVE-2012-3917
 	RESERVED
 CVE-2012-3916
 	RESERVED
-CVE-2012-3915
-	RESERVED
+CVE-2012-3915 (The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote ...)
+	TODO: check
 CVE-2012-3914
 	RESERVED
 CVE-2012-3913
@@ -2641,8 +2706,8 @@
 	RESERVED
 CVE-2012-3909
 	RESERVED
-CVE-2012-3908
-	RESERVED
+CVE-2012-3908 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE ...)
+	TODO: check
 CVE-2012-3907
 	RESERVED
 CVE-2012-3906
@@ -2655,24 +2720,24 @@
 	RESERVED
 CVE-2012-3902
 	RESERVED
-CVE-2012-3901
-	RESERVED
+CVE-2012-3901 (The updateTime function in sensorApp on Cisco IPS 4200 series sensors ...)
+	TODO: check
 CVE-2012-3900
 	RESERVED
-CVE-2012-3899
-	RESERVED
+CVE-2012-3899 (sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not ...)
+	TODO: check
 CVE-2012-3898
 	RESERVED
 CVE-2012-3897
 	RESERVED
 CVE-2012-3896
 	RESERVED
-CVE-2012-3895
-	RESERVED
+CVE-2012-3895 (Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause ...)
+	TODO: check
 CVE-2012-3894
 	RESERVED
-CVE-2012-3893
-	RESERVED
+CVE-2012-3893 (The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote ...)
+	TODO: check
 CVE-2012-3892
 	RESERVED
 CVE-2012-3891
@@ -3671,8 +3736,7 @@
 	RESERVED
 CVE-2012-3459
 	RESERVED
-CVE-2012-3458
-	RESERVED
+CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...)
 	{DSA-2541-1}
 	- beaker 1.6.3-1.1 (bug #684890)
 CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...)
@@ -3933,7 +3997,7 @@
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
-CVE-2012-3383 (WordPress 3.4.0 does not properly restrict access to unfiltered_html ...)
+CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
 	- wordpress 3.4.1+dfsg-1 (bug #680721)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
@@ -4296,8 +4360,8 @@
 	RESERVED
 CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through ...)
 	NOT-FOR-US: RealNetworks RealPlayer
-CVE-2012-3233
-	RESERVED
+CVE-2012-3233 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web at all 2.0, ...)
 	NOT-FOR-US: web at all
 CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web at all ...)
@@ -4575,12 +4639,12 @@
 	RESERVED
 CVE-2012-3097
 	RESERVED
-CVE-2012-3096
-	RESERVED
+CVE-2012-3096 (Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote ...)
+	TODO: check
 CVE-2012-3095
 	RESERVED
-CVE-2012-3094
-	RESERVED
+CVE-2012-3094 (The VPN downloader in the download_install component in Cisco ...)
+	TODO: check
 CVE-2012-3093
 	RESERVED
 CVE-2012-3092
@@ -4591,8 +4655,8 @@
 	RESERVED
 CVE-2012-3089
 	RESERVED
-CVE-2012-3088
-	RESERVED
+CVE-2012-3088 (Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and ...)
+	TODO: check
 CVE-2012-3087
 	RESERVED
 CVE-2012-3086
@@ -4609,8 +4673,8 @@
 	RESERVED
 CVE-2012-3080
 	RESERVED
-CVE-2012-3079
-	RESERVED
+CVE-2012-3079 (Cisco IOS 12.2 allows remote attackers to cause a denial of service ...)
+	TODO: check
 CVE-2012-3078
 	RESERVED
 CVE-2012-3077
@@ -4647,8 +4711,8 @@
 	RESERVED
 CVE-2012-3061
 	RESERVED
-CVE-2012-3060
-	RESERVED
+CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers ...)
+	TODO: check
 CVE-2012-3059
 	RESERVED
 CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
@@ -4663,10 +4727,10 @@
 	NOT-FOR-US: Cisco WebEx Player
 CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) ...)
 	NOT-FOR-US: Cisco WebEx Player
-CVE-2012-3052
-	RESERVED
-CVE-2012-3051
-	RESERVED
+CVE-2012-3052 (Untrusted search path vulnerability in Cisco VPN Client 5.0 allows ...)
+	TODO: check
+CVE-2012-3051 (Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote ...)
+	TODO: check
 CVE-2012-3050
 	RESERVED
 CVE-2012-3049
@@ -6188,8 +6252,8 @@
 	RESERVED
 CVE-2010-5107
 	RESERVED
-CVE-2010-5106
-	RESERVED
+CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
+	TODO: check
 CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
 	RESERVED
 	- blender <unfixed> (bug #584621)
@@ -6589,8 +6653,8 @@
 	NOT-FOR-US: EMC Documentum Information Rights Management
 CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x ...)
 	NOT-FOR-US: EMC Documentum Information Rights Management
-CVE-2012-2275
-	RESERVED
+CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...)
+	TODO: check
 CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in ...)
 	NOT-FOR-US: PivotX
 CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 ...)




More information about the Secure-testing-commits mailing list