[Secure-testing-commits] r20180 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Sep 17 21:14:27 UTC 2012
Author: joeyh
Date: 2012-09-17 21:14:27 +0000 (Mon, 17 Sep 2012)
New Revision: 20180
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-17 17:37:33 UTC (rev 20179)
+++ data/CVE/list 2012-09-17 21:14:27 UTC (rev 20180)
@@ -1,3 +1,71 @@
+CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
+ TODO: check
+CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
+ TODO: check
+CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
+ TODO: check
+CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
+ TODO: check
+CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
+ TODO: check
+CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...)
+ TODO: check
+CVE-2012-4924 (Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX ...)
+ TODO: check
+CVE-2012-4923 (Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall ...)
+ TODO: check
+CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and ...)
+ TODO: check
+CVE-2012-4921
+ RESERVED
+CVE-2012-4920
+ RESERVED
+CVE-2012-4919
+ RESERVED
+CVE-2012-4918
+ RESERVED
+CVE-2012-4917
+ RESERVED
+CVE-2012-4916
+ RESERVED
+CVE-2012-4915
+ RESERVED
+CVE-2012-4914
+ RESERVED
+CVE-2012-4913
+ RESERVED
+CVE-2012-4912
+ RESERVED
+CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
+ TODO: check
+CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly ...)
+ TODO: check
+CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT ...)
+ TODO: check
+CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows ...)
+ TODO: check
+CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and ...)
+ TODO: check
+CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build ...)
+ TODO: check
+CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 ...)
+ TODO: check
+CVE-2011-5169 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 ...)
+ TODO: check
+CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone ...)
+ TODO: check
+CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote ...)
+ TODO: check
+CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and ...)
+ TODO: check
+CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 ...)
+ TODO: check
+CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch ...)
+ TODO: check
+CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows ...)
+ TODO: check
CVE-2012-XXXX [optipng palette reduction use-after-free]
- optipng <not-affected>
NOTE: http://optipng.hg.sourceforge.net/hgweb/optipng/optipng/rev/f1d5d44670a2
@@ -196,8 +264,8 @@
RESERVED
CVE-2012-4818
RESERVED
-CVE-2012-4817
- RESERVED
+CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
+ TODO: check
CVE-2012-4816
RESERVED
CVE-2012-4815
@@ -673,10 +741,10 @@
NOT-FOR-US: Arbor Networks Peakflow SP
CVE-2012-4684
RESERVED
-CVE-2012-4683
- RESERVED
-CVE-2012-4682
- RESERVED
+CVE-2012-4683 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...)
+ TODO: check
+CVE-2012-4682 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...)
+ TODO: check
CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, ...)
NOT-FOR-US: EPractize Labs Subscription Manager
CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...)
@@ -1412,18 +1480,15 @@
[squeeze] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
-CVE-2012-4422
- RESERVED
+CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite ...)
- wordpress 3.4.2+dfsg-1
-CVE-2012-4421
- RESERVED
+CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in ...)
- wordpress 3.4.2+dfsg-1
CVE-2012-4420
RESERVED
- openjdk-7 <unfixed> (bug #687486)
- openjdk-6 <not-affected> (Only affects Java 7)
-CVE-2012-4419
- RESERVED
+CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor ...)
{DSA-2548-1}
- tor 0.2.3.22-rc-1
NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
@@ -1627,8 +1692,8 @@
NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...)
NOT-FOR-US: HP Virtual SAN Appliance
-CVE-2012-4360
- RESERVED
+CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
+ TODO: check
CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
@@ -1676,8 +1741,8 @@
RESERVED
CVE-2012-4337 (Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote ...)
NOT-FOR-US: Foxit Reader
-CVE-2012-4336
- RESERVED
+CVE-2012-4336 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a ...)
NOT-FOR-US: Samsung NET-i
CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) ...)
@@ -2373,8 +2438,8 @@
RESERVED
CVE-2012-4014
RESERVED
-CVE-2012-4013
- RESERVED
+CVE-2012-4013 (The WebView class in the Cybozu KUNAI Browser for Remote Service ...)
+ TODO: check
CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for ...)
NOT-FOR-US: Cybozu KUNAI
CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote ...)
@@ -2405,8 +2470,8 @@
NOTE: Only supported behind an authenticated HTTP zone
NOTE: https://forge.indepnet.net/projects/glpi/versions/771
NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
-CVE-2012-4001
- RESERVED
+CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server ...)
+ TODO: check
CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...)
{DSA-2522-1}
- fckeditor 1:2.6.6-3 (bug #683418)
@@ -2609,26 +2674,26 @@
RESERVED
CVE-2012-3925
RESERVED
-CVE-2012-3924
- RESERVED
-CVE-2012-3923
- RESERVED
+CVE-2012-3924 (The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is ...)
+ TODO: check
+CVE-2012-3923 (The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, ...)
+ TODO: check
CVE-2012-3922
RESERVED
CVE-2012-3921
RESERVED
CVE-2012-3920
RESERVED
-CVE-2012-3919
- RESERVED
+CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco ...)
+ TODO: check
CVE-2012-3918
RESERVED
CVE-2012-3917
RESERVED
CVE-2012-3916
RESERVED
-CVE-2012-3915
- RESERVED
+CVE-2012-3915 (The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote ...)
+ TODO: check
CVE-2012-3914
RESERVED
CVE-2012-3913
@@ -2641,8 +2706,8 @@
RESERVED
CVE-2012-3909
RESERVED
-CVE-2012-3908
- RESERVED
+CVE-2012-3908 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE ...)
+ TODO: check
CVE-2012-3907
RESERVED
CVE-2012-3906
@@ -2655,24 +2720,24 @@
RESERVED
CVE-2012-3902
RESERVED
-CVE-2012-3901
- RESERVED
+CVE-2012-3901 (The updateTime function in sensorApp on Cisco IPS 4200 series sensors ...)
+ TODO: check
CVE-2012-3900
RESERVED
-CVE-2012-3899
- RESERVED
+CVE-2012-3899 (sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not ...)
+ TODO: check
CVE-2012-3898
RESERVED
CVE-2012-3897
RESERVED
CVE-2012-3896
RESERVED
-CVE-2012-3895
- RESERVED
+CVE-2012-3895 (Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause ...)
+ TODO: check
CVE-2012-3894
RESERVED
-CVE-2012-3893
- RESERVED
+CVE-2012-3893 (The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote ...)
+ TODO: check
CVE-2012-3892
RESERVED
CVE-2012-3891
@@ -3671,8 +3736,7 @@
RESERVED
CVE-2012-3459
RESERVED
-CVE-2012-3458
- RESERVED
+CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...)
{DSA-2541-1}
- beaker 1.6.3-1.1 (bug #684890)
CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...)
@@ -3933,7 +3997,7 @@
- wordpress 3.4.1+dfsg-1 (bug #680721)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
-CVE-2012-3383 (WordPress 3.4.0 does not properly restrict access to unfiltered_html ...)
+CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
@@ -4296,8 +4360,8 @@
RESERVED
CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through ...)
NOT-FOR-US: RealNetworks RealPlayer
-CVE-2012-3233
- RESERVED
+CVE-2012-3233 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web at all 2.0, ...)
NOT-FOR-US: web at all
CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web at all ...)
@@ -4575,12 +4639,12 @@
RESERVED
CVE-2012-3097
RESERVED
-CVE-2012-3096
- RESERVED
+CVE-2012-3096 (Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote ...)
+ TODO: check
CVE-2012-3095
RESERVED
-CVE-2012-3094
- RESERVED
+CVE-2012-3094 (The VPN downloader in the download_install component in Cisco ...)
+ TODO: check
CVE-2012-3093
RESERVED
CVE-2012-3092
@@ -4591,8 +4655,8 @@
RESERVED
CVE-2012-3089
RESERVED
-CVE-2012-3088
- RESERVED
+CVE-2012-3088 (Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and ...)
+ TODO: check
CVE-2012-3087
RESERVED
CVE-2012-3086
@@ -4609,8 +4673,8 @@
RESERVED
CVE-2012-3080
RESERVED
-CVE-2012-3079
- RESERVED
+CVE-2012-3079 (Cisco IOS 12.2 allows remote attackers to cause a denial of service ...)
+ TODO: check
CVE-2012-3078
RESERVED
CVE-2012-3077
@@ -4647,8 +4711,8 @@
RESERVED
CVE-2012-3061
RESERVED
-CVE-2012-3060
- RESERVED
+CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers ...)
+ TODO: check
CVE-2012-3059
RESERVED
CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
@@ -4663,10 +4727,10 @@
NOT-FOR-US: Cisco WebEx Player
CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) ...)
NOT-FOR-US: Cisco WebEx Player
-CVE-2012-3052
- RESERVED
-CVE-2012-3051
- RESERVED
+CVE-2012-3052 (Untrusted search path vulnerability in Cisco VPN Client 5.0 allows ...)
+ TODO: check
+CVE-2012-3051 (Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote ...)
+ TODO: check
CVE-2012-3050
RESERVED
CVE-2012-3049
@@ -6188,8 +6252,8 @@
RESERVED
CVE-2010-5107
RESERVED
-CVE-2010-5106
- RESERVED
+CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
+ TODO: check
CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
RESERVED
- blender <unfixed> (bug #584621)
@@ -6589,8 +6653,8 @@
NOT-FOR-US: EMC Documentum Information Rights Management
CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x ...)
NOT-FOR-US: EMC Documentum Information Rights Management
-CVE-2012-2275
- RESERVED
+CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...)
+ TODO: check
CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in ...)
NOT-FOR-US: PivotX
CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 ...)
More information about the Secure-testing-commits
mailing list