[Secure-testing-commits] r20194 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Sep 18 21:14:24 UTC 2012
Author: joeyh
Date: 2012-09-18 21:14:24 +0000 (Tue, 18 Sep 2012)
New Revision: 20194
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-18 21:02:40 UTC (rev 20193)
+++ data/CVE/list 2012-09-18 21:14:24 UTC (rev 20194)
@@ -1,3 +1,81 @@
+CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in ...)
+ TODO: check
+CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
+ TODO: check
+CVE-2012-4967
+ RESERVED
+CVE-2012-4966
+ RESERVED
+CVE-2012-4965
+ RESERVED
+CVE-2012-4964
+ RESERVED
+CVE-2012-4963
+ RESERVED
+CVE-2012-4962
+ RESERVED
+CVE-2012-4961
+ RESERVED
+CVE-2012-4960
+ RESERVED
+CVE-2012-4959
+ RESERVED
+CVE-2012-4958
+ RESERVED
+CVE-2012-4957
+ RESERVED
+CVE-2012-4956
+ RESERVED
+CVE-2012-4955
+ RESERVED
+CVE-2012-4954
+ RESERVED
+CVE-2012-4953
+ RESERVED
+CVE-2012-4952
+ RESERVED
+CVE-2012-4951
+ RESERVED
+CVE-2012-4950
+ RESERVED
+CVE-2012-4949
+ RESERVED
+CVE-2012-4948
+ RESERVED
+CVE-2012-4947
+ RESERVED
+CVE-2012-4946
+ RESERVED
+CVE-2012-4945
+ RESERVED
+CVE-2012-4944
+ RESERVED
+CVE-2012-4943
+ RESERVED
+CVE-2012-4942
+ RESERVED
+CVE-2012-4941
+ RESERVED
+CVE-2012-4940
+ RESERVED
+CVE-2012-4939
+ RESERVED
+CVE-2012-4938
+ RESERVED
+CVE-2012-4937
+ RESERVED
+CVE-2012-4936
+ RESERVED
+CVE-2012-4935
+ RESERVED
+CVE-2012-4934
+ RESERVED
+CVE-2012-4933
+ RESERVED
+CVE-2012-4932
+ RESERVED
+CVE-2012-4931
+ RESERVED
CVE-2012-XXXX [monkey: Fails to drop supplemental groups when lowering privileges]
- monkey <unfixed> (bug #688007)
CVE-2012-XXXX [monkey: CGI scripts executed without dropping RUID/RGID root]
@@ -767,6 +845,7 @@
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...)
+ {DSA-2550-1}
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-XXXX
- juju 0.5.1-2 (bug #685728)
@@ -2838,6 +2917,7 @@
CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...)
NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...)
+ {DSA-2550-1}
- asterisk 1:1.8.13.1~dfsg-1
CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
NOT-FOR-US: Windows utility
@@ -2927,6 +3007,7 @@
CVE-2012-3813
RESERVED
CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...)
+ {DSA-2550-1}
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
@@ -4848,14 +4929,14 @@
RESERVED
CVE-2012-2997
RESERVED
-CVE-2012-2996
- RESERVED
-CVE-2012-2995
- RESERVED
-CVE-2012-2994
- RESERVED
-CVE-2012-2993
- RESERVED
+CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
+ TODO: check
+CVE-2012-2994 (The CoSoSys Endpoint Protector 4 appliance establishes an EPProot ...)
+ TODO: check
+CVE-2012-2993 (Microsoft Windows Phone 7 does not verify the domain name in the ...)
+ TODO: check
CVE-2012-2992
RESERVED
CVE-2012-2991
@@ -5841,8 +5922,8 @@
NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576
RESERVED
-CVE-2012-2575
- RESERVED
+CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
+ TODO: check
CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...)
@@ -6866,6 +6947,7 @@
CVE-2012-2187
RESERVED
CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...)
+ {DSA-2550-1}
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud ...)
NOT-FOR-US: IBM Maximo Asset Management
@@ -7195,26 +7277,19 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2063 (The Slidebox module before 7.x-1.4 for Drupal does not properly check ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2062
- RESERVED
+CVE-2012-2062 (Open redirect vulnerability in the Redirecting click bouncer module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2061
- RESERVED
+CVE-2012-2061 (Cross-site request forgery (CSRF) vulnerability in the Admin tools ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2060
- RESERVED
+CVE-2012-2060 (Cross-site scripting (XSS) vulnerability in the Admin tools module for ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2059
- RESERVED
+CVE-2012-2059 (Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2058
- RESERVED
+CVE-2012-2058 (The Ubercart Payflow module for Drupal does not use a secure token, ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2057
- RESERVED
+CVE-2012-2057 (Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2056
- RESERVED
+CVE-2012-2056 (Cross-site request forgery (CSRF) vulnerability in the Content Lock ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2008-7311 (The session cookie store implementation in Spree 0.2.0 uses a ...)
NOT-FOR-US: Spree
@@ -7616,8 +7691,8 @@
NOT-FOR-US: FlexCMS
CVE-2012-1900
RESERVED
-CVE-2012-1899
- RESERVED
+CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2012-1898
RESERVED
CVE-2012-1897
@@ -11887,20 +11962,16 @@
REJECTED
CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...)
- nginx <not-affected> (Only affects Nginx on Windows)
-CVE-2011-4962 [silverstripe: Potential remote code execution]
- RESERVED
+CVE-2011-4962 (code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2011-4961 [silverstripe: Privilege escalation]
- RESERVED
+CVE-2011-4961 (SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2011-4960 [silverstripe: SQL injection]
- RESERVED
+CVE-2011-4960 (SQL injection vulnerability in the Folder::findOrMake method in ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2011-4959 [silverstripe: SQL injection]
- RESERVED
+CVE-2011-4959 (SQL injection vulnerability in the addslashes method in SilverStripe ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4958 [silverstripe:XSS]
@@ -12309,12 +12380,10 @@
CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts]
- RESERVED
+CVE-2010-5079 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-5078 [SilverStripe version number information disclosure]
- RESERVED
+CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5077 [quake3 reflective UDP denial of service]
@@ -17887,16 +17956,13 @@
{DSA-2354-1}
- cups 1.5.0-8
NOTE: This ID is for an incomplete fix for CVE-2011-2896
-CVE-2010-4824 [SilverStripe SQL injection with Translatable extension enabled]
- RESERVED
+CVE-2010-4824 (SQL injection vulnerability in the augmentSQL method in ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-4823 [SilverStripe XSS in controller handling for missing actions]
- RESERVED
+CVE-2010-4823 (Cross-site scripting (XSS) vulnerability in the httpError method in ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2010-4822 [SilverStripe SQL information disclosure in MySQLDatabase]
- RESERVED
+CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when ...)
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4821
More information about the Secure-testing-commits
mailing list