[Secure-testing-commits] r20205 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Sep 20 21:14:29 UTC 2012
Author: joeyh
Date: 2012-09-20 21:14:29 +0000 (Thu, 20 Sep 2012)
New Revision: 20205
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-20 18:51:54 UTC (rev 20204)
+++ data/CVE/list 2012-09-20 21:14:29 UTC (rev 20205)
@@ -1,3 +1,101 @@
+CVE-2012-5007 (The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...)
+ TODO: check
+CVE-2012-5006 (Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser ...)
+ TODO: check
+CVE-2012-5005 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2012-5004 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2012-5003 (nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not ...)
+ TODO: check
+CVE-2012-5002 (Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in ...)
+ TODO: check
+CVE-2012-5001 (Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node ...)
+ TODO: check
+CVE-2012-5000 (SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 ...)
+ TODO: check
+CVE-2012-4999 (Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote ...)
+ TODO: check
+CVE-2012-4998 (Cross-site scripting (XSS) vulnerability in index.php in starCMS ...)
+ TODO: check
+CVE-2012-4997 (Directory traversal vulnerability in acp/index.php in AneCMS allows ...)
+ TODO: check
+CVE-2012-4996 (Multiple SQL injection vulnerabilities in RivetTracker 1.03 and ...)
+ TODO: check
+CVE-2012-4995 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-4994 (SQL injection vulnerability in admin/admin.php in LimeSurvey before ...)
+ TODO: check
+CVE-2012-4993 (torrent_functions.php in RivetTracker 1.03 and earlier does not ...)
+ TODO: check
+CVE-2012-4992 (Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote ...)
+ TODO: check
+CVE-2012-4991
+ RESERVED
+CVE-2012-4990
+ RESERVED
+CVE-2012-4989
+ RESERVED
+CVE-2012-4988
+ RESERVED
+CVE-2012-4987
+ RESERVED
+CVE-2012-4986
+ RESERVED
+CVE-2012-4985
+ RESERVED
+CVE-2012-4984
+ RESERVED
+CVE-2012-4983
+ RESERVED
+CVE-2012-4982
+ RESERVED
+CVE-2012-4981
+ RESERVED
+CVE-2012-4980
+ RESERVED
+CVE-2012-4979
+ RESERVED
+CVE-2012-4978
+ RESERVED
+CVE-2012-4977
+ RESERVED
+CVE-2012-4976
+ RESERVED
+CVE-2012-4975
+ RESERVED
+CVE-2012-4974
+ RESERVED
+CVE-2012-4973
+ RESERVED
+CVE-2012-4972
+ RESERVED
+CVE-2012-4971
+ RESERVED
+CVE-2012-4970
+ RESERVED
+CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book ...)
+ TODO: check
+CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...)
+ TODO: check
+CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing ...)
+ TODO: check
+CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop ...)
+ TODO: check
+CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in ...)
+ TODO: check
+CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
+ TODO: check
+CVE-2011-5182 (** DISPUTED ** ...)
+ TODO: check
+CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...)
+ TODO: check
+CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in ...)
+ TODO: check
+CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php ...)
+ TODO: check
+CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in ...)
NOT-FOR-US: Internet Explorer
CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
@@ -122,11 +220,11 @@
RESERVED
CVE-2012-4912
RESERVED
-CVE-2011-5188
+CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module ...)
NOT-FOR-US: Drupal module
-CVE-2011-5183
+CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier ...)
NOT-FOR-US: OrderSys
-CVE-2011-5178
+CVE-2011-5178 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Infoblox NetMRI
CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
NOT-FOR-US: Banana Dance
@@ -4149,8 +4247,7 @@
[squeeze] - pidgin 2.7.3-1+squeeze3
NOTE: http://www.pidgin.im/news/security/index.php?id=64
NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
-CVE-2012-3373
- RESERVED
+CVE-2012-3373 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
NOT-FOR-US: Apache Wicket
CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM appliances ...)
NOT-FOR-US: Cyberoam DPI devices
@@ -4959,8 +5056,8 @@
NOT-FOR-US: Microsoft Windows Phone
CVE-2012-2992
RESERVED
-CVE-2012-2991
- RESERVED
+CVE-2012-2991 (The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in ...)
+ TODO: check
CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
NOT-FOR-US: MarkAny ContentSAFER
CVE-2012-2989
@@ -7196,8 +7293,7 @@
RESERVED
- csound 1:5.17.6~dfsg-1 (bug #661197)
[squeeze] - csound <no-dsa> (Minor issue)
-CVE-2012-2105
- RESERVED
+CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...)
NOT-FOR-US: tsheetx
CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without ...)
- munin 2.0~rc6-1 (bug #668666)
@@ -8265,14 +8361,11 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1654 (Multiple cross-site scripting (XSS) vulnerabilities in the Data module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1653
- RESERVED
+CVE-2012-1653 (Cross-site scripting (XSS) vulnerability in the Taxonomy Views ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1652
- RESERVED
+CVE-2012-1652 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1651
- RESERVED
+CVE-2012-1651 (Cross-site scripting (XSS) vulnerability in the Submenu Tree module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -8295,14 +8388,12 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1641 (The finder_import function in the Finder module 6.x-1.x before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1640
- RESERVED
+CVE-2012-1640 (Multiple cross-site scripting (XSS) vulnerabilities in the Managesite ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1639
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1638
- RESERVED
+CVE-2012-1638 (SQL injection vulnerability in the Search Autocomplete module before ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1637
RESERVED
@@ -8315,32 +8406,23 @@
CVE-2012-1634
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1633
- RESERVED
+CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1632
- RESERVED
+CVE-2012-1632 (Cross-site scripting (XSS) vulnerability in password_policy.admin.inc ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1631
- RESERVED
+CVE-2012-1631 (Cross-site request forgery (CSRF) vulnerability in the Admin:hover ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1630
- RESERVED
+CVE-2012-1630 (Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1629
- RESERVED
+CVE-2012-1629 (Cross-site scripting (XSS) vulnerability in the Taxotouch module for ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1628
- RESERVED
+CVE-2012-1628 (Cross-site scripting (XSS) vulnerability in the SuperCron module for ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1627
- RESERVED
+CVE-2012-1627 (Cross-site scripting (XSS) vulnerability in vud_term.module in the ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1626
- RESERVED
+CVE-2012-1626 (SQL injection vulnerability in the conversion form for Events in the ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1625
- RESERVED
+CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1624
RESERVED
@@ -9847,8 +9929,8 @@
NOT-FOR-US: DClassifieds
CVE-2012-0989
RESERVED
-CVE-2012-0988
- RESERVED
+CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2012-0987
RESERVED
CVE-2012-0986
More information about the Secure-testing-commits
mailing list