[Secure-testing-commits] r19184 - data/CVE

Henri Salo Wed, 09 May 2012 07:57:36 -0700

Author: fgeek-guest
Date: 2012-05-09 14:57:27 +0000 (Wed, 09 May 2012)
New Revision: 19184


Modified:
   data/CVE/list
Log:
Second part of SilverStripe updates.

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-05-09 14:49:23 UTC (rev 19183)
+++ data/CVE/list       2012-05-09 14:57:27 UTC (rev 19184)
@@ -320,26 +320,39 @@
 CVE-2010-5095 [SilverStripe escaping exploit]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under 
certain conditions]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5093 [SilverStripe privilege escalation exploit]
        RESERVED
     - silverstripe <itp> (bug #528461)
-CVE-2010-5092
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5092 [SilverStripe fixed password encryption when saving members 
through the "Add Member" dialog in the "Security" admin. The saving process was 
disregarding password encyrption and saving them as plaintext]
        RESERVED
-CVE-2010-5091
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5091 [SilverStripe fixed a security issue where logged-in CMS authors 
were allowed to rename files with harmful extensions]
        RESERVED
-CVE-2010-5090
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5090 [SilverStripe fixed a security issue where users with access to 
admin/security (but limited privileges) can take over a known administrator 
account by changing its password]
        RESERVED
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5089 [SilverStripe information disclosure]
        RESERVED
     - silverstripe <itp> (bug #528461)
-CVE-2010-5088
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5088 [SilverStripe CSRF]
        RESERVED
+    - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action 
requests through controller]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 
1.8.x ...)
        - asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
        [squeeze] - asterisk <not-affected> (Vulnerable code not present)
@@ -5832,18 +5845,23 @@
 CVE-2011-4962 [silverstripe: Potential remote code execution]
        RESERVED
        - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4961 [silverstripe: Privilege escalation]
        RESERVED
        - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4960 [silverstripe: SQL injection]
        RESERVED
        - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4959 [silverstripe: SQL injection]
        RESERVED
        - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4958 [silverstripe:XSS]
        RESERVED
        - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4957
        RESERVED
        - wordpress 3.2.1+dfsg-1
@@ -6254,12 +6272,15 @@
 CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection, 
autologin, "forgot password" emails and password salts]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5078 [SilverStripe version number information disclosure]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-5077 [quake3 reflective UDP denial of service]
        RESERVED
        {DSA-2442-1}
@@ -11893,12 +11914,15 @@
 CVE-2010-4824 [SilverStripe SQL injection with Translatable extension enabled]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4823 [SilverStripe XSS in controller handling for missing actions]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4822 [SilverStripe SQL information disclosure in MySQLDatabase]
        RESERVED
     - silverstripe <itp> (bug #528461)
+    NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2010-4821
        RESERVED
        NOT-FOR-US: phpMyFAQ


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19184 - data/CVE

Reply via email to