[Secure-testing-commits] r19370 - data/CVE

Joey Hess Tue, 29 May 2012 14:14:41 -0700

Author: joeyh
Date: 2012-05-29 21:14:31 +0000 (Tue, 29 May 2012)
New Revision: 19370


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-05-29 18:40:59 UTC (rev 19369)
+++ data/CVE/list       2012-05-29 21:14:31 UTC (rev 19370)
@@ -1,20 +1,20 @@
-CVE-2012-2943
+CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in 
Cryptographp ...)
        NOT-FOR-US: Cryptographp
-CVE-2012-2942
+CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture ...)
        NOTE: Reported as duplicate with CVE-2012-2391 
http://seclists.org/oss-sec/2012/q2/417
-CVE-2012-2941
+CVE-2012-2941 (Cross-site scripting (XSS) vulnerability in search/ in 
Yandex.Server ...)
        NOT-FOR-US: Yandex.Server 2010 9.0 Enterprise
-CVE-2012-2940
+CVE-2012-2940 (MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to 
cause a ...)
        NOT-FOR-US: MediaChance Real-DRAW PRO
-CVE-2012-2939
+CVE-2012-2939 (Multiple unrestricted file upload vulnerabilities in Travelon 
Express ...)
        NOT-FOR-US: Travelon Express
-CVE-2012-2938
+CVE-2012-2938 (Multiple cross-site scripting (XSS) vulnerabilities in Travelon 
...)
        NOT-FOR-US: Travelon Express
-CVE-2012-2937
+CVE-2012-2937 (Multiple SQL injection vulnerabilities in Pligg CMS before 
1.2.2 allow ...)
        NOT-FOR-US: Pligg
-CVE-2012-2936
+CVE-2012-2936 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg 
CMS ...)
        NOT-FOR-US: Pligg
-CVE-2012-2935
+CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: OSCommerce Online Merchant
 CVE-2012-2934
        RESERVED
@@ -587,7 +587,7 @@
        RESERVED
 CVE-2012-2653
        RESERVED
-       {DSA-2482-1 DSA-2481-1}
+       {DSA-2481-1}
        - arpwatch <unfixed> (bug #674715)
        NOTE: Debian build includes the vulnerable patch (in .diff.gz)
 CVE-2012-2652
@@ -763,8 +763,8 @@
        RESERVED
 CVE-2012-2569
        RESERVED
-CVE-2012-2568
-       RESERVED
+CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web 
server on ...)
+       TODO: check
 CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android 
uses ...)
        NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2566
@@ -1031,11 +1031,9 @@
        RESERVED
 CVE-2012-2437
        RESERVED
-CVE-2012-2436
-       RESERVED
+CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg 
CMS ...)
        NOT-FOR-US: Pligg
-CVE-2012-2435
-       RESERVED
+CVE-2012-2435 (Directory traversal vulnerability in the captcha module in 
Pligg CMS ...)
        NOT-FOR-US: Pligg
 CVE-2012-2434
        RESERVED
@@ -1047,14 +1045,14 @@
        RESERVED
 CVE-2012-2430
        RESERVED
-CVE-2012-2429
-       RESERVED
-CVE-2012-2428
-       RESERVED
-CVE-2012-2427
-       RESERVED
-CVE-2012-2426
-       RESERVED
+CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read 
operation, ...)
+       TODO: check
+CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows 
remote ...)
+       TODO: check
+CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1 
allows ...)
+       TODO: check
+CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate 
memory, ...)
+       TODO: check
 CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable 
Protocol) ...)
        NOT-FOR-US: Intuit
 CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable 
Protocol) ...)
@@ -1717,8 +1715,8 @@
        RESERVED
 CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry 
1.5.5 ...)
        NOT-FOR-US: PHP Gift Registry
-CVE-2012-2235
-       RESERVED
+CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident 
Tracker ...)
+       TODO: check
 CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in 
sources/users.queries.php ...)
        NOT-FOR-US: TeamPass.net
 CVE-2012-2233
@@ -1848,8 +1846,8 @@
        RESERVED
 CVE-2012-2177
        RESERVED
-CVE-2012-2176
-       RESERVED
+CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX 
control in ...)
+       TODO: check
 CVE-2012-2175
        RESERVED
 CVE-2012-2174
@@ -2706,8 +2704,8 @@
        RESERVED
 CVE-2012-1825
        RESERVED
-CVE-2012-1824
-       RESERVED
+CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro 
Client ...)
+       TODO: check
 CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 
5.4.2, when ...)
        {DSA-2465-1}
        - php5 5.4.3-1
@@ -2775,8 +2773,7 @@
        RESERVED
 CVE-2012-1793
        RESERVED
-CVE-2012-1792
-       RESERVED
+CVE-2012-1792 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: OSCommerce Online Merchant
 CVE-2012-1791
        RESERVED
@@ -3656,8 +3653,7 @@
        RESERVED
 CVE-2012-1414
        RESERVED
-CVE-2012-1413
-       RESERVED
+CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Zen Cart
 CVE-2012-1412
        RESERVED
@@ -4171,6 +4167,7 @@
        NOTE: http://pidgin.im/news/security/?id=61
 CVE-2012-1177 [libgdata did not verify SSL]
        RESERVED
+       {DSA-2482-1}
        - libgdata 0.10.2-1 (bug #664032)
        NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
 CVE-2012-1176 [buffer overflow in python-pyfribidi]
@@ -4544,7 +4541,7 @@
        NOT-FOR-US: GForge Advanced Server
 CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        NOT-FOR-US: Taxonomy module for Drupal
-CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in the shirt module in 
...)
+CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: shirt module in OSCommerce
 CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray 
0.9.9.6 ...)
        NOT-FOR-US: Flyspray
@@ -13763,7 +13760,7 @@
 CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE 
Resource ...)
        - torque 2.4.15+dfsg-1
        [squeeze] - torque <no-dsa> (Not fixable, would need an update to a 
release with MUNGE support, clusters typically run in locked down environments)
-CVE-2011-2906 (Integer signedness error in the pmcraid_ioctl_passthrough 
function in ...)
+CVE-2011-2906 (** DISPUTED ** Integer signedness error in the ...)
        NOT-FOR-US: ** REJECT **
 CVE-2011-2905
        RESERVED
@@ -14398,8 +14395,7 @@
 CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h 
in the ...)
        {DSA-2303-1}
        - linux-2.6 3.0.0-2
-CVE-2011-2722
-       RESERVED
+CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in 
HP ...)
        - hplip 3.11.10-1 (bug #635549; low)
        [squeeze] - hplip 3.10.6-2+squeeze0
        [lenny] - hplip <not-affected> (Vulnerable code not present)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19370 - data/CVE

Reply via email to