Author: joeyh
Date: 2012-06-27 21:14:27 +0000 (Wed, 27 Jun 2012)
New Revision: 19616
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-06-27 20:47:02 UTC (rev 19615)
+++ data/CVE/list 2012-06-27 21:14:27 UTC (rev 19616)
@@ -1,3 +1,11 @@
+CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does
not ...)
+ TODO: check
+CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the
Organic ...)
+ TODO: check
+CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when
...)
+ TODO: check
CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe
in ...)
NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe
in ...)
@@ -1975,65 +1983,45 @@
RESERVED
CVE-2012-2835
RESERVED
-CVE-2012-2834
- RESERVED
+CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows
remote ...)
- chromium-browser <unfixed>
-CVE-2012-2833
- RESERVED
+CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in
Google ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2832
- RESERVED
+CVE-2012-2832 (The image-codec implementation in the PDF functionality in
Google ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2831
- RESERVED
+CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
- chromium-browser <unfixed>
-CVE-2012-2830
- RESERVED
+CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array
values, ...)
- chromium-browser <unfixed>
-CVE-2012-2829
- RESERVED
+CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets
(CSS) ...)
- chromium-browser <unfixed>
-CVE-2012-2828
- RESERVED
+CVE-2012-2828 (Multiple integer overflows in the PDF functionality in Google
Chrome ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2827
- RESERVED
+CVE-2012-2827 (Use-after-free vulnerability in the UI in Google Chrome before
...)
- chromium-browser <not-affected> (MacOS specific)
-CVE-2012-2826
- RESERVED
+CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement
texture ...)
- chromium-browser <unfixed>
-CVE-2012-2825
- RESERVED
+CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43
allows ...)
- libxslt <unfixed> (bug #679283)
-CVE-2012-2824
- RESERVED
+CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
- chromium-browser <unfixed>
-CVE-2012-2823
- RESERVED
+CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
- chromium-browser <unfixed>
-CVE-2012-2822
- RESERVED
+CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43
allows ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2821
- RESERVED
+CVE-2012-2821 (The autofill implementation in Google Chrome before
20.0.1132.43 does ...)
- chromium-browser <unfixed>
-CVE-2012-2820
- RESERVED
+CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement
SVG ...)
- chromium-browser <unfixed>
-CVE-2012-2819
- RESERVED
+CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in
Google ...)
- chromium-browser <unfixed>
-CVE-2012-2818
- RESERVED
+CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
- chromium-browser <unfixed>
-CVE-2012-2817
- RESERVED
+CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 ...)
- chromium-browser <unfixed>
-CVE-2012-2816
- RESERVED
+CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly
isolate ...)
- chromium-browser <unfixed>
-CVE-2012-2815
- RESERVED
+CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to
obtain ...)
- chromium-browser <unfixed>
CVE-2012-2814
RESERVED
@@ -2049,8 +2037,7 @@
RESERVED
CVE-2012-2808
RESERVED
-CVE-2012-2807
- RESERVED
+CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome
before ...)
- libxml2 <unfixed> (bug #679280)
NOTE:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbebcd
CVE-2012-2806
@@ -2137,8 +2124,7 @@
RESERVED
CVE-2012-2765
RESERVED
-CVE-2012-2764
- RESERVED
+CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before ...)
- chromium-browser <not-affected> (Windows specific)
CVE-2012-2763
RESERVED
@@ -2235,73 +2221,73 @@
CVE-2012-2733
RESERVED
CVE-2012-2732
- RESERVED
-CVE-2012-2731
- RESERVED
-CVE-2012-2730
- RESERVED
-CVE-2012-2729
- RESERVED
-CVE-2012-2728
- RESERVED
-CVE-2012-2727
- RESERVED
-CVE-2012-2726
- RESERVED
-CVE-2012-2725
- RESERVED
+ REJECTED
+CVE-2012-2731 (The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores
the ...)
+ TODO: check
+CVE-2012-2730 (The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal
does not ...)
+ TODO: check
+CVE-2012-2729 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2012-2728 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Node ...)
+ TODO: check
+CVE-2012-2727 (Open redirect vulnerability in the Janrain Capture module
6.x-1.0 and ...)
+ TODO: check
+CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module
6.x-1.x ...)
+ TODO: check
+CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring
HTML ...)
+ TODO: check
CVE-2012-2724
RESERVED
-CVE-2012-2723
- RESERVED
-CVE-2012-2722
- RESERVED
-CVE-2012-2721
- RESERVED
-CVE-2012-2720
- RESERVED
-CVE-2012-2719
- RESERVED
+CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module
7.x-1.x ...)
+ TODO: check
+CVE-2012-2722 (The node selection interface in the WYSIWYG editor (CKEditor)
in the ...)
+ TODO: check
+CVE-2012-2721 (The default views in the Organic Groups (OG) module 6.x-2.x
before ...)
+ TODO: check
+CVE-2012-2720 (The Token Authentication (tokenauth) module 6.x-1.x before
6.x-1.7 for ...)
+ TODO: check
+CVE-2012-2719 (The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when
accessed ...)
+ TODO: check
CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal
allows ...)
NOT-FOR-US: Drupal module
CVE-2012-2717
RESERVED
CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment
...)
NOT-FOR-US: Drupal module
-CVE-2012-2715
- RESERVED
+CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links
function ...)
+ TODO: check
CVE-2012-2714
RESERVED
-CVE-2012-2713
- RESERVED
-CVE-2012-2712
- RESERVED
-CVE-2012-2711
- RESERVED
-CVE-2012-2710
- RESERVED
+CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the
BrowserID ...)
+ TODO: check
+CVE-2012-2712 (Multiple cross-site scripting (XSS) vulnerabilities in the
Search API ...)
+ TODO: check
+CVE-2012-2711 (Multiple cross-site scripting (XSS) vulnerabilities in the
Taxonomy ...)
+ TODO: check
+CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module
6.x-1.x ...)
+ TODO: check
CVE-2012-2709
RESERVED
-CVE-2012-2708
- RESERVED
-CVE-2012-2707
- RESERVED
-CVE-2012-2706
- RESERVED
-CVE-2012-2705
- RESERVED
+CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal
does ...)
+ TODO: check
+CVE-2012-2706 (Cross-site scripting (XSS) vulnerability in the Post Affiliate
Pro ...)
+ TODO: check
+CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module
6.x-1.x ...)
+ TODO: check
CVE-2012-2704
RESERVED
-CVE-2012-2703
- RESERVED
-CVE-2012-2702
- RESERVED
+CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement
module ...)
+ TODO: check
+CVE-2012-2702 (The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for
Drupal ...)
+ TODO: check
CVE-2012-2701
- RESERVED
+ REJECTED
CVE-2012-2700
- RESERVED
+ REJECTED
CVE-2012-2699
- RESERVED
+ REJECTED
CVE-2012-2698 [mediawiki uselang XSS]
RESERVED
[squeeze] - mediawiki <not-affected> (bug #677895; only affects
experimental version 1.9.0)
@@ -2472,7 +2458,8 @@
RESERVED
CVE-2012-2640
RESERVED
-CVE-2012-2639 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
+CVE-2012-2639
+ REJECTED
NOTE: Duplicate with CVE-2011-4940
http://www.openwall.com/lists/oss-security/2012/06/26/3
CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in
SmallPICT ...)
NOT-FOR-US: SmallPICT
@@ -3653,8 +3640,8 @@
RESERVED
CVE-2012-2201
RESERVED
-CVE-2012-2200
- RESERVED
+CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1,
and VIOS ...)
+ TODO: check
CVE-2012-2199
RESERVED
CVE-2012-2198
@@ -3858,8 +3845,7 @@
CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the
Linux ...)
{DSA-2469-1}
- linux-2.6 3.2.16-1
-CVE-2012-2122 [mysql authentication bypass]
- RESERVED
+CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x
before ...)
{DSA-2496-1}
- mysql-5.1 <unfixed> (bug #677018)
- mysql-5.5 5.5.24+dfsg-1
@@ -8795,8 +8781,7 @@
CVE-2011-4941
RESERVED
NOT-FOR-US: piwik
-CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's list_directory()]
- RESERVED
+CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
- python2.7 2.7.2-8 (unimportant)
- python2.6 <unfixed> (unimportant; bug #664135)
- python2.5 <removed> (unimportant)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
