Author: joeyh
Date: 2012-08-13 21:14:18 +0000 (Mon, 13 Aug 2012)
New Revision: 19940
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-13 20:15:25 UTC (rev 19939)
+++ data/CVE/list 2012-08-13 21:14:18 UTC (rev 19940)
@@ -1,3 +1,13 @@
+CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on
the ...)
+ TODO: check
+CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict
access ...)
+ TODO: check
+CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-4245
+ RESERVED
CVE-2012-XXXX [fetchmail segfault in NTLM protocol exchange]
NOTE: CVE-identifier requested
http://www.openwall.com/lists/oss-security/2012/08/13/9
NOTE: http://www.fetchmail.info/fetchmail-SA-2012-02.txt
@@ -376,10 +386,10 @@
RESERVED
CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module
in the ...)
TODO: check
-CVE-2012-4070
- RESERVED
-CVE-2012-4069
- RESERVED
+CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in
Dir2web ...)
+ TODO: check
+CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root
with ...)
+ TODO: check
CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix
...)
NOT-FOR-US: Citrix
CVE-2012-4067
@@ -447,10 +457,10 @@
- transmission 2.52-3 (bug #683380)
CVE-2012-4036
RESERVED
-CVE-2012-4035
- RESERVED
-CVE-2012-4034
- RESERVED
+CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers
to ...)
+ TODO: check
+CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow
remote ...)
+ TODO: check
CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before
...)
NOT-FOR-US: Google Chrome OS
CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark
1.4.x ...)
@@ -638,10 +648,10 @@
{DSA-2519-2 DSA-2519-1 DSA-2516-1}
- isc-dhcp <unfixed>
NOTE: https://kb.isc.org/article/AA-00737
-CVE-2012-3953
- RESERVED
-CVE-2012-3952
- RESERVED
+CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList
before ...)
+ TODO: check
+CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in
phpList ...)
+ TODO: check
CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL
...)
NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3950
@@ -1628,24 +1638,24 @@
- rssh 2.3.3-5
CVE-2012-3477
RESERVED
-CVE-2012-3476
- RESERVED
-CVE-2012-3475
- RESERVED
-CVE-2012-3474
- RESERVED
-CVE-2012-3473
- RESERVED
-CVE-2012-3472
- RESERVED
-CVE-2012-3471
- RESERVED
-CVE-2012-3470
- RESERVED
-CVE-2012-3469
- RESERVED
-CVE-2012-3468
- RESERVED
+CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+ TODO: check
+CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain
calls ...)
+ TODO: check
+CVE-2012-3474 (The comments API in ...)
+ TODO: check
+CVE-2012-3473 (The (1) reports API and (2) administration feature in the
comments API ...)
+ TODO: check
+CVE-2012-3472 (The email API in
application/libraries/api/MY_Email_Api_Object.php in ...)
+ TODO: check
+CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in
(1) ...)
+ TODO: check
+CVE-2012-3470 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
+ TODO: check
+CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform
before ...)
+ TODO: check
CVE-2012-3467
RESERVED
- qpid-cpp 0.16-7 (bug #684456)
@@ -1676,8 +1686,7 @@
RESERVED
CVE-2012-3458
RESERVED
-CVE-2012-3457
- RESERVED
+CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions
for ...)
- pnp4nagios <unfixed> (low; bug #683879)
CVE-2012-3456
RESERVED
@@ -1694,6 +1703,7 @@
CVE-2012-3451
RESERVED
CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and
5.4.x ...)
+ {DSA-2527-1}
- php5 <unfixed> (bug #683694)
NOTE: http://seclists.org/bugtraq/2012/Jun/60
NOTE: https://bugs.php.net/bug.php?id=61755
@@ -2500,8 +2510,8 @@
NOT-FOR-US: Oracle Database Server
CVE-2012-3133
RESERVED
-CVE-2012-3132
- RESERVED
+CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3,
...)
+ TODO: check
CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11
allows ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows
remote ...)
@@ -2832,20 +2842,20 @@
RESERVED
CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote
attackers ...)
NOT-FOR-US: Synel terminal
-CVE-2012-2969
- RESERVED
-CVE-2012-2968
- RESERVED
-CVE-2012-2967
- RESERVED
-CVE-2012-2966
- RESERVED
-CVE-2012-2965
- RESERVED
-CVE-2012-2964
- RESERVED
-CVE-2012-2963
- RESERVED
+CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows
remote ...)
+ TODO: check
+CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as
distributed in ...)
+ TODO: check
+CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not
...)
+ TODO: check
+CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29,
overwrites ...)
+ TODO: check
+CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not
...)
+ TODO: check
+CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext
...)
+ TODO: check
+CVE-2012-2963 (The administrative interface in the embedded web server on the
...)
+ TODO: check
CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer
...)
NOT-FOR-US: Dell SonicWALL Scrutinizer
CVE-2012-2961 (SQL injection vulnerability in the management console in
Symantec Web ...)
@@ -3510,6 +3520,7 @@
CVE-2012-2689
RESERVED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function
in the ...)
+ {DSA-2527-1}
- php5 5.4.4-4 (low; bug #683274)
CVE-2012-2687 [apache mod_negotiation XSS]
RESERVED
@@ -3722,8 +3733,8 @@
NOT-FOR-US: Bradford Network Sentry
CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote
...)
NOT-FOR-US: CollabNet ScrumWorks Pro
-CVE-2012-2602
- RESERVED
+CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
CVE-2012-2601
RESERVED
CVE-2012-2600
@@ -3746,20 +3757,20 @@
RESERVED
CVE-2012-2591
RESERVED
-CVE-2012-2590
- RESERVED
+CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON
...)
+ TODO: check
CVE-2012-2589
RESERVED
CVE-2012-2588
RESERVED
-CVE-2012-2587
- RESERVED
+CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in
AfterLogic ...)
+ TODO: check
CVE-2012-2586
RESERVED
-CVE-2012-2585
- RESERVED
-CVE-2012-2584
- RESERVED
+CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in
ManageEngine ...)
+ TODO: check
+CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N
MDaemon ...)
+ TODO: check
CVE-2012-2583
RESERVED
CVE-2012-2582
@@ -3772,21 +3783,20 @@
RESERVED
CVE-2012-2578
RESERVED
-CVE-2012-2577
- RESERVED
+CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in
SolarWinds ...)
+ TODO: check
CVE-2012-2576
RESERVED
CVE-2012-2575
RESERVED
CVE-2012-2574 (SQL injection vulnerability in the management console in
Symantec Web ...)
NOT-FOR-US: Symantec Web Gateway
-CVE-2012-2573
- RESERVED
+CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah
WebMail ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2572
RESERVED
-CVE-2012-2571
- RESERVED
+CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in
WinWebMail ...)
+ TODO: check
CVE-2012-2570
RESERVED
CVE-2012-2569
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
