Author: joeyh
Date: 2012-11-19 21:14:21 +0000 (Mon, 19 Nov 2012)
New Revision: 20517
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-19 14:35:34 UTC (rev 20516)
+++ data/CVE/list 2012-11-19 21:14:21 UTC (rev 20517)
@@ -1,3 +1,75 @@
+CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite
1.0.4 ...)
+ TODO: check
+CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access
administrator ...)
+ TODO: check
+CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain
sensitive ...)
+ TODO: check
+CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers
to ...)
+ TODO: check
+CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the
sed_import ...)
+ TODO: check
+CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php
in the ...)
+ TODO: check
+CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0
allow ...)
+ TODO: check
+CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in
...)
+ TODO: check
+CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in
b2evolution ...)
+ TODO: check
+CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in
MyBB ...)
+ TODO: check
+CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart
1.2.0 ...)
+ TODO: check
+CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in
GreenBrowser ...)
+ TODO: check
+CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated
users to ...)
+ TODO: check
+CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows
remote ...)
+ TODO: check
+CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines
Forum ...)
+ TODO: check
+CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in
ptk/lib/modal_bookmark.php ...)
+ TODO: check
+CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under
the ...)
+ TODO: check
+CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop
0.9.2 allow ...)
+ TODO: check
+CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in
admin/action/objects.php ...)
+ TODO: check
+CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA
LandShop ...)
+ TODO: check
+CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classees in the ARDoc
ActiveX ...)
+ TODO: check
+CVE-2012-5896 (The Annotation Objects Extension ActiveX control in
AnnotateX.dll in ...)
+ TODO: check
+CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have
unknown ...)
+ TODO: check
+CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS
1.1.0 and ...)
+ TODO: check
+CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in
Havalite ...)
+ TODO: check
+CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information
under the ...)
+ TODO: check
+CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension
before ...)
+ TODO: check
+CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail
extension ...)
+ TODO: check
+CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features
...)
+ TODO: check
+CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ TODO: check
+CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ TODO: check
+CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest
Access ...)
+ TODO: check
+CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken
...)
+ TODO: check
CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla
4.3.2 ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
@@ -61,8 +133,8 @@
RESERVED
CVE-2012-5857
RESERVED
-CVE-2012-5856
- RESERVED
+CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka
...)
+ TODO: check
CVE-2012-5855
RESERVED
- vlc <unfixed> (unimportant)
@@ -77,8 +149,7 @@
RESERVED
CVE-2012-5849
RESERVED
-CVE-2012-5854
- RESERVED
+CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9
allows ...)
- weechat 0.3.9.1-1 (bug #693026)
[squeeze] - weechat <not-affected> (Vulnerable code not present)
CVE-2012-5848
@@ -123,7 +194,7 @@
RESERVED
CVE-2012-5828
RESERVED
-CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 allows remote attackers to conduct
...)
+CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote
...)
- joomla <itp> (bug #571794)
CVE-2012-5826
RESERVED
@@ -1662,8 +1733,8 @@
RESERVED
CVE-2012-5173
RESERVED
-CVE-2012-5172
- RESERVED
+CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android
allows ...)
+ TODO: check
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10
allows ...)
NOT-FOR-US: Be Graph's BeZIP
CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows
remote ...)
@@ -2150,14 +2221,14 @@
RESERVED
CVE-2012-4960
RESERVED
-CVE-2012-4959
- RESERVED
-CVE-2012-4958
- RESERVED
-CVE-2012-4957
- RESERVED
-CVE-2012-4956
- RESERVED
+CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell
File ...)
+ TODO: check
+CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell
File ...)
+ TODO: check
+CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell
File ...)
+ TODO: check
+CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File
Reporter ...)
+ TODO: check
CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage
Server ...)
NOT-FOR-US: Dell OpenManage SA
CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows
remote ...)
@@ -2168,38 +2239,38 @@
RESERVED
CVE-2012-4951 (Multiple SQL injection vulnerabilities in
terminal/paramedit.aspx in ...)
NOT-FOR-US: VeriFone VeriCentre Web Console
-CVE-2012-4950
- RESERVED
+CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search
page in ...)
+ TODO: check
CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote
...)
NOT-FOR-US: ESRI ArcGIS
CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances
uses ...)
NOT-FOR-US: Fortinet Fortigate UTM applianced
-CVE-2012-4947
- RESERVED
-CVE-2012-4946
- RESERVED
-CVE-2012-4945
- RESERVED
-CVE-2012-4944
- RESERVED
-CVE-2012-4943
- RESERVED
-CVE-2012-4942
- RESERVED
-CVE-2012-4941
- RESERVED
+CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store
...)
+ TODO: check
+CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use
an XOR ...)
+ TODO: check
+CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow
remote ...)
+ TODO: check
+CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile ...)
+ TODO: check
+CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Agile ...)
+ TODO: check
+CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile
...)
+ TODO: check
+CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander
and ...)
+ TODO: check
CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log
Files ...)
NOT-FOR-US: Axigen Free Mail Server
CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in
IPAMSummaryView.aspx in ...)
NOT-FOR-US: SolarWinds Orion Network Performance Monitor
-CVE-2012-4938
- RESERVED
-CVE-2012-4937
- RESERVED
-CVE-2012-4936
- RESERVED
-CVE-2012-4935
- RESERVED
+CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface
in ...)
+ TODO: check
+CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern
Insight ...)
+ TODO: check
+CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote
attackers to ...)
+ TODO: check
+CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web
interface ...)
+ TODO: check
CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is
enabled ...)
NOT-FOR-US: TomatoCart
CVE-2012-4933 (The rtrlet web application in the Web Console in Novell
ZENworks Asset ...)
@@ -3402,8 +3473,7 @@
NOT-FOR-US: Korenix Jetport 5600
CVE-2012-4576
RESERVED
-CVE-2012-4575
- RESERVED
+CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler
1.5.2 ...)
- pgbouncer 1.5.2-4
CVE-2012-4574
RESERVED
@@ -3467,8 +3537,7 @@
- drupal7 7.14-1.1 (bug #690817)
- drupal6 <not-affected> (according to upstream)
NOTE: http://drupal.org/node/1815912
-CVE-2012-4552
- RESERVED
+CVE-2012-4552 (Stack-based buffer overflow in the error function in
ssg/ssgParser.cxx ...)
- plib <unfixed>
CVE-2012-4551
RESERVED
@@ -3494,8 +3563,8 @@
RESERVED
CVE-2012-4542
RESERVED
-CVE-2012-4541
- RESERVED
+CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9
allows ...)
+ TODO: check
CVE-2012-4540 (Off-by-one error in the invoke function in ...)
- icedtea-web 1.3.1-1 (bug #692608)
NOTE: http://seclists.org/oss-sec/2012/q4/237
@@ -3517,8 +3586,7 @@
- xen <unfixed>
CVE-2012-4534
RESERVED
-CVE-2012-4533 [viewvc xxs via commit message]
- RESERVED
+CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the
"extra" details in the ...)
{DSA-2563-1}
- viewvc 1.1.5-1.4 (low; bug #691062)
CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...)
@@ -3562,8 +3630,7 @@
- ruby1.9.1 1.9.3.194-3 (bug #690670)
CVE-2012-4521 [rejected dupe assignment]
REJECTED
-CVE-2012-4520
- RESERVED
+CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x
before ...)
- python-django 1.4.2-1 (bug #691145)
CVE-2012-4519
RESERVED
@@ -3809,8 +3876,7 @@
[squeeze] - fwknop <not-affected> (Vulnerable code not present)
NOTE: http://seclists.org/oss-sec/2012/q3/509
NOTE:
http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22
-CVE-2012-4433 [gegl: Integer overflow, leading to heap-based buffer overflow
by parsing PPM image headers]
- RESERVED
+CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in
GEGL ...)
- gegl <unfixed> (bug #692435)
NOTE: http://seclists.org/oss-sec/2012/q4/215
CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and
0.7.x ...)
@@ -3844,8 +3910,7 @@
CVE-2012-4424 [alloca buffer overflow via strcoll]
RESERVED
- eglibc <unfixed> (low; bug #689423)
-CVE-2012-4423 [libvirt DoS]
- RESERVED
+CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before
0.10.2 ...)
- libvirt 0.9.12-5 (bug #687598)
[squeeze] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
@@ -3867,8 +3932,7 @@
NOTE:
https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
CVE-2012-4418 (Apache Axis2 allows remote attackers to forge messages and
bypass ...)
NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis
-CVE-2012-4417
- RESERVED
+CVE-2012-4417 (GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows
local ...)
- glusterfs <unfixed> (bug #693112)
CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
- openjdk-7 7u3-2.1.3-1 (bug #690774)
@@ -4319,8 +4383,7 @@
NOT-FOR-US: Joomla addon
CVE-2012-4234
RESERVED
-CVE-2012-4233
- RESERVED
+CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and
...)
{DSA-2570-1}
- libreoffice 1:3.5.4+dfsg-3 (low)
- openoffice.org 1:3.3.0-1 (low)
@@ -4340,8 +4403,7 @@
RESERVED
CVE-2012-4226
RESERVED
-CVE-2012-4225 [Security issue in NVIDIA UNIX device files to map and program
registers to redirect the VGA window]
- RESERVED
+CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32
allows ...)
- nvidia-graphics-drivers 304.37-1 (bug #684781)
- nvidia-graphics-drivers-legacy-173xx 173.14.35-3
[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2
@@ -6097,7 +6159,7 @@
NOTE: http://trac.roundcube.net/ticket/1488519
CVE-2012-3506 (Unspecified vulnerability in the Apache Open For Business
Project (aka ...)
NOT-FOR-US: OFBiz
-CVE-2012-3505 (tinyproxy before 1.8.3-3 allows remote attackers to cause a
denial of ...)
+CVE-2012-3505 (Tinyproxy 1.8.3 and earlier allows remote attackers to cause a
denial ...)
{DSA-2564-1}
- tinyproxy 1.8.3-3 (bug #685281)
NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
@@ -6290,7 +6352,7 @@
CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise
Linux ...)
- sudo <not-affected> (Red Hat-specific postinst script)
CVE-2012-3439
- RESERVED
+ REJECTED
- tomcat6 6.0.35-5+nmu1 (bug #692439)
- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in
GraphicsMagick ...)
@@ -8018,8 +8080,7 @@
NOT-FOR-US: Cumin
CVE-2012-2734 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Cumin ...)
NOT-FOR-US: Cumin
-CVE-2012-2733
- RESERVED
+CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in
the HTTP ...)
- tomcat6 6.0.35-5+nmu1 (bug #692439)
- tomcat7 7.0.28-1 (bug #692440)
CVE-2012-2732
@@ -22431,8 +22492,7 @@
- joomla <itp> (bug #571794)
CVE-2011-2487
RESERVED
-CVE-2011-2486
- RESERVED
+CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access
to ...)
- nspluginwrapper <unfixed> (bug #671846)
[squeeze] - nspluginwrapper <no-dsa> (Contrib not supported)
CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c
in ...)
@@ -24978,7 +25038,7 @@
NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
-CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
+CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX,
and ...)
{DSA-2388-1}
- t1lib 5.1.2-3.5
[lenny] - t1lib 5.1.2-3+lenny1
@@ -27377,7 +27437,7 @@
NOTE: https://github.com/erlang/otp/commit/f228601de45c5
CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four
Traceroute (LFT) ...)
NOT-FOR-US: pWhois Layer Four Traceroute
-CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
+CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX,
and ...)
{DSA-2388-1}
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
@@ -28312,8 +28372,7 @@
CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie
Control ...)
{DSA-2179-1}
- dtc 0.32.10-1
-CVE-2011-0433 [linetoken() buffer overflow]
- RESERVED
+CVE-2011-0433 (Heap-based buffer overflow in the linetoken function in
afmparse.c in ...)
{DSA-2388-1}
- evince 2.32.0-1 (bug #614668)
- vftool 2.0alpha-4.1 (low; bug #614669)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
