Author: joeyh
Date: 2012-11-20 21:14:24 +0000 (Tue, 20 Nov 2012)
New Revision: 20521
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-20 15:36:45 UTC (rev 20520)
+++ data/CVE/list 2012-11-20 21:14:24 UTC (rev 20521)
@@ -1,3 +1,5 @@
+CVE-2012-5920 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit
(GWT) ...)
+ TODO: check
CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite
1.0.4 ...)
NOT-FOR-US: havalite
CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access
administrator ...)
@@ -463,8 +465,8 @@
NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows
remote ...)
NOT-FOR-US: Drupal addon not packaged in Debian
-CVE-2012-5703
- RESERVED
+CVE-2012-5703 (The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote
attackers ...)
+ TODO: check
CVE-2012-5702
RESERVED
CVE-2012-5701
@@ -523,8 +525,8 @@
RESERVED
CVE-2012-5675
RESERVED
-CVE-2012-5674
- RESERVED
+CVE-2012-5674 (Unspecified vulnerability in Adobe ColdFusion 10 before Update
5, when ...)
+ TODO: check
CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before
10.3.183.29 and ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows
remote ...)
@@ -862,8 +864,7 @@
CVE-2012-5530
RESERVED
- pcp <unfixed>
-CVE-2012-5529
- RESERVED
+CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is
enabled, ...)
- firebird2.5 <unfixed> (bug #693210)
CVE-2012-5528
RESERVED
@@ -895,8 +896,7 @@
CVE-2012-5520
RESERVED
NOT-FOR-US: OpenVAS Manager
-CVE-2012-5519 [Privilege escalation (lpadmin -> root) in cups]
- RESERVED
+CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as
Debian ...)
- cups <unfixed> (bug #692791)
NOTE: http://seclists.org/oss-sec/2012/q4/253
CVE-2012-5518
@@ -3499,8 +3499,7 @@
CVE-2012-4567 [multiple xss in 3.3.8]
RESERVED
- letodms 3.3.9+dfsg-1
-CVE-2012-4566
- RESERVED
+CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly
verify ...)
{DSA-2573-1}
- radsecproxy 1.6.2-1
CVE-2012-4565
@@ -3511,8 +3510,7 @@
{DSA-2575-1}
- tiff3 <not-affected> (The tiff-tools package is only built from the
tiff source package)
- tiff 4.0.2-5 (bug #692345)
-CVE-2012-4563
- RESERVED
+CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit
(GWT) ...)
- gwt <unfixed> (bug #691900)
[squeeze] - gwt <not-affected> (Vulnerable code not present)
CVE-2012-4562
@@ -3623,8 +3621,7 @@
CVE-2012-4524 [xlockmore bypass]
RESERVED
- xlockmore <removed> (low)
-CVE-2012-4523
- RESERVED
+CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates
when ...)
{DSA-2573-1}
- radsecproxy 1.6.2-1
CVE-2012-4522 [ruby Unintentional file creation caused by inserting a illegal
NUL character]
@@ -3666,8 +3663,7 @@
CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21
automatically ...)
- libsocialweb <unfixed> (low; bug #690675)
[wheezy] - libsocialweb <no-dsa> (Minor issue)
-CVE-2012-4510 [cups-pk-helper cupsGetFile/cupsPutFile]
- RESERVED
+CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1)
cupsGetFile ...)
{DSA-2562-1}
- cups-pk-helper 0.2.3-1
CVE-2012-4509
@@ -4092,8 +4088,8 @@
RESERVED
CVE-2012-4367
RESERVED
-CVE-2012-4366
- RESERVED
+CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model
...)
+ TODO: check
CVE-2012-4365
RESERVED
CVE-2012-4364
@@ -6667,8 +6663,7 @@
- rhythmbox 2.97-2.1 (bug #616673)
NOTE: Upstream bug report
https://bugzilla.gnome.org/show_bug.cgi?id=678661
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
-CVE-2012-3354 [Full path disclosure in DokuWiki]
- RESERVED
+CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when
certain ...)
- dokuwiki <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
CVE-2012-3353
@@ -8374,7 +8369,7 @@
CVE-2012-2616
RESERVED
CVE-2012-2615
- RESERVED
+ REJECTED
CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer
1.4.2 ...)
NOT-FOR-US: Lattice Diamond Programmer
CVE-2012-2613
@@ -8426,7 +8421,7 @@
CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON
...)
NOT-FOR-US: ESCON SupportPortal Professional Edition
CVE-2012-2589
- RESERVED
+ REJECTED
CVE-2012-2588
RESERVED
CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in
AfterLogic ...)
@@ -16076,8 +16071,7 @@
[squeeze] - xorg 1:7.5+8+squeeze1
[lenny] - xorg <no-dsa> (potential privilege handling weakness, no
known attack vector)
NOTE:
http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=commitdiff;h=e81b3943be75ca6674867fc7756905490e979522
-CVE-2011-4612
- RESERVED
+CVE-2011-4612 (icecast before 2.3.3 allows remote attackers to inject control
...)
- icecast2 2.3.3-1 (bug #652663)
[lenny] - icecast2 <no-dsa> (Minor issue)
[squeeze] - icecast2 <no-dsa> (Minor issue)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
