Author: joeyh
Date: 2013-01-02 21:14:24 +0000 (Wed, 02 Jan 2013)
New Revision: 20794
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-02 20:25:28 UTC (rev 20793)
+++ data/CVE/list 2013-01-02 21:14:24 UTC (rev 20794)
@@ -1,7 +1,107 @@
+CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for
WordPress ...)
+ TODO: check
+CVE-2013-0720
+ RESERVED
+CVE-2013-0719
+ RESERVED
+CVE-2013-0718
+ RESERVED
+CVE-2013-0717
+ RESERVED
+CVE-2013-0716
+ RESERVED
+CVE-2013-0715
+ RESERVED
+CVE-2013-0714
+ RESERVED
+CVE-2013-0713
+ RESERVED
+CVE-2013-0712
+ RESERVED
+CVE-2013-0711
+ RESERVED
+CVE-2013-0710
+ RESERVED
+CVE-2013-0709
+ RESERVED
+CVE-2013-0708
+ RESERVED
+CVE-2013-0707
+ RESERVED
+CVE-2013-0706
+ RESERVED
+CVE-2013-0705
+ RESERVED
+CVE-2013-0704
+ RESERVED
+CVE-2013-0703
+ RESERVED
+CVE-2013-0702
+ RESERVED
+CVE-2013-0701
+ RESERVED
+CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the
profile ...)
+ TODO: check
+CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address
field ...)
+ TODO: check
+CVE-2012-6470 (Opera before 12.12 does not properly allocate memory for GIF
images, ...)
+ TODO: check
+CVE-2012-6469 (Opera before 12.11 allows remote attackers to determine the
existence ...)
+ TODO: check
+CVE-2012-6468 (Heap-based buffer overflow in Opera before 12.11 allows remote
...)
+ TODO: check
+CVE-2012-6467 (Opera before 12.10 follows Internet shortcuts that are
referenced by a ...)
+ TODO: check
+CVE-2012-6466 (Opera before 12.10 does not properly handle incorrect size data
in a ...)
+ TODO: check
+CVE-2012-6465 (Opera before 12.10 allows remote attackers to execute arbitrary
code ...)
+ TODO: check
+CVE-2012-6464 (Cross-site scripting (XSS) vulnerability in Opera before 12.10
allows ...)
+ TODO: check
+CVE-2012-6463 (Cross-site scripting (XSS) vulnerability in Opera before 12.10
allows ...)
+ TODO: check
+CVE-2012-6462 (Opera before 12.10 does not properly implement the Cross-Origin
...)
+ TODO: check
+CVE-2012-6461 (The X.509 certificate-validation functionality in the https ...)
+ TODO: check
+CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote
attackers to ...)
+ TODO: check
+CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service
after ...)
+ TODO: check
+CVE-2012-6458
+ RESERVED
+CVE-2012-6457
+ RESERVED
+CVE-2012-6456
+ RESERVED
+CVE-2012-6455
+ RESERVED
+CVE-2012-6454
+ RESERVED
+CVE-2012-6452
+ RESERVED
+CVE-2012-6451
+ RESERVED
+CVE-2012-6450
+ RESERVED
+CVE-2012-6449
+ RESERVED
+CVE-2012-6448
+ RESERVED
+CVE-2012-6447
+ RESERVED
+CVE-2012-6446
+ RESERVED
+CVE-2012-6445
+ RESERVED
+CVE-2012-6444
+ RESERVED
+CVE-2012-6443
+ RESERVED
CVE-2012-XXXX [moodle amazon-s3-php-class insecure curl usage]
- moodle <unfixed>
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1
-CVE-2012-6453 [mediawiki-extensions rssreader injection]
+CVE-2012-6453 (Cross-site scripting (XSS) vulnerability in the RSS Reader
extension ...)
{DSA-2596-1}
- mediawiki-extensions 2.11 (bug #696179)
CVE-2012-6442
@@ -236,8 +336,7 @@
NOT-FOR-US: Carlo Gavazzi EOS-Box
CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box
with ...)
NOT-FOR-US: Carlo Gavazzi EOS-Box
-CVE-2012-6426 [lemonldap-ng: SAML messages signatures are not verified]
- RESERVED
+CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the
signature-verification ...)
- lemonldap-ng 1.2.2-3 (bug #696329)
[wheezy] - lemonldap-ng 1.1.2-5+deb7u1
[squeeze] - lemonldap-ng <not-affected> (SAML code not present)
@@ -649,8 +748,8 @@
RESERVED
CVE-2012-6372
RESERVED
-CVE-2012-6371
- RESERVED
+CVE-2012-6371 (The WPA2 implementation on the Belkin N900 F9K1104v1 router ...)
+ TODO: check
CVE-2012-6370
RESERVED
CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting
...)
@@ -713,20 +812,20 @@
RESERVED
CVE-2012-6340
RESERVED
-CVE-2012-6339
- RESERVED
+CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
CVE-2012-6338
RESERVED
-CVE-2012-6337
- RESERVED
-CVE-2012-6336
- RESERVED
-CVE-2012-6335
- RESERVED
-CVE-2012-6334
- RESERVED
-CVE-2011-5251
- RESERVED
+CVE-2012-6337 (The Track My Mobile feature in the SamsungDive subsystem for
Android ...)
+ TODO: check
+CVE-2012-6336 (The Missing Device feature in Lookout allows physically
proximate ...)
+ TODO: check
+CVE-2012-6335 (The Anti-theft service in AVG AntiVirus for Android allows
physically ...)
+ TODO: check
+CVE-2012-6334 (The Track My Mobile feature in the SamsungDive subsystem for
Android ...)
+ TODO: check
+CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin
4.1.3 and ...)
+ TODO: check
CVE-2012-6333 (Multiple HVM control operations in Xen 3.4 through 4.2 allow
local HVM ...)
TODO: check
CVE-2012-6332
@@ -1933,8 +2032,7 @@
CVE-2012-6085 [gnupg key import memory corruption]
RESERVED
- gnupg 1.4.12-7 (bug #697108)
-CVE-2012-6084 [charybdis and ircd-ratbox remote crash flaw]
- RESERVED
+CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2)
Charybdis ...)
- charybdis <unfixed> (bug #697092)
- ircd-ratbox <unfixed> (bug #697093)
NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
@@ -2966,8 +3064,8 @@
RESERVED
CVE-2012-5770
RESERVED
-CVE-2012-5769
- RESERVED
+CVE-2012-5769 (IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before
FP2 ...)
+ TODO: check
CVE-2012-5768
RESERVED
CVE-2012-5767
@@ -3307,8 +3405,7 @@
- squid 2.7.STABLE9-2
NOTE: squid-cgi was removed in 2.7.STABLE9-2
- squid3 <unfixed> (bug #696187)
-CVE-2012-5642 [fail2ban: input variable quoting flaw]
- RESERVED
+CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly
handle the ...)
- fail2ban 0.8.6-3wheezy1 (low; bug #696184)
[squeeze] - fail2ban <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2012/12/17/1
@@ -3520,8 +3617,7 @@
RESERVED
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows
remote ...)
NOT-FOR-US: Symfony
-CVE-2012-5573
- RESERVED
+CVE-2012-5573 (The connection_edge_process_relay_cell function in or/relay.c
in Tor ...)
- tor 0.2.3.25-1
CVE-2012-5572 [Dancer::Cookie: Cookie name CRLF injection]
RESERVED
@@ -4932,8 +5028,8 @@
NOT-FOR-US: Layton Helpbox
CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0
allow ...)
NOT-FOR-US: Layton Helpbox
-CVE-2012-4970
- RESERVED
+CVE-2012-4970 (Cross-site scripting (XSS) vulnerability in the web management
...)
+ TODO: check
CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social
Book ...)
NOT-FOR-US: Social Book Facebook Clone 2010
CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform
Validation ...)
@@ -5371,8 +5467,8 @@
RESERVED
CVE-2012-4793
RESERVED
-CVE-2012-4792
- RESERVED
+CVE-2012-4792 (Use-after-free vulnerability in Microsoft Internet Explorer 6
through ...)
+ TODO: check
CVE-2012-4791 (Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows
remote ...)
NOT-FOR-US: Microsoft Exchange Server
CVE-2012-4790
@@ -5800,8 +5896,8 @@
NOT-FOR-US: Rockwell
CVE-2012-4689
RESERVED
-CVE-2012-4688
- RESERVED
+CVE-2012-4688 (The Central application in i-GEN opLYNX before 2.01.9 allows
remote ...)
+ TODO: check
CVE-2012-4687 (Post Oak AWAM Bluetooth Reader Traffic System does not use a
...)
NOT-FOR-US: Post Oak
CVE-2012-4686 (SQL injection vulnerability in announcement.php in vBulletin
4.1.10 ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
