[Secure-testing-commits] r19700 - data/CVE

Joey Hess Mon, 09 Jul 2012 14:15:08 -0700

Author: joeyh
Date: 2012-07-09 21:14:56 +0000 (Mon, 09 Jul 2012)
New Revision: 19700


Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-07-09 20:49:32 UTC (rev 19699)
+++ data/CVE/list       2012-07-09 21:14:56 UTC (rev 19700)
@@ -1,4 +1,72 @@
-CVE-2012-3863 [asterisk: Possible resource leak on uncompleted re-invite 
transactions]
+CVE-2012-3882
+       RESERVED
+CVE-2012-3881
+       RESERVED
+CVE-2012-3880
+       RESERVED
+CVE-2012-3879
+       RESERVED
+CVE-2012-3878
+       RESERVED
+CVE-2012-3877
+       RESERVED
+CVE-2012-3876
+       RESERVED
+CVE-2012-3875
+       RESERVED
+CVE-2012-3874
+       RESERVED
+CVE-2012-3873
+       RESERVED
+CVE-2012-3872
+       RESERVED
+CVE-2012-3871
+       RESERVED
+CVE-2012-3870
+       RESERVED
+CVE-2012-3869
+       RESERVED
+CVE-2012-3868
+       RESERVED
+CVE-2012-3867
+       RESERVED
+CVE-2012-3866
+       RESERVED
+CVE-2012-3865
+       RESERVED
+CVE-2012-3864
+       RESERVED
+CVE-2012-3862
+       RESERVED
+CVE-2012-3861
+       RESERVED
+CVE-2012-3860
+       RESERVED
+CVE-2012-3859
+       RESERVED
+CVE-2012-3858
+       RESERVED
+CVE-2012-3857
+       RESERVED
+CVE-2012-3856
+       RESERVED
+CVE-2012-3855
+       RESERVED
+CVE-2012-3854
+       RESERVED
+CVE-2012-3853
+       RESERVED
+CVE-2012-3852
+       RESERVED
+CVE-2012-3851
+       RESERVED
+CVE-2012-3850
+       RESERVED
+CVE-2012-3849
+       RESERVED
+CVE-2012-3848
+       RESERVED
+CVE-2012-3863 (Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 
10.5.2, ...)
        - asterisk <unfixed>
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 
2012 ...)
        NOT-FOR-US: Windows utility
@@ -543,8 +611,8 @@
        NOTE: net-update is disabled by default on Debian
 CVE-2012-3586
        RESERVED
-CVE-2012-3585
-       RESERVED
+CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka 
JLS) ...)
+       TODO: check
 CVE-2012-3584
        RESERVED
 CVE-2012-3583
@@ -996,8 +1064,7 @@
        RESERVED
        - linux <unfixed>
        - linux-2.6 <removed>
-CVE-2012-3374 [Buffer overflow in markup.c in the MXit protocol plugin in 
libpurple in Pidgin before 2.10.5]
-       RESERVED
+CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in 
libpurple ...)
        {DSA-2509-1}
        - pidgin 2.10.6-1 (bug #680661)
        [squeeze] - pidgin 2.7.3-1+squeeze3
@@ -1005,8 +1072,7 @@
        NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
 CVE-2012-3373
        RESERVED
-CVE-2012-3372 [traffic interception vulnerability in Cyberoam DPI devices]
-       RESERVED
+CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM 
appliances ...)
        NOT-FOR-US: Cyberoam DPI devices
        NOTE: 
https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372
        NOTE: http://seclists.org/bugtraq/2012/Jul/20
@@ -2608,19 +2674,16 @@
        RESERVED
 CVE-2012-2645
        RESERVED
-CVE-2012-2644
-       RESERVED
+CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 
beta 4 ...)
        NOT-FOR-US: Movable Type MT4i plugin
-CVE-2012-2643
-       RESERVED
+CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD 
before ...)
        NOT-FOR-US: KENT-WEB YY-BOARD
-CVE-2012-2642
-       RESERVED
+CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 
beta 4 ...)
        NOT-FOR-US: Movable Type MT4i plugin
-CVE-2012-2641
-       RESERVED
-CVE-2012-2640
-       RESERVED
+CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before 
1.4.3 ...)
+       TODO: check
+CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier 
for ...)
+       TODO: check
 CVE-2012-2639
        REJECTED
        NOTE: Duplicate with CVE-2011-4940 
http://www.openwall.com/lists/oss-security/2012/06/26/3
@@ -3292,8 +3355,7 @@
 CVE-2012-2387
        RESERVED
        - devotee <itp> (bug #470995)
-CVE-2012-2386 [phar integer overfow]
-       RESERVED
+CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in 
the ...)
        {DSA-2492-1}
        - php5 5.4.4~rc1-1
 CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...)
@@ -3618,8 +3680,7 @@
        RESERVED
 CVE-2012-2282
        RESERVED
-CVE-2012-2281
-       RESERVED
+CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access 
...)
        NOT-FOR-US: RSA Access Manager
        NOTE: http://seclists.org/bugtraq/2012/Jul/36
 CVE-2012-2280
@@ -3929,8 +3990,7 @@
        - qpid-cpp 0.16-1 (bug #672124)
 CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) 
...)
        - horizon 2012.1-4 (bug #671604)
-CVE-2012-2143
-       RESERVED
+CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 
...)
        {DSA-2491-1}
        - postgresql-9.1 9.1.4-1
        - postgresql-8.4 8.4.12-1
@@ -4305,8 +4365,8 @@
        RESERVED
 CVE-2012-2019
        RESERVED
-CVE-2012-2018
-       RESERVED
+CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node 
Manager i ...)
+       TODO: check
 CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless 
e-All-in-One B110, ...)
        NOT-FOR-US: HP Photosmart Wireless e-All-in-One
 CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage 
(SMH) ...)
@@ -8323,8 +8383,8 @@
        RESERVED
 CVE-2012-0411
        RESERVED
-CVE-2012-0410
-       RESERVED
+CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell 
GroupWise ...)
+       TODO: check
 CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x 
before ...)
        NOT-FOR-US: EMC
 CVE-2012-0408
@@ -8554,14 +8614,14 @@
        RESERVED
 CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak 
permissions ...)
        NOT-FOR-US: Symantec LiveUpdate Administrator
-CVE-2012-0303
-       RESERVED
-CVE-2012-0302
-       RESERVED
-CVE-2012-0301
-       RESERVED
-CVE-2012-0300
-       RESERVED
+CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
...)
+       TODO: check
+CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control 
Center ...)
+       TODO: check
+CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in 
...)
+       TODO: check
+CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does 
not ...)
+       TODO: check
 CVE-2012-0299 (The file-management scripts in the management GUI in Symantec 
Web ...)
        NOT-FOR-US: Symantec Web Gateway
 CVE-2012-0298 (The file-management scripts in the management GUI in Symantec 
Web ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19700 - data/CVE

Reply via email to