thr3ads.net - Secure testing commits - [Secure-testing-commits] r19014

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Apr-19 21:14 UTC
[Secure-testing-commits] r19014 - data/CVE

Author: joeyh
Date: 2012-04-19 21:14:33 +0000 (Thu, 19 Apr 2012)
New Revision: 19014

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-04-19 20:35:44 UTC (rev 19013)
+++ data/CVE/list	2012-04-19 21:14:33 UTC (rev 19014)
@@ -1,3 +1,25 @@
+CVE-2012-2275
+	RESERVED
+CVE-2012-2274
+	RESERVED
+CVE-2012-2273
+	RESERVED
+CVE-2012-2272
+	RESERVED
+CVE-2012-2271
+	RESERVED
+CVE-2012-2270
+	RESERVED
+CVE-2012-2269
+	RESERVED
+CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in
ICONICS ...)
+	TODO: check
+CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32
9.21 ...)
+	TODO: check
+CVE-2011-5087 (Unspecified vulnerability in AdAstrA TRACE MODE Data Center
allows ...)
+	TODO: check
+CVE-2011-5086 (https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC
before ...)
+	TODO: check
 CVE-2012-2268 (master.exe in the SNMP Master Agent in RealNetworks Helix Server
and ...)
 	NOT-FOR-US: RealNetworks Helix
 CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix Server
and ...)
@@ -334,6 +356,7 @@
 	RESERVED
 CVE-2012-2110 [ossl DER int conversion issues]
 	RESERVED
+	{DSA-2454-1}
 	- openssl 1.0.1a-1
 	NOTE: http://www.openssl.org/news/secadv_20120419.txt
 CVE-2012-2109
@@ -383,7 +406,7 @@
 	- horizon 2012.1-3
 CVE-2012-2093 [gajim insecure temporary file creation]
 	RESERVED
-	{DSA-2453-1}
+	{DSA-2453-2 DSA-2453-1}
 	- gajim <unfixed> (low; bug #668710)
 CVE-2012-2092
 	RESERVED
@@ -397,8 +420,7 @@
 	[squeeze] - simgear <no-dsa> (Minor issue)
 	- flightgear <unfixed> (low; bug #669025)
 	[squeeze] - flightgear <no-dsa> (Minor issue)
-CVE-2012-2089
-	RESERVED
+CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the
ngx_http_mp4_module ...)
 	- nginx 1.1.19-1
 	[squeeze] - nginx <not-affected> (Vulnerable code not present)
 CVE-2012-2088
@@ -407,11 +429,11 @@
 	RESERVED
 CVE-2012-2086 [gajim sql injection]
 	RESERVED
-	{DSA-2453-1}
+	{DSA-2453-2 DSA-2453-1}
 	- gajim 0.15-1 (low; bug #668038)
 CVE-2012-2085 [gajim code execution]
 	RESERVED
-	{DSA-2453-1}
+	{DSA-2453-2 DSA-2453-1}
 	- gajim 0.15-1 (medium; bug #668038)
 CVE-2012-2084
 	RESERVED
@@ -630,8 +652,8 @@
 	RESERVED
 CVE-2012-1994
 	RESERVED
-CVE-2012-1993
-	RESERVED
+CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
+	TODO: check
 CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php
in CMS ...)
 	NOT-FOR-US: CMD Made Simple
 CVE-2012-1991
@@ -672,8 +694,8 @@
 	RESERVED
 CVE-2012-1980
 	RESERVED
-CVE-2012-1979
-	RESERVED
+CVE-2012-1979 (Cross-site scripting (XSS) vulnerability in starnet/index.php in
...)
+	TODO: check
 CVE-2012-1978
 	RESERVED
 CVE-2012-1977
@@ -1041,14 +1063,14 @@
 	RESERVED
 CVE-2012-1803
 	RESERVED
-CVE-2012-1802
-	RESERVED
-CVE-2012-1801
-	RESERVED
-CVE-2012-1800
-	RESERVED
-CVE-2012-1799
-	RESERVED
+CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens
Scalance X ...)
+	TODO: check
+CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX
...)
+	TODO: check
+CVE-2012-1800 (Stack-based buffer overflow in the Profinet DCP protocol ...)
+	TODO: check
+CVE-2012-1799 (The web server on the Siemens Scalance S Security Module
firewall S602 ...)
+	TODO: check
 CVE-2012-1798
 	RESERVED
 	- imagemagick 8:6.7.4.0-4 (bug #667635)
@@ -1716,8 +1738,8 @@
 	RESERVED
 CVE-2012-1519
 	RESERVED
-CVE-2012-1518
-	RESERVED
+CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before
4.0.2, ...)
+	TODO: check
 CVE-2012-1517
 	RESERVED
 CVE-2012-1516
@@ -2440,8 +2462,7 @@
 CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache
HTTP ...)
 	{DSA-2436-1}
 	- libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814)
-CVE-2012-1180 [nginx fix for malformed HTTP responses from upstream servers]
-	RESERVED
+CVE-2012-1180 (Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x
before ...)
 	{DSA-2434-1}
 	- nginx 1.1.17-1 (bug #664137)
 	NOTE: http://seclists.org/oss-sec/2012/q1/644
@@ -2497,6 +2518,7 @@
 	[squeeze] - ldm <not-affected> (Introduced in 2.2)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340
 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL
...)
+	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low; bug #663642)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
 CVE-2012-1164 [openldap (slapd): Assertion failure by processing search
quer...]
@@ -3250,10 +3272,10 @@
 	- simplesamlphp 1.8.2-1
 	NOTE: http://code.google.com/p/simplesamlphp/issues/detail?id=468
 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and
PKCS #7 ...)
+	{DSA-2454-1}
 	- openssl 1.0.0h-1 (low)
 	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then
they will want to pick up change 22161 at the same time" --
http://www.openwall.com/lists/oss-security/2012/03/23/12
-CVE-2012-0883 [apache httpd insecure LD_LIBRARY_PATH]
-	RESERVED
+CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2
...)
 	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
 CVE-2012-0882
 	RESERVED
@@ -4850,8 +4872,8 @@
 	RESERVED
 CVE-2012-0279
 	RESERVED
-CVE-2012-0278
-	RESERVED
+CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0
for ...)
+	TODO: check
 CVE-2012-0277
 	RESERVED
 CVE-2012-0276
@@ -5305,8 +5327,8 @@
 	- quagga 0.99.20.1-1
 CVE-2012-0254
 	RESERVED
-CVE-2012-0253
-	RESERVED
+CVE-2012-0253 (Multiple cross-site scripting (XSS) vulnerabilities in Demand
Media ...)
+	TODO: check
 CVE-2012-0252
 	RESERVED
 CVE-2012-0251
@@ -5429,8 +5451,8 @@
 	NOT-FOR-US: Certec EDV atvise
 CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and
GRI40, ...)
 	NOT-FOR-US: Android devices
-CVE-2011-4871
-	RESERVED
+CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows
remote ...)
+	TODO: check
 CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2)
BatchObjSrv, and ...)
 	NOT-FOR-US: Invensys Wonderware
 CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not
properly ...)
@@ -5822,8 +5844,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2012-0136 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly
handle ...)
 	NOT-FOR-US: Microsoft
-CVE-2012-0135
-	RESERVED
+CVE-2012-0135 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
+	TODO: check
 CVE-2012-0134
 	RESERVED
 CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include
a ...)
@@ -13293,8 +13315,8 @@
 	- linux-2.6 2.6.39-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.38)
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.38)
-CVE-2011-2478
-	RESERVED
+CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry
in ...)
+	TODO: check
 CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in
chat/base/admin/login.php ...)
 	NOT-FOR-US: A Really Simple Chat
 CVE-2011-2469
Secure testing commits - Apr 2012 - r19014 - data/CVE

[Secure-testing-commits] r19014 - data/CVE
