thr3ads.net - Secure testing commits - [Secure-testing-commits] r19370

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-May-29 21:14 UTC
[Secure-testing-commits] r19370 - data/CVE

Author: joeyh
Date: 2012-05-29 21:14:31 +0000 (Tue, 29 May 2012)
New Revision: 19370

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-29 18:40:59 UTC (rev 19369)
+++ data/CVE/list	2012-05-29 21:14:31 UTC (rev 19370)
@@ -1,20 +1,20 @@
-CVE-2012-2943
+CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in
Cryptographp ...)
 	NOT-FOR-US: Cryptographp
-CVE-2012-2942
+CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture ...)
 	NOTE: Reported as duplicate with CVE-2012-2391
http://seclists.org/oss-sec/2012/q2/417
-CVE-2012-2941
+CVE-2012-2941 (Cross-site scripting (XSS) vulnerability in search/ in
Yandex.Server ...)
 	NOT-FOR-US: Yandex.Server 2010 9.0 Enterprise
-CVE-2012-2940
+CVE-2012-2940 (MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause
a ...)
 	NOT-FOR-US: MediaChance Real-DRAW PRO
-CVE-2012-2939
+CVE-2012-2939 (Multiple unrestricted file upload vulnerabilities in Travelon
Express ...)
 	NOT-FOR-US: Travelon Express
-CVE-2012-2938
+CVE-2012-2938 (Multiple cross-site scripting (XSS) vulnerabilities in Travelon
...)
 	NOT-FOR-US: Travelon Express
-CVE-2012-2937
+CVE-2012-2937 (Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2
allow ...)
 	NOT-FOR-US: Pligg
-CVE-2012-2936
+CVE-2012-2936 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS
...)
 	NOT-FOR-US: Pligg
-CVE-2012-2935
+CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: OSCommerce Online Merchant
 CVE-2012-2934
 	RESERVED
@@ -587,7 +587,7 @@
 	RESERVED
 CVE-2012-2653
 	RESERVED
-	{DSA-2482-1 DSA-2481-1}
+	{DSA-2481-1}
 	- arpwatch <unfixed> (bug #674715)
 	NOTE: Debian build includes the vulnerable patch (in .diff.gz)
 CVE-2012-2652
@@ -763,8 +763,8 @@
 	RESERVED
 CVE-2012-2569
 	RESERVED
-CVE-2012-2568
-	RESERVED
+CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web
server on ...)
+	TODO: check
 CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android
uses ...)
 	NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2566
@@ -1031,11 +1031,9 @@
 	RESERVED
 CVE-2012-2437
 	RESERVED
-CVE-2012-2436
-	RESERVED
+CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS
...)
 	NOT-FOR-US: Pligg
-CVE-2012-2435
-	RESERVED
+CVE-2012-2435 (Directory traversal vulnerability in the captcha module in Pligg
CMS ...)
 	NOT-FOR-US: Pligg
 CVE-2012-2434
 	RESERVED
@@ -1047,14 +1045,14 @@
 	RESERVED
 CVE-2012-2430
 	RESERVED
-CVE-2012-2429
-	RESERVED
-CVE-2012-2428
-	RESERVED
-CVE-2012-2427
-	RESERVED
-CVE-2012-2426
-	RESERVED
+CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read
operation, ...)
+	TODO: check
+CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows
remote ...)
+	TODO: check
+CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1
allows ...)
+	TODO: check
+CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate
memory, ...)
+	TODO: check
 CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
 	NOT-FOR-US: Intuit
 CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable
Protocol) ...)
@@ -1717,8 +1715,8 @@
 	RESERVED
 CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry
1.5.5 ...)
 	NOT-FOR-US: PHP Gift Registry
-CVE-2012-2235
-	RESERVED
+CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident
Tracker ...)
+	TODO: check
 CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in
sources/users.queries.php ...)
 	NOT-FOR-US: TeamPass.net
 CVE-2012-2233
@@ -1848,8 +1846,8 @@
 	RESERVED
 CVE-2012-2177
 	RESERVED
-CVE-2012-2176
-	RESERVED
+CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX
control in ...)
+	TODO: check
 CVE-2012-2175
 	RESERVED
 CVE-2012-2174
@@ -2706,8 +2704,8 @@
 	RESERVED
 CVE-2012-1825
 	RESERVED
-CVE-2012-1824
-	RESERVED
+CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro
Client ...)
+	TODO: check
 CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2,
when ...)
 	{DSA-2465-1}
 	- php5 5.4.3-1
@@ -2775,8 +2773,7 @@
 	RESERVED
 CVE-2012-1793
 	RESERVED
-CVE-2012-1792
-	RESERVED
+CVE-2012-1792 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: OSCommerce Online Merchant
 CVE-2012-1791
 	RESERVED
@@ -3656,8 +3653,7 @@
 	RESERVED
 CVE-2012-1414
 	RESERVED
-CVE-2012-1413
-	RESERVED
+CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Zen Cart
 CVE-2012-1412
 	RESERVED
@@ -4171,6 +4167,7 @@
 	NOTE: http://pidgin.im/news/security/?id=61
 CVE-2012-1177 [libgdata did not verify SSL]
 	RESERVED
+	{DSA-2482-1}
 	- libgdata 0.10.2-1 (bug #664032)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
 CVE-2012-1176 [buffer overflow in python-pyfribidi]
@@ -4544,7 +4541,7 @@
 	NOT-FOR-US: GForge Advanced Server
 CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Taxonomy module for Drupal
-CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in the shirt module in
...)
+CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: shirt module in OSCommerce
 CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray
0.9.9.6 ...)
 	NOT-FOR-US: Flyspray
@@ -13763,7 +13760,7 @@
 CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
 	- torque 2.4.15+dfsg-1
 	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a
release with MUNGE support, clusters typically run in locked down environments)
-CVE-2011-2906 (Integer signedness error in the pmcraid_ioctl_passthrough
function in ...)
+CVE-2011-2906 (** DISPUTED ** Integer signedness error in the ...)
 	NOT-FOR-US: ** REJECT **
 CVE-2011-2905
 	RESERVED
@@ -14398,8 +14395,7 @@
 CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in
the ...)
 	{DSA-2303-1}
 	- linux-2.6 3.0.0-2
-CVE-2011-2722
-	RESERVED
+CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in
HP ...)
 	- hplip 3.11.10-1 (bug #635549; low)
 	[squeeze] - hplip 3.10.6-2+squeeze0
 	[lenny] - hplip <not-affected> (Vulnerable code not present)
Secure testing commits - May 2012 - r19370 - data/CVE

[Secure-testing-commits] r19370 - data/CVE
