Author: joeyh
Date: 2012-06-28 21:14:29 +0000 (Thu, 28 Jun 2012)
New Revision: 19623
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-06-28 21:03:45 UTC (rev 19622)
+++ data/CVE/list 2012-06-28 21:14:29 UTC (rev 19623)
@@ -1,5 +1,33 @@
-CVE-2012-3802 [SA-CONTRIB-2012-079 Post Affiliate Pro unspecified read of
commisions]
+CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial
of ...)
TODO: check
+CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14
and ...)
+ TODO: check
+CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the
Font ...)
+ TODO: check
+CVE-2012-3813
+ RESERVED
+CVE-2012-3812
+ RESERVED
+CVE-2012-3811
+ RESERVED
+CVE-2012-3810
+ RESERVED
+CVE-2012-3809
+ RESERVED
+CVE-2012-3808
+ RESERVED
+CVE-2012-3807
+ RESERVED
+CVE-2012-3806
+ RESERVED
+CVE-2012-3805
+ RESERVED
+CVE-2012-3804
+ RESERVED
+CVE-2012-3803
+ RESERVED
+CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module
for ...)
+ TODO: check
NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
CVE-2012-3801 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does
not ...)
TODO: check
@@ -877,6 +905,7 @@
RESERVED
CVE-2012-3366
RESERVED
+ {DSA-2503-1}
- bcfg2 <unfixed> (bug #679272)
CVE-2012-3365
RESERVED
@@ -1172,8 +1201,8 @@
RESERVED
CVE-2012-3232
RESERVED
-CVE-2012-3231
- RESERVED
+CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in
web at all ...)
+ TODO: check
CVE-2012-3230
RESERVED
CVE-2012-3229
@@ -2189,12 +2218,10 @@
RESERVED
CVE-2012-2744
RESERVED
-CVE-2012-2743 [Doesn''t iterate the passphrase through SHA algorithm to
... ]
- RESERVED
+CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA
hashing ...)
- revelation 0.4.11-10 (bug #633088)
NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
-CVE-2012-2742 [Limits effective password length to 32 characters]
- RESERVED
+CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32
characters of a ...)
- revelation 0.4.11-10 (bug #633088)
NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2741 [phplist before 2.10.18 XSS]
@@ -2260,8 +2287,8 @@
TODO: check
CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal
allows ...)
NOT-FOR-US: Drupal module
-CVE-2012-2717
- RESERVED
+CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the
Mobile ...)
+ TODO: check
CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment
...)
NOT-FOR-US: Drupal module
CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links
function ...)
@@ -2277,7 +2304,7 @@
CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module
6.x-1.x ...)
TODO: check
CVE-2012-2709
- REJECTED
+ RESERVED
NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
TODO: check
@@ -2861,8 +2888,7 @@
RESERVED
CVE-2012-2446
RESERVED
-CVE-2012-2451 [libconfig-inifiles-perl insecure temporary file creation]
- RESERVED
+CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates
temporary ...)
- libconfig-inifiles-perl 2.72-1 (bug #671255; low)
[squeeze] - libconfig-inifiles-perl <no-dsa> (Will be fixed in spu
upload)
NOTE:
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
@@ -3134,8 +3160,7 @@
CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644
...)
- hostapd <not-affected> (Debian package provides no default config
file)
- wpa <not-affected> (Debian package provides no default config file)
-CVE-2012-2388
- RESERVED
+CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote
...)
{DSA-2483-1}
- strongswan 4.5.2-1.4
CVE-2012-2387
@@ -4214,8 +4239,7 @@
RESERVED
CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider
...)
NOT-FOR-US: Schneider Electric Kerweb
-CVE-2012-1989
- RESERVED
+CVE-2012-1989 (telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise
(PE) ...)
- puppet 2.7.13-1
[squeeze] - puppet <not-affected> (Only affects 2.7.x)
CVE-2012-1988 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet
...)
@@ -8745,12 +8769,10 @@
RESERVED
- silverstripe <itp> (bug #528461)
NOTE: http://seclists.org/oss-sec/2012/q2/209
-CVE-2011-4957
- RESERVED
+CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in
WordPress ...)
{DSA-2470-1}
- wordpress 3.2.1+dfsg-1
-CVE-2011-4956
- RESERVED
+CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before
3.1.1 ...)
{DSA-2470-1}
- wordpress 3.2.1+dfsg-1
CVE-2011-4955
@@ -9274,7 +9296,7 @@
RESERVED
{DSA-2501-1}
- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
-CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows
Server 2008 ...)
+CVE-2012-0217 (The x86-64 kernel system-call functionality in Xen 4.1.2 and
earlier, ...)
{DSA-2501-1}
- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
- kfreebsd-8 8.3-4 (bug #677297)
@@ -16251,6 +16273,7 @@
- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
CVE-2011-2730
RESERVED
+ {DSA-2504-1}
- libspring-2.5-java <unfixed> (bug #677814)
CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component
1.0.3 ...)
- commons-daemon 1.0.7-1