Author: jmm Date: 2012-07-06 06:10:55 +0000 (Fri, 06 Jul 2012) New Revision: 19671 Modified: data/CVE/list Log: new nginx issue (requested CVE ID) new asterisk issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-07-05 21:14:29 UTC (rev 19670) +++ data/CVE/list 2012-07-06 06:10:55 UTC (rev 19671) @@ -1,3 +1,6 @@ +CVE-2012-XXXX [naxsi: file disclosure in nx_extract] + - nginx 1.2.1-2 + [squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1) CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...) TODO: check CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...) @@ -35,9 +38,9 @@ CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...) TODO: check CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...) - TODO: check + - joomla <itp> (bug #571794) CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...) - TODO: check + - joomla <itp> (bug #571794) CVE-2012-3827 RESERVED CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...) @@ -83,8 +86,11 @@ NOT-FOR-US: Wordpress plugin CVE-2012-3813 RESERVED -CVE-2012-3812 +CVE-2012-XXXX [AST-2012-010: Possible resource leak on uncompleted re-invite transactions] + - asterisk <unfixed> +CVE-2012-3812 [AST-2012-011: Remote crash vulnerability in voice mail application] RESERVED + - asterisk <unfixed> CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...) TODO: check CVE-2012-3810