Author: joeyh Date: 2012-07-10 21:14:35 +0000 (Tue, 10 Jul 2012) New Revision: 19707 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-07-10 16:08:48 UTC (rev 19706) +++ data/CVE/list 2012-07-10 21:14:35 UTC (rev 19707) @@ -1,3 +1,5 @@ +CVE-2012-3883 + RESERVED CVE-2012-3882 RESERVED CVE-2012-3881 @@ -42,8 +44,8 @@ RESERVED CVE-2012-3860 RESERVED -CVE-2012-3859 - RESERVED +CVE-2012-3859 (Unspecified vulnerability in the WebAdmin Portal in Netsweeper has ...) + TODO: check CVE-2012-3858 RESERVED CVE-2012-3857 @@ -66,7 +68,7 @@ RESERVED CVE-2012-3848 RESERVED -CVE-2012-3863 (Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, ...) +CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...) - asterisk <unfixed> CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...) NOT-FOR-US: Windows utility @@ -153,8 +155,7 @@ NOT-FOR-US: Wordpress plugin CVE-2012-3813 RESERVED -CVE-2012-3812 [AST-2012-011: Remote crash vulnerability in voice mail application] - RESERVED +CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...) - asterisk <unfixed> (bug #680470) CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...) NOT-FOR-US: Not in Debian @@ -1390,8 +1391,8 @@ RESERVED CVE-2012-3239 RESERVED -CVE-2012-3238 - RESERVED +CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore ...) + TODO: check CVE-2012-3237 RESERVED CVE-2012-3236 @@ -1932,8 +1933,8 @@ RESERVED CVE-2012-2971 RESERVED -CVE-2012-2970 - RESERVED +CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attackers ...) + TODO: check CVE-2012-2969 RESERVED CVE-2012-2968 @@ -3088,10 +3089,10 @@ NOT-FOR-US: VMware CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote ...) NOT-FOR-US: VMware -CVE-2012-2447 - RESERVED -CVE-2012-2446 - RESERVED +CVE-2012-2447 (Cross-site request forgery (CSRF) vulnerability in ...) + TODO: check +CVE-2012-2446 (Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in ...) + TODO: check CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary ...) - libconfig-inifiles-perl 2.72-1 (bug #671255; low) [squeeze] - libconfig-inifiles-perl <no-dsa> (Will be fixed in spu upload) @@ -4020,8 +4021,7 @@ CVE-2012-2139 RESERVED - ruby-mail 2.4.4-1 -CVE-2012-2138 [Apache Sling denial of service vulnerability] - RESERVED +CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...) NOT-FOR-US: Apache Sling NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2012-July/087554.html CVE-2012-2137 @@ -5608,8 +5608,8 @@ - libxml-atom-perl 0.39-1 (medium) CVE-2012-1494 RESERVED -CVE-2012-1493 - RESERVED +CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...) + TODO: check CVE-2012-1492 RESERVED CVE-2012-1491