Author: joeyh
Date: 2012-08-14 21:14:19 +0000 (Tue, 14 Aug 2012)
New Revision: 19951
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-08-14 19:58:23 UTC (rev 19950)
+++ data/CVE/list 2012-08-14 21:14:19 UTC (rev 19951)
@@ -1,3 +1,71 @@
+CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax
plugin ...)
+ TODO: check
+CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5
allows ...)
+ TODO: check
+CVE-2012-4281 (Multiple SQL injection vulnerabilities in Travelon Express 6.2.2
allow ...)
+ TODO: check
+CVE-2012-4280 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2012-4279 (Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6
allow ...)
+ TODO: check
+CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free
Realty ...)
+ TODO: check
+CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
+ TODO: check
+CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director
02-50-01 ...)
+ TODO: check
+CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT
Operations ...)
+ TODO: check
+CVE-2012-4274 (Unspecified vulnerability in Hitachi Cobol GUI Option 06-00,
06-01 ...)
+ TODO: check
+CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the
2 ...)
+ TODO: check
+CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2
Click ...)
+ TODO: check
+CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows
...)
+ TODO: check
+CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows
remote ...)
+ TODO: check
+CVE-2012-4268 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-4267 (Cross-site scripting (XSS) vulnerability in user/register in
Sockso ...)
+ TODO: check
+CVE-2012-4266 (Cross-site scripting (XSS) vulnerability in client_details.php
in ...)
+ TODO: check
+CVE-2012-4265 (SQL injection vulnerability in category_edit.php in Proman
Xpress ...)
+ TODO: check
+CVE-2012-4264 (Multiple cross-site scripting (XSS) vulnerabilities in the
Better WP ...)
+ TODO: check
+CVE-2012-4263 (Cross-site scripting (XSS) vulnerability in
inc/admin/content.php in ...)
+ TODO: check
+CVE-2012-4262 (Multiple cross-site scripting (XSS) vulnerabilities in myCare2x
allow ...)
+ TODO: check
+CVE-2012-4261 (SQL injection vulnerability in
modules/patient/mycare2x_pat_info.php ...)
+ TODO: check
+CVE-2012-4260 (Multiple SQL injection vulnerabilities in myCare2x allow remote
...)
+ TODO: check
+CVE-2012-4259 (Cross-site scripting (XSS) vulnerability in the contacts in (1)
XPhone ...)
+ TODO: check
+CVE-2012-4258 (Multiple SQL injection vulnerabilities in MYRE Real Estate
Software ...)
+ TODO: check
+CVE-2012-4257 (Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1
allows remote ...)
+ TODO: check
+CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote
...)
+ TODO: check
+CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper
1.24.4 ...)
+ TODO: check
+CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in
MySQLDumper ...)
+ TODO: check
+CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization
function ...)
+ TODO: check
CVE-2012-XXXX [phpMyAdmin PMASA-2012-4 xss]
- phpmyadmin 4:3.4.11.1-1
CVE-2012-XXXX
@@ -817,8 +885,8 @@
RESERVED
CVE-2012-3870
RESERVED
-CVE-2012-3869
- RESERVED
+CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND
9.9.x ...)
NOTE: https://kb.isc.org/article/AA-00730
- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
@@ -1731,16 +1799,19 @@
NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734
CVE-2012-3444 (The get_image_dimensions function in the image-handling
functionality ...)
+ {DSA-2529-1}
- python-django 1.4.1-1 (bug #683364)
NOTE:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3443 (The django.forms.ImageField class in the form system in Django
before ...)
+ {DSA-2529-1}
- python-django 1.4.1-1 (bug #683364)
NOTE:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) ...)
+ {DSA-2529-1}
- python-django 1.4.1-1 (bug #683364)
NOTE:
https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
@@ -1791,8 +1862,7 @@
RESERVED
CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom
before ...)
- keystone 2012.1.1-1
-CVE-2012-3425 [libpng: Out-of heap-based buffer read by inflating certain PNG
images]
- RESERVED
+CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x
before ...)
- libpng 1.2.49-1 (low; bug #668082)
[squeeze] - libpng <no-dsa> (Minor issue)
CVE-2012-3424 (The decode_credentials method in ...)
@@ -1810,8 +1880,7 @@
RESERVED
CVE-2012-3418
RESERVED
-CVE-2012-3417 [quota: odd use of tcp_wrappers in rquota]
- RESERVED
+CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux
DiskQuota ...)
- quota 4.00~pre1-1
NOTE: this is at least fixed in 4.00, I could not trace this back to an exact
version
CVE-2012-3416
@@ -1882,8 +1951,7 @@
RESERVED
CVE-2012-3402
RESERVED
-CVE-2012-3401 [tiff2pdf heap-based buffer overflow due to improper
initialization of T2P context struct pointer]
- RESERVED
+CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c)
in ...)
- tiff 4.0.2-2 (bug #682115)
- tiff3 3.9.6-7 (bug #682195)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577
@@ -2013,8 +2081,7 @@
NOTE:
http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
-CVE-2012-3367
- RESERVED
+CVE-2012-3367 (Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag
Certificate ...)
NOT-FOR-US: Red Hat Certificate System
CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote
attackers ...)
{DSA-2503-1}
@@ -3238,8 +3305,7 @@
{DSA-2521-1}
- libxml2 2.8.0+dfsg1-5 (bug #679280)
NOTE:
http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbebcd
-CVE-2012-2806 [libjpeg-turbo: Heap-based buffer overflow when decompressing
corrupt JPEG images]
- RESERVED
+CVE-2012-2806 (Heap-based buffer overflow in the get_sos function in jdmarker.c
in ...)
- libjpeg-turbo <itp> (bug #612341)
CVE-2012-2805
RESERVED
@@ -3599,8 +3665,7 @@
CVE-2012-2663
RESERVED
- iptables <unfixed> (unimportant; bug #675445)
-CVE-2012-2662
- RESERVED
+CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat
...)
NOT-FOR-US: Red Hat Certificate System
CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before
3.0.13, ...)
- rails <not-affected> (Doesn''t affects RoR in Squeeze)
@@ -4233,8 +4298,7 @@
- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge
...)
- typo3-src 4.3.9+dfsg1-1 (bug #607286)
-CVE-2010-5096 [MyBB multiple SQL injection vulnerabilities]
- RESERVED
+CVE-2010-5096 (** DISPUTED ** ...)
NOT-FOR-US: MyBB
CVE-2010-5095 [SilverStripe escaping exploit]
RESERVED
@@ -4368,17 +4432,16 @@
CVE-2012-2372
RESERVED
- linux <unfixed>
-CVE-2012-2371
- RESERVED
-CVE-2012-2370
- RESERVED
+CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the
...)
+ TODO: check
+CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function
in ...)
- gdk-pixbuf 2.26.1-1 (low)
CVE-2012-2369 (Format string vulnerability in the log_message_cb function in
...)
{DSA-2476-1}
- pidgin-otr 3.2.1-1 (medium; bug #673154)
NOTE: libotr not affected
-CVE-2012-2368
- RESERVED
+CVE-2012-2368 (Bytemark Symbiosis before Revision 1322 does not properly
validate ...)
+ TODO: check
CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before
2.1.6, ...)
- moodle 2.2.3.dfsg-1 (low; bug #674163)
CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x
before ...)
@@ -4486,20 +4549,17 @@
- openssl 1.0.1c-1 (bug #672452)
NOTE: http://seclists.org/oss-sec/2012/q2/299
NOTE: http://www.openssl.org/news/secadv_20120510.txt
-CVE-2012-2332 [SQL injection in serendipity before 1.7.1]
- RESERVED
+CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php
in ...)
- serendipity <unfixed> (bug #671937; medium)
NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
-CVE-2012-2331 [XSS in serendipity before 1.7.1]
- RESERVED
+CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in ...)
- serendipity <unfixed> (bug #671937; medium)
NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
-CVE-2012-2330 [node.js <0.6.17/0.7.8 HTTP server information disclosure]
- RESERVED
+CVE-2012-2330 (The Update method in src/node_http_parser.cc in Node.js before
0.6.17 ...)
- nodejs 0.6.17~dfsg1-1
NOTE:
http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
NOTE: https://github.com/joyent/node/commit/c9a231d
@@ -4510,23 +4570,20 @@
CVE-2012-2328
RESERVED
NOT-FOR-US: sblim
-CVE-2012-2327
- RESERVED
+CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers
to ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
-CVE-2012-2326
- RESERVED
+CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control
Panel ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
-CVE-2012-2325
- RESERVED
+CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation
feature in ...)
NOT-FOR-US: MyBB (aka MyBulletinBoard)
NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
-CVE-2012-2324
- RESERVED
+CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka
MyBulletinBoard) ...)
+ TODO: check
CVE-2012-2323
RESERVED
CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in
gdhcp/client.c ...)
@@ -4640,8 +4697,8 @@
NOT-FOR-US: EMC Documentum Information Rights Management
CVE-2012-2275
RESERVED
-CVE-2012-2274
- RESERVED
+CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in
pivotx/ajaxhelper.php in ...)
+ TODO: check
CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7
x64 ...)
NOT-FOR-US: Comodo Internet Security
CVE-2012-2272
@@ -5417,7 +5474,7 @@
CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2
uses ...)
- bugzilla <not-affected> (Only affects 4.1 to 4.3)
CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
10.0.6, ...)
- {DSA-2514-1 DSA-2513-1}
+ {DSA-2528-1 DSA-2514-1 DSA-2513-1}
- iceweasel 10.0.6esr-1
- icedove 10.0.6-1
- iceape 2.7.6-1
@@ -5466,7 +5523,7 @@
- icedove 10.0.6-1
- iceape 2.7.6-1
CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode
function in ...)
- {DSA-2514-1 DSA-2513-1}
+ {DSA-2528-1 DSA-2514-1 DSA-2513-1}
- iceweasel 10.0.6esr-1
- icedove 10.0.6-1
- iceape 2.7.6-1
@@ -5483,12 +5540,12 @@
- icedove 10.0.6-1
- iceape 2.7.6-1
CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through
13.0 ...)
- {DSA-2514-1}
+ {DSA-2528-1 DSA-2514-1}
- iceweasel 10.0.6esr-1
CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 13)
CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-2514-1 DSA-2513-1}
+ {DSA-2528-1 DSA-2514-1 DSA-2513-1}
- iceweasel 10.0.6esr-1
- icedove 10.0.6-1
- iceape 2.7.6-1
@@ -20628,8 +20685,7 @@
RESERVED
CVE-2009-5067
RESERVED
-CVE-2009-5066 [twiddle.sh accepting credentials as command-line arguments...]
- RESERVED
+CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts
credentials ...)
- jbossas4 <not-affected> (twiddle.sh is included in the source package,
but not in any of the binary packages)
CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in
Universal ...)
- feedparser 5.0.1-1 (low; bug #617998)
@@ -23761,11 +23817,9 @@
CVE-2011-0525
RESERVED
NOT-FOR-US: Batavi
-CVE-2011-0524
- RESERVED
+CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in
gypsy 0.8 ...)
- gypsy <itp> (bug #491723)
-CVE-2011-0523
- RESERVED
+CVE-2011-0523 (gypsy 0.8 does not properly restrict the files that can be read
while ...)
- gypsy <itp> (bug #491723)
CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c
in ...)
{DSA-2153-1}
@@ -57491,7 +57545,7 @@
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows
local ...)
{DSA-1657-1}
- qemu 0.9.1-6 (low; bug #496394)
-CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3,
invokes the ...)
+CVE-2008-4552 (The good_client function in nfs-utils 1.0.9, and possibly other
...)
- nfs-utils 1:1.1.3-1
[lenny] - nfs-utils 1:1.1.2-6lenny1
[etch] - nfs-utils <no-dsa> (Minor issue)