thr3ads.net - Secure testing commits - [Secure-testing-commits] r19958

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Aug-15 21:14 UTC
[Secure-testing-commits] r19958 - data/CVE

Author: joeyh
Date: 2012-08-15 21:14:18 +0000 (Wed, 15 Aug 2012)
New Revision: 19958

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-15 19:00:50 UTC (rev 19957)
+++ data/CVE/list	2012-08-15 21:14:18 UTC (rev 19958)
@@ -1,3 +1,109 @@
+CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2)
...)
+	TODO: check
+CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method
in the ...)
+	TODO: check
+CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote
attackers ...)
+	TODO: check
+CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o,
2.0.x ...)
+	TODO: check
+CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote
...)
+	TODO: check
+CVE-2012-4329 (The Samsung D6000 TV and possibly other products allow remote
...)
+	TODO: check
+CVE-2012-4328 (Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2
through ...)
+	TODO: check
+CVE-2012-4327 (Unspecified vulnerability in the Image News slider plugin before
3.3 ...)
+	TODO: check
+CVE-2012-4326 (Cross-site request forgery (CSRF) vulnerability in
commonsettings.php ...)
+	TODO: check
+CVE-2012-4325 (Cross-site request forgery (CSRF) vulnerability in
upload/users.php in ...)
+	TODO: check
+CVE-2012-4324 (Cross-site request forgery (CSRF) vulnerability in PHPJabbers
Vacation ...)
+	TODO: check
+CVE-2012-4323
+	RESERVED
+CVE-2012-4322
+	RESERVED
+CVE-2012-4321
+	RESERVED
+CVE-2012-4320
+	RESERVED
+CVE-2012-4319
+	RESERVED
+CVE-2012-4318
+	RESERVED
+CVE-2012-4317
+	RESERVED
+CVE-2012-4316
+	RESERVED
+CVE-2012-4315
+	RESERVED
+CVE-2012-4314
+	RESERVED
+CVE-2012-4313
+	RESERVED
+CVE-2012-4312
+	RESERVED
+CVE-2012-4311
+	RESERVED
+CVE-2012-4310
+	RESERVED
+CVE-2012-4309
+	RESERVED
+CVE-2012-4308
+	RESERVED
+CVE-2012-4307
+	RESERVED
+CVE-2012-4306
+	RESERVED
+CVE-2012-4305
+	RESERVED
+CVE-2012-4304
+	RESERVED
+CVE-2012-4303
+	RESERVED
+CVE-2012-4302
+	RESERVED
+CVE-2012-4301
+	RESERVED
+CVE-2012-4300
+	RESERVED
+CVE-2012-4299
+	RESERVED
+CVE-2012-4298
+	RESERVED
+CVE-2012-4297
+	RESERVED
+CVE-2012-4296
+	RESERVED
+CVE-2012-4295
+	RESERVED
+CVE-2012-4294
+	RESERVED
+CVE-2012-4293
+	RESERVED
+CVE-2012-4292
+	RESERVED
+CVE-2012-4291
+	RESERVED
+CVE-2012-4290
+	RESERVED
+CVE-2012-4289
+	RESERVED
+CVE-2012-4288
+	RESERVED
+CVE-2012-4287
+	RESERVED
+CVE-2012-4286
+	RESERVED
+CVE-2012-4285
+	RESERVED
+CVE-2012-4284
+	RESERVED
+CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the
ccNewsletter ...)
+	TODO: check
 CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax
plugin ...)
 	TODO: check
 CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5
allows ...)
@@ -251,38 +357,38 @@
 	RESERVED
 CVE-2012-4163
 	RESERVED
-CVE-2012-4162
-	RESERVED
-CVE-2012-4161
-	RESERVED
-CVE-2012-4160
-	RESERVED
-CVE-2012-4159
-	RESERVED
-CVE-2012-4158
-	RESERVED
-CVE-2012-4157
-	RESERVED
-CVE-2012-4156
-	RESERVED
-CVE-2012-4155
-	RESERVED
-CVE-2012-4154
-	RESERVED
-CVE-2012-4153
-	RESERVED
-CVE-2012-4152
-	RESERVED
-CVE-2012-4151
-	RESERVED
-CVE-2012-4150
-	RESERVED
-CVE-2012-4149
-	RESERVED
-CVE-2012-4148
-	RESERVED
-CVE-2012-4147
-	RESERVED
+CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
 CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in
Chef ...)
 	- chef 0.10.10-1
 CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in
Chef ...)
@@ -1709,6 +1815,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
 CVE-2012-3478
 	RESERVED
+	{DSA-2530-1}
 	- rssh 2.3.3-5
 CVE-2012-3477
 	RESERVED
@@ -3955,20 +4062,20 @@
 	RESERVED
 CVE-2012-2528
 	RESERVED
-CVE-2012-2527
-	RESERVED
-CVE-2012-2526
-	RESERVED
+CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows ...)
+	TODO: check
 CVE-2012-2525
 	RESERVED
-CVE-2012-2524
-	RESERVED
-CVE-2012-2523
-	RESERVED
-CVE-2012-2522
-	RESERVED
-CVE-2012-2521
-	RESERVED
+CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote
attackers ...)
+	TODO: check
+CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript
5.8, ...)
+	TODO: check
+CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+	TODO: check
+CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+	TODO: check
 CVE-2012-2520
 	RESERVED
 CVE-2012-2519
@@ -4631,8 +4738,7 @@
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node
Gallery ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2304 [Drupal SA-CONTRIB-2012-067 - Linkit - Access bypass]
-	RESERVED
+CVE-2012-2304 (The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using
an ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not
enforce ...)
 	NOT-FOR-US: Drupal addon not packaged
@@ -4641,14 +4747,11 @@
 CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution]
 	RESERVED
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2300 [Drupal SA-CONTRIB-2012-064 - Ubercart - XSS]
-	RESERVED
+CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the
Ubercart ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2299 [Drupal SA-CONTRIB-2012-064 - Ubercart - failure to encrypt data]
-	RESERVED
+CVE-2012-2299 (The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before
7.x-3.1 ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2298 [Drupal SA-CONTRIB-2012-063 - RealName - XSS]
-	RESERVED
+CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the
RealName ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2297 [Drupal SA-CONTRIB-2012-062 - Creative Commons - XSS]
 	RESERVED
@@ -4848,10 +4951,10 @@
 	NOTE: CVE id requested
 CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause
a ...)
 	NOT-FOR-US: Sony Bravia
-CVE-2012-2209
-	RESERVED
-CVE-2012-2208
-	RESERVED
+CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php
in ...)
+	TODO: check
+CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo
before ...)
+	TODO: check
 CVE-2012-2207
 	RESERVED
 CVE-2012-2206
@@ -4956,11 +5059,9 @@
 	RESERVED
 CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS
1.2.4 ...)
 	NOT-FOR-US: Plume CMS
-CVE-2012-2155 [Drupal SA-CONTRIB-2012-050 - CDN2 Video - CSRF]
-	RESERVED
+CVE-2012-2155 (Cross-site request forgery (CSRF) vulnerability in the CDN2
Video ...)
 	NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2154 [Drupal SA-CONTRIB-2012-050 - CDN2 Video - XSS]
-	RESERVED
+CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video
module 6.x ...)
 	NOT-FOR-US: Drupal addon not packaged
 CVE-2012-2153
 	RESERVED
@@ -4968,8 +5069,7 @@
 	{DSA-2498-1}
 	- dhcpcd 1:3.2.3-11 (bug #671265)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
-CVE-2012-2151 [multiple XSS]
-	RESERVED
+CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP
1.9.x ...)
 	{DSA-2461-1}
 	- spip 2.1.13-1 (low; bug #671264)
 CVE-2012-2150
@@ -5001,8 +5101,7 @@
 	NOTE: Uses the unaffected system libraries since 5.3.3
 CVE-2012-2142
 	RESERVED
-CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read
(snmpd crash)]
-	RESERVED
+CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in
...)
 	- net-snmp 5.4.3~dfsg-2.5 (bug #672492)
 	NOTE:  Red Hat patch:
https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
 CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to
execute ...)
@@ -5017,8 +5116,7 @@
 	- linux 3.2.20-1
 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the
Linux ...)
 	- linux 3.2.20-1
-CVE-2012-2135 [Python UTF-16 decoder crasher]
-	RESERVED
+CVE-2012-2135 (The utf-16 decoder in Python 3.1 through 3.3 does not update the
...)
 	- python3.1 <unfixed> (bug #670389)
 	- python3.2 3.2.3-1 (bug #670389)
 	- python3.3 <unfixed>
@@ -5159,10 +5257,10 @@
 CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms
in ...)
 	- libcommons-compress-java 1.4.1-1 (low; bug #674448)
 	[squeeze] - libcommons-compress-java <no-dsa> (Minor issue)
-CVE-2012-2097
-	RESERVED
-CVE-2012-2096
-	RESERVED
+CVE-2012-2097 (Cross-site request forgery (CSRF) vulnerability in the Autosave
module ...)
+	TODO: check
+CVE-2012-2096 (The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not
...)
+	TODO: check
 CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh
mechanism in ...)
 	- horizon 2012.1-3
 CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to
overwrite ...)
@@ -5201,14 +5299,11 @@
 CVE-2012-2083
 	RESERVED
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2082
-	RESERVED
+CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite
(aka ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2081
-	RESERVED
+CVE-2012-2081 (The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal
does ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2080
-	RESERVED
+CVE-2012-2080 (Cross-site request forgery (CSRF) vulnerability in the Node
Limit ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
 CVE-2012-2079
 	RESERVED
@@ -5216,29 +5311,21 @@
 CVE-2012-2078
 	RESERVED
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2077
-	RESERVED
+CVE-2012-2077 (Cross-site request forgery (CSRF) vulnerability in the ShareThis
...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2076
-	RESERVED
+CVE-2012-2076 (Cross-site scripting (XSS) vulnerability in the administration
forms ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2075
-	RESERVED
+CVE-2012-2075 (Cross-site scripting (XSS) vulnerability in the Contact Save
module ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2074
-	RESERVED
+CVE-2012-2074 (Unspecified vulnerability in certain default views in the
Ubercart ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2073
-	RESERVED
+CVE-2012-2073 (The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does
not ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2072
-	RESERVED
+CVE-2012-2072 (Cross-site scripting (XSS) vulnerability in the Share Buttons
...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2071
-	RESERVED
+CVE-2012-2071 (Cross-site scripting (XSS) vulnerability in the Contact Forms
module ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-2070
-	RESERVED
+CVE-2012-2070 (Cross-site scripting (XSS) vulnerability in the MultiBlock
module ...)
 	NOT-FOR-US: Drupal addon module not packaged in Debian
 CVE-2012-2069
 	RESERVED
@@ -5296,24 +5383,24 @@
 	NOT-FOR-US: F5 Firepass
 CVE-2012-2052
 	RESERVED
-CVE-2012-2051
-	RESERVED
-CVE-2012-2050
-	RESERVED
-CVE-2012-2049
-	RESERVED
+CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4
on ...)
+	TODO: check
+CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and
10.x ...)
+	TODO: check
+CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x
before ...)
+	TODO: check
 CVE-2012-2048
 	RESERVED
-CVE-2012-2047
-	RESERVED
-CVE-2012-2046
-	RESERVED
-CVE-2012-2045
-	RESERVED
-CVE-2012-2044
-	RESERVED
-CVE-2012-2043
-	RESERVED
+CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to
execute ...)
+	TODO: check
+CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to
execute ...)
+	TODO: check
 CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
 	NOT-FOR-US: Adobe Illustrator
 CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe
...)
@@ -5692,8 +5779,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...)
 	NOT-FOR-US: Microsoft XML Core Services
-CVE-2012-1888
-	RESERVED
+CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer
2010 SP1 ...)
+	TODO: check
 CVE-2012-1887
 	RESERVED
 CVE-2012-1886
@@ -5756,20 +5843,20 @@
 	NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync
 CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise
Portal ...)
 	NOT-FOR-US: Microsoft Dynamics AX
-CVE-2012-1856
-	RESERVED
+CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in
MSCOMCTL.OCX in ...)
+	TODO: check
 CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does
not ...)
 	NOT-FOR-US: Microsoft .NET Framework
 CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft
Office ...)
 	NOT-FOR-US: Microsoft Office
-CVE-2012-1853
-	RESERVED
-CVE-2012-1852
-	RESERVED
-CVE-2012-1851
-	RESERVED
-CVE-2012-1850
-	RESERVED
+CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration
Protocol ...)
+	TODO: check
+CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol
(RAP) ...)
+	TODO: check
+CVE-2012-1851 (Format string vulnerability in the Print Spooler service in
Microsoft ...)
+	TODO: check
+CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the
...)
+	TODO: check
 CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010
...)
 	NOT-FOR-US: Microsoft Lync, Attendee,, Attendant
 CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
@@ -5801,8 +5888,8 @@
 CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might
allow ...)
 	{DSA-2448-1}
 	- inspircd 2.0.5-0.1 (bug #667914)
-CVE-2012-1835
-	RESERVED
+CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the
All-in-One ...)
+	TODO: check
 CVE-2012-1834
 	RESERVED
 CVE-2012-1833
@@ -6545,8 +6632,8 @@
 	RESERVED
 CVE-2012-1536
 	RESERVED
-CVE-2012-1535
-	RESERVED
+CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before
11.3.300.271 on ...)
+	TODO: check
 CVE-2012-1534
 	RESERVED
 CVE-2012-1533
@@ -6563,10 +6650,10 @@
 	RESERVED
 CVE-2012-1527
 	RESERVED
-CVE-2012-1526
-	RESERVED
-CVE-2012-1525
-	RESERVED
+CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle
objects ...)
+	TODO: check
+CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x
before ...)
+	TODO: check
 CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects
in ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
Secure testing commits - Aug 2012 - r19958 - data/CVE

[Secure-testing-commits] r19958 - data/CVE
