Author: joeyh
Date: 2012-03-20 21:14:29 +0000 (Tue, 20 Mar 2012)
New Revision: 18723
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-03-20 17:14:17 UTC (rev 18722)
+++ data/CVE/list 2012-03-20 21:14:29 UTC (rev 18723)
@@ -1,38 +1,50 @@
-CVE-2012-1790
+CVE-2012-1792
+ RESERVED
+CVE-2012-1791
+ RESERVED
+CVE-2012-1777
+ RESERVED
+CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media
player ...)
+ TODO: check
+CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before
2.0.1 ...)
+ TODO: check
+CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf
in ...)
+ TODO: check
+CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2
allows ...)
NOT-FOR-US: Webgrind
-CVE-2012-1789
+CVE-2012-1789 (Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8
1.7.3 ...)
NOT-FOR-US: Kongreg8
-CVE-2012-1788
+CVE-2012-1788 (Multiple cross-site scripting (XSS) vulnerabilities in
wonderdesk.cgi ...)
NOT-FOR-US: WonderDesk SQL
-CVE-2012-1787
+CVE-2012-1787 (Multiple cross-site scripting (XSS) vulnerabilities in
wgarcmin.cgi in ...)
NOT-FOR-US: Webglimpse
-CVE-2012-1786
+CVE-2012-1786 (The Media Upload form in the Video Embed & Thumbnail
Generator plugin ...)
NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator
plugin for WordPress
-CVE-2012-1785
+CVE-2012-1785 (kg_callffmpeg.php in the Video Embed & Thumbnail
Generator plugin ...)
NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress
-CVE-2012-1784
+CVE-2012-1784 (SQL injection vulnerability in MyJobList 0.1.3 allows remote
attackers ...)
NOT-FOR-US: MyJobList
-CVE-2012-1783
+CVE-2012-1783 (Tiny Server 1.1.9 and earlier allows remote attackers to cause a
...)
NOT-FOR-US: Tiny Server
-CVE-2012-1782
+CVE-2012-1782 (Multiple cross-site scripting (XSS) vulnerabilities in
questions/ask ...)
NOT-FOR-US: OSQA
-CVE-2012-1781
+CVE-2012-1781 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: SocialCMS
-CVE-2012-1780
+CVE-2012-1780 (SQL injection vulnerability in search.php in SocialCMS 1.0.5
allows ...)
NOT-FOR-US: SocialCMS
-CVE-2012-1779
+CVE-2012-1779 (Cross-site scripting (XSS) vulnerability in IDevSpot ...)
NOT-FOR-US: IDevSpot idev-BusinessDirectory
-CVE-2012-1778
+CVE-2012-1778 (SQL injection vulnerability in artykul_print.php in CreateVision
CMS ...)
NOT-FOR-US: CreateVision CMS
-CVE-2011-5082
+CVE-2011-5082 (Cross-site scripting (XSS) vulnerability in the s2Member Pro
plugin ...)
NOT-FOR-US: s2Member Pro plugin for WordPress
-CVE-2010-5086
+CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in
Bitweaver ...)
NOT-FOR-US: Bitweaver
-CVE-2009-5114
+CVE-2009-5114 (Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse
2.18.7 ...)
NOT-FOR-US: WebGlimpse
-CVE-2009-5113
+CVE-2009-5113 (Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in
WebGlimpse ...)
NOT-FOR-US: WebGlimpse
-CVE-2009-5112
+CVE-2009-5112 (wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote
attackers ...)
NOT-FOR-US: WebGlimpse
CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM
Media ...)
NOT-FOR-US: Gretech GOM Media Player
@@ -455,18 +467,24 @@
CVE-2012-1568
RESERVED
CVE-2012-1567
+ RESERVED
NOT-FOR-US: LinuxMint
CVE-2012-1566
+ RESERVED
NOT-FOR-US: LinuxMint
CVE-2012-1565
+ RESERVED
NOT-FOR-US: eZ Publish
CVE-2012-1564
RESERVED
CVE-2012-1563
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-1562
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-1561
+ RESERVED
NOT-FOR-US: Drupal Finder
CVE-2012-1560
RESERVED
@@ -593,7 +611,7 @@
RESERVED
CVE-2012-1499
RESERVED
-CVE-2012-1498
+CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
NOT-FOR-US: Webfolio CMS
CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x
before ...)
TODO: check
@@ -661,11 +679,11 @@
RESERVED
CVE-2012-1467
RESERVED
-CVE-2012-1466
+CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before
4.6.1 ...)
NOT-FOR-US: NetMechanica NetDecision
-CVE-2012-1465
+CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica
...)
NOT-FOR-US: NetMechanica NetDecision
-CVE-2012-1464
+CVE-2012-1464 (Dashboard Server for NetMechanica NetDecision before 4.6.1
allows ...)
NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1463
RESERVED
@@ -999,7 +1017,7 @@
RESERVED
CVE-2012-1298
RESERVED
-CVE-2012-1297
+CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in
main.php ...)
NOT-FOR-US: Contao
CVE-2012-XXXX [CDF crasher bugs in file, found by CERT/CC BFF tool]
- file <unfixed> (low)
@@ -1128,7 +1146,7 @@
RESERVED
CVE-2012-1237
RESERVED
-CVE-2012-1236
+CVE-2012-1236 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Janetter ...)
NOT-FOR-US: Janetter
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in
Advantech/BroadWin ...)
NOT-FOR-US: Advantech/BroadWin WebAccess
@@ -1242,6 +1260,7 @@
CVE-2012-1188
RESERVED
CVE-2012-1187
+ RESERVED
NOT-FOR-US: bitlebee
CVE-2012-1186
RESERVED
@@ -1257,8 +1276,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1182
RESERVED
-CVE-2012-1181 [mod-fcgid does not respect configured FcgidMaxProcessesPerClass
in VirtualHost]
- RESERVED
+CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache
HTTP ...)
{DSA-2436-1}
- libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814)
CVE-2012-1180 [nginx fix for malformed HTTP responses from upstream servers]
@@ -1677,8 +1695,8 @@
RESERVED
CVE-2012-1040
RESERVED
-CVE-2012-1039
- RESERVED
+CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear
before ...)
+ TODO: check
CVE-2012-1038
RESERVED
CVE-2012-1037
@@ -2060,7 +2078,7 @@
RESERVED
CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex
Dolphin ...)
NOT-FOR-US: Boonex Dolphin
-CVE-2012-0872
+CVE-2012-0872 (Multiple cross-site scripting (XSS) vulnerabilities in OxWall
1.1.1 ...)
NOT-FOR-US: OxWall
CVE-2012-0871
RESERVED
@@ -2160,10 +2178,13 @@
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL
...)
TODO: check
CVE-2012-0837
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0836
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0835
+ RESERVED
NOT-FOR-US: Joomla!
CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php
in ...)
- phpldapadmin 1.2.2-1 (bug #658907)
@@ -2249,8 +2270,7 @@
- sudo 1.8.3p2-1 (bug #657985)
[squeeze] - sudo <not-affected> (Vulnerable code not present)
[lenny] - sudo <not-affected> (Vulnerable code not present)
-CVE-2012-0808 [Insecure temporary file in as31 assembler]
- RESERVED
+CVE-2012-0808 (as31 2.3.1-4 does not seed the random number generator and
generates ...)
- as31 2.3.1-5 (bug #655496)
[squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue.
Check comments in the bug report)
CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie
...)
@@ -3264,14 +3284,19 @@
CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom
...)
NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0403
+ RESERVED
NOT-FOR-US: EMC RSA enVision
CVE-2012-0402
+ RESERVED
NOT-FOR-US: EMC RSA enVision
CVE-2012-0401
+ RESERVED
NOT-FOR-US: EMC RSA enVision
CVE-2012-0400
+ RESERVED
NOT-FOR-US: EMC RSA enVision
CVE-2012-0399
+ RESERVED
NOT-FOR-US: EMC RSA enVision
CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate
session ...)
NOT-FOR-US: EMC Documentum eRoom
@@ -3426,7 +3451,7 @@
NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows
...)
NOT-FOR-US: Cisco Digital Media Manager
-CVE-2012-0328
+CVE-2012-0328 (Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to
obtain ...)
NOT-FOR-US: Janetter
CVE-2012-0327
RESERVED
@@ -3855,6 +3880,7 @@
CVE-2011-4942
RESERVED
CVE-2011-4941
+ RESERVED
NOT-FOR-US: piwik
CVE-2011-4940 [python: potential XSS in SimpleHTTPServer''s
list_directory()]
RESERVED
@@ -3870,6 +3896,7 @@
RESERVED
NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937
+ RESERVED
NOT-FOR-US: Joomla
CVE-2011-4936
RESERVED
@@ -5008,8 +5035,7 @@
CVE-2012-0055
RESERVED
NOT-FOR-US: overlayfs is not (yet) in the Debian kernel
-CVE-2012-0054
- RESERVED
+CVE-2012-0054 (libs/updater.py in GoLismero 0.6.3, and other versions before
Git ...)
NOT-FOR-US: golismero not in Debian
CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does
not ...)
{DSA-2405-1}
@@ -6014,6 +6040,7 @@
CVE-2011-4367
RESERVED
CVE-2011-4366
+ RESERVED
NOT-FOR-US: ** REJECT ** duplicate of CVE-2011-4090
CVE-2011-4365
RESERVED
@@ -6840,6 +6867,7 @@
CVE-2011-4119
RESERVED
CVE-2011-4117
+ RESERVED
NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116
RESERVED
@@ -6959,6 +6987,7 @@
REJECTED
NOTE: Will be rejected to avoid confusion
CVE-2011-4083
+ RESERVED
NOT-FOR-US: RedHat sos
CVE-2011-4082
RESERVED
@@ -9775,6 +9804,7 @@
CVE-2010-4822
RESERVED
CVE-2010-4821
+ RESERVED
NOT-FOR-US: phpMyFAQ
CVE-2010-4820 [ghostscript split from CVE-2010-2055]
RESERVED
@@ -21300,7 +21330,7 @@
CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does
not ...)
{DSA-2126-1}
- linux-2.6 2.6.32-28 (low)
-CVE-2010-3872 (The apr_status_t fcgid_header_bucket_read function in
fcgid_bucket.c ...)
+CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the
...)
{DSA-2140-1}
- libapache2-mod-fcgid 1:2.3.6-1 (bug #605484)
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
@@ -23602,6 +23632,7 @@
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090 [mailman, will be rejected]
+ RESERVED
NOT-FOR-US: ** REJECT ** mailman
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU
Mailman ...)
{DSA-2170-1}