Author: fgeek-guest
Date: 2012-05-09 14:57:27 +0000 (Wed, 09 May 2012)
New Revision: 19184
Modified:
data/CVE/list
Log:
Second part of SilverStripe updates.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-05-09 14:49:23 UTC (rev 19183)
+++ data/CVE/list 2012-05-09 14:57:27 UTC (rev 19184)
@@ -320,26 +320,39 @@
CVE-2010-5095 [SilverStripe escaping exploit]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5094 [SilverStripe unauthenticated remote removal of index.php under
certain conditions]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5093 [SilverStripe privilege escalation exploit]
RESERVED
- silverstripe <itp> (bug #528461)
-CVE-2010-5092
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5092 [SilverStripe fixed password encryption when saving members
through the "Add Member" dialog in the "Security" admin. The
saving process was disregarding password encyrption and saving them as
plaintext]
RESERVED
-CVE-2010-5091
+ - silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5091 [SilverStripe fixed a security issue where logged-in CMS authors
were allowed to rename files with harmful extensions]
RESERVED
-CVE-2010-5090
+ - silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5090 [SilverStripe fixed a security issue where users with access to
admin/security (but limited privileges) can take over a known administrator
account by changing its password]
RESERVED
+ - silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5089 [SilverStripe information disclosure]
RESERVED
- silverstripe <itp> (bug #528461)
-CVE-2010-5088
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
+CVE-2010-5088 [SilverStripe CSRF]
RESERVED
+ - silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5087 [SilverStripe CSRF protection bypassed when handling form action
requests through controller]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source
1.8.x ...)
- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
[squeeze] - asterisk <not-affected> (Vulnerable code not present)
@@ -5832,18 +5845,23 @@
CVE-2011-4962 [silverstripe: Potential remote code execution]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4961 [silverstripe: Privilege escalation]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4960 [silverstripe: SQL injection]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4959 [silverstripe: SQL injection]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4958 [silverstripe:XSS]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4957
RESERVED
- wordpress 3.2.1+dfsg-1
@@ -6254,12 +6272,15 @@
CVE-2010-5080 [SilverStripe HTTP referer leakage on Security/changepassword]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5079 [SilverStripe weak entropy in tokens for CSRF protection,
autologin, "forgot password" emails and password salts]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5078 [SilverStripe version number information disclosure]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5077 [quake3 reflective UDP denial of service]
RESERVED
{DSA-2442-1}
@@ -11893,12 +11914,15 @@
CVE-2010-4824 [SilverStripe SQL injection with Translatable extension enabled]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4823 [SilverStripe XSS in controller handling for missing actions]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4822 [SilverStripe SQL information disclosure in MySQLDatabase]
RESERVED
- silverstripe <itp> (bug #528461)
+ NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4821
RESERVED
NOT-FOR-US: phpMyFAQ