thr3ads.net - Secure testing commits - [Secure-testing-commits] r19813

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jul-27 21:14 UTC
[Secure-testing-commits] r19813 - data/CVE

Author: joeyh
Date: 2012-07-27 21:14:22 +0000 (Fri, 27 Jul 2012)
New Revision: 19813

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-07-27 09:14:20 UTC (rev 19812)
+++ data/CVE/list	2012-07-27 21:14:22 UTC (rev 19813)
@@ -1,3 +1,17 @@
+CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix
...)
+	TODO: check
+CVE-2012-4067
+	RESERVED
+CVE-2012-4066
+	RESERVED
+CVE-2012-4065
+	RESERVED
+CVE-2012-4064
+	RESERVED
+CVE-2012-4063
+	RESERVED
+CVE-2012-4062
+	RESERVED
 CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow
...)
 	TODO: check
 CVE-2012-4060 (Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3
allow ...)
@@ -34,8 +48,8 @@
 	TODO: check
 CVE-2012-4044
 	RESERVED
-CVE-2012-4043
-	RESERVED
+CVE-2012-4043 (Cross-site scripting (XSS) vulnerability in
global-protect/login.esp ...)
+	TODO: check
 CVE-2012-4042
 	RESERVED
 CVE-2012-4041
@@ -368,16 +382,16 @@
 	NOT-FOR-US: Winamp
 CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers
to ...)
 	NOT-FOR-US: Winamp
-CVE-2012-3888
-	RESERVED
-CVE-2012-3887
-	RESERVED
-CVE-2012-3886
-	RESERVED
-CVE-2012-3885
-	RESERVED
-CVE-2012-3884
-	RESERVED
+CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote
...)
+	TODO: check
+CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for
data ...)
+	TODO: check
+CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the
...)
+	TODO: check
+CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a
four-character ...)
+	TODO: check
+CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct
...)
+	TODO: check
 CVE-2012-3883
 	RESERVED
 CVE-2012-3882
@@ -777,8 +791,8 @@
 	RESERVED
 CVE-2012-3699
 	RESERVED
-CVE-2012-3698
-	RESERVED
+CVE-2012-3698 (Apple Xcode before 4.4 does not properly compose a designated
...)
+	TODO: check
 CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file:
URLs, ...)
 	TODO: check
 CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before
6.0 ...)
@@ -2365,9 +2379,9 @@
 	RESERVED
 CVE-2012-2979
 	RESERVED
-CVE-2012-2978
-	RESERVED
+CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and
3.2.x ...)
 	{DSA-2515-1}
+	TODO: check
 CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
@@ -4305,8 +4319,8 @@
 	RESERVED
 CVE-2012-2203
 	RESERVED
-CVE-2012-2202
-	RESERVED
+CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM
Lotus ...)
+	TODO: check
 CVE-2012-2201
 	RESERVED
 CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1,
and VIOS ...)
@@ -9416,8 +9430,8 @@
 CVE-2011-4964
 	REJECTED
 	NOTE: Rejected CVE-identifier. Please use CVE-2012-2667
-CVE-2011-4963
-	RESERVED
+CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows
remote ...)
+	TODO: check
 CVE-2011-4962 [silverstripe: Potential remote code execution]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
@@ -15433,8 +15447,8 @@
 	NOT-FOR-US: Novell ZENworks Configuration Management
 CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell
ZENworks ...)
 	NOT-FOR-US: Novell ZENworks Configuration Management
-CVE-2011-3174
-	RESERVED
+CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the
ISGrid.Grid2.1 ...)
+	TODO: check
 CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in
...)
 	NOT-FOR-US: Novell Open Enterprise Server
 CVE-2011-3172
@@ -17133,10 +17147,10 @@
 	NOTE: This only affects the SUSE packaging.
 CVE-2011-2659
 	RESERVED
-CVE-2011-2658
-	RESERVED
-CVE-2011-2657
-	RESERVED
+CVE-2011-2658 (The ISList.ISAvi ActiveX control in AdminStudio in Novell
ZENworks ...)
+	TODO: check
+CVE-2011-2657 (Directory traversal vulnerability in the LaunchProcess function
in the ...)
+	TODO: check
 CVE-2011-2656 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks
Handheld ...)
 	NOT-FOR-US: Novell ZENworks
 CVE-2011-2655 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks
Handheld ...)
@@ -17534,13 +17548,11 @@
 	RESERVED
 	- x11-apps 7.7~1 (low)
 	[squeeze] - x11-apps <no-dsa> (Minor issue)
-CVE-2011-2503
-	RESERVED
+CVE-2011-2503 (The insert_module function in runtime/staprun/staprun_funcs.c in
the ...)
 	{DSA-2348-1}
 	- systemtap 1.6-1 (bug #635542)
 	[lenny] - systemtap <not-affected> (Signed modules not yet supported)
-CVE-2011-2502
-	RESERVED
+CVE-2011-2502 (runtime/staprun/staprun_funcs.c in the systemtap runtime tool
...)
 	- systemtap 1.6-1 (bug #635542)
 	[lenny] - systemtap <not-affected> (Affected option introduced in 1.4)
 	[squeeze] - systemtap <not-affected> (Affected option introduced in 1.4)
Secure testing commits - Jul 2012 - r19813 - data/CVE

[Secure-testing-commits] r19813 - data/CVE
