thr3ads.net - Secure testing commits - [Secure-testing-commits] r19845

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Jul-31 21:14 UTC
[Secure-testing-commits] r19845 - data/CVE

Author: joeyh
Date: 2012-07-31 21:14:20 +0000 (Tue, 31 Jul 2012)
New Revision: 19845

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-07-31 20:01:04 UTC (rev 19844)
+++ data/CVE/list	2012-07-31 21:14:20 UTC (rev 19845)
@@ -1,3 +1,7 @@
+CVE-2012-4070
+	RESERVED
+CVE-2012-4069
+	RESERVED
 CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix
...)
 	NOT-FOR-US: Citrix
 CVE-2012-4067
@@ -261,8 +265,8 @@
 	RESERVED
 CVE-2012-3952
 	RESERVED
-CVE-2012-3951
-	RESERVED
+CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL
...)
+	TODO: check
 CVE-2012-3950
 	RESERVED
 CVE-2012-3949
@@ -474,8 +478,8 @@
 	RESERVED
 CVE-2012-3849
 	RESERVED
-CVE-2012-3848
-	RESERVED
+CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web
console ...)
+	TODO: check
 CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before
1.8.13.1 and ...)
 	- asterisk <unfixed>
 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch
2012 ...)
@@ -1374,8 +1378,7 @@
 	RESERVED
 CVE-2012-3427
 	RESERVED
-CVE-2012-3426 [keystone token expiration issues]
-	RESERVED
+CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom
before ...)
 	- keystone 2012.1.1-1
 CVE-2012-3425 [libpng: Out-of heap-based buffer read by inflating certain PNG
images]
 	RESERVED
@@ -2335,12 +2338,12 @@
 	RESERVED
 CVE-2012-3019
 	RESERVED
-CVE-2012-3018
-	RESERVED
-CVE-2012-3017
-	RESERVED
-CVE-2012-3016
-	RESERVED
+CVE-2012-3018 (The lockout-recovery feature in the Security Configurator
component in ...)
+	TODO: check
+CVE-2012-3017 (Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow
remote ...)
+	TODO: check
+CVE-2012-3016 (Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before
6.0.3 ...)
+	TODO: check
 CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7
before ...)
 	TODO: check
 CVE-2012-3014
@@ -2449,8 +2452,7 @@
 	RESERVED
 CVE-2012-2963
 	RESERVED
-CVE-2012-2962
-	RESERVED
+CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer
...)
 	NOT-FOR-US: Dell SonicWALL Scrutinizer
 CVE-2012-2961 (SQL injection vulnerability in the management console in
Symantec Web ...)
 	NOT-FOR-US: Symantec Web Gateway
@@ -3200,8 +3202,8 @@
 	RESERVED
 CVE-2012-2648
 	RESERVED
-CVE-2012-2647
-	RESERVED
+CVE-2012-2647 (Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows
remote ...)
+	TODO: check
 CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile
Black ...)
 	TODO: check
 CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier
for ...)
@@ -3241,10 +3243,10 @@
 	RESERVED
 CVE-2012-2628
 	RESERVED
-CVE-2012-2627
-	RESERVED
-CVE-2012-2626
-	RESERVED
+CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka
Dell ...)
+	TODO: check
+CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka
Dell ...)
+	TODO: check
 CVE-2012-2625
 	RESERVED
 	- xen <unfixed> (low)
@@ -4442,8 +4444,8 @@
 	RESERVED
 CVE-2012-2164
 	RESERVED
-CVE-2012-2163
-	RESERVED
+CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1
...)
+	TODO: check
 CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS)
8.0 ...)
 	NOT-FOR-US: WebSphere
 CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in
IBM ...)
@@ -4973,12 +4975,10 @@
 	RESERVED
 CVE-2012-1970
 	RESERVED
-CVE-2012-1969
-	RESERVED
+CVE-2012-1969 (The get_attachment_link function in Template.pm in Bugzilla 2.x
and ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
-CVE-2012-1968
-	RESERVED
+CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2
uses ...)
 	- bugzilla <not-affected> (Only affects 4.1 to 4.3)
 CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
10.0.6, ...)
 	{DSA-2514-1 DSA-2513-1}
@@ -7279,10 +7279,12 @@
 	RESERVED
 CVE-2012-1015 [KDC frees uninitialized pointer]
 	RESERVED
+	{DSA-2518-1}
 	- krb5 1.10.1+dfsg-2 (bug #683429)
 	NOTE: http://seclists.org/bugtraq/2012/Jul/171
 CVE-2012-1014 [KDC dereferences uninitialized pointer]
 	RESERVED
+	{DSA-2518-1}
 	- krb5 <unfixed> (bug #683429)
 	NOTE: http://seclists.org/bugtraq/2012/Jul/171
 CVE-2012-1013 (The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in
...)
@@ -8037,8 +8039,8 @@
 	NOT-FOR-US: Adobe Flash Player
 CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before
...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2012-0723
-	RESERVED
+CVE-2012-0723 (The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25
SP-02, ...)
+	TODO: check
 CVE-2012-0722
 	RESERVED
 CVE-2012-0721
Secure testing commits - Jul 2012 - r19845 - data/CVE

[Secure-testing-commits] r19845 - data/CVE
