thr3ads.net - Secure testing commits - [Secure-testing-commits] r19995

If this information is useful, please help other people find it:
Share via:
Joey Hess
2012-Aug-20 21:14 UTC
[Secure-testing-commits] r19995 - data/CVE

Author: joeyh
Date: 2012-08-20 21:14:21 +0000 (Mon, 20 Aug 2012)
New Revision: 19995

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-20 16:43:33 UTC (rev 19994)
+++ data/CVE/list	2012-08-20 21:14:21 UTC (rev 19995)
@@ -1,3 +1,19 @@
+CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite
SCADA ...)
+	TODO: check
+CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite
SCADA ...)
+	TODO: check
+CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before
2.07.17 ...)
+	TODO: check
+CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi
Winlog ...)
+	TODO: check
+CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before
2.07.18 and ...)
+	TODO: check
+CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before
2.07.17 and ...)
+	TODO: check
+CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi
Winlog ...)
+	TODO: check
+CVE-2012-4352
+	RESERVED
 CVE-2012-XXXX [geshi XSS in contrib/langwiz.php]
 	- geshi <unfixed> (bug #685323)
 	[squeeze] - geshi <no-dsa> (shipped as example/.gz)
@@ -753,10 +769,10 @@
 	RESERVED
 CVE-2012-4008
 	RESERVED
-CVE-2012-4007
-	RESERVED
-CVE-2012-4006
-	RESERVED
+CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote
attackers ...)
+	TODO: check
+CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando
application ...)
+	TODO: check
 CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android
does not ...)
 	NOT-FOR-US: NHN Japan NAVER LINE 
 CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile
...)
@@ -1171,7 +1187,7 @@
 	- packagekit <unfixed> (bug #678189)
 CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial
of ...)
 	NOT-FOR-US: WinRadius
-CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog 2.07.14
and ...)
+CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro
SCADA ...)
 	NOT-FOR-US: Sielco Sistemi Winlog
 CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the
Font ...)
 	NOT-FOR-US: Wordpress plugin
@@ -1795,10 +1811,12 @@
 CVE-2012-3509
 	RESERVED
 CVE-2012-3508 [SA50279: roundcube multiple XSS]
+	RESERVED
 	- roundcube <unfixed>
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/08/20/2
 	NOTE: http://trac.roundcube.net/ticket/1488613
 CVE-2012-3507 [SA50212: roundcube 0.8 XSS]
+	RESERVED
 	- roundcube <not-affected> (only affects rc versions of 0.8)
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/08/20/2
 	NOTE: http://trac.roundcube.net/ticket/1488519
@@ -1815,6 +1833,7 @@
 CVE-2012-3502
 	RESERVED
 CVE-2012-3501
+	RESERVED
 	- squidclamav <unfixed> (bug #685398)
 CVE-2012-3500
 	RESERVED
@@ -2126,6 +2145,7 @@
 	RESERVED
 	- gimp <unfixed> (bug #685397)
 CVE-2012-3402 [Gimp PSD plug-in Heap-buffer overflow by decoding certain PSD
headers]
+	RESERVED
 	- gimp 2.4.0~rc1-1
 	NOTE: Only affects 2.2 series
 CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c)
in ...)
@@ -2426,8 +2446,8 @@
 	RESERVED
 CVE-2012-3297
 	RESERVED
-CVE-2012-3296
-	RESERVED
+CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the
login ...)
+	TODO: check
 CVE-2012-3295
 	RESERVED
 CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Web ...)
@@ -5020,8 +5040,8 @@
 	RESERVED
 CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer
Edition ...)
 	NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
-CVE-2012-2205
-	RESERVED
+CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational
ClearQuest ...)
+	TODO: check
 CVE-2012-2204
 	RESERVED
 CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
IBM ...)
@@ -5092,18 +5112,18 @@
 	NOT-FOR-US: IBM System Storage DS Storage Manager
 CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application
Server 7.0 ...)
 	NOT-FOR-US: WebSphere
-CVE-2012-2169
-	RESERVED
-CVE-2012-2168
-	RESERVED
+CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload ...)
+	TODO: check
+CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before
8.0.0.3 ...)
+	TODO: check
 CVE-2012-2167
 	RESERVED
 CVE-2012-2166
 	RESERVED
-CVE-2012-2165
-	RESERVED
-CVE-2012-2164
-	RESERVED
+CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before
8.0.0.3, ...)
+	TODO: check
+CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7
and 8.x ...)
+	TODO: check
 CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1
...)
 	NOT-FOR-US: IBM Scale Out Network Attached Storage
 CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS)
8.0 ...)
@@ -8640,8 +8660,8 @@
 	RESERVED
 CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS
2.1.0.10 ...)
 	NOT-FOR-US: IBM AIX
-CVE-2012-0744
-	RESERVED
+CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through
8.0.0.3 ...)
+	TODO: check
 CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote
...)
 	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
Secure testing commits - Aug 2012 - r19995 - data/CVE

[Secure-testing-commits] r19995 - data/CVE
