Author: jmm Date: 2012-08-31 08:00:30 +0000 (Fri, 31 Aug 2012) New Revision: 20061 Modified: data/CVE/list Log: new wireshark issue openttd CVE ID messup NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-30 22:44:59 UTC (rev 20060) +++ data/CVE/list 2012-08-31 08:00:30 UTC (rev 20061) @@ -2624,8 +2624,8 @@ NOTE: http://www.exploit-db.com/exploits/20226/ CVE-2012-3548 [wireshark DoS via DRDA dissector] RESERVED - - wireshark <unfixed> - TODO: check + - wireshark <unfixed> (unimportant; bug #686225) + NOTE: Doesn''t allow code injection CVE-2012-3547 RESERVED CVE-2012-3546 @@ -6723,7 +6723,7 @@ CVE-2012-1922 RESERVED CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: Sitecom CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows ...) NOT-FOR-US: AtMail CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client in ...) @@ -8139,7 +8139,7 @@ CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in main.php ...) NOT-FOR-US: Contao CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Elefant CMS CVE-2012-1295 RESERVED CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote ...) @@ -12341,7 +12341,7 @@ NOTE: http://vcs.openttd.org/svn/changeset/23764 NOTE: http://security.openttd.org/en/CVE-2012-0049 CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial ...) - TODO: check + TODO: contacted MITRE, seems like a typo CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket CVE-2012-0046 [mediawiki info leak]