diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-01-10 08:10:31 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-10 08:10:31 +0000 |
| commit | ec829131516433df332116a9f4700c41f4b6e98e (patch) | |
| tree | 3ccaf7cf6ed7c8e0f7f2377a07a4a283ecf24ceb /data/CVE/2012.list | |
| parent | 6aaf23a9227de452daceb1618d7fa61a14408fe0 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2012.list')
| -rw-r--r-- | data/CVE/2012.list | 71 |
1 files changed, 33 insertions, 38 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 83f2e42d52..fc437cc313 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2979,8 +2979,8 @@ CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows lo NOTE: https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4 CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...) NOT-FOR-US: Drupal chaos tool addon -CVE-2012-5558 - RESERVED +CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x ...) + TODO: check CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7. ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...) @@ -5587,8 +5587,7 @@ CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, whic [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799 -CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw] - RESERVED +CVE-2012-4434 (fwknop before 2.0.3 allow remote authenticated users to cause a denial ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop <not-affected> (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 @@ -7259,16 +7258,16 @@ CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Ope [squeeze] - asterisk <not-affected> (Vulnerable code not present) CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wall ...) NOT-FOR-US: Avaya IP Office Customer Call Reporter -CVE-2012-3810 - RESERVED -CVE-2012-3809 - RESERVED -CVE-2012-3808 - RESERVED -CVE-2012-3807 - RESERVED -CVE-2012-3806 - RESERVED +CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry modification. ...) + TODO: check +CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modifica ...) + TODO: check +CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. ...) + TODO: check +CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. ...) + TODO: check +CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer derefere ...) + TODO: check CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the getAllPasse ...) NOT-FOR-US: Kajona CVE-2012-3804 @@ -7976,8 +7975,7 @@ CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in C - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8. ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) -CVE-2012-3490 - RESERVED +CVE-2012-3490 (The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server compo ...) {DSA-2534-1} @@ -9301,8 +9299,8 @@ CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earl NOT-FOR-US: Jaow CVE-2012-2951 REJECTED -CVE-2012-2950 - RESERVED +CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local ...) + TODO: check CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device use ...) NOT-FOR-US: Android CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...) @@ -9348,8 +9346,8 @@ CVE-2012-2933 RESERVED CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) NOT-FOR-US: TinyWebGallery -CVE-2012-2931 - RESERVED +CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote authen ...) + TODO: check CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebG ...) NOT-FOR-US: TinyWebGallery CVE-2012-2929 @@ -9948,8 +9946,7 @@ CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6. NOT-FOR-US: Drupal module CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML mod ...) NOT-FOR-US: Drupal module -CVE-2012-2724 - RESERVED +CVE-2012-2724 (The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-a ...) NOT-FOR-US: Drupal module CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...) NOT-FOR-US: Drupal module @@ -9969,8 +9966,7 @@ CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment Mo NOT-FOR-US: Drupal module CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...) NOT-FOR-US: Drupal module -CVE-2012-2714 - RESERVED +CVE-2012-2714 (The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drup ...) NOT-FOR-US: Drupal module CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozi ...) NOT-FOR-US: Drupal module @@ -11149,8 +11145,8 @@ CVE-2012-2228 RESERVED CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...) NOT-FOR-US: PluXml -CVE-2012-2226 - RESERVED +CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize user-supplied inpu ...) + TODO: check CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: 360zip CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitra ...) @@ -11346,8 +11342,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9. - postgresql-8.4 8.4.12-1 - php5 5.3.3-1 NOTE: Uses the unaffected system libraries since 5.3.3 -CVE-2012-2142 [Insufficient sanitization of escape sequences in the error message] - RESERVED +CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote ...) - xpdf <not-affected> (uses poppler's Error.cc) - poppler 0.18.4-7 (unimportant; bug #487773) NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 @@ -11985,8 +11980,8 @@ CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before - atmailopen <removed> CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote a ...) - atmailopen <removed> -CVE-2012-1915 - RESERVED +CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_c ...) + TODO: check CVE-2012-1914 RESERVED CVE-2012-1913 @@ -13396,14 +13391,14 @@ CVE-2012-1263 CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi i ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 -CVE-2012-1261 - RESERVED -CVE-2012-1260 - RESERVED -CVE-2012-1259 - RESERVED -CVE-2012-1258 - RESERVED +CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusion ...) + TODO: check +CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in P ...) + TODO: check +CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International Scrutin ...) + TODO: check +CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & ...) + TODO: check CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...) - pidgin <unfixed> (unimportant) NOTE: Negligible local information disclosure |