Author: joeyh
Date: 2012-04-11 21:14:31 +0000 (Wed, 11 Apr 2012)
New Revision: 18923
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-04-11 20:21:29 UTC (rev 18922)
+++ data/CVE/list 2012-04-11 21:14:31 UTC (rev 18923)
@@ -1,4 +1,25 @@
+CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary
code via ...)
+ TODO: check
+CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute
...)
+ TODO: check
+CVE-2012-2223 (The xplat agent in Novell ZENworks Configuration Management
(ZCM) ...)
+ TODO: check
+CVE-2012-2222
+ RESERVED
+CVE-2012-2221
+ RESERVED
+CVE-2012-2220
+ RESERVED
+CVE-2012-2219
+ RESERVED
+CVE-2012-2218
+ RESERVED
+CVE-2012-2217
+ RESERVED
+CVE-2012-2216
+ RESERVED
CVE-2012-2095 [wicd command execution with root privileges]
+ RESERVED
- wicd <unfixed> (low; bug #668397)
NOTE: rated low as wicd is not a typical program in multi user environments
NOTE: CVE id requested
@@ -18,8 +39,8 @@
CVE-2012-XXXX [tiff electric fence crashes]
- tiff <unfixed> (low; bug #668087)
NOTE: CVE id requested
-CVE-2012-2210
- RESERVED
+CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause
a ...)
+ TODO: check
CVE-2012-2209
RESERVED
CVE-2012-2208
@@ -126,8 +147,8 @@
RESERVED
CVE-2012-2157
RESERVED
-CVE-2012-2156
- RESERVED
+CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS
1.2.4 ...)
+ TODO: check
CVE-2012-2155
RESERVED
CVE-2012-2154
@@ -492,8 +513,8 @@
RESERVED
CVE-2012-1993
RESERVED
-CVE-2012-1992
- RESERVED
+CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php
in CMS ...)
+ TODO: check
CVE-2012-1991
RESERVED
CVE-2012-1990
@@ -1165,10 +1186,10 @@
RESERVED
CVE-2012-1674
RESERVED
-CVE-2012-1673
- RESERVED
-CVE-2012-1672
- RESERVED
+CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing
allows ...)
+ TODO: check
+CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking
Portal 0.1 ...)
+ TODO: check
CVE-2012-1671
RESERVED
CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows
remote ...)
@@ -1381,19 +1402,15 @@
RESERVED
CVE-2012-1597
RESERVED
-CVE-2012-1596
- RESERVED
+CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
- wireshark 1.6.6-1 (unimportant; bug #666058)
NOTE: Not suitable for code injection
-CVE-2012-1595
- RESERVED
+CVE-2012-1595 (The pcap_process_pseudo_header function in wiretap/pcap-common.c
in ...)
- wireshark 1.6.6-1 (bug #666058)
-CVE-2012-1594
- RESERVED
+CVE-2012-1594 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector
in ...)
- wireshark 1.6.6-1 (unimportant; bug #666058)
NOTE: Not suitable for code injection
-CVE-2012-1593
- RESERVED
+CVE-2012-1593 (epan/dissectors/packet-ansi_a.c in the ANSI A dissector in
Wireshark ...)
- wireshark 1.6.6-1 (unimportant; bug #666058)
NOTE: Not suitable for code injection
CVE-2012-1592
@@ -1605,8 +1622,8 @@
RESERVED
CVE-2012-1500
RESERVED
-CVE-2012-1499
- RESERVED
+CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly
allocate ...)
+ TODO: check
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
NOT-FOR-US: Webfolio CMS
CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x
before ...)
@@ -2281,8 +2298,7 @@
RESERVED
- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
-CVE-2012-1182
- RESERVED
+CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before
...)
- samba <unfixed> (bug #668309)
CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache
HTTP ...)
{DSA-2436-1}
@@ -2741,8 +2757,8 @@
- glpi 0.80.7-1 (bug #659383; unimportant)
[squeeze] - glpi <not-affected> (Introduced in 0.78)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2012-1036
- RESERVED
+CVE-2012-1036 (Cross-site scripting (XSS) vulnerability in the telerik HTML
editor in ...)
+ TODO: check
CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash
values for ...)
NOT-FOR-US: AdaCore Ada Web Services
CVE-2011-5078 (The web administration interface in the server in Sybase
M-Business ...)
@@ -2755,8 +2771,8 @@
RESERVED
CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2,
in ...)
NOT-FOR-US: EPiServer CMS
-CVE-2012-1030
- RESERVED
+CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x
through ...)
+ TODO: check
CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube
Ace ...)
NOT-FOR-US: Tube Ace
CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in
...)
@@ -3412,14 +3428,14 @@
RESERVED
CVE-2012-0778
RESERVED
-CVE-2012-0777
- RESERVED
-CVE-2012-0776
- RESERVED
-CVE-2012-0775
- RESERVED
-CVE-2012-0774
- RESERVED
+CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1
and ...)
+ TODO: check
+CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before
10.1.3 ...)
+ TODO: check
+CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x
before ...)
+ TODO: check
+CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1
and 10.x ...)
+ TODO: check
CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and
11.x ...)
NOT-FOR-US: Adobe Flash Player
CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before ...)
@@ -5548,8 +5564,8 @@
RESERVED
CVE-2012-0178
RESERVED
-CVE-2012-0177
- RESERVED
+CVE-2012-0177 (Heap-based buffer overflow in the Office Works File Converter in
...)
+ TODO: check
CVE-2012-0176
RESERVED
CVE-2012-0175
@@ -5558,16 +5574,16 @@
RESERVED
CVE-2012-0173
RESERVED
-CVE-2012-0172
- RESERVED
-CVE-2012-0171
- RESERVED
-CVE-2012-0170
- RESERVED
-CVE-2012-0169
- RESERVED
-CVE-2012-0168
- RESERVED
+CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
+ TODO: check
+CVE-2012-0171 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+ TODO: check
+CVE-2012-0170 (Microsoft Internet Explorer 6 and 7 does not properly handle
objects ...)
+ TODO: check
+CVE-2012-0169 (Microsoft Internet Explorer 9 does not properly handle objects
in ...)
+ TODO: check
+CVE-2012-0168 (Microsoft Internet Explorer 6 through 9 allows user-assisted
remote ...)
+ TODO: check
CVE-2012-0167
RESERVED
CVE-2012-0166
@@ -5576,8 +5592,8 @@
RESERVED
CVE-2012-0164
RESERVED
-CVE-2012-0163
- RESERVED
+CVE-2012-0163 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1,
4, and ...)
+ TODO: check
CVE-2012-0162
RESERVED
CVE-2012-0161
@@ -5586,8 +5602,8 @@
RESERVED
CVE-2012-0159
RESERVED
-CVE-2012-0158
- RESERVED
+CVE-2012-0158 (The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2
...)
+ TODO: check
CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008
SP2, ...)
@@ -5600,18 +5616,18 @@
RESERVED
CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows
Server ...)
NOT-FOR-US: Microsoft Windows
-CVE-2012-0151
- RESERVED
+CVE-2012-0151 (The Authenticode Signature Verification function in Microsoft
Windows ...)
+ TODO: check
CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2,
Windows ...)
NOT-FOR-US: Microsoft
CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows
Server ...)
NOT-FOR-US: Microsoft
CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP
SP2, ...)
NOT-FOR-US: Microsoft
-CVE-2012-0147
- RESERVED
-CVE-2012-0146
- RESERVED
+CVE-2012-0147 (Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and
SP1 ...)
+ TODO: check
+CVE-2012-0146 (Open redirect vulnerability in Microsoft Forefront Unified
Access ...)
+ TODO: check
CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in
...)
NOT-FOR-US: Microsoft
CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in
Microsoft ...)
@@ -6036,19 +6052,16 @@
NOT-FOR-US: spamdyke not in Debian
CVE-2012-0069 (SQL injection vulnerability in ajax.php in Batavi before 1.2.1
allows ...)
NOT-FOR-US: batavi not in Debian
-CVE-2012-0068 [heap-buffer underflow when parsing LANalyzer packet]
- RESERVED
+CVE-2012-0068 (The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark
1.4.x ...)
{DSA-2395-1}
- wireshark 1.6.5-1
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
-CVE-2012-0067 [DoS due to integer overflow in IPTrace capture format]
- RESERVED
+CVE-2012-0067 (wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x
before ...)
{DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
-CVE-2012-0066 [DoS via large buffer allocation request]
- RESERVED
+CVE-2012-0066 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows
remote ...)
{DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
@@ -6137,17 +6150,14 @@
RESERVED
- linux-2.6 3.1.5-1
[squeeze] - linux-2.6 2.6.32-40
-CVE-2012-0043 [wireshark RLC buffer overflow]
- RESERVED
+CVE-2012-0043 (Buffer overflow in the reassemble_message function in ...)
- wireshark 1.6.5-1
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
-CVE-2012-0042 [wireshark unspecified NULL derefs]
- RESERVED
+CVE-2012-0042 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not
properly ...)
{DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
-CVE-2012-0041 [typecast DoS]
- RESERVED
+CVE-2012-0041 (The dissect_packet function in epan/packet.c in Wireshark 1.4.x
before ...)
{DSA-2395-1}
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection