Author: joeyh
Date: 2012-06-13 21:14:52 +0000 (Wed, 13 Jun 2012)
New Revision: 19480
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-06-13 02:31:05 UTC (rev 19479)
+++ data/CVE/list 2012-06-13 21:14:52 UTC (rev 19480)
@@ -1,3 +1,5 @@
+CVE-2012-3346
+ RESERVED
CVE-2012-3345
RESERVED
CVE-2012-3344
@@ -2142,8 +2144,7 @@
CVE-2012-2391
RESERVED
- haproxy <unfixed> (bug #674447)
-CVE-2012-2390
- RESERVED
+CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2
allows ...)
- linux-2.6 3.2.19-1 (low)
CVE-2012-2389
RESERVED
@@ -2165,12 +2166,10 @@
- mosh 1.2.1-1 (bug #673871)
NOTE: https://github.com/keithw/mosh/issues/271
NOTE:
https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e
-CVE-2012-2384
- RESERVED
+CVE-2012-2384 (Integer overflow in the i915_gem_do_execbuffer function in ...)
- linux-2.6 3.2.17-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2012-2383
- RESERVED
+CVE-2012-2383 (Integer overflow in the i915_gem_execbuffer2 function in ...)
- linux-2.6 3.2.17-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2382
@@ -2189,8 +2188,7 @@
RESERVED
CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3
and ...)
- php5 <not-affected> (Windows-specific vulnerability)
-CVE-2012-2375
- RESERVED
+CVE-2012-2375 (The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the
NFSv4 ...)
- linux-2.6 3.2.19-1
CVE-2012-2374 (CRLF injection vulnerability in the ...)
- python-tornado 2.1.0-3 (low; bug #673987)
@@ -2403,8 +2401,7 @@
CVE-2012-2314 [anaconda: Weak permissions by writing password configuration
...]
RESERVED
NOT-FOR-US: The anaconda installer
-CVE-2012-2313 [more tight ioctl permissions in dl2k driver]
- RESERVED
+CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in
the ...)
- linux-2.6 3.2.19-1
CVE-2012-2312
RESERVED
@@ -3124,8 +3121,8 @@
RESERVED
CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
NOT-FOR-US: Adobe Illustrator
-CVE-2012-2041
- RESERVED
+CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe
...)
+ TODO: check
CVE-2012-2040 (Untrusted search path vulnerability in the installer in Adobe
Flash ...)
TODO: check
CVE-2012-2039 (Adobe Flash Player before 10.3.183.20 and 11.x before
11.3.300.257 on ...)
@@ -3453,8 +3450,8 @@
RESERVED
CVE-2012-1890
RESERVED
-CVE-2012-1889
- RESERVED
+CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...)
+ TODO: check
CVE-2012-1888
RESERVED
CVE-2012-1887
@@ -3467,44 +3464,44 @@
RESERVED
CVE-2012-1883
RESERVED
-CVE-2012-1882
- RESERVED
-CVE-2012-1881
- RESERVED
-CVE-2012-1880
- RESERVED
-CVE-2012-1879
- RESERVED
-CVE-2012-1878
- RESERVED
-CVE-2012-1877
- RESERVED
-CVE-2012-1876
- RESERVED
-CVE-2012-1875
- RESERVED
-CVE-2012-1874
- RESERVED
-CVE-2012-1873
- RESERVED
-CVE-2012-1872
- RESERVED
+CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block
cross-domain ...)
+ TODO: check
+CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle
objects ...)
+ TODO: check
+CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+ TODO: check
+CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+ TODO: check
+CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+ TODO: check
+CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+ TODO: check
+CVE-2012-1876 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
+ TODO: check
+CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects
in ...)
+ TODO: check
+CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle
objects ...)
+ TODO: check
+CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create
and ...)
+ TODO: check
+CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
+ TODO: check
CVE-2012-1871
RESERVED
CVE-2012-1870
RESERVED
CVE-2012-1869
RESERVED
-CVE-2012-1868
- RESERVED
-CVE-2012-1867
- RESERVED
-CVE-2012-1866
- RESERVED
-CVE-2012-1865
- RESERVED
-CVE-2012-1864
- RESERVED
+CVE-2012-1868 (Race condition in the thread-creation implementation in
win32k.sys in ...)
+ TODO: check
+CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in
Microsoft ...)
+ TODO: check
+CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+ TODO: check
+CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+ TODO: check
+CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+ TODO: check
CVE-2012-1863
RESERVED
CVE-2012-1862
@@ -3515,14 +3512,14 @@
RESERVED
CVE-2012-1859
RESERVED
-CVE-2012-1858
- RESERVED
-CVE-2012-1857
- RESERVED
+CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft
...)
+ TODO: check
+CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise
Portal ...)
+ TODO: check
CVE-2012-1856
RESERVED
-CVE-2012-1855
- RESERVED
+CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does
not ...)
+ TODO: check
CVE-2012-1854
RESERVED
CVE-2012-1853
@@ -3533,8 +3530,8 @@
RESERVED
CVE-2012-1850
RESERVED
-CVE-2012-1849
- RESERVED
+CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010
...)
+ TODO: check
CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
NOT-FOR-US: Microsoft Windows
CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and
SP1; ...)
@@ -4301,8 +4298,8 @@
RESERVED
CVE-2012-1524
RESERVED
-CVE-2012-1523
- RESERVED
+CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
+ TODO: check
CVE-2012-1522
RESERVED
CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome
before ...)
@@ -6388,8 +6385,8 @@
RESERVED
CVE-2012-0678
RESERVED
-CVE-2012-0677
- RESERVED
+CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows
remote ...)
+ TODO: check
CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track
state ...)
- webkit <unfixed>
NOTE:
http://packetstormsecurity.sebug.net/files/download/112596/APPLE-SA-2012-05-09-2.txt
@@ -8258,8 +8255,7 @@
NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
CVE-2012-0218
RESERVED
-CVE-2012-0217 [freebsd sysret privilege escalation]
- RESERVED
+CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows
Server 2008 ...)
- kfreebsd-8 <unfixed> (bug #677297)
- kfreebsd-9 <unfixed> (bug #677298)
- kfreebsd-10 <unfixed> (bug #677299)
@@ -8420,8 +8416,8 @@
RESERVED
CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2,
Windows ...)
NOT-FOR-US: Microsoft Windows
-CVE-2012-0173
- RESERVED
+CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft
Windows ...)
+ TODO: check
CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0171 (Microsoft Internet Explorer 6 through 9 does not properly handle
...)
@@ -15908,20 +15904,16 @@
CVE-2011-2497 (Integer underflow in the l2cap_config_req function in ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 2.6.39-3
-CVE-2011-2496
- RESERVED
+CVE-2011-2496 (Integer overflow in the vma_to_resize function in mm/mremap.c in
the ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 2.6.39-1 (low)
-CVE-2011-2495
- RESERVED
+CVE-2011-2495 (fs/proc/base.c in the Linux kernel before 2.6.39.4 does not
properly ...)
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-1 (low)
-CVE-2011-2494
- RESERVED
+CVE-2011-2494 (kernel/taskstats.c in the Linux kernel before 3.1 allows local
users ...)
- linux-2.6 3.0.0-5 (low)
[squeeze] - linux-2.6 2.6.32-40
-CVE-2011-2493
- RESERVED
+CVE-2011-2493 (The ext4_fill_super function in fs/ext4/super.c in the Linux
kernel ...)
- linux-2.6 2.6.39-1 (low)
[squeeze] - linux-2.6 <not-affected> (sbi->s_err-report
didn''t exist yet)
[lenny] - linux-2.6 <not-affected> (sbi->s_err-report didn''t
exist yet)
@@ -16710,22 +16702,18 @@
[squeeze] - nagios3 <no-dsa> (Minor issue)
CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo
Gallery ...)
NOT-FOR-US: Coppermine Photo Gallery
-CVE-2011-2208 [Alpha-specific issue]
- RESERVED
+CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in
...)
{DSA-2310-1}
- linux-2.6 2.6.32-1
NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
-CVE-2011-2209 [Alpha-specific issue]
- RESERVED
+CVE-2011-2209 (Integer signedness error in the osf_sysinfo function in ...)
{DSA-2310-1}
- linux-2.6 2.6.32-1
NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
-CVE-2011-2210 [Alpha-specific issue]
- RESERVED
+CVE-2011-2210 (The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in
the ...)
- linux-2.6 2.6.32-1
NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
-CVE-2011-2211 [Alpha-specific issue]
- RESERVED
+CVE-2011-2211 (The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the
Linux ...)
{DSA-2310-1}
- linux-2.6 2.6.32-1
NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
@@ -16792,8 +16780,7 @@
- linux-2.6 2.6.39-2
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
-CVE-2011-2183 [race condition in KSM]
- RESERVED
+CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in
mm/ksm.c in ...)
{DSA-2389-1}
- linux-2.6 2.6.39-3 (low)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -16841,8 +16828,7 @@
NOT-FOR-US: IBM Web Content Manager
CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and
7.0.0.1 ...)
NOT-FOR-US: IBM Web Content Manager
-CVE-2011-2182 [incomplete fix for cve-2011-1017]
- RESERVED
+CVE-2011-2182 (The ldm_frag_add function in fs/partitions/ldm.c in the Linux
kernel ...)
{DSA-2264-1}
- linux-2.6 2.6.39-2
[squeeze] - linux-2.6 2.6.32-35
@@ -17415,8 +17401,7 @@
CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache
Portable ...)
{DSA-2237-2}
- apr 1.4.5-1 (bug #627182)
-CVE-2011-1927 [kernel remote DoS]
- RESERVED
+CVE-2011-1927 (The ip_expire function in net/ipv4/ip_fragment.c in the Linux
kernel ...)
- linux-2.6 2.6.39-1 (high)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -17942,13 +17927,11 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
NOTE:
http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
NOTE: a DoS with a very limited exploitation possibility
-CVE-2011-1768
- RESERVED
+CVE-2011-1768 (The tunnels implementation in the Linux kernel before 2.6.34,
when ...)
{DSA-2264-1}
- linux-2.6 2.6.34-1
[squeeze] - linux-2.6 2.6.32-35
-CVE-2011-1767
- RESERVED
+CVE-2011-1767 (net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre
is ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.34-1
[squeeze] - linux-2.6 2.6.32-34squeeze1
@@ -17967,8 +17950,7 @@
CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local
users ...)
{DSA-2254-2 DSA-2254-1}
- oprofile 0.9.6-1.2 (medium; bug #624212)
-CVE-2011-1759
- RESERVED
+CVE-2011-1759 (Integer overflow in the sys_oabi_semtimedop function in ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.39-1
CVE-2011-1758 (The krb5_save_ccname_done function in providers/krb5/krb5_auth.c
in ...)