Author: joeyh
Date: 2012-07-14 09:14:19 +0000 (Sat, 14 Jul 2012)
New Revision: 19739
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-07-13 13:47:29 UTC (rev 19738)
+++ data/CVE/list 2012-07-14 09:14:19 UTC (rev 19739)
@@ -1,3 +1,59 @@
+CVE-2012-4023
+ RESERVED
+CVE-2012-4022
+ RESERVED
+CVE-2012-4021
+ RESERVED
+CVE-2012-4020
+ RESERVED
+CVE-2012-4019
+ RESERVED
+CVE-2012-4018
+ RESERVED
+CVE-2012-4017
+ RESERVED
+CVE-2012-4016
+ RESERVED
+CVE-2012-4015
+ RESERVED
+CVE-2012-4014
+ RESERVED
+CVE-2012-4013
+ RESERVED
+CVE-2012-4012
+ RESERVED
+CVE-2012-4011
+ RESERVED
+CVE-2012-4010
+ RESERVED
+CVE-2012-4009
+ RESERVED
+CVE-2012-4008
+ RESERVED
+CVE-2012-4007
+ RESERVED
+CVE-2012-4006
+ RESERVED
+CVE-2012-4005
+ RESERVED
+CVE-2012-4004
+ RESERVED
+CVE-2012-4003
+ RESERVED
+CVE-2012-4002
+ RESERVED
+CVE-2012-4001
+ RESERVED
+CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the
print_textinputs_var ...)
+ TODO: check
+CVE-2012-3999 (Cross-site scripting (XSS) vulnerability in admin/login.php in
Sticky ...)
+ TODO: check
+CVE-2012-3998 (Multiple SQL injection vulnerabilities in Sticky Notes before
...)
+ TODO: check
+CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky
Notes ...)
+ TODO: check
+CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers
to ...)
+ TODO: check
CVE-2012-XXXX [kdepim: kmail/kontact message viewer incorrectly defaults to
having JavaScript, Java, and Plugins enabled]
NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
NOTE:
https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
@@ -230,8 +286,8 @@
RESERVED
CVE-2012-3882
RESERVED
-CVE-2012-3881
- RESERVED
+CVE-2012-3881 (Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2
0.9.2 ...)
+ TODO: check
CVE-2012-3880
RESERVED
CVE-2012-3879
@@ -405,8 +461,7 @@
RESERVED
CVE-2012-3806
RESERVED
-CVE-2012-3805 [Kajona getAllPassedParams XSS]
- RESERVED
+CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Kajona
NOTE: HTB23097
CVE-2012-3804
@@ -1248,8 +1303,7 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2012-3399 [Basilic 1.5.14 diff.php remote code execution vulnerability]
- RESERVED
+CVE-2012-3399 (Config/diff.php in Basilic 1.5.14 allows remote attackers to
execute ...)
NOT-FOR-US: Basilic
CVE-2012-3398
RESERVED
@@ -1301,8 +1355,7 @@
- wordpress 3.4.1+dfsg-1 (bug #680721)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
-CVE-2012-3382 [XSS in a Mono System.web error page]
- RESERVED
+CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest
...)
{DSA-2512-1}
- mono 2.10.8.1-5 (bug #681095)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=769799
@@ -1326,13 +1379,11 @@
CVE-2012-3378 [at-spi2-atk: insecure tempdir handling]
RESERVED
- at-spi2-atk 2.5.3-1 (bug #678026)
-CVE-2012-3377 [VLC Ogg demuxer heap overflow]
- RESERVED
+CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in
the OGG ...)
- vlc 2.0.2-1 (bug #680665)
NOTE:
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
NOTE: http://securitytracker.com/id/1027224
-CVE-2012-3376 [Apache Hadoop HDFS information disclosure vulnerability]
- RESERVED
+CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the
BlockTokens ...)
NOT-FOR-US: Apache Hadoop
NOTE: http://seclists.org/bugtraq/2012/Jul/48
CVE-2012-3375
@@ -1383,8 +1434,7 @@
RESERVED
{DSA-2505-1}
- zendframework 1.11.12-1 (bug #679215)
-CVE-2012-3362 [extplorer CSRF]
- RESERVED
+CVE-2012-3362 (Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1
RC3 ...)
{DSA-2510-1}
- extplorer 2.1.0b6+dfsg.3-3 (bug #678737)
[squeeze] - extplorer 2.1.0b6+dfsg.2-1+squeeze1
@@ -1433,8 +1483,7 @@
RESERVED
CVE-2012-3351
RESERVED
-CVE-2012-3350
- RESERVED
+CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1
allows ...)
NOT-FOR-US: WebMatic
NOTE: http://seclists.org/bugtraq/2012/Jul/25
CVE-2012-3349
@@ -1667,8 +1716,7 @@
NOT-FOR-US: Astaro appliance
CVE-2012-3237
RESERVED
-CVE-2012-3236
- RESERVED
+CVE-2012-3236 (fits-io.c in GIMP before 2.8.1 allows remote attackers to cause
a ...)
- gimp <unfixed> (unimportant)
NOTE: Harmless crasher w/o security impact
CVE-2012-3235
@@ -2475,28 +2523,22 @@
RESERVED
CVE-2012-2846
RESERVED
-CVE-2012-2845
- RESERVED
+CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in
jpeg-data.c in ...)
- exif <unfixed> (low; bug #681465)
[squeeze] - exif <no-dsa> (Minor crasher)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
-CVE-2012-2844
- RESERVED
+CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does
not ...)
- chromium-browser <unfixed>
-CVE-2012-2843
- RESERVED
+CVE-2012-2843 (Use-after-free vulnerability in Google Chrome before
20.0.1132.57 ...)
- chromium-browser <unfixed>
-CVE-2012-2842
- RESERVED
+CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before
20.0.1132.57 ...)
- chromium-browser <unfixed>
-CVE-2012-2841
- RESERVED
+CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in
exif-entry.c ...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
-CVE-2012-2840
- RESERVED
+CVE-2012-2840 (Off-by-one error in the exif_convert_utf16_to_utf8 function in
...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
@@ -2504,13 +2546,11 @@
RESERVED
CVE-2012-2838
RESERVED
-CVE-2012-2837
- RESERVED
+CVE-2012-2837 (The mnote_olympus_entry_get_value function in ...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
-CVE-2012-2836
- RESERVED
+CVE-2012-2836 (The exif_data_load_data function in exif-data.c in the EXIF Tag
...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
@@ -2556,18 +2596,15 @@
- chromium-browser <unfixed>
CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to
obtain ...)
- chromium-browser 20.0.1132.43~r143823-1
-CVE-2012-2814
- RESERVED
+CVE-2012-2814 (Buffer overflow in the exif_entry_format_value function in ...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
-CVE-2012-2813
- RESERVED
+CVE-2012-2813 (The exif_convert_utf16_to_utf8 function in exif-entry.c in the
EXIF ...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
-CVE-2012-2812
- RESERVED
+CVE-2012-2812 (The exif_entry_get_value function in exif-entry.c in the EXIF
Tag ...)
- libexif <unfixed> (bug #681454)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
@@ -2668,8 +2705,7 @@
RESERVED
CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before ...)
- chromium-browser <not-affected> (Windows specific)
-CVE-2012-2763
- RESERVED
+CVE-2012-2763 (Buffer overflow in the readstr_upto function in ...)
- gimp 2.8.0-1 (low)
[squeeze] - gimp <no-dsa> (Only exploitable in rare setups)
NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
@@ -2970,8 +3006,7 @@
- postgresql-8.4 8.4.12-1
CVE-2012-2654 (The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom
...)
- nova 2012.1-6 (bug #676465)
-CVE-2012-2653
- RESERVED
+CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and
possibly ...)
{DSA-2481-1}
- arpwatch 2.1a15-1.2 (bug #674715)
NOTE: Debian build includes the vulnerable patch (in .diff.gz)
@@ -3058,8 +3093,8 @@
RESERVED
CVE-2012-2615
RESERVED
-CVE-2012-2614
- RESERVED
+CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer
1.4.2 ...)
+ TODO: check
CVE-2012-2613
RESERVED
CVE-2012-2612 (The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and
...)
@@ -3787,8 +3822,7 @@
{DSA-2477-1}
- sympa 6.1.11~dfsg-1 (bug #672893; high)
NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8
-CVE-2012-2351 [mahara SAML impersonation issue]
- RESERVED
+CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara
before ...)
{DSA-2467-1}
- mahara 1.4.2-1
CVE-2012-2350 [pam_shield default configuration does not take any action]
@@ -5478,8 +5512,8 @@
- gnutls26 <not-affected> (only GNUTLS 3.0 is affected)
CVE-2012-1662 (CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15
through ...)
NOT-FOR-US: CA ARCserve Backup
-CVE-2012-1661
- RESERVED
+CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not
properly ...)
+ TODO: check
CVE-2012-1660
RESERVED
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -5600,8 +5634,7 @@
CVE-2012-1621
RESERVED
NOT-FOR-US: Apache OFBiz
-CVE-2012-1620 [slock screen unlocking]
- RESERVED
+CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when
the ...)
- suckless-tools <unfixed> (unimportant; bug #667796)
CVE-2012-1619
RESERVED
@@ -6602,8 +6635,7 @@
{DSA-2435-1}
- gnash 0.8.10-5 (bug #664023)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
-CVE-2012-1174 [systemd: TOCTOU race condition by removing user session]
- RESERVED
+CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind
login ...)
- systemd 44-1 (bug #664364)
CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4
allow ...)
{DSA-2447-1}
@@ -6641,11 +6673,9 @@
- openldap 2.4.31-1 (low; bug #663644)
[squeeze] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
-CVE-2012-1163
- RESERVED
+CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in
libzip ...)
- libzip 0.10.1-1 (bug #664990)
-CVE-2012-1162
- RESERVED
+CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in
zip_open.c ...)
- libzip 0.10.1-1 (bug #664990)
CVE-2012-1161
RESERVED
@@ -7006,8 +7036,7 @@
- dotclear 2.4.2+dfsg-1
CVE-2012-1038
RESERVED
-CVE-2012-1037
- RESERVED
+CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in
GLPI ...)
- glpi 0.80.7-1 (bug #659383; unimportant)
[squeeze] - glpi <not-affected> (Introduced in 0.78)
NOTE: Only supported behind an authenticated HTTP zone
@@ -7303,8 +7332,7 @@
NOT-FOR-US: ICloudCenter ICTimeAttendance
CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before
6.0.8.0 ...)
NOT-FOR-US: Stoneware webNetwork
-CVE-2012-0911 [Tiki Wiki CMS Groupware PHP code execution]
- RESERVED
+CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows
remote ...)
NOT-FOR-US: Tiki Wiki
NOTE: http://seclists.org/bugtraq/2012/Jul/19
CVE-2012-0910
@@ -9829,8 +9857,7 @@
CVE-2012-0216 (The default configuration of the apache2 package in Debian
GNU/Linux ...)
{DSA-2452-1}
- apache2 2.2.22-4 (low)
-CVE-2012-0215 [tryton-server privilege escalation through Many2Many editing]
- RESERVED
+CVE-2012-0215 (model/modelstorage.py in the Tryton application framework
(trytond) ...)
{DSA-2444-1}
- tryton-server 2.2.2-1 (medium)
CVE-2012-0214 [apt would still trust repository when old InRelease file
present]