Author: joeyh
Date: 2012-08-07 21:14:17 +0000 (Tue, 07 Aug 2012)
New Revision: 19911
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-08-07 19:43:06 UTC (rev 19910)
+++ data/CVE/list 2012-08-07 21:14:17 UTC (rev 19911)
@@ -1,3 +1,13 @@
+CVE-2012-4146 (Opera before 12.01 allows remote attackers to cause a denial of
...)
+ TODO: check
+CVE-2012-4145 (Unspecified vulnerability in Opera before 12.01 on Windows and
UNIX, ...)
+ TODO: check
+CVE-2012-4144 (Opera before 12.01 on Windows and UNIX, and before 11.66 and
12.x ...)
+ TODO: check
+CVE-2012-4143 (Opera before 12.01 on Windows and UNIX, and before 11.66 and
12.x ...)
+ TODO: check
+CVE-2012-4142 (Opera before 12.01 on Windows and UNIX, and before 11.66 and
12.x ...)
+ TODO: check
CVE-2012-XXXX [redeclipse code execution through map files]
- redeclipse <unfixed> (bug #684143)
CVE-2012-XXXX [base64 buffer overflows]
@@ -592,20 +602,16 @@
CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND
9.9.x ...)
NOTE: https://kb.isc.org/article/AA-00730
- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
-CVE-2012-3867
- RESERVED
+CVE-2012-3867 (lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17
and ...)
{DSA-2511-1}
- puppet 2.7.18-1
-CVE-2012-3866
- RESERVED
+CVE-2012-3866 (lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet
...)
{DSA-2511-1}
- puppet 2.7.18-1
-CVE-2012-3865
- RESERVED
+CVE-2012-3865 (Directory traversal vulnerability in lib/puppet/reports/store.rb
in ...)
{DSA-2511-1}
- puppet 2.7.18-1
-CVE-2012-3864
- RESERVED
+CVE-2012-3864 (Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet
Enterprise ...)
{DSA-2511-1}
- puppet 2.7.18-1
CVE-2012-3862
@@ -776,8 +782,8 @@
NOT-FOR-US: Adiscon LogAnalyzer
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8,
when ...)
- openssl <unfixed>
-CVE-2012-3789
- RESERVED
+CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before
0.4.7rc3, ...)
+ TODO: check
CVE-2012-3788
RESERVED
CVE-2012-3787
@@ -1465,8 +1471,7 @@
- gnome-screensaver <not-affected> (vulnerable code not present)
CVE-2012-3451
RESERVED
-CVE-2012-3450 [php5 pdo array overread/crash]
- RESERVED
+CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and
5.4.x ...)
- php5 <unfixed> (bug #683694)
NOTE: http://seclists.org/bugtraq/2012/Jun/60
NOTE: https://bugs.php.net/bug.php?id=61755
@@ -1475,8 +1480,7 @@
CVE-2012-3449
RESERVED
- openvswitch 1.4.2+git20120612-8 (bug #683665)
-CVE-2012-3448
- RESERVED
+CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows
remote ...)
- ganglia <unfixed> (bug #683584)
CVE-2012-3447
RESERVED
@@ -1608,8 +1612,7 @@
RESERVED
- ecryptfs-utils 99-1 (bug #682220)
[squeeze] - ecryptfs-utils <not-affected> (home src/dest mountpoints
hardcoded in that version)
-CVE-2012-3408 [Puppet allows agents with certnames of IP addresses to be
impersonated]
- RESERVED
+CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and
Puppet ...)
- puppet <unfixed> (low)
[squeeze] - puppet <no-dsa> (Minor issue)
NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
@@ -1858,8 +1861,8 @@
RESERVED
CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys
before ...)
NOT-FOR-US: Microdasys
-CVE-2010-5141
- RESERVED
+CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle
script ...)
+ TODO: check
CVE-2012-3342
RESERVED
CVE-2012-3341
@@ -2511,8 +2514,8 @@
RESERVED
CVE-2012-3021
RESERVED
-CVE-2012-3020
- RESERVED
+CVE-2012-3020 (The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and
...)
+ TODO: check
CVE-2012-3019
RESERVED
CVE-2012-3018 (The lockout-recovery feature in the Security Configurator
component in ...)
@@ -2668,14 +2671,14 @@
CVE-2012-2945
RESERVED
- hadoop <itp> (bug #535861)
-CVE-2010-5140
- RESERVED
-CVE-2010-5139
- RESERVED
-CVE-2010-5138
- RESERVED
-CVE-2010-5137
- RESERVED
+CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle
bitcoins ...)
+ TODO: check
+CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows
remote ...)
+ TODO: check
+CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a
denial ...)
+ TODO: check
+CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to
cause a ...)
+ TODO: check
CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in
upsd ...)
{DSA-2484-1}
- nut 2.6.4-1
@@ -2853,60 +2856,45 @@
RESERVED
CVE-2012-2861
RESERVED
-CVE-2012-2860
- RESERVED
+CVE-2012-2860 (The date-picker implementation in Google Chrome before
21.0.1180.57 on ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/122918
-CVE-2012-2859
- RESERVED
+CVE-2012-2859 (Google Chrome before 21.0.1180.57 on Linux does not properly
handle ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2858
- RESERVED
+CVE-2012-2858 (Buffer overflow in the WebP decoder in Google Chrome before ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2857
- RESERVED
+CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS)
DOM ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2856
- RESERVED
+CVE-2012-2856 (The PDF functionality in Google Chrome before 21.0.1180.57 on
Mac OS X ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2855
- RESERVED
+CVE-2012-2855 (Use-after-free vulnerability in the PDF functionality in Google
Chrome ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2854
- RESERVED
+CVE-2012-2854 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and
before ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2853
- RESERVED
+CVE-2012-2853 (The webRequest API in Google Chrome before 21.0.1180.57 on Mac
OS X ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2852
- RESERVED
+CVE-2012-2852 (The PDF functionality in Google Chrome before 21.0.1180.57 on
Mac OS X ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2851
- RESERVED
+CVE-2012-2851 (Multiple integer overflows in the PDF functionality in Google
Chrome ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2850
- RESERVED
+CVE-2012-2850 (Multiple unspecified vulnerabilities in the PDF functionality in
...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
-CVE-2012-2849
- RESERVED
+CVE-2012-2849 (Off-by-one error in the GIF decoder in Google Chrome before ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2848
- RESERVED
+CVE-2012-2848 (The drag-and-drop implementation in Google Chrome before
21.0.1180.57 ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2847
- RESERVED
+CVE-2012-2847 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and
before ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <not-affected>
-CVE-2012-2846
- RESERVED
+CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly
isolate ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <no-dsa> (minor issue)
CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in
jpeg-data.c in ...)
@@ -3373,8 +3361,7 @@
NOTE:
http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
CVE-2012-2666
RESERVED
-CVE-2012-2665 [Multiple heap-based buffer overflows in the XML manifest
encryption handling code]
- RESERVED
+CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest
encryption ...)
{DSA-2520-1}
- libreoffice 1:3.5.4-7
[squeeze] - openoffice.org 1:3.2.1-11+squeeze7
@@ -3729,12 +3716,12 @@
RESERVED
CVE-2012-2501
RESERVED
-CVE-2012-2500
- RESERVED
-CVE-2012-2499
- RESERVED
-CVE-2012-2498
- RESERVED
+CVE-2012-2500 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057
does not ...)
+ TODO: check
+CVE-2012-2499 (The IPsec implementation in Cisco AnyConnect Secure Mobility
Client ...)
+ TODO: check
+CVE-2012-2498 (Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066
does not ...)
+ TODO: check
CVE-2012-2497
RESERVED
CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in
the ...)
@@ -3749,8 +3736,8 @@
RESERVED
CVE-2012-2491
RESERVED
-CVE-2012-2490
- RESERVED
+CVE-2012-2490 (Cisco IP Communicator 8.6 allows man-in-the-middle attackers to
modify ...)
+ TODO: check
CVE-2012-2489
RESERVED
CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS
series ...)
@@ -3781,18 +3768,18 @@
RESERVED
CVE-2012-2475
RESERVED
-CVE-2012-2474
- RESERVED
+CVE-2012-2474 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500
series ...)
+ TODO: check
CVE-2012-2473
RESERVED
-CVE-2012-2472
- RESERVED
+CVE-2012-2472 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
CVE-2012-2471
RESERVED
CVE-2012-2470
RESERVED
-CVE-2012-2469
- RESERVED
+CVE-2012-2469 (Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series
switches, when ...)
+ TODO: check
CVE-2012-2468
RESERVED
CVE-2012-2467
@@ -3811,8 +3798,7 @@
RESERVED
CVE-2012-2460
RESERVED
-CVE-2012-2459
- RESERVED
+CVE-2012-2459 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before
0.4.6, ...)
- bitcoin 0.6.2.1-1
NOTE: https://bitcointalk.org/index.php?topic=81749.0
CVE-2012-2458
@@ -4620,8 +4606,8 @@
RESERVED
CVE-2012-2189
RESERVED
-CVE-2012-2188
- RESERVED
+CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4,
...)
+ TODO: check
CVE-2012-2187
RESERVED
CVE-2012-2186
@@ -5374,11 +5360,9 @@
RESERVED
CVE-2012-1911
RESERVED
-CVE-2012-1910
- RESERVED
+CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x
...)
- bitcoin <not-affected> (windows-only, qt gui not built)
-CVE-2012-1909
- RESERVED
+CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4,
wxBitcoin, ...)
- bitcoin 0.6.0-1
CVE-2012-1908
RESERVED
@@ -6619,34 +6603,34 @@
RESERVED
CVE-2012-1371
RESERVED
-CVE-2012-1370
- RESERVED
+CVE-2012-1370 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057
allows ...)
+ TODO: check
CVE-2012-1369
RESERVED
CVE-2012-1368
RESERVED
-CVE-2012-1367
- RESERVED
+CVE-2012-1367 (The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0,
15.1, and ...)
+ TODO: check
CVE-2012-1366
RESERVED
-CVE-2012-1365
- RESERVED
-CVE-2012-1364
- RESERVED
+CVE-2012-1365 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote
...)
+ TODO: check
+CVE-2012-1364 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote
...)
+ TODO: check
CVE-2012-1363
RESERVED
CVE-2012-1362
RESERVED
-CVE-2012-1361
- RESERVED
+CVE-2012-1361 (Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH)
...)
+ TODO: check
CVE-2012-1360
RESERVED
CVE-2012-1359
RESERVED
CVE-2012-1358
RESERVED
-CVE-2012-1357
- RESERVED
+CVE-2012-1357 (The igmp_snoop_orib_fill_source_update function in the IGMP
process in ...)
+ TODO: check
CVE-2012-1356
RESERVED
CVE-2012-1355
@@ -6659,32 +6643,32 @@
RESERVED
CVE-2012-1351
RESERVED
-CVE-2012-1350
- RESERVED
+CVE-2012-1350 (Cisco IOS 12.3 and 12.4 on Aironet access points allows remote
...)
+ TODO: check
CVE-2012-1349
RESERVED
-CVE-2012-1348
- RESERVED
+CVE-2012-1348 (Cisco Wide Area Application Services (WAAS) appliances with
software ...)
+ TODO: check
CVE-2012-1347
RESERVED
-CVE-2012-1346
- RESERVED
+CVE-2012-1346 (Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to
cause ...)
+ TODO: check
CVE-2012-1345
RESERVED
-CVE-2012-1344
- RESERVED
+CVE-2012-1344 (Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is
configured, ...)
+ TODO: check
CVE-2012-1343
RESERVED
-CVE-2012-1342
- RESERVED
+CVE-2012-1342 (Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows
remote ...)
+ TODO: check
CVE-2012-1341
RESERVED
-CVE-2012-1340
- RESERVED
-CVE-2012-1339
- RESERVED
-CVE-2012-1338
- RESERVED
+CVE-2012-1340 (The Fibre Channel over IP (FCIP) implementation in Cisco MDS
NX-OS 4.2 ...)
+ TODO: check
+CVE-2012-1339 (The Fabric Interconnect component in Cisco Unified Computing
System ...)
+ TODO: check
+CVE-2012-1338 (Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series
switches ...)
+ TODO: check
CVE-2012-1337 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player
T27 L ...)
NOT-FOR-US: Cisco WebEx
CVE-2012-1336 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player
T27 L ...)
@@ -7508,13 +7492,11 @@
- acidbase <unfixed> (bug #659287)
CVE-2012-1016
RESERVED
-CVE-2012-1015 [KDC frees uninitialized pointer]
- RESERVED
+CVE-2012-1015 (The kdc_handle_protected_negotiation function in the Key
Distribution ...)
{DSA-2518-1}
- krb5 1.10.1+dfsg-2 (bug #683429)
NOTE: http://seclists.org/bugtraq/2012/Jul/171
-CVE-2012-1014 [KDC dereferences uninitialized pointer]
- RESERVED
+CVE-2012-1014 (The process_as_req function in the Key Distribution Center (KDC)
in ...)
{DSA-2518-1}
- krb5 1.10.1+dfsg-2 (bug #683429)
NOTE: http://seclists.org/bugtraq/2012/Jul/171
@@ -11774,8 +11756,7 @@
NOT-FOR-US: WikkaWiki
CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X
10.5.x do ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2011-4447
- RESERVED
+CVE-2011-4447 (The "encrypt wallet" feature in wxBitcoin and
bitcoind 0.4.x before ...)
- bitcoin 0.5.1-1
CVE-2011-4446
RESERVED