Author: joeyh
Date: 2012-08-08 21:14:19 +0000 (Wed, 08 Aug 2012)
New Revision: 19914
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-08-08 06:11:56 UTC (rev 19913)
+++ data/CVE/list 2012-08-08 21:14:19 UTC (rev 19914)
@@ -1,3 +1,73 @@
+CVE-2012-4178 (SQL injection vulnerability in
spywall/includes/deptUploads_data.php ...)
+ TODO: check
+CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows
remote ...)
+ TODO: check
+CVE-2012-4176
+ RESERVED
+CVE-2012-4175
+ RESERVED
+CVE-2012-4174
+ RESERVED
+CVE-2012-4173
+ RESERVED
+CVE-2012-4172
+ RESERVED
+CVE-2012-4171
+ RESERVED
+CVE-2012-4170
+ RESERVED
+CVE-2012-4169
+ RESERVED
+CVE-2012-4168
+ RESERVED
+CVE-2012-4167
+ RESERVED
+CVE-2012-4166
+ RESERVED
+CVE-2012-4165
+ RESERVED
+CVE-2012-4164
+ RESERVED
+CVE-2012-4163
+ RESERVED
+CVE-2012-4162
+ RESERVED
+CVE-2012-4161
+ RESERVED
+CVE-2012-4160
+ RESERVED
+CVE-2012-4159
+ RESERVED
+CVE-2012-4158
+ RESERVED
+CVE-2012-4157
+ RESERVED
+CVE-2012-4156
+ RESERVED
+CVE-2012-4155
+ RESERVED
+CVE-2012-4154
+ RESERVED
+CVE-2012-4153
+ RESERVED
+CVE-2012-4152
+ RESERVED
+CVE-2012-4151
+ RESERVED
+CVE-2012-4150
+ RESERVED
+CVE-2012-4149
+ RESERVED
+CVE-2012-4148
+ RESERVED
+CVE-2012-4147
+ RESERVED
+CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in
Chef ...)
+ TODO: check
+CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in
Chef ...)
+ TODO: check
+CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef
before ...)
+ TODO: check
CVE-2012-4146 (Opera before 12.01 allows remote attackers to cause a denial of
...)
TODO: check
CVE-2012-4145 (Unspecified vulnerability in Opera before 12.01 on Windows and
UNIX, ...)
@@ -313,8 +383,8 @@
RESERVED
CVE-2012-4006
RESERVED
-CVE-2012-4005
- RESERVED
+CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android
does not ...)
+ TODO: check
CVE-2012-4004
RESERVED
CVE-2012-4003
@@ -1460,14 +1530,11 @@
CVE-2012-3455
RESERVED
- koffice <removed>
-CVE-2012-3454 [world writable directory]
- RESERVED
+CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the ...)
- extplorer <unfixed> (bug #683649)
-CVE-2012-3453 [world writable directory]
- RESERVED
+CVE-2012-3453 (logol 1.5.0 uses world writable permissions for the ...)
- logol 1.5.0-4 (bug #683647)
-CVE-2012-3452
- RESERVED
+CVE-2012-3452 (gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4,
when ...)
- gnome-screensaver <not-affected> (vulnerable code not present)
CVE-2012-3451
RESERVED
@@ -1477,8 +1544,7 @@
NOTE: https://bugs.php.net/bug.php?id=61755
NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7
-CVE-2012-3449
- RESERVED
+CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) ...)
- openvswitch 1.4.2+git20120612-8 (bug #683665)
CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows
remote ...)
- ganglia <unfixed> (bug #683584)
@@ -1488,8 +1554,7 @@
CVE-2012-3446 [MITM in TLS/SSL certificates verification]
RESERVED
- libcloud <unfixed> (bug #683927)
-CVE-2012-3445 [libvirt: crash in virTypedParameterArrayClear]
- RESERVED
+CVE-2012-3445 (The virTypedParameterArrayClear function in libvirt 0.9.13 does
not ...)
- libvirt 0.9.12-4 (bug #683483)
[squeeze] - libvirt <not-affected> (Vulnerable code not present)
NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
@@ -1512,16 +1577,14 @@
CVE-2012-3441 [insecure permissions in DB creation script]
RESERVED
- icinga <not-affected> (Debian uses dbconfig, which does the right
thing, bug #683320)
-CVE-2012-3440
- RESERVED
+CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise
Linux ...)
+ TODO: check
CVE-2012-3439
RESERVED
-CVE-2012-3438
- RESERVED
+CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick
...)
- graphicsmagick <unfixed> (low; bug #683284)
[squeeze] - graphicsmagick <no-dsa> (Minor issue)
-CVE-2012-3437
- RESERVED
+CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick
6.7.8-6 ...)
- imagemagick 8:6.7.7.10-3 (low; bug #683285)
[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2012-3436 [OpenTTD DoS]
@@ -1548,8 +1611,7 @@
- linux <unfixed>
- linux-2.6 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3
-CVE-2012-3429
- RESERVED
+CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in ...)
NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-3428
RESERVED
@@ -1561,15 +1623,12 @@
RESERVED
- libpng 1.2.49-1 (low; bug #668082)
[squeeze] - libpng <no-dsa> (Minor issue)
-CVE-2012-3424
- RESERVED
+CVE-2012-3424 (The decode_credentials method in ...)
- rails <not-affected> (Only affects RoR 3.x)
- ruby-actionpack-3.2 3.2.6-3 (bug #683370)
-CVE-2012-3423
- RESERVED
+CVE-2012-3423 (The IcedTea-Web plugin before 1.2.1 does not properly handle
NPVariant ...)
- icedtea-web <unfixed>
-CVE-2012-3422
- RESERVED
+CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin
before ...)
- icedtea-web <unfixed>
CVE-2012-3421
RESERVED
@@ -1591,8 +1650,7 @@
CVE-2012-3414 [libjs-swfupload]
RESERVED
- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
-CVE-2012-3413 [kdepim: kmail/kontact message viewer incorrectly defaults to
having JavaScript, Java, and Plugins enabled]
- RESERVED
+CVE-2012-3413 (The HTMLQuoteColorer::process function in ...)
- kdepim <not-affected> (Only affects kdepim >= 4.6)
NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
NOTE:
https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
@@ -1698,8 +1756,7 @@
[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-3387 (Moodle 2.3.x before 2.3.1 uses only a client-side check for
whether ...)
- moodle <not-affected> (Only affects 2.3)
-CVE-2012-3386
- RESERVED
+CVE-2012-3386 (The "make distcheck" rule in GNU Automake
before 1.11.6 and 1.12.x ...)
- automake 1:1.4-p6-13.1
- automake1.10 1:1.10.3-3
[squeeze] - automake1.10 <no-dsa> (Minor issue)
@@ -2637,8 +2694,8 @@
NOT-FOR-US: Dell SonicWALL Scrutinizer
CVE-2012-2961 (SQL injection vulnerability in the management console in
Symantec Web ...)
NOT-FOR-US: Symantec Web Gateway
-CVE-2012-2960
- RESERVED
+CVE-2012-2960 (Cross-site scripting (XSS) vulnerability in the import
functionality ...)
+ TODO: check
CVE-2012-2959 (Cross-site request forgery (CSRF) vulnerability in ...)
NOT-FOR-US: BMC
CVE-2012-2958
@@ -3404,8 +3461,7 @@
{DSA-2481-1}
- arpwatch 2.1a15-1.2 (bug #674715)
NOTE: Debian build includes the vulnerable patch (in .diff.gz)
-CVE-2012-2652 [vulnerable to temporary file symlink attacks]
- RESERVED
+CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the
...)
- qemu 1.1.0+dfsg-1 (bug #678280)
CVE-2012-2651
RESERVED
@@ -3413,8 +3469,8 @@
RESERVED
CVE-2012-2649
RESERVED
-CVE-2012-2648
- RESERVED
+CVE-2012-2648 (Cross-site scripting (XSS) vulnerability in the GoodReader app
3.16 ...)
+ TODO: check
CVE-2012-2647 (Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows
remote ...)
NOT-FOR-US: Yahoo! Toolbar
CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile
Black ...)
@@ -4314,8 +4370,7 @@
- linux-2.6 3.2.17-1 (low)
CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before
2.10.4 ...)
- pidgin 2.10.4-1
-CVE-2012-2317 [php5 crypt() empty salt issue]
- RESERVED
+CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used
in ...)
- php5 5.3.6-1 (bug #581170)
[squeeze] - php5 5.3.3-7+squeeze4
CVE-2012-2316 [OpenKM Arbitrary Admin User Creation CSRF]
@@ -4577,8 +4632,8 @@
RESERVED
CVE-2012-2204
RESERVED
-CVE-2012-2203
- RESERVED
+CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
IBM ...)
+ TODO: check
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM
Lotus ...)
NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security
System
CVE-2012-2201
@@ -4601,8 +4656,8 @@
RESERVED
CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS
...)
NOT-FOR-US: AIX
-CVE-2012-2191
- RESERVED
+CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
IBM ...)
+ TODO: check
CVE-2012-2190
RESERVED
CVE-2012-2189
@@ -5072,8 +5127,8 @@
NOT-FOR-US: Adobe Illustrator
CVE-2012-2023 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
NOT-FOR-US: Adobe Illustrator
-CVE-2012-2022
- RESERVED
+CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP
Network Node ...)
+ TODO: check
CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP
AssetManager ...)
NOT-FOR-US: HP AssetManager
CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12
...)
@@ -9108,8 +9163,8 @@
RESERVED
CVE-2012-0422
RESERVED
-CVE-2012-0421
- RESERVED
+CVE-2012-0421 (The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE
Manager ...)
+ TODO: check
CVE-2012-0420
RESERVED
CVE-2012-0419
@@ -9840,8 +9895,7 @@
CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC
3.0.0, ...)
- backuppc 3.2.1-2 (bug #646865)
[squeeze] - backuppc 3.1.0-9.1
-CVE-2011-4922 [libpurple info leak]
- RESERVED
+CVE-2011-4922 (cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10
...)
- pidgin 2.7.11-1 (low)
[lenny] - pidgin <no-dsa> (Minor issue)
[squeeze] - pidgin <no-dsa> (Minor issue)
@@ -10270,9 +10324,9 @@
- apt 0.8.15.10
[squeeze] - apt <not-affected> (Vulnerable code not present)
[lenny] - apt <not-affected> (Vulnerable code not present)
-CVE-2012-0213
- RESERVED
+CVE-2012-0213 (The UnhandledDataStructure function in ...)
{DSA-2468-1}
+ TODO: check
CVE-2012-0212 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before
...)
{DSA-2409-1}
- devscripts 2.11.4