Author: joeyh
Date: 2012-08-21 21:14:25 +0000 (Tue, 21 Aug 2012)
New Revision: 20004
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-08-21 21:08:48 UTC (rev 20003)
+++ data/CVE/list 2012-08-21 21:14:25 UTC (rev 20004)
@@ -1,3 +1,11 @@
+CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through
10.1.4 ...)
+ TODO: check
+CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN
Appliance has ...)
+ TODO: check
+CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP
Virtual SAN ...)
+ TODO: check
+CVE-2012-4360
+ RESERVED
CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite
SCADA ...)
NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite
SCADA ...)
@@ -263,12 +271,12 @@
RESERVED
CVE-2012-4239
RESERVED
-CVE-2012-4238
- RESERVED
-CVE-2012-4237
- RESERVED
-CVE-2012-4236
- RESERVED
+CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008
allow ...)
+ TODO: check
+CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page
function ...)
+ TODO: check
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for
Joomla! ...)
NOT-FOR-US: Joomla addon
CVE-2012-4234
@@ -661,8 +669,8 @@
NOT-FOR-US: CPE17 Autorun Killer not in Debian
CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash
player ...)
NOT-FOR-US: eZOE flash player not in Debian
-CVE-2012-4052
- RESERVED
+CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease
before ...)
+ TODO: check
CVE-2012-4051
RESERVED
CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc
for ...)
@@ -1800,6 +1808,7 @@
CVE-2012-3513
RESERVED
CVE-2012-3512 [local privilege escalation munin to root]
+ RESERVED
- munin <unfixed>
NOTE: http://www.munin-monitoring.org/ticket/1234
CVE-2012-3511
@@ -1941,8 +1950,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
CVE-2012-3462
RESERVED
-CVE-2012-3461 [base64 buffer overflows]
- RESERVED
+CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) ...)
{DSA-2526-1}
- libotr 3.2.1-1 (medium; bug #684121)
CVE-2012-3460
@@ -1954,11 +1962,9 @@
- beaker <unfixed> (bug #684890)
CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions
for ...)
- pnp4nagios <unfixed> (low; bug #683879)
-CVE-2012-3456
- RESERVED
+CVE-2012-3456 (Heap-based buffer overflow in the read function in ...)
- calligra 2.1.17-1 (bug #684004)
-CVE-2012-3455
- RESERVED
+CVE-2012-3455 (Heap-based buffer overflow in the read function in ...)
- koffice <removed>
CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the ...)
- extplorer <unfixed> (bug #683649)
@@ -1979,8 +1985,7 @@
- openvswitch 1.4.2+git20120612-8 (bug #683665)
CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows
remote ...)
- ganglia <unfixed> (bug #683584)
-CVE-2012-3447
- RESERVED
+CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before
2012.1.2 ...)
- nova <unfixed> (bug #684256)
CVE-2012-3446 [MITM in TLS/SSL certificates verification]
RESERVED
@@ -2437,10 +2442,10 @@
RESERVED
CVE-2012-3303
RESERVED
-CVE-2012-3302
- RESERVED
-CVE-2012-3301
- RESERVED
+CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus
...)
+ TODO: check
+CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in
IBM ...)
+ TODO: check
CVE-2012-3300
RESERVED
CVE-2012-3299
@@ -2455,8 +2460,8 @@
RESERVED
CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the Web ...)
NOT-FOR-US: IBM WebSphere
-CVE-2012-3293
- RESERVED
+CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative
Console ...)
+ TODO: check
CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain
autoconf ...)
{DSA-2523-1}
- globus-gridftp-server 6.5-1
@@ -2539,8 +2544,8 @@
RESERVED
CVE-2012-3253
RESERVED
-CVE-2012-3252
- RESERVED
+CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20
...)
+ TODO: check
CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager
Web ...)
NOT-FOR-US: HP Service Manager
CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11,
9.21, and ...)
@@ -3076,10 +3081,10 @@
RESERVED
CVE-2012-2987
RESERVED
-CVE-2012-2986
- RESERVED
-CVE-2012-2985
- RESERVED
+CVE-2012-2986 (lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN
...)
+ TODO: check
+CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx
in ...)
+ TODO: check
CVE-2012-2984
RESERVED
CVE-2012-2983
@@ -3088,8 +3093,8 @@
RESERVED
CVE-2012-2981
RESERVED
-CVE-2012-2980
- RESERVED
+CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for
Android on ...)
+ TODO: check
CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
RESERVED
- nsd3 <not-affected> (Debian version not affected)
@@ -4580,8 +4585,7 @@
CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote
...)
{DSA-2483-1}
- strongswan 4.5.2-1.4
-CVE-2012-2387
- RESERVED
+CVE-2012-2387 (devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit
random ...)
- devotee <itp> (bug #470995)
CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in
the ...)
{DSA-2492-1}
@@ -5073,8 +5077,8 @@
NOT-FOR-US: AIX
CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in
IBM ...)
NOT-FOR-US: IBM Global Security Kit
-CVE-2012-2190
- RESERVED
+CVE-2012-2190 (IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server
in IBM ...)
+ TODO: check
CVE-2012-2189
RESERVED
CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4,
...)
@@ -5210,8 +5214,7 @@
CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6,
when ...)
{DSA-2469-1}
- linux-2.6 3.2.19-1
-CVE-2012-2132 [libsoup 2.32.2 sets ssl trusted flag despite no verification]
- RESERVED
+CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or
clear the ...)
- libsoup2.4 <unfixed> (low; bug #672880)
[squeeze] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
@@ -8096,8 +8099,7 @@
- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0948 (DistUpgrade/DistUpgradeMain.py in Update Manager, as used by
Ubuntu ...)
- update-manager <not-affected> (Ubuntu-specific)
-CVE-2012-0947 [Heap-based Buffer Overflow in libavcodec]
- RESERVED
+CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in
the VQA ...)
{DSA-2471-1}
- libav 6:0.8.2-1
- ffmpeg <removed>
@@ -8330,60 +8332,49 @@
RESERVED
CVE-2012-0860
RESERVED
-CVE-2012-0859
- RESERVED
+CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in
libavcodec ...)
{DSA-2471-1}
- libav 6:0.8.3-1
- ffmpeg <removed>
-CVE-2012-0858
- RESERVED
+CVE-2012-0858 (The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x
before ...)
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2012-0857
- RESERVED
+CVE-2012-0857 (Multiple buffer overflows in the get_qcx function in the J2K
decoder ...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0856
- RESERVED
+CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in
...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0855
RESERVED
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0854
- RESERVED
+CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg
before ...)
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0853
- RESERVED
+CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec
(atrac3.c) in ...)
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2012-0852
- RESERVED
+CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in
FFmpeg ...)
{DSA-2494-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2012-0851
- RESERVED
+CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in
...)
{DSA-2494-1}
- libav 6:0.8.3-1
- ffmpeg <removed>
-CVE-2012-0850
- RESERVED
+CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg
before ...)
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0849
RESERVED
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
-CVE-2012-0848
- RESERVED
+CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function
in ...)
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Code in 0.5 not affected per upstream)
-CVE-2012-0847
- RESERVED
+CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples
function in ...)
- libav <not-affected> (Vulnerable code not present)
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0846
@@ -11855,8 +11846,7 @@
CVE-2011-4580
RESERVED
NOT-FOR-US: JBoss Enterprise Portal Platform
-CVE-2011-4579 [SVQ1 issue]
- RESERVED
+CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c)
in ...)
{DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
@@ -12421,8 +12411,7 @@
CVE-2011-4365
RESERVED
NOTE: duplicate of CVE-2011-4090
-CVE-2011-4364 [vmd_decode buffer overflow]
- RESERVED
+CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in
FFmpeg ...)
{DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
@@ -12468,8 +12457,7 @@
CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit
platforms, as ...)
{DSA-2390-1}
- openssl 0.9.8o-4squeeze3 (bug #650621)
-CVE-2011-4353 [VP5/VP6 DoS]
- RESERVED
+CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3)
...)
{DSA-2378-1}
- libav 4:0.7.3-1
- ffmpeg <removed>
@@ -12479,8 +12467,7 @@
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
-CVE-2011-4352 [VP3 integer overflow]
- RESERVED
+CVE-2011-4352 (Integer overflow in the vp3_dequant function in the VP3 decoder
...)
- libav 4:0.7.3-1
- ffmpeg <not-affected> (Was introduced in 0.6)
- ffmpeg-debian <not-affected> (Was introduced in 0.6)
@@ -13894,13 +13881,11 @@
CVE-2011-3953 (Google Chrome before 17.0.963.46 does not prevent monitoring of
the ...)
- chromium-browser 17.0.963.56~r121963-1
- webkit <undetermined>
-CVE-2011-3952
- RESERVED
+CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg
before 0.10 ...)
{DSA-2494-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
-CVE-2011-3951
- RESERVED
+CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg
...)
{DSA-2494-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
@@ -13910,15 +13895,13 @@
RESERVED
CVE-2011-3948
RESERVED
-CVE-2011-3947
- RESERVED
+CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x
before ...)
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
CVE-2011-3946
RESERVED
-CVE-2011-3945
- RESERVED
+CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in
...)
- libav 4:0.8.1-1
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-3944
@@ -13929,8 +13912,7 @@
RESERVED
CVE-2011-3941
RESERVED
-CVE-2011-3940
- RESERVED
+CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x
before ...)
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
@@ -13942,8 +13924,7 @@
RESERVED
- libav 4:0.8.3-1
- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
-CVE-2011-3936
- RESERVED
+CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x
before ...)
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>
@@ -13959,8 +13940,7 @@
RESERVED
CVE-2011-3930
RESERVED
-CVE-2011-3929
- RESERVED
+CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg
0.7.x ...)
{DSA-2471-1}
- libav 4:0.8.1-1
- ffmpeg <removed>