Author: joeyh
Date: 2012-05-02 21:14:22 +0000 (Wed, 02 May 2012)
New Revision: 19119
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-05-02 20:14:04 UTC (rev 19118)
+++ data/CVE/list 2012-05-02 21:14:22 UTC (rev 19119)
@@ -1,7 +1,17 @@
+CVE-2012-2450
+ RESERVED
+CVE-2012-2449
+ RESERVED
+CVE-2012-2448
+ RESERVED
+CVE-2012-2447
+ RESERVED
+CVE-2012-2446
+ RESERVED
CVE-2012-2451 [libconfig-inifiles-perl insecure temporary file creation]
- - libconfig-inifiles-perl <unfixed> (bug #671255; low)
- NOTE:
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
- NOTE: http://seclists.org/oss-sec/2012/q2/225
+ - libconfig-inifiles-perl <unfixed> (bug #671255; low)
+ NOTE:
https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
+ NOTE: http://seclists.org/oss-sec/2012/q2/225
CVE-2012-2445
RESERVED
CVE-2012-2444
@@ -569,8 +579,8 @@
RESERVED
CVE-2012-2218
RESERVED
-CVE-2012-2217
- RESERVED
+CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before
4.67.651.3, ...)
+ TODO: check
CVE-2012-2216
RESERVED
CVE-2012-2095 [wicd command execution with root privileges]
@@ -689,8 +699,8 @@
RESERVED
CVE-2012-2163
RESERVED
-CVE-2012-2162
- RESERVED
+CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS)
8.0 ...)
+ TODO: check
CVE-2012-2161
RESERVED
CVE-2012-2160
@@ -828,6 +838,7 @@
- typo3-src <unfixed> (bug #669158)
NOTE:
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights,
and (4) ...)
+ {DSA-2463-1}
- samba 2:3.6.5-1
NOTE: http://www.samba.org/samba/history/samba-3.6.5.html
NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected
@@ -3766,8 +3777,7 @@
CVE-2012-0879
RESERVED
- linux-2.6 2.6.33-1
-CVE-2012-0878 [python-pastescript improper privilege dropping]
- RESERVED
+CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group
memberships ...)
- pastescript <unfixed> (low; bug #661061)
NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
CVE-2012-0877
@@ -4764,7 +4774,7 @@
CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys
3.4 ...)
NOT-FOR-US: 3S CoDeSys
CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before
10.0.4, ...)
- {DSA-2458-1 DSA-2457-1}
+ {DSA-2464-1 DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
@@ -4779,7 +4789,7 @@
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
- {DSA-2458-1 DSA-2457-1}
+ {DSA-2464-1 DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
@@ -4815,7 +4825,7 @@
- iceweasel <not-affected> (Windows-specific)
- iceape <not-affected> (Windows-specific)
CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x
...)
- {DSA-2458-1 DSA-2457-1}
+ {DSA-2464-1 DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
@@ -4823,7 +4833,7 @@
- iceape 2.7.4-1
[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0470 (Heap-based buffer overflow in the ...)
- {DSA-2458-1 DSA-2457-1}
+ {DSA-2464-1 DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
@@ -4842,7 +4852,7 @@
- iceweasel <not-affected> (Only affects Firefox 11 and above)
- iceape <not-affected> (Only affects Firefox 11 and above)
CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-2458-1 DSA-2457-1}
+ {DSA-2464-1 DSA-2458-1 DSA-2457-1}
- icedove <unfixed>
[squeeze] - icedove <not-affected> (Vulnerable code not present)
- iceweasel 10.0.4esr-1
@@ -5166,10 +5176,10 @@
NOT-FOR-US: Cisco SRP devices
CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware
before ...)
NOT-FOR-US: Cisco SRP devices
-CVE-2012-0362
- RESERVED
-CVE-2012-0361
- RESERVED
+CVE-2012-0362 (The extended ACL functionality in Cisco IOS 12.2(58)SE2 and
15.0(1)SE ...)
+ TODO: check
+CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0
...)
+ TODO: check
CVE-2012-0360
RESERVED
CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote
attackers ...)
@@ -5212,20 +5222,20 @@
RESERVED
CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management
interface ...)
NOT-FOR-US: Cisco IronPort Encryption Appliance
-CVE-2012-0339
- RESERVED
-CVE-2012-0338
- RESERVED
-CVE-2012-0337
- RESERVED
+CVE-2012-0339 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the
vrf-also ...)
+ TODO: check
+CVE-2012-0338 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the
vrf-also ...)
+ TODO: check
+CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco
Unified ...)
+ TODO: check
CVE-2012-0336
RESERVED
-CVE-2012-0335
- RESERVED
+CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
CVE-2012-0334
RESERVED
-CVE-2012-0333
- RESERVED
+CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware
7.4.9 and ...)
+ TODO: check
CVE-2012-0332
RESERVED
CVE-2012-0331 (Cisco TelePresence Video Communication Server with software
before ...)
@@ -5415,8 +5425,8 @@
RESERVED
CVE-2012-0280
RESERVED
-CVE-2012-0279
- RESERVED
+CVE-2012-0279 (Quest Toad for Data Analysts 3.0.1 uses weak permissions
(Everyone: ...)
+ TODO: check
CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0
for ...)
NOT-FOR-US: IrfanView
CVE-2012-0277
@@ -9223,16 +9233,16 @@
RESERVED
CVE-2011-4017
RESERVED
-CVE-2011-4016
- RESERVED
-CVE-2011-4015
- RESERVED
-CVE-2011-4014
- RESERVED
+CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2,
when ...)
+ TODO: check
+CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System
(WCS) ...)
+ TODO: check
CVE-2011-4013
RESERVED
-CVE-2011-4012
- RESERVED
+CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C
(PFC3C) ...)
+ TODO: check
CVE-2011-4011
RESERVED
CVE-2011-4010
@@ -9241,10 +9251,10 @@
RESERVED
CVE-2011-4008
RESERVED
-CVE-2011-4007
- RESERVED
-CVE-2011-4006
- RESERVED
+CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle
the "set ...)
+ TODO: check
+CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security
Appliances ...)
+ TODO: check
CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services
Ready ...)
NOT-FOR-US: Cisco SRP
CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the
Cisco ...)
@@ -11293,8 +11303,8 @@
NOT-FOR-US: WebEx
CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with
software ...)
NOT-FOR-US: Cisco
-CVE-2011-3317
- RESERVED
+CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the
Solution ...)
+ TODO: check
CVE-2011-3316
RESERVED
CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified
Communications ...)
@@ -11309,8 +11319,8 @@
RESERVED
CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services
before 4.1 ...)
NOT-FOR-US: Cisco CiscoWorks
-CVE-2011-3309
- RESERVED
+CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
CVE-2011-3308
RESERVED
CVE-2011-3307
@@ -11337,32 +11347,32 @@
NOT-FOR-US: Cisco
CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21),
3.2 ...)
NOT-FOR-US: Cisco
-CVE-2011-3295
- RESERVED
+CVE-2011-3295 (The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1,
as ...)
+ TODO: check
CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in
the ...)
NOT-FOR-US: Cisco TelePresence
-CVE-2011-3293
- RESERVED
+CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
CVE-2011-3292
RESERVED
CVE-2011-3291
RESERVED
CVE-2011-3290 (Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has
default ...)
NOT-FOR-US: Cisco
-CVE-2011-3289
- RESERVED
+CVE-2011-3289 (Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate
...)
+ TODO: check
CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect
...)
NOT-FOR-US: Cisco
CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP)
2.x ...)
NOT-FOR-US: Cisco
CVE-2011-3286
RESERVED
-CVE-2011-3285
- RESERVED
+CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco
Adaptive ...)
+ TODO: check
CVE-2011-3284
RESERVED
-CVE-2011-3283
- RESERVED
+CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to
cause a ...)
+ TODO: check
CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before
12.2(33)SRE4, ...)
NOT-FOR-US: Cisco
CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in
certain ...)
@@ -13554,14 +13564,14 @@
- vlc 1.1.11-1 (bug #633675)
CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in
real.c in ...)
- vlc 1.1.11-1 (bug #633674)
-CVE-2011-2586
- RESERVED
+CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted
remote ...)
+ TODO: check
CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1)
allows ...)
NOT-FOR-US: Cisco Show and Share
CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1)
allows ...)
NOT-FOR-US: Cisco Show and Share
-CVE-2011-2583
- RESERVED
+CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5
allows ...)
+ TODO: check
CVE-2011-2582
RESERVED
CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before
...)
@@ -13570,8 +13580,8 @@
RESERVED
CVE-2011-2579
RESERVED
-CVE-2011-2578
- RESERVED
+CVE-2011-2578 (Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers
to ...)
+ TODO: check
CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series
Endpoints, ...)
NOT-FOR-US: Cisco TelePresence
CVE-2011-2576