Author: joeyh
Date: 2012-07-02 21:14:18 +0000 (Mon, 02 Jul 2012)
New Revision: 19637
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-07-02 20:05:47 UTC (rev 19636)
+++ data/CVE/list 2012-07-02 21:14:18 UTC (rev 19637)
@@ -1,3 +1,23 @@
+CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and
1.6.x ...)
+ TODO: check
+CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and
1.6.x ...)
+ TODO: check
+CVE-2012-3824
+ RESERVED
+CVE-2012-3823
+ RESERVED
+CVE-2012-3822
+ RESERVED
+CVE-2012-3821
+ RESERVED
+CVE-2012-3820
+ RESERVED
+CVE-2012-3819
+ RESERVED
+CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the
...)
+ TODO: check
+CVE-2012-3817
+ RESERVED
CVE-2012-XXXX [packagekit insecure temp file]
- packagekit <unfixed> (bug #678189)
CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial
of ...)
@@ -1208,8 +1228,8 @@
RESERVED
CVE-2012-3233
RESERVED
-CVE-2012-3232
- RESERVED
+CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web at
all 2.0, ...)
+ TODO: check
CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in
web at all ...)
NOT-FOR-US: web at all
CVE-2012-3230
@@ -1562,16 +1582,16 @@
RESERVED
CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices,
and the ...)
NOT-FOR-US: Cisco
-CVE-2012-3057
- RESERVED
-CVE-2012-3056
- RESERVED
-CVE-2012-3055
- RESERVED
-CVE-2012-3054
- RESERVED
-CVE-2012-3053
- RESERVED
+CVE-2012-3057 (Heap-based buffer overflow in the Cisco WebEx Recording Format
(WRF) ...)
+ TODO: check
+CVE-2012-3056 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player
T27 L ...)
+ TODO: check
+CVE-2012-3055 (Stack-based buffer overflow in the Cisco WebEx Recording Format
(WRF) ...)
+ TODO: check
+CVE-2012-3054 (Heap-based buffer overflow in the Cisco WebEx Recording Format
(WRF) ...)
+ TODO: check
+CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format
(ARF) ...)
+ TODO: check
CVE-2012-3052
RESERVED
CVE-2012-3051
@@ -2202,6 +2222,7 @@
NOT-FOR-US: VMware
CVE-2012-2751
RESERVED
+ {DSA-2506-1}
- modsecurity-apache 2.6.6-1 (bug #678527)
- libapache-mod-security <removed> (bug #678529)
NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
@@ -2313,7 +2334,7 @@
CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module
6.x-1.x ...)
NOT-FOR-US: Drupal module
CVE-2012-2709
- RESERVED
+ REJECTED
NOTE: http://www.openwall.com/lists/oss-security/2012/06/27/10
CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
NOT-FOR-US: Drupal module
@@ -2335,8 +2356,7 @@
REJECTED
CVE-2012-2699
REJECTED
-CVE-2012-2698 [mediawiki uselang XSS]
- RESERVED
+CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage
function in ...)
[squeeze] - mediawiki <not-affected> (bug #677895; only affects
experimental version 1.9.0)
[wheezy] - mediawiki <not-affected> (bug #677895; only affects
experimental version 1.9.0)
- mediawiki 1:1.19.1-1
@@ -2356,8 +2376,7 @@
CVE-2012-2691 (The mc_issue_note_update function in the SOAP API in MantisBT
before ...)
- mantis 1.2.11-1 (bug #676783)
[squeeze] - mantis <not-affected> (according to maintainer)
-CVE-2012-2690
- RESERVED
+CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the ...)
- libguestfs 1:1.18.0-1
NOTE: Upstream patch
https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
@@ -2438,8 +2457,7 @@
RESERVED
CVE-2012-2665
RESERVED
-CVE-2012-2664
- RESERVED
+CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29
does ...)
NOT-FOR-US: sosreport (Red Hat tool)
CVE-2012-2663
RESERVED
@@ -3135,21 +3153,18 @@
- taglib 1.7.2-1 (unimportant)
CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler
2.2.0 ...)
- cobbler <itp> (bug #545583)
-CVE-2012-2394
- RESERVED
+CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the
SPARC and ...)
- wireshark 1.6.8-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824419
-CVE-2012-2393
- RESERVED
+CVE-2012-2393 (epan/dissectors/packet-diameter.c in the DIAMETER dissector in
...)
- wireshark 1.6.8-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: http://www.wireshark.org/security/wnpa-sec-2012-09.html
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824413
-CVE-2012-2392
- RESERVED
+CVE-2012-2392 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows
remote ...)
- wireshark 1.6.8-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805
@@ -3179,8 +3194,7 @@
RESERVED
{DSA-2492-1}
- php5 5.4.4~rc1-1
-CVE-2012-2385 [malicious escape sequences can cause denial of service for
mosh-server]
- RESERVED
+CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...)
- mosh 1.2.1-1 (low; bug #673871)
[squeeze] - mosh 1.2.1-1 (low; bug #673871)
NOTE: https://github.com/keithw/mosh/issues/271
@@ -3983,8 +3997,7 @@
NOTE: https://lkml.org/lkml/2012/2/20/422
CVE-2012-2099
RESERVED
-CVE-2012-2098
- RESERVED
+CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms
in ...)
- libcommons-compress-java 1.4.1-1 (low; bug #674448)
[squeeze] - libcommons-compress-java <no-dsa> (Minor issue)
CVE-2012-2097
@@ -4193,18 +4206,18 @@
RESERVED
CVE-2012-2018
RESERVED
-CVE-2012-2017
- RESERVED
-CVE-2012-2016
- RESERVED
-CVE-2012-2015
- RESERVED
-CVE-2012-2014
- RESERVED
-CVE-2012-2013
- RESERVED
-CVE-2012-2012
- RESERVED
+CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One
B110, ...)
+ TODO: check
+CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
+ TODO: check
+CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
+ TODO: check
+CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not
properly ...)
+ TODO: check
+CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
+ TODO: check
+CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have
an off ...)
+ TODO: check
CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web
Jetadmin ...)
NOT-FOR-US: HP Web Jetadmin
CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the
Alpha ...)
@@ -6137,8 +6150,7 @@
{DSA-2454-1}
- openssl 1.0.0h-1 (low; bug #663642)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
-CVE-2012-1164 [openldap (slapd): Assertion failure by processing search
quer...]
- RESERVED
+CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause
a ...)
- openldap 2.4.31-1 (low; bug #663644)
[squeeze] - openldap <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
@@ -6273,28 +6285,22 @@
CVE-2012-1124
RESERVED
NOT-FOR-US: phxEventManager not in Debian
-CVE-2012-1123
- RESERVED
+CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP
API in ...)
{DSA-2500-1}
- mantis 1.2.10-1 (bug #662858)
-CVE-2012-1122
- RESERVED
+CVE-2012-1122 (bug_actiongroup.php in MantisBT before 1.2.9 does not properly
check ...)
{DSA-2500-1}
- mantis 1.2.10-1 (low; bug #669927)
-CVE-2012-1121
- RESERVED
+CVE-2012-1121 (MantisBT before 1.2.9 does not properly check permissions, which
...)
- mantis 1.2.10-1 (low; bug #669926)
[squeeze] - mantis <not-affected> (according to maintainer)
-CVE-2012-1120
- RESERVED
+CVE-2012-1120 (The SOAP API in MantisBT before 1.2.9 does not properly enforce
the ...)
{DSA-2500-1}
- mantis 1.2.10-1 (low; bug #669925)
-CVE-2012-1119
- RESERVED
+CVE-2012-1119 (MantisBT before 1.2.9 does not audit when users copy or clone a
bug ...)
{DSA-2500-1}
- mantis 1.2.10-1 (low; bug #669928)
-CVE-2012-1118
- RESERVED
+CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in
MantisBT ...)
{DSA-2500-1}
- mantis 1.2.10-1 (low; bug #669924)
CVE-2012-1117
@@ -7094,8 +7100,7 @@
CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in
OpenSSH ...)
- openssh 1:5.6p1-1 (low; bug #657445)
[squeeze] - openssh-server 1:5.5p1-6+squeeze2
-CVE-2012-0813 [wicd cleartext passwords]
- RESERVED
+CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in
...)
- wicd 1.7.1~b3-4 (unimportant; bug #652417)
NOTE: Not a security issue per se, logfile only accessible by root:adm
CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities]
@@ -9205,8 +9210,7 @@
- ioquake3 <not-affected> (fixed before upload)
- tremulous 1.1.0-8 (bug #665842)
[squeeze] - tremulous 1.1.0-7~squeeze1
-CVE-2010-5076
- RESERVED
+CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP
address in ...)
- qt4-x11 4:4.6.3-1
NOTE: Might be fixed earlier, but Squeeze version has been validated to be
fixed
CVE-2009-5108