Author: joeyh
Date: 2012-07-09 21:14:56 +0000 (Mon, 09 Jul 2012)
New Revision: 19700
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-07-09 20:49:32 UTC (rev 19699)
+++ data/CVE/list 2012-07-09 21:14:56 UTC (rev 19700)
@@ -1,4 +1,72 @@
-CVE-2012-3863 [asterisk: Possible resource leak on uncompleted re-invite
transactions]
+CVE-2012-3882
+ RESERVED
+CVE-2012-3881
+ RESERVED
+CVE-2012-3880
+ RESERVED
+CVE-2012-3879
+ RESERVED
+CVE-2012-3878
+ RESERVED
+CVE-2012-3877
+ RESERVED
+CVE-2012-3876
+ RESERVED
+CVE-2012-3875
+ RESERVED
+CVE-2012-3874
+ RESERVED
+CVE-2012-3873
+ RESERVED
+CVE-2012-3872
+ RESERVED
+CVE-2012-3871
+ RESERVED
+CVE-2012-3870
+ RESERVED
+CVE-2012-3869
+ RESERVED
+CVE-2012-3868
+ RESERVED
+CVE-2012-3867
+ RESERVED
+CVE-2012-3866
+ RESERVED
+CVE-2012-3865
+ RESERVED
+CVE-2012-3864
+ RESERVED
+CVE-2012-3862
+ RESERVED
+CVE-2012-3861
+ RESERVED
+CVE-2012-3860
+ RESERVED
+CVE-2012-3859
+ RESERVED
+CVE-2012-3858
+ RESERVED
+CVE-2012-3857
+ RESERVED
+CVE-2012-3856
+ RESERVED
+CVE-2012-3855
+ RESERVED
+CVE-2012-3854
+ RESERVED
+CVE-2012-3853
+ RESERVED
+CVE-2012-3852
+ RESERVED
+CVE-2012-3851
+ RESERVED
+CVE-2012-3850
+ RESERVED
+CVE-2012-3849
+ RESERVED
+CVE-2012-3848
+ RESERVED
+CVE-2012-3863 (Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before
10.5.2, ...)
- asterisk <unfixed>
CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch
2012 ...)
NOT-FOR-US: Windows utility
@@ -543,8 +611,8 @@
NOTE: net-update is disabled by default on Debian
CVE-2012-3586
RESERVED
-CVE-2012-3585
- RESERVED
+CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka
JLS) ...)
+ TODO: check
CVE-2012-3584
RESERVED
CVE-2012-3583
@@ -996,8 +1064,7 @@
RESERVED
- linux <unfixed>
- linux-2.6 <removed>
-CVE-2012-3374 [Buffer overflow in markup.c in the MXit protocol plugin in
libpurple in Pidgin before 2.10.5]
- RESERVED
+CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in
libpurple ...)
{DSA-2509-1}
- pidgin 2.10.6-1 (bug #680661)
[squeeze] - pidgin 2.7.3-1+squeeze3
@@ -1005,8 +1072,7 @@
NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
CVE-2012-3373
RESERVED
-CVE-2012-3372 [traffic interception vulnerability in Cyberoam DPI devices]
- RESERVED
+CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM
appliances ...)
NOT-FOR-US: Cyberoam DPI devices
NOTE:
https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372
NOTE: http://seclists.org/bugtraq/2012/Jul/20
@@ -2608,19 +2674,16 @@
RESERVED
CVE-2012-2645
RESERVED
-CVE-2012-2644
- RESERVED
+CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1
beta 4 ...)
NOT-FOR-US: Movable Type MT4i plugin
-CVE-2012-2643
- RESERVED
+CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD
before ...)
NOT-FOR-US: KENT-WEB YY-BOARD
-CVE-2012-2642
- RESERVED
+CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1
beta 4 ...)
NOT-FOR-US: Movable Type MT4i plugin
-CVE-2012-2641
- RESERVED
-CVE-2012-2640
- RESERVED
+CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before
1.4.3 ...)
+ TODO: check
+CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier
for ...)
+ TODO: check
CVE-2012-2639
REJECTED
NOTE: Duplicate with CVE-2011-4940
http://www.openwall.com/lists/oss-security/2012/06/26/3
@@ -3292,8 +3355,7 @@
CVE-2012-2387
RESERVED
- devotee <itp> (bug #470995)
-CVE-2012-2386 [phar integer overfow]
- RESERVED
+CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in
the ...)
{DSA-2492-1}
- php5 5.4.4~rc1-1
CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...)
@@ -3618,8 +3680,7 @@
RESERVED
CVE-2012-2282
RESERVED
-CVE-2012-2281
- RESERVED
+CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access
...)
NOT-FOR-US: RSA Access Manager
NOTE: http://seclists.org/bugtraq/2012/Jul/36
CVE-2012-2280
@@ -3929,8 +3990,7 @@
- qpid-cpp 0.16-1 (bug #672124)
CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon)
...)
- horizon 2012.1-4 (bug #671604)
-CVE-2012-2143
- RESERVED
+CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before
...)
{DSA-2491-1}
- postgresql-9.1 9.1.4-1
- postgresql-8.4 8.4.12-1
@@ -4305,8 +4365,8 @@
RESERVED
CVE-2012-2019
RESERVED
-CVE-2012-2018
- RESERVED
+CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node
Manager i ...)
+ TODO: check
CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One
B110, ...)
NOT-FOR-US: HP Photosmart Wireless e-All-in-One
CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
@@ -8323,8 +8383,8 @@
RESERVED
CVE-2012-0411
RESERVED
-CVE-2012-0410
- RESERVED
+CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell
GroupWise ...)
+ TODO: check
CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x
before ...)
NOT-FOR-US: EMC
CVE-2012-0408
@@ -8554,14 +8614,14 @@
RESERVED
CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak
permissions ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
-CVE-2012-0303
- RESERVED
-CVE-2012-0302
- RESERVED
-CVE-2012-0301
- RESERVED
-CVE-2012-0300
- RESERVED
+CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control
Center ...)
+ TODO: check
+CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in
...)
+ TODO: check
+CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does
not ...)
+ TODO: check
CVE-2012-0299 (The file-management scripts in the management GUI in Symantec
Web ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-0298 (The file-management scripts in the management GUI in Symantec
Web ...)