Author: joeyh Date: 2012-07-22 21:14:31 +0000 (Sun, 22 Jul 2012) New Revision: 19782 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-07-22 13:04:48 UTC (rev 19781) +++ data/CVE/list 2012-07-22 21:14:31 UTC (rev 19782) @@ -1,24 +1,22 @@ -CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin ...) +CVE-2012-4033 TODO: check -CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before ...) +CVE-2012-4032 TODO: check -CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.php in ...) +CVE-2012-4031 TODO: check CVE-2012-4030 - RESERVED TODO: check CVE-2012-4029 - RESERVED TODO: check -CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) +CVE-2012-4028 NOT-FOR-US: Tridium Niagara AX Framework -CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework ...) +CVE-2012-4027 NOT-FOR-US: Tridium Niagara AX Framework -CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before 3.11 ...) +CVE-2012-4026 NOT-FOR-US: The Johnson Controls Pegasys P2000 -CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in ...) +CVE-2012-4025 TODO: check -CVE-2012-4024 (Stack-based buffer overflow in the get_component function in ...) +CVE-2012-4024 TODO: check CVE-2012-4023 RESERVED @@ -1468,7 +1466,8 @@ NOT-FOR-US: Cyberoam DPI devices NOTE: https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372 NOTE: http://seclists.org/bugtraq/2012/Jul/20 -CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and ...) +CVE-2012-3371 + RESERVED - nova 2012.1.1-5 (bug #681301) NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13 NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d @@ -1489,7 +1488,8 @@ CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...) {DSA-2503-1} - bcfg2 1.2.2-2 (bug #679272) -CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...) +CVE-2012-3365 + RESERVED TODO: check CVE-2012-3364 RESERVED @@ -1512,7 +1512,8 @@ - nova 2012.1.1-2 (bug #680110) CVE-2012-3359 RESERVED -CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in ...) +CVE-2012-3358 + RESERVED - openjpeg 1.3+dfsg-4.4 (bug #681075) NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1 NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727 @@ -1530,7 +1531,8 @@ RESERVED - viewvc <unfixed> (bug #679069) NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 -CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) ...) +CVE-2012-3355 + RESERVED - rhythmbox <unfixed> (bug #616673) NOTE: Upstream bug report https://bugzilla.gnome.org/show_bug.cgi?id=678661 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076 @@ -1769,9 +1771,11 @@ RESERVED CVE-2012-3242 RESERVED -CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not ...) +CVE-2012-3241 + RESERVED TODO: check -CVE-2012-3240 (The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows ...) +CVE-2012-3240 + RESERVED TODO: check CVE-2012-3239 RESERVED @@ -1982,65 +1986,93 @@ RESERVED CVE-2012-3136 RESERVED -CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...) +CVE-2012-3135 + RESERVED TODO: check -CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) +CVE-2012-3134 + RESERVED TODO: check CVE-2012-3133 RESERVED CVE-2012-3132 RESERVED -CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...) +CVE-2012-3131 + RESERVED TODO: check -CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...) +CVE-2012-3130 + RESERVED TODO: check -CVE-2012-3129 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) +CVE-2012-3129 + RESERVED TODO: check -CVE-2012-3128 (Unspecified vulnerability in Oracle SPARC T-Series Servers running ...) +CVE-2012-3128 + RESERVED TODO: check -CVE-2012-3127 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) +CVE-2012-3127 + RESERVED TODO: check -CVE-2012-3126 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...) +CVE-2012-3126 + RESERVED TODO: check -CVE-2012-3125 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) +CVE-2012-3125 + RESERVED TODO: check -CVE-2012-3124 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) +CVE-2012-3124 + RESERVED TODO: check -CVE-2012-3123 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) +CVE-2012-3123 + RESERVED TODO: check -CVE-2012-3122 (Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local ...) +CVE-2012-3122 + RESERVED TODO: check -CVE-2012-3121 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote ...) +CVE-2012-3121 + RESERVED TODO: check -CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote ...) +CVE-2012-3120 + RESERVED TODO: check -CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2012-3119 + RESERVED TODO: check -CVE-2012-3118 (Unspecified vulnerability in the PeoleSoft Enterprise PeopleTools ...) +CVE-2012-3118 + RESERVED TODO: check -CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management ...) +CVE-2012-3117 + RESERVED TODO: check -CVE-2012-3116 (Unspecified vulnerability in the Oracle Transportation Management ...) +CVE-2012-3116 + RESERVED TODO: check -CVE-2012-3115 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) +CVE-2012-3115 + RESERVED TODO: check -CVE-2012-3114 (Unspecified vulnerability in the Oracle Transportation Management ...) +CVE-2012-3114 + RESERVED TODO: check -CVE-2012-3113 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2012-3113 + RESERVED TODO: check -CVE-2012-3112 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) +CVE-2012-3112 + RESERVED TODO: check -CVE-2012-3111 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2012-3111 + RESERVED TODO: check -CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-3110 + RESERVED TODO: check -CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-3109 + RESERVED TODO: check -CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-3108 + RESERVED TODO: check -CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-3107 + RESERVED TODO: check -CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-3106 + RESERVED TODO: check CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla ...) - iceweasel 10.0.5esr-1 @@ -2240,7 +2272,8 @@ RESERVED CVE-2012-3009 RESERVED -CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...) +CVE-2012-3008 + RESERVED TODO: check CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...) NOT-FOR-US: Not in Debian @@ -2309,7 +2342,8 @@ RESERVED CVE-2012-2975 RESERVED -CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers ...) +CVE-2012-2974 + RESERVED TODO: check CVE-2012-2973 RESERVED @@ -2347,7 +2381,8 @@ RESERVED CVE-2012-2956 RESERVED -CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2012-2955 + RESERVED TODO: check CVE-2012-2954 RESERVED @@ -2966,7 +3001,8 @@ NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5 CVE-2012-2689 RESERVED -CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the ...) +CVE-2012-2688 + RESERVED TODO: check CVE-2012-2687 [apache mod_negotiation XSS] RESERVED @@ -3064,7 +3100,8 @@ CVE-2012-2656 [XXE vulnerability in Restlet] RESERVED - restlet <itp> (bug #596472) -CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before ...) +CVE-2012-2655 + RESERVED {DSA-2491-1} - postgresql-9.1 9.1.4-1 - postgresql-8.4 8.4.12-1 @@ -3089,7 +3126,8 @@ RESERVED CVE-2012-2646 RESERVED -CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for ...) +CVE-2012-2645 + RESERVED NOT-FOR-US: The Yahoo! Japan Yahoo! Browser application CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...) NOT-FOR-US: Movable Type MT4i plugin @@ -3171,7 +3209,8 @@ RESERVED CVE-2012-2608 RESERVED -CVE-2012-2607 (The Johnson Controls CK721-A controller with firmware before ...) +CVE-2012-2607 + RESERVED NOT-FOR-US: The Johnson Controls CK721-A CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not require ...) NOT-FOR-US: Bradford Network Sentry @@ -4042,7 +4081,8 @@ CVE-2012-2304 [Drupal SA-CONTRIB-2012-067 - Linkit - Access bypass] RESERVED NOT-FOR-US: Drupal addon not packaged -CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce ...) +CVE-2012-2303 + RESERVED NOT-FOR-US: Drupal addon not packaged CVE-2012-2302 [Drupal SA-CONTRIB-2012-065 - Sitedoc - Information disclosure] RESERVED @@ -4091,16 +4131,20 @@ RESERVED CVE-2012-2283 RESERVED -CVE-2012-2282 (EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before ...) +CVE-2012-2282 + RESERVED NOT-FOR-US: EMC Celerra/VNX/VNXe CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access ...) NOT-FOR-US: RSA Access Manager NOTE: http://seclists.org/bugtraq/2012/Jul/36 -CVE-2012-2280 (EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID ...) +CVE-2012-2280 + RESERVED NOT-FOR-US: RSA Authentication Agent -CVE-2012-2279 (Open redirect vulnerability in the Security Console in EMC RSA ...) +CVE-2012-2279 + RESERVED NOT-FOR-US: RSA Authentication Agent -CVE-2012-2278 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) +CVE-2012-2278 + RESERVED NOT-FOR-US: RSA Authentication Agent CVE-2012-2277 (The IRM Server in EMC Documentum Information Rights Management 4.x ...) NOT-FOR-US: EMC Documentum Information Rights Management @@ -4415,9 +4459,11 @@ RESERVED - net-snmp 5.4.3~dfsg-2.5 (bug #672492) NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff -CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...) +CVE-2012-2140 + RESERVED - ruby-mail 2.4.4-1 -CVE-2012-2139 (Directory traversal vulnerability in ...) +CVE-2012-2139 + RESERVED - ruby-mail 2.4.4-1 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...) NOT-FOR-US: Apache Sling @@ -4769,7 +4815,8 @@ NOT-FOR-US: Adobe Illustrator CVE-2012-2022 RESERVED -CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager ...) +CVE-2012-2021 + RESERVED NOT-FOR-US: HP AssetManager CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...) NOT-FOR-US: HP Operations Agent @@ -4887,78 +4934,97 @@ RESERVED CVE-2012-1968 RESERVED -CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) +CVE-2012-1967 + RESERVED {DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...) +CVE-2012-1966 + RESERVED {DSA-2514-1} - iceweasel 10.0.6esr-1 -CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...) +CVE-2012-1965 + RESERVED - iceweasel 10.0.6esr-1 -CVE-2012-1964 (The certificate-warning functionality in ...) +CVE-2012-1964 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x ...) +CVE-2012-1963 + RESERVED - iceweasel 10.0.6esr-1 [squeeze] - iceweasel <not-affected> (CSP not yet available) - icedove 10.0.5-1 [squeeze] - icedove <not-affected> (CSP not yet available) - icedove <unfixed> - iceape <unfixed> -CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend ...) +CVE-2012-1962 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) +CVE-2012-1961 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS ...) +CVE-2012-1960 + RESERVED - iceweasel <not-affected> (Only affects Firefox > 10) -CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) +CVE-2012-1959 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden ...) +CVE-2012-1958 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1957 (An unspecified parser-utility class in Mozilla Firefox 4.x through ...) +CVE-2012-1957 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> CVE-2012-1956 RESERVED -CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) +CVE-2012-1955 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in ...) +CVE-2012-1954 + RESERVED {DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox ...) +CVE-2012-1953 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through ...) +CVE-2012-1952 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased ...) +CVE-2012-1951 + RESERVED - iceweasel 10.0.6esr-1 - icedove <unfixed> - iceape <unfixed> -CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 ...) +CVE-2012-1950 + RESERVED {DSA-2514-1} - iceweasel 10.0.6esr-1 -CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2012-1949 + RESERVED - iceweasel <not-affected> (Only affects Firefox 13) -CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) +CVE-2012-1948 + RESERVED {DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove <unfixed> @@ -5355,103 +5421,147 @@ NOT-FOR-US: WebGlimpse CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...) NOT-FOR-US: Gretech GOM Media Player -CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1773 + RESERVED TODO: check -CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1772 + RESERVED TODO: check -CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1771 + RESERVED TODO: check -CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1770 + RESERVED TODO: check -CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1769 + RESERVED TODO: check -CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1768 + RESERVED TODO: check -CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1767 + RESERVED TODO: check -CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1766 + RESERVED TODO: check -CVE-2012-1765 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) +CVE-2012-1765 + RESERVED TODO: check -CVE-2012-1764 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2012-1764 + RESERVED TODO: check CVE-2012-1763 RESERVED -CVE-2012-1762 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2012-1762 + RESERVED TODO: check -CVE-2012-1761 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) +CVE-2012-1761 + RESERVED TODO: check -CVE-2012-1760 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) +CVE-2012-1760 + RESERVED TODO: check -CVE-2012-1759 (Unspecified vulnerability in the Oracle AutoVue component in Oracle ...) +CVE-2012-1759 + RESERVED TODO: check -CVE-2012-1758 (Unspecified vulnerability in the Oracle AutoVue component in Oracle ...) +CVE-2012-1758 + RESERVED TODO: check -CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...) +CVE-2012-1757 + RESERVED - mysql-5.1 <not-affected> (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) -CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...) +CVE-2012-1756 + RESERVED - mysql-5.1 <not-affected> (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1755 RESERVED -CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) +CVE-2012-1754 + RESERVED TODO: check -CVE-2012-1753 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2012-1753 + RESERVED TODO: check -CVE-2012-1752 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) +CVE-2012-1752 + RESERVED TODO: check CVE-2012-1751 RESERVED -CVE-2012-1750 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) +CVE-2012-1750 + RESERVED TODO: check -CVE-2012-1749 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) +CVE-2012-1749 + RESERVED TODO: check -CVE-2012-1748 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) +CVE-2012-1748 + RESERVED TODO: check -CVE-2012-1747 (Unspecified vulnerability in the Network Layer component in Oracle ...) +CVE-2012-1747 + RESERVED TODO: check -CVE-2012-1746 (Unspecified vulnerability in the Network Layer component in Oracle ...) +CVE-2012-1746 + RESERVED TODO: check -CVE-2012-1745 (Unspecified vulnerability in the Network Layer component in Oracle ...) +CVE-2012-1745 + RESERVED TODO: check -CVE-2012-1744 (Unspecified vulnerability in the Oracle Outside In Technology ...) +CVE-2012-1744 + RESERVED TODO: check -CVE-2012-1743 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture ...) +CVE-2012-1743 + RESERVED TODO: check -CVE-2012-1742 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) +CVE-2012-1742 + RESERVED TODO: check -CVE-2012-1741 (Unspecified vulnerability in the Enterprise Manager for Fusion ...) +CVE-2012-1741 + RESERVED TODO: check -CVE-2012-1740 (Unspecified vulnerability in the Oracle Application Express Listener ...) +CVE-2012-1740 + RESERVED TODO: check -CVE-2012-1739 (Unspecified vulnerability in the Oracle E-Business Intelligence ...) +CVE-2012-1739 + RESERVED TODO: check -CVE-2012-1738 (Unspecified vulnerability in the Oracle iPlanet Web Server component ...) +CVE-2012-1738 + RESERVED TODO: check -CVE-2012-1737 (Unspecified vulnerability in the Enterprise Manager for Oracle ...) +CVE-2012-1737 + RESERVED TODO: check -CVE-2012-1736 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) +CVE-2012-1736 + RESERVED TODO: check -CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...) +CVE-2012-1735 + RESERVED - mysql-5.1 <not-affected> (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) -CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...) +CVE-2012-1734 + RESERVED - mysql-5.1 <removed> (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) -CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) +CVE-2012-1733 + RESERVED TODO: check -CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) +CVE-2012-1732 + RESERVED TODO: check -CVE-2012-1731 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) +CVE-2012-1731 + RESERVED TODO: check -CVE-2012-1730 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2012-1730 + RESERVED TODO: check -CVE-2012-1729 (Unspecified vulnerability in the Hyperion BI+ component in Oracle ...) +CVE-2012-1729 + RESERVED TODO: check -CVE-2012-1728 (Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 ...) +CVE-2012-1728 + RESERVED TODO: check -CVE-2012-1727 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2012-1727 + RESERVED TODO: check CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7~u3-2.1.1-1 (bug #677486) @@ -5492,7 +5602,8 @@ {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) -CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object Library ...) +CVE-2012-1715 + RESERVED TODO: check CVE-2012-1714 RESERVED @@ -5552,14 +5663,16 @@ {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 -CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...) +CVE-2012-1689 + RESERVED - mysql-5.1 <removed> (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 -CVE-2012-1687 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local ...) +CVE-2012-1687 + RESERVED TODO: check CVE-2012-1686 RESERVED @@ -5870,7 +5983,8 @@ CVE-2012-1572 RESERVED - keystone 2012.1~rc2-1 -CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...) +CVE-2012-1571 + RESERVED {DSA-2422-1} - file 5.11-1 (low; bug #664263) [squeeze] - file 5.04-5+squeeze1 @@ -6028,7 +6142,7 @@ RESERVED CVE-2012-1500 RESERVED -CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote ...) +CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly allocate ...) - openjpeg <not-affected> (vulnerable code introduced after 1.3) CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) NOT-FOR-US: Webfolio CMS @@ -7536,15 +7650,18 @@ - samba 2:3.4.0~pre1-1 [lenny] - samba <not-affected> (pre-release issue) [squeeze] - samba <not-affected> (pre-release issue) -CVE-2012-0868 (CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before ...) +CVE-2012-0868 + RESERVED {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 -CVE-2012-0867 (PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before ...) +CVE-2012-0867 + RESERVED {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 -CVE-2012-0866 (CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, ...) +CVE-2012-0866 + RESERVED {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 @@ -7771,29 +7888,39 @@ NOT-FOR-US: Apache CXF CVE-2012-0802 (Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote ...) NOT-FOR-US: spamdyke -CVE-2012-0801 (lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 ...) +CVE-2012-0801 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2012-0800 (The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, ...) +CVE-2012-0800 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2012-0799 (Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous ...) +CVE-2012-0799 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2012-0798 (The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and ...) +CVE-2012-0798 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2012-0797 (The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x ...) +CVE-2012-0797 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2012-0796 (class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x ...) +CVE-2012-0796 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 -CVE-2012-0795 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...) +CVE-2012-0795 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 -CVE-2012-0794 (The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before ...) +CVE-2012-0794 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 -CVE-2012-0793 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...) +CVE-2012-0793 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 -CVE-2012-0792 (mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote ...) +CVE-2012-0792 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...) @@ -8295,7 +8422,8 @@ NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products -CVE-2012-0563 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...) +CVE-2012-0563 + RESERVED TODO: check CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products @@ -8343,7 +8471,8 @@ NOT-FOR-US: Oracle E-Business Suite CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software -CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier ...) +CVE-2012-0540 + RESERVED - mysql-5.1 <removed> (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) @@ -9163,11 +9292,14 @@ NOT-FOR-US: Stoneware webNetwork CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware ...) NOT-FOR-US: Stoneware webNetwork -CVE-2012-0284 (Stack-based buffer overflow in the SetSource method in the Cisco ...) +CVE-2012-0284 + RESERVED TODO: check -CVE-2012-0283 (Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList ...) +CVE-2012-0283 + RESERVED TODO: check -CVE-2012-0282 (Heap-based buffer overflow in XnView before 1.99 allows remote ...) +CVE-2012-0282 + RESERVED TODO: check CVE-2012-0281 RESERVED @@ -9177,9 +9309,11 @@ NOT-FOR-US: Quest (quest.com) Toad CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for ...) NOT-FOR-US: IrfanView -CVE-2012-0277 (Heap-based buffer overflow in XnView before 1.99 allows remote ...) +CVE-2012-0277 + RESERVED TODO: check -CVE-2012-0276 (Multiple heap-based buffer overflows in XnView before 1.99 allow ...) +CVE-2012-0276 + RESERVED TODO: check CVE-2012-0275 RESERVED @@ -11055,36 +11189,49 @@ - linux-2.6 3.1-1 [squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle) [lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle) -CVE-2011-4593 (Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 ...) +CVE-2011-4593 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4592 (The command-line cron implementation in Moodle 2.0.x before 2.0.6 and ...) +CVE-2011-4592 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4591 (Cross-site scripting (XSS) vulnerability in the print_object function ...) +CVE-2011-4591 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4590 (The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x ...) +CVE-2011-4590 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4589 (backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and ...) +CVE-2011-4589 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4588 (The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x ...) +CVE-2011-4588 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) -CVE-2011-4587 (lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, ...) +CVE-2011-4587 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) -CVE-2011-4586 (CRLF injection vulnerability in calendar/set.php in the Calendar ...) +CVE-2011-4586 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) -CVE-2011-4585 (login/change_password.php in Moodle 1.9.x before 1.9.15 does not use ...) +CVE-2011-4585 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) -CVE-2011-4584 (The MNET authentication functionality in Moodle 1.9.x before 1.9.15, ...) +CVE-2011-4584 + RESERVED {DSA-2421-1} - moodle 1.9.9.dfsg2-5 (bug #652235) -CVE-2011-4583 (Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service ...) +CVE-2011-4583 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4582 (Open redirect vulnerability in the Calendar set page in Moodle 2.1.x ...) +CVE-2011-4582 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before ...) +CVE-2011-4581 + RESERVED - moodle <not-affected> (Only affects 2.x) CVE-2011-4580 RESERVED @@ -11687,7 +11834,8 @@ CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions] REJECTED NOT-FOR-US: Apache MyFaces -CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...) +CVE-2011-4358 + RESERVED {DSA-2359-1} - mojarra 2.0.3-2 (bug #650430) CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in ...) @@ -11877,50 +12025,70 @@ - moodle <not-affected> (Only affects 2.x) CVE-2011-4298 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - moodle <not-affected> (Only affects 2.x) -CVE-2011-4297 (comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...) +CVE-2011-4297 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4296 (lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...) +CVE-2011-4296 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4295 (The moodle_enrol_external:role_assign function in ...) +CVE-2011-4295 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4294 (The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x ...) +CVE-2011-4294 + RESERVED {DSA-2338-1} - moodle 1.9.9.dfsg2-4 -CVE-2011-4293 (The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...) +CVE-2011-4293 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4292 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...) +CVE-2011-4292 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4291 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...) +CVE-2011-4291 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4290 (Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php ...) +CVE-2011-4290 + RESERVED {DSA-2262-1} - moodle 1.9.9.dfsg2-3 -CVE-2011-4289 (Moodle 2.0.x before 2.0.3 does not recognize the configuration setting ...) +CVE-2011-4289 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4288 (Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly ...) +CVE-2011-4288 + RESERVED {DSA-2262-1} - moodle 1.9.9.dfsg2-3 -CVE-2011-4287 (admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force ...) +CVE-2011-4287 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4286 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) +CVE-2011-4286 + RESERVED {DSA-2262-1} - moodle 1.9.9.dfsg2-3 -CVE-2011-4285 (The default configuration of Moodle 2.0.x before 2.0.2 has an ...) +CVE-2011-4285 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4284 (Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive ...) +CVE-2011-4284 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4283 (Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS ...) +CVE-2011-4283 + RESERVED {DSA-2262-1} - moodle 1.9.9.dfsg2-3 -CVE-2011-4282 (Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...) +CVE-2011-4282 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4281 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...) +CVE-2011-4281 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4280 (Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...) +CVE-2011-4280 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4279 (Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles ...) +CVE-2011-4279 + RESERVED - moodle <not-affected> (Only affects 2.x) -CVE-2011-4278 (Cross-site scripting (XSS) vulnerability in the tag autocomplete ...) +CVE-2011-4278 + RESERVED {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum ...) @@ -12397,7 +12565,8 @@ NOT-FOR-US: Flexera FlexNet Publisher CVE-2011-4134 (Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher ...) NOT-FOR-US: Flexera FlexNet Publisher -CVE-2011-4133 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...) +CVE-2011-4133 + RESERVED {DSA-2262-1} - moodle 1.9.9.dfsg2-3 CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) ...) @@ -14291,7 +14460,8 @@ {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 -CVE-2011-3562 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) +CVE-2011-3562 + RESERVED TODO: check CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...) - sun-java6 <removed> (bug #645881) @@ -25218,7 +25388,8 @@ NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366 NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1 NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2 -CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 ...) +CVE-2009-5030 + RESERVED - openjpeg 1.3+dfsg-4.1 (medium; bug #672455) NOTE: Upstream ticket http://code.google.com/p/openjpeg/issues/detail?id=5 NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/04/13/1