Author: geissert Date: 2012-08-19 23:03:55 +0000 (Sun, 19 Aug 2012) New Revision: 19973 Modified: data/CVE/list Log: issues: rouncube (no CVE), wireshark, gallery3 (itp) NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-08-19 19:12:10 UTC (rev 19972) +++ data/CVE/list 2012-08-19 23:03:55 UTC (rev 19973) @@ -1,3 +1,11 @@ +CVE-2012-XXXX [SA50212: roundcube 0.8 XSS] + - roundcube <not-affected> (only affects rc versions of 0.8) + NOTE: http://trac.roundcube.net/ticket/1488519 + TODO: request CVE id +CVE-2012-XXXX [SA50279: roundcube multiple XSS] + - roundcube <unfixed> + TODO: report and request CVE id + NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-XXXX [geshi XSS in contrib/langwiz.php] - geshi <unfixed> (bug #685323) [squeeze] - geshi <no-dsa> (shipped as example/.gz) @@ -25,9 +33,9 @@ CVE-2012-4344 (Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold ...) NOT-FOR-US: Ipswitch CVE-2012-4343 (Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow ...) - TODO: check + - gallery3 <itp> (bug #511715) CVE-2012-4342 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 ...) - TODO: check + - gallery3 <itp> (bug #511715) CVE-2012-4341 (Multiple stack-based buffer overflows in msg_server.exe in SAP ...) TODO: check CVE-2012-4340 (Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 ...) @@ -116,32 +124,46 @@ CVE-2012-4299 RESERVED CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...) + - wireshark <unfixed> TODO: check CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in ...) + - wireshark <unfixed> TODO: check CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 ...) + - wireshark <unfixed> TODO: check CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in ...) + - wireshark <unfixed> TODO: check CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ...) + - wireshark <unfixed> TODO: check CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in ...) + - wireshark <unfixed> TODO: check CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in ...) + - wireshark <unfixed> TODO: check CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...) + - wireshark <unfixed> TODO: check CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...) + - wireshark <unfixed> TODO: check CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x ...) + - wireshark <unfixed> TODO: check CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in ...) + - wireshark <unfixed> TODO: check CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark ...) + - wireshark <unfixed> TODO: check CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the ...) + - wireshark <unfixed> TODO: check CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...) + - wireshark <unfixed> TODO: check CVE-2012-4284 RESERVED @@ -398,37 +420,37 @@ CVE-2012-4163 RESERVED CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef ...) - chef 0.10.10-1 CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef ...) @@ -2381,7 +2403,7 @@ CVE-2012-3309 RESERVED CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...) - TODO: check + NOT-FOR-US: IBM Sametime CVE-2012-3307 RESERVED CVE-2012-3306 @@ -2497,15 +2519,15 @@ CVE-2012-3252 RESERVED CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...) - TODO: check + NOT-FOR-US: HP Service Manager CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and ...) - TODO: check + NOT-FOR-US: HP Service Manager CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...) - TODO: check + NOT-FOR-US: HP Fortify Software Security Center CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...) - TODO: check + NOT-FOR-US: HP Fortify Software Security Center CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c ...) - TODO: check + NOT-FOR-US: HP Integrity Server CVE-2012-3246 RESERVED CVE-2012-3245 @@ -2986,7 +3008,7 @@ CVE-2012-3010 RESERVED CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, ...) - TODO: check + NOT-FOR-US: Siemens COMOS CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...) NOT-FOR-US: OSIsoft PI OPC DA Interface CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...) @@ -4102,19 +4124,19 @@ CVE-2012-2528 RESERVED CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2012-2525 RESERVED CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2520 RESERVED CVE-2012-2519 @@ -4991,13 +5013,15 @@ CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a ...) NOT-FOR-US: Sony Bravia CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) + - piwigo <unfixed> TODO: check CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...) + - piwigo <unfixed> TODO: check CVE-2012-2207 RESERVED CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...) - TODO: check + NOT-FOR-US: IBM WebSphere MQ File Transfer Edition CVE-2012-2205 RESERVED CVE-2012-2204 @@ -5422,23 +5446,23 @@ CVE-2012-2052 RESERVED CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-2048 RESERVED CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) - TODO: check + NOT-FOR-US: Adobe Shockwave Player CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ...) @@ -5818,7 +5842,7 @@ CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...) NOT-FOR-US: Microsoft XML Core Services CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...) - TODO: check + NOT-FOR-US: Microsoft Visio CVE-2012-1887 RESERVED CVE-2012-1886 @@ -6670,7 +6694,7 @@ CVE-2012-1536 RESERVED CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2012-1534 RESERVED CVE-2012-1533 @@ -6688,9 +6712,9 @@ CVE-2012-1527 RESERVED CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)