Author: joeyh
Date: 2012-07-25 21:14:25 +0000 (Wed, 25 Jul 2012)
New Revision: 19805
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-07-25 13:24:26 UTC (rev 19804)
+++ data/CVE/list 2012-07-25 21:14:25 UTC (rev 19805)
@@ -1,34 +1,64 @@
-CVE-2012-4050
+CVE-2012-4047
+ RESERVED
+CVE-2012-4046
+ RESERVED
+CVE-2012-4045 (Multiple heap-based buffer overflows in bmp.w5s in Winamp
before 5.63 ...)
+ TODO: check
+CVE-2012-4044
+ RESERVED
+CVE-2012-4043
+ RESERVED
+CVE-2012-4042
+ RESERVED
+CVE-2012-4041
+ RESERVED
+CVE-2012-4040
+ RESERVED
+CVE-2012-4039
+ RESERVED
+CVE-2012-4038
+ RESERVED
+CVE-2012-4037
+ RESERVED
+CVE-2012-4036
+ RESERVED
+CVE-2012-4035
+ RESERVED
+CVE-2012-4034
+ RESERVED
+CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before
...)
NOT-FOR-US: Google Chrome OS
-CVE-2012-4049 [Large loop in the NFS dissector]
+CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark
1.4.x ...)
- wireshark <unfixed> (bug #680056)
NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html
NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
-CVE-2012-4048 [PPP dissector crash]
+CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x
before ...)
TODO: Check if Debian wireshark is affected
NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html
NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
-CVE-2012-4033
+CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop
plugin ...)
TODO: check
-CVE-2012-4032
+CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel
before ...)
TODO: check
-CVE-2012-4031
+CVE-2012-4031 (Multiple directory traversal vulnerabilities in
src/acloglogin.php in ...)
TODO: check
CVE-2012-4030
+ RESERVED
TODO: check
CVE-2012-4029
+ RESERVED
TODO: check
-CVE-2012-4028
+CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential
data, ...)
NOT-FOR-US: Tridium Niagara AX Framework
-CVE-2012-4027
+CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX
Framework ...)
NOT-FOR-US: Tridium Niagara AX Framework
-CVE-2012-4026
+CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before
3.11 ...)
NOT-FOR-US: The Johnson Controls Pegasys P2000
-CVE-2012-4025
+CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in
...)
TODO: check
-CVE-2012-4024
+CVE-2012-4024 (Stack-based buffer overflow in the get_component function in
...)
TODO: check
CVE-2012-4023
RESERVED
@@ -176,8 +206,7 @@
RESERVED
CVE-2012-3955
RESERVED
-CVE-2012-3954 [Memory Leaks Found in ISC DHCP]
- RESERVED
+CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before
4.2.4-P1 and ...)
- isc-dhcp <unfixed>
NOTE: https://kb.isc.org/article/AA-00737
CVE-2012-3953
@@ -350,8 +379,7 @@
RESERVED
CVE-2012-3869
RESERVED
-CVE-2012-3868 [High TCP Query Load Can Trigger a Memory Leak in BIND 9]
- RESERVED
+CVE-2012-3868 (Race condition in the ns_client structure management in ISC
BIND 9.9.x ...)
TODO: check
NOTE: https://kb.isc.org/article/AA-00730
NOTE: According to
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3868 only 9.9.0 through to
9.9.1-P1 affected
@@ -476,8 +504,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818
NOTE:
http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html
NOTE: http://als.regnet.cz/fpm2/feedback/2
-CVE-2012-3817 [Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion
Failure in BIND9]
- RESERVED
+CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x
before ...)
TODO: check
NOTE: https://kb.isc.org/article/AA-00729
CVE-2012-XXXX [packagekit insecure temp file]
@@ -978,12 +1005,10 @@
RESERVED
CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x,
with ...)
NOTE: Disputed NSS issue
-CVE-2012-3571 [An error in the handling of malformed client identifiers can
...]
- RESERVED
+CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6
allows ...)
- isc-dhcp <unfixed>
NOTE: https://kb.isc.org/article/AA-00712
-CVE-2012-3570 [An Error in the Handling of an Unexpected Client Identifiers
can ...]
- RESERVED
+CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6
mode is ...)
- isc-dhcp <unfixed>
[squeeze] - isc-dhcp <not-affected> (Vulnerable code not present)
NOTE: https://kb.isc.org/article/AA-00714
@@ -1372,52 +1397,40 @@
- linux-2.6 <removed>
CVE-2012-3399 (Config/diff.php in Basilic 1.5.14 allows remote attackers to
execute ...)
NOT-FOR-US: Basilic
-CVE-2012-3398
- RESERVED
+CVE-2012-3398 (Algorithmic complexity vulnerability in Moodle 1.9.x before
1.9.19, ...)
- moodle <unfixed> (bug #682203)
[squeeze] - moodle <no-dsa> (Minor issue)
-CVE-2012-3397
- RESERVED
+CVE-2012-3397 (lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before
2.1.7, ...)
- moodle 2.2.3.dfsg-2.1 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.0)
-CVE-2012-3396
- RESERVED
+CVE-2012-3396 (Cross-site scripting (XSS) vulnerability in
cohort/edit_form.php in ...)
- moodle 2.2.3.dfsg-2.1 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.0)
-CVE-2012-3395
- RESERVED
+CVE-2012-3395 (SQL injection vulnerability in mod/feedback/complete.php in
Moodle ...)
- moodle 2.2.3.dfsg-2.1 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.0)
-CVE-2012-3394
- RESERVED
+CVE-2012-3394 (auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10,
2.1.x ...)
- moodle 2.2.3.dfsg-2.1 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-3393
- RESERVED
+CVE-2012-3393 (Cross-site scripting (XSS) vulnerability in repository/lib.php
in ...)
- moodle 2.2.3.dfsg-2.1 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-3392
- RESERVED
+CVE-2012-3392 (mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and
2.2.x ...)
- moodle <unfixed> (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-3391
- RESERVED
+CVE-2012-3391 (mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x
before ...)
- moodle <unfixed> (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-3390
- RESERVED
+CVE-2012-3390 (lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before
2.2.4 ...)
- moodle <unfixed> (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.1)
-CVE-2012-3389
- RESERVED
+CVE-2012-3389 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- moodle 2.2.3.dfsg-2.2 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.2)
-CVE-2012-3388
- RESERVED
+CVE-2012-3388 (The is_enrolled function in lib/accesslib.php in Moodle 2.2.x
before ...)
- moodle 2.2.3.dfsg-2.2 (bug #682203)
[squeeze] - moodle <not-affected> (Only affects >= 2.2)
-CVE-2012-3387
- RESERVED
+CVE-2012-3387 (Moodle 2.3.x before 2.3.1 uses only a client-side check for
whether ...)
- moodle <not-affected> (Only affects 2.3)
CVE-2012-3386
RESERVED
@@ -1430,18 +1443,15 @@
[squeeze] - automake1.7 <no-dsa> (Minor issue)
- automake1.9 1.9.6+nogfdl-4
[squeeze] - automake1.9 <no-dsa> (Minor issue)
-CVE-2012-3385 [WordPress information disclosure]
- RESERVED
+CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to
post ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
-CVE-2012-3384 [WordPress CSRF]
- RESERVED
+CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the
customizer in ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
-CVE-2012-3383 [WordPress privilege escalation and XSS]
- RESERVED
+CVE-2012-3383 (WordPress 3.4.0 does not properly restrict access to
unfiltered_html ...)
- wordpress 3.4.1+dfsg-1 (bug #680721)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
@@ -1492,8 +1502,7 @@
NOT-FOR-US: Cyberoam DPI devices
NOTE:
https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372
NOTE: http://seclists.org/bugtraq/2012/Jul/20
-CVE-2012-3371
- RESERVED
+CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2)
and ...)
- nova 2012.1.1-5 (bug #681301)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13
NOTE:
https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
@@ -1514,8 +1523,7 @@
CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote
attackers ...)
{DSA-2503-1}
- bcfg2 1.2.2-2 (bug #679272)
-CVE-2012-3365
- RESERVED
+CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote
attackers ...)
TODO: check
CVE-2012-3364
RESERVED
@@ -1530,22 +1538,18 @@
- extplorer 2.1.0b6+dfsg.3-3 (bug #678737)
[squeeze] - extplorer 2.1.0b6+dfsg.2-1+squeeze1
[wheezy] - extplorer 2.1.0b6+dfsg.3-3
-CVE-2012-3361 [arbitrary file injection through directory traversal]
- RESERVED
+CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2),
Essex ...)
- nova 2012.1.1-2 (bug #680110)
-CVE-2012-3360 [arbitrary file corruption through directory traversal]
- RESERVED
+CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in
OpenStack ...)
- nova 2012.1.1-2 (bug #680110)
CVE-2012-3359
RESERVED
-CVE-2012-3358
- RESERVED
+CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot
function in ...)
- openjpeg 1.3+dfsg-4.4 (bug #681075)
NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1
NOTE: Upstream patch:
http://code.google.com/p/openjpeg/source/detail?r=1727
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
-CVE-2012-3357 [viewvc log msg leak in SVN revision view with unreadable copy
source]
- RESERVED
+CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC
before ...)
- viewvc <unfixed> (bug #679069)
NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353
NOTE:
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
@@ -1553,12 +1557,10 @@
NOTE:
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757
NOTE:
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759
NOTE:
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760
-CVE-2012-3356 [viewvc complete authz support for remote SVN views]
- RESERVED
+CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in
ViewVC ...)
- viewvc <unfixed> (bug #679069)
NOTE:
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
-CVE-2012-3355
- RESERVED
+CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) ...)
- rhythmbox <unfixed> (bug #616673)
NOTE: Upstream bug report
https://bugzilla.gnome.org/show_bug.cgi?id=678661
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
@@ -1797,11 +1799,9 @@
RESERVED
CVE-2012-3242
RESERVED
-CVE-2012-3241
- RESERVED
+CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2
does not ...)
TODO: check
-CVE-2012-3240
- RESERVED
+CVE-2012-3240 (The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2
allows ...)
TODO: check
CVE-2012-3239
RESERVED
@@ -2012,93 +2012,65 @@
RESERVED
CVE-2012-3136
RESERVED
-CVE-2012-3135
- RESERVED
+CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in
Oracle ...)
TODO: check
-CVE-2012-3134
- RESERVED
+CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
TODO: check
CVE-2012-3133
RESERVED
CVE-2012-3132
RESERVED
-CVE-2012-3131
- RESERVED
+CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11
allows ...)
TODO: check
-CVE-2012-3130
- RESERVED
+CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows
remote ...)
TODO: check
-CVE-2012-3129
- RESERVED
+CVE-2012-3129 (Unspecified vulnerability in Oracle Sun Solaris 10 allows
remote ...)
TODO: check
-CVE-2012-3128
- RESERVED
+CVE-2012-3128 (Unspecified vulnerability in Oracle SPARC T-Series Servers
running ...)
TODO: check
-CVE-2012-3127
- RESERVED
+CVE-2012-3127 (Unspecified vulnerability in Oracle Sun Solaris 10 allows
remote ...)
TODO: check
-CVE-2012-3126
- RESERVED
+CVE-2012-3126 (Unspecified vulnerability in the Solaris Cluster component in
Oracle ...)
TODO: check
-CVE-2012-3125
- RESERVED
+CVE-2012-3125 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10
allows ...)
TODO: check
-CVE-2012-3124
- RESERVED
+CVE-2012-3124 (Unspecified vulnerability in Oracle Sun Solaris 10 allows
remote ...)
TODO: check
-CVE-2012-3123
- RESERVED
+CVE-2012-3123 (Unspecified vulnerability in Oracle Sun Solaris 10 allows
remote ...)
TODO: check
-CVE-2012-3122
- RESERVED
+CVE-2012-3122 (Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows
local ...)
TODO: check
-CVE-2012-3121
- RESERVED
+CVE-2012-3121 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows
remote ...)
TODO: check
-CVE-2012-3120
- RESERVED
+CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote
...)
TODO: check
-CVE-2012-3119
- RESERVED
+CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
TODO: check
-CVE-2012-3118
- RESERVED
+CVE-2012-3118 (Unspecified vulnerability in the PeoleSoft Enterprise
PeopleTools ...)
TODO: check
-CVE-2012-3117
- RESERVED
+CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation
Management ...)
TODO: check
-CVE-2012-3116
- RESERVED
+CVE-2012-3116 (Unspecified vulnerability in the Oracle Transportation
Management ...)
TODO: check
-CVE-2012-3115
- RESERVED
+CVE-2012-3115 (Unspecified vulnerability in the Oracle MapViewer component in
Oracle ...)
TODO: check
-CVE-2012-3114
- RESERVED
+CVE-2012-3114 (Unspecified vulnerability in the Oracle Transportation
Management ...)
TODO: check
-CVE-2012-3113
- RESERVED
+CVE-2012-3113 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
TODO: check
-CVE-2012-3112
- RESERVED
+CVE-2012-3112 (Unspecified vulnerability in Oracle Sun Solaris 10 allows
remote ...)
TODO: check
-CVE-2012-3111
- RESERVED
+CVE-2012-3111 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
-CVE-2012-3110
- RESERVED
+CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-3109
- RESERVED
+CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-3108
- RESERVED
+CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-3107
- RESERVED
+CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-3106
- RESERVED
+CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
CVE-2012-3105 (The glBufferData function in the WebGL implementation in
Mozilla ...)
- iceweasel 10.0.5esr-1
@@ -2298,8 +2270,7 @@
RESERVED
CVE-2012-3009
RESERVED
-CVE-2012-3008
- RESERVED
+CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface
before ...)
TODO: check
CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in
Invensys ...)
NOT-FOR-US: Not in Debian
@@ -2362,16 +2333,13 @@
CVE-2012-2978
RESERVED
{DSA-2515-1}
-CVE-2012-2977
- RESERVED
+CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
-CVE-2012-2976
- RESERVED
+CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2975
RESERVED
-CVE-2012-2974
- RESERVED
+CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote
attackers ...)
TODO: check
CVE-2012-2973
RESERVED
@@ -2397,8 +2365,7 @@
RESERVED
CVE-2012-2962
RESERVED
-CVE-2012-2961
- RESERVED
+CVE-2012-2961 (SQL injection vulnerability in the management console in
Symantec Web ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2960
RESERVED
@@ -2406,18 +2373,16 @@
NOT-FOR-US: BMC
CVE-2012-2958
RESERVED
-CVE-2012-2957
- RESERVED
+CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2956
RESERVED
-CVE-2012-2955
- RESERVED
+CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
TODO: check
CVE-2012-2954
RESERVED
-CVE-2012-2953
- RESERVED
+CVE-2012-2953 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
+ TODO: check
CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and
earlier ...)
NOT-FOR-US: Jaow
CVE-2012-2951 (SQL injection vulnerability in plog-rss.php in Plogger allows
remote ...)
@@ -2864,8 +2829,7 @@
NOT-FOR-US: Endpoint Connect
CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x
before ...)
NOT-FOR-US: VMware
-CVE-2012-2751
- RESERVED
+CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly
handle ...)
{DSA-2506-1}
- modsecurity-apache 2.6.6-1 (bug #678527)
- libapache-mod-security <removed> (bug #678529)
@@ -2912,13 +2876,11 @@
NOTE:
http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12
NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1
-CVE-2012-2738
- RESERVED
+CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows
remote ...)
- vte 1:0.28.2-5 (bug #677717)
- vte3 1:0.32.2-1
[squeeze] - vte <no-dsa> (Minor issue)
-CVE-2012-2737 [accountsservice local file disclosure flaw]
- RESERVED
+CVE-2012-2737 (The user_change_icon_file_authorized_cb function in ...)
- accountsservice 0.6.21-6 (bug #679429)
NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
NOTE:
http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
@@ -3031,8 +2993,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5
CVE-2012-2689
RESERVED
-CVE-2012-2688
- RESERVED
+CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function
in the ...)
TODO: check
CVE-2012-2687 [apache mod_negotiation XSS]
RESERVED
@@ -3130,8 +3091,7 @@
CVE-2012-2656 [XXE vulnerability in Restlet]
RESERVED
- restlet <itp> (bug #596472)
-CVE-2012-2655
- RESERVED
+CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x
before ...)
{DSA-2491-1}
- postgresql-9.1 9.1.4-1
- postgresql-8.4 8.4.12-1
@@ -3154,10 +3114,9 @@
RESERVED
CVE-2012-2647
RESERVED
-CVE-2012-2646
- RESERVED
-CVE-2012-2645
- RESERVED
+CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir
Mobile Black ...)
+ TODO: check
+CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier
for ...)
NOT-FOR-US: The Yahoo! Japan Yahoo! Browser application
CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1
beta 4 ...)
NOT-FOR-US: Movable Type MT4i plugin
@@ -3239,8 +3198,7 @@
RESERVED
CVE-2012-2608
RESERVED
-CVE-2012-2607
- RESERVED
+CVE-2012-2607 (The Johnson Controls CK721-A controller with firmware before
...)
NOT-FOR-US: The Johnson Controls CK721-A
CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not
require ...)
NOT-FOR-US: Bradford Network Sentry
@@ -3306,8 +3264,7 @@
RESERVED
CVE-2012-2575
RESERVED
-CVE-2012-2574
- RESERVED
+CVE-2012-2574 (SQL injection vulnerability in the management console in
Symantec Web ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2573
RESERVED
@@ -3894,63 +3851,48 @@
NOTE: libotr not affected
CVE-2012-2368
RESERVED
-CVE-2012-2367
- RESERVED
+CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before
2.1.6, ...)
- moodle 2.2.3.dfsg-1 (low; bug #674163)
-CVE-2012-2366
- RESERVED
+CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x
before ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
-CVE-2012-2365
- RESERVED
+CVE-2012-2365 (Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before
2.0.9, ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-2364
- RESERVED
+CVE-2012-2364 (Cross-site scripting (XSS) vulnerability in lib/filelib.php in
Moodle ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-2363
- RESERVED
+CVE-2012-2363 (SQL injection vulnerability in calendar/event.php in the
calendar ...)
- moodle 2.0-1 (bug #674163)
NOTE: Only affects Moodle 1.9.x
-CVE-2012-2362
- RESERVED
+CVE-2012-2362 (Cross-site scripting (XSS) vulnerability in blog/lib.php in the
blog ...)
- moodle 2.0-1 (bug #674163)
NOTE: Only affects Moodle 1.9.x
-CVE-2012-2361
- RESERVED
+CVE-2012-2361 (Cross-site scripting (XSS) vulnerability in
admin/webservice/forms.php ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-2360
- RESERVED
+CVE-2012-2360 (Cross-site scripting (XSS) vulnerability in the Wiki subsystem
in ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-2359
- RESERVED
+CVE-2012-2359 (admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x
before ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-2358
- RESERVED
+CVE-2012-2358 (Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before
2.2.3 ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
-CVE-2012-2357
- RESERVED
+CVE-2012-2357 (The Multi-Authentication feature in the Central Authentication
Service ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
-CVE-2012-2356
- RESERVED
+CVE-2012-2356 (The question-bank functionality in Moodle 2.1.x before 2.1.6
and 2.2.x ...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
-CVE-2012-2355
- RESERVED
+CVE-2012-2355 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote
...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
-CVE-2012-2354
- RESERVED
+CVE-2012-2354 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote
...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
-CVE-2012-2353
- RESERVED
+CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote
...)
- moodle 2.2.3.dfsg-1 (bug #674163)
[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2352 (The archive management (arc_manage) page in
wwsympa/wwsympa.fcgi.in in ...)
@@ -4113,8 +4055,7 @@
CVE-2012-2304 [Drupal SA-CONTRIB-2012-067 - Linkit - Access bypass]
RESERVED
NOT-FOR-US: Drupal addon not packaged
-CVE-2012-2303
- RESERVED
+CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not
enforce ...)
NOT-FOR-US: Drupal addon not packaged
CVE-2012-2302 [Drupal SA-CONTRIB-2012-065 - Sitedoc - Information disclosure]
RESERVED
@@ -4163,20 +4104,16 @@
RESERVED
CVE-2012-2283
RESERVED
-CVE-2012-2282
- RESERVED
+CVE-2012-2282 (EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before
...)
NOT-FOR-US: EMC Celerra/VNX/VNXe
CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access
...)
NOT-FOR-US: RSA Access Manager
NOTE: http://seclists.org/bugtraq/2012/Jul/36
-CVE-2012-2280
- RESERVED
+CVE-2012-2280 (EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA
SecurID ...)
NOT-FOR-US: RSA Authentication Agent
-CVE-2012-2279
- RESERVED
+CVE-2012-2279 (Open redirect vulnerability in the Security Console in EMC RSA
...)
NOT-FOR-US: RSA Authentication Agent
-CVE-2012-2278
- RESERVED
+CVE-2012-2278 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
...)
NOT-FOR-US: RSA Authentication Agent
CVE-2012-2277 (The IRM Server in EMC Documentum Information Rights Management
4.x ...)
NOT-FOR-US: EMC Documentum Information Rights Management
@@ -4357,14 +4294,14 @@
RESERVED
CVE-2012-2198
RESERVED
-CVE-2012-2197
- RESERVED
-CVE-2012-2196
- RESERVED
+CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure ...)
+ TODO: check
+CVE-2012-2196 (IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8
through ...)
+ TODO: check
CVE-2012-2195
RESERVED
-CVE-2012-2194
- RESERVED
+CVE-2012-2194 (Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR
stored ...)
+ TODO: check
CVE-2012-2193
RESERVED
CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS
...)
@@ -4491,11 +4428,9 @@
RESERVED
- net-snmp 5.4.3~dfsg-2.5 (bug #672492)
NOTE: Red Hat patch:
https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
-CVE-2012-2140
- RESERVED
+CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to
execute ...)
- ruby-mail 2.4.4-1
-CVE-2012-2139
- RESERVED
+CVE-2012-2139 (Directory traversal vulnerability in ...)
- ruby-mail 2.4.4-1
CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...)
NOT-FOR-US: Apache Sling
@@ -4588,8 +4523,7 @@
CVE-2012-2114
RESERVED
NOT-FOR-US: musl libc not in Debian
-CVE-2012-2113
- RESERVED
+CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2
allow ...)
- tiff 4.0.2-1 (bug #678140)
CVE-2012-2112
RESERVED
@@ -4672,8 +4606,7 @@
CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the
ngx_http_mp4_module ...)
- nginx 1.1.19-1
[squeeze] - nginx <not-affected> (Vulnerable code not present)
-CVE-2012-2088
- RESERVED
+CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in
...)
- tiff 4.0-1 (bug #678140)
- tiff3 3.9.6-6
CVE-2012-2087
@@ -4847,8 +4780,7 @@
NOT-FOR-US: Adobe Illustrator
CVE-2012-2022
RESERVED
-CVE-2012-2021
- RESERVED
+CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP
AssetManager ...)
NOT-FOR-US: HP AssetManager
CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before
11.03.12 ...)
NOT-FOR-US: HP Operations Agent
@@ -4966,97 +4898,78 @@
RESERVED
CVE-2012-1968
RESERVED
-CVE-2012-1967
- RESERVED
+CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
10.0.6, ...)
{DSA-2514-1 DSA-2513-1}
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1966
- RESERVED
+CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before
10.0.6 do ...)
{DSA-2514-1}
- iceweasel 10.0.6esr-1
-CVE-2012-1965
- RESERVED
+CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before
10.0.6 do ...)
- iceweasel 10.0.6esr-1
-CVE-2012-1964
- RESERVED
+CVE-2012-1964 (The certificate-warning functionality in ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1963
- RESERVED
+CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla
Firefox 4.x ...)
- iceweasel 10.0.6esr-1
[squeeze] - iceweasel <not-affected> (CSP not yet available)
- icedove 10.0.5-1
[squeeze] - icedove <not-affected> (CSP not yet available)
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1962
- RESERVED
+CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend
...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1961
- RESERVED
+CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
10.0.6, ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1960
- RESERVED
+CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS
...)
- iceweasel <not-affected> (Only affects Firefox > 10)
-CVE-2012-1959
- RESERVED
+CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
10.0.6, ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1958
- RESERVED
+CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden
...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1957
- RESERVED
+CVE-2012-1957 (An unspecified parser-utility class in Mozilla Firefox 4.x
through ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
CVE-2012-1956
RESERVED
-CVE-2012-1955
- RESERVED
+CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before
10.0.6, ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1954
- RESERVED
+CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode
function in ...)
{DSA-2514-1 DSA-2513-1}
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1953
- RESERVED
+CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla
Firefox ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1952
- RESERVED
+CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x
through ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1951
- RESERVED
+CVE-2012-1951 (Use-after-free vulnerability in the
nsSMILTimeValueSpec::IsEventBased ...)
- iceweasel 10.0.6esr-1
- icedove <unfixed>
- iceape <unfixed>
-CVE-2012-1950
- RESERVED
+CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through
13.0 ...)
{DSA-2514-1}
- iceweasel 10.0.6esr-1
-CVE-2012-1949
- RESERVED
+CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 13)
-CVE-2012-1948
- RESERVED
+CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2514-1 DSA-2513-1}
- iceweasel 10.0.6esr-1
- icedove <unfixed>
@@ -5453,147 +5366,103 @@
NOT-FOR-US: WebGlimpse
CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech
GOM Media ...)
NOT-FOR-US: Gretech GOM Media Player
-CVE-2012-1773
- RESERVED
+CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1772
- RESERVED
+CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1771
- RESERVED
+CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1770
- RESERVED
+CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1769
- RESERVED
+CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1768
- RESERVED
+CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1767
- RESERVED
+CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1766
- RESERVED
+CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1765
- RESERVED
+CVE-2012-1765 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local
users ...)
TODO: check
-CVE-2012-1764
- RESERVED
+CVE-2012-1764 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
CVE-2012-1763
RESERVED
-CVE-2012-1762
- RESERVED
+CVE-2012-1762 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
-CVE-2012-1761
- RESERVED
+CVE-2012-1761 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
TODO: check
-CVE-2012-1760
- RESERVED
+CVE-2012-1760 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
TODO: check
-CVE-2012-1759
- RESERVED
+CVE-2012-1759 (Unspecified vulnerability in the Oracle AutoVue component in
Oracle ...)
TODO: check
-CVE-2012-1758
- RESERVED
+CVE-2012-1758 (Unspecified vulnerability in the Oracle AutoVue component in
Oracle ...)
TODO: check
-CVE-2012-1757
- RESERVED
+CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and
earlier ...)
- mysql-5.1 <not-affected> (Only affects 5.5)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
-CVE-2012-1756
- RESERVED
+CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and
earlier ...)
- mysql-5.1 <not-affected> (Only affects 5.5)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1755
RESERVED
-CVE-2012-1754
- RESERVED
+CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
TODO: check
-CVE-2012-1753
- RESERVED
+CVE-2012-1753 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
-CVE-2012-1752
- RESERVED
+CVE-2012-1752 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local
users ...)
TODO: check
CVE-2012-1751
RESERVED
-CVE-2012-1750
- RESERVED
+CVE-2012-1750 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and
11 ...)
TODO: check
-CVE-2012-1749
- RESERVED
+CVE-2012-1749 (Unspecified vulnerability in the Oracle MapViewer component in
Oracle ...)
TODO: check
-CVE-2012-1748
- RESERVED
+CVE-2012-1748 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
TODO: check
-CVE-2012-1747
- RESERVED
+CVE-2012-1747 (Unspecified vulnerability in the Network Layer component in
Oracle ...)
TODO: check
-CVE-2012-1746
- RESERVED
+CVE-2012-1746 (Unspecified vulnerability in the Network Layer component in
Oracle ...)
TODO: check
-CVE-2012-1745
- RESERVED
+CVE-2012-1745 (Unspecified vulnerability in the Network Layer component in
Oracle ...)
TODO: check
-CVE-2012-1744
- RESERVED
+CVE-2012-1744 (Unspecified vulnerability in the Oracle Outside In Technology
...)
TODO: check
-CVE-2012-1743
- RESERVED
+CVE-2012-1743 (Unspecified vulnerability in the Oracle Clinical Remote Data
Capture ...)
TODO: check
-CVE-2012-1742
- RESERVED
+CVE-2012-1742 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
TODO: check
-CVE-2012-1741
- RESERVED
+CVE-2012-1741 (Unspecified vulnerability in the Enterprise Manager for Fusion
...)
TODO: check
-CVE-2012-1740
- RESERVED
+CVE-2012-1740 (Unspecified vulnerability in the Oracle Application Express
Listener ...)
TODO: check
-CVE-2012-1739
- RESERVED
+CVE-2012-1739 (Unspecified vulnerability in the Oracle E-Business Intelligence
...)
TODO: check
-CVE-2012-1738
- RESERVED
+CVE-2012-1738 (Unspecified vulnerability in the Oracle iPlanet Web Server
component ...)
TODO: check
-CVE-2012-1737
- RESERVED
+CVE-2012-1737 (Unspecified vulnerability in the Enterprise Manager for Oracle
...)
TODO: check
-CVE-2012-1736
- RESERVED
+CVE-2012-1736 (Unspecified vulnerability in the Oracle MapViewer component in
Oracle ...)
TODO: check
-CVE-2012-1735
- RESERVED
+CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and
earlier ...)
- mysql-5.1 <not-affected> (Only affects 5.5)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
-CVE-2012-1734
- RESERVED
+CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and
earlier, ...)
- mysql-5.1 <removed> (bug #682212)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
-CVE-2012-1733
- RESERVED
+CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
TODO: check
-CVE-2012-1732
- RESERVED
+CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
TODO: check
-CVE-2012-1731
- RESERVED
+CVE-2012-1731 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2
allows ...)
TODO: check
-CVE-2012-1730
- RESERVED
+CVE-2012-1730 (Unspecified vulnerability in the Oracle Application Object
Library ...)
TODO: check
-CVE-2012-1729
- RESERVED
+CVE-2012-1729 (Unspecified vulnerability in the Hyperion BI+ component in
Oracle ...)
TODO: check
-CVE-2012-1728
- RESERVED
+CVE-2012-1728 (Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and
8.2.2 ...)
TODO: check
-CVE-2012-1727
- RESERVED
+CVE-2012-1727 (Unspecified vulnerability in the Oracle Application Object
Library ...)
TODO: check
CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
- openjdk-7 7~u3-2.1.1-1 (bug #677486)
@@ -5634,8 +5503,7 @@
{DSA-2507-1}
- openjdk-6 6b24-1.11.3-1 (bug #677487)
- openjdk-7 7~u3-2.1.1-1 (bug #677486)
-CVE-2012-1715
- RESERVED
+CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object
Library ...)
TODO: check
CVE-2012-1714
RESERVED
@@ -5696,16 +5564,14 @@
{DSA-2496-1}
- mysql-5.1 5.1.62-1 (bug #670636)
- mysql-5.5 5.5.23-1
-CVE-2012-1689
- RESERVED
+CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and
earlier, ...)
- mysql-5.1 <removed> (bug #682212)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in
Oracle ...)
{DSA-2496-1}
- mysql-5.1 5.1.62-1 (bug #670636)
- mysql-5.5 5.5.23-1
-CVE-2012-1687
- RESERVED
+CVE-2012-1687 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows
local ...)
TODO: check
CVE-2012-1686
RESERVED
@@ -6016,8 +5882,7 @@
CVE-2012-1572
RESERVED
- keystone 2012.1~rc2-1
-CVE-2012-1571
- RESERVED
+CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a
denial ...)
{DSA-2422-1}
- file 5.11-1 (low; bug #664263)
[squeeze] - file 5.04-5+squeeze1
@@ -6175,7 +6040,7 @@
RESERVED
CVE-2012-1500
RESERVED
-CVE-2012-1499 (The JPEG 2000 codec in OpenJPEG before 1.5 does not properly
allocate ...)
+CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows
remote ...)
- openjpeg <not-affected> (vulnerable code introduced after 1.3)
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Webfolio ...)
NOT-FOR-US: Webfolio CMS
@@ -7683,18 +7548,15 @@
- samba 2:3.4.0~pre1-1
[lenny] - samba <not-affected> (pre-release issue)
[squeeze] - samba <not-affected> (pre-release issue)
-CVE-2012-0868
- RESERVED
+CVE-2012-0868 (CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x
before ...)
{DSA-2418-1}
- postgresql-9.1 9.1.3-1
- postgresql-8.4 8.4.11-1
-CVE-2012-0867
- RESERVED
+CVE-2012-0867 (PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x
before ...)
{DSA-2418-1}
- postgresql-9.1 9.1.3-1
- postgresql-8.4 8.4.11-1
-CVE-2012-0866
- RESERVED
+CVE-2012-0866 (CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before
8.4.11, ...)
{DSA-2418-1}
- postgresql-9.1 9.1.3-1
- postgresql-8.4 8.4.11-1
@@ -7921,39 +7783,29 @@
NOT-FOR-US: Apache CXF
CVE-2012-0802 (Multiple buffer overflows in Spamdyke before 4.3.0 might allow
remote ...)
NOT-FOR-US: spamdyke
-CVE-2012-0801
- RESERVED
+CVE-2012-0801 (lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before
2.2.1 ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2012-0800
- RESERVED
+CVE-2012-0800 (The form-autocompletion functionality in Moodle 2.0.x before
2.0.7, ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2012-0799
- RESERVED
+CVE-2012-0799 (Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an
anonymous ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2012-0798
- RESERVED
+CVE-2012-0798 (The self-enrolment functionality in Moodle 2.1.x before 2.1.4
and ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2012-0797
- RESERVED
+CVE-2012-0797 (The webservices functionality in Moodle 2.0.x before 2.0.7,
2.1.x ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2012-0796
- RESERVED
+CVE-2012-0796 (class.phpmailer.php in the PHPMailer library, as used in Moodle
1.9.x ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5
-CVE-2012-0795
- RESERVED
+CVE-2012-0795 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before
2.1.4, ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5
-CVE-2012-0794
- RESERVED
+CVE-2012-0794 (The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x
before ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5
-CVE-2012-0793
- RESERVED
+CVE-2012-0793 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before
2.1.4, ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5
-CVE-2012-0792
- RESERVED
+CVE-2012-0792 (mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote
...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5
CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
IMP ...)
@@ -8455,8 +8307,7 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
-CVE-2012-0563
- RESERVED
+CVE-2012-0563 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11
allows local ...)
TODO: check
CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
NOT-FOR-US: Oracle PeopleSoft Products
@@ -8504,8 +8355,7 @@
NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
...)
NOT-FOR-US: Oracle Financial Services Software
-CVE-2012-0540
- RESERVED
+CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and
earlier ...)
- mysql-5.1 <removed> (bug #682212)
- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10
allows ...)
@@ -9204,8 +9054,7 @@
RESERVED
CVE-2012-0306
RESERVED
-CVE-2012-0305
- RESERVED
+CVE-2012-0305 (Untrusted search path vulnerability in Symantec System Recovery
2011 ...)
NOT-FOR-US: Symantec System Recovery 2011 before SP2 and Backup Exec
System Recovery 2010 before SP5
CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak
permissions ...)
NOT-FOR-US: Symantec LiveUpdate Administrator
@@ -9326,14 +9175,11 @@
NOT-FOR-US: Stoneware webNetwork
CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in
Stoneware ...)
NOT-FOR-US: Stoneware webNetwork
-CVE-2012-0284
- RESERVED
+CVE-2012-0284 (Stack-based buffer overflow in the SetSource method in the
Cisco ...)
TODO: check
-CVE-2012-0283
- RESERVED
+CVE-2012-0283 (Cross-site scripting (XSS) vulnerability in the
tpl_mediaFileList ...)
TODO: check
-CVE-2012-0282
- RESERVED
+CVE-2012-0282 (Heap-based buffer overflow in XnView before 1.99 allows remote
...)
TODO: check
CVE-2012-0281
RESERVED
@@ -9343,11 +9189,9 @@
NOT-FOR-US: Quest (quest.com) Toad
CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before
4.3.4.0 for ...)
NOT-FOR-US: IrfanView
-CVE-2012-0277
- RESERVED
+CVE-2012-0277 (Heap-based buffer overflow in XnView before 1.99 allows remote
...)
TODO: check
-CVE-2012-0276
- RESERVED
+CVE-2012-0276 (Multiple heap-based buffer overflows in XnView before 1.99
allow ...)
TODO: check
CVE-2012-0275
RESERVED
@@ -11224,49 +11068,36 @@
- linux-2.6 3.1-1
[squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1
dev cycle)
[lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev
cycle)
-CVE-2011-4593
- RESERVED
+CVE-2011-4593 (Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x
before 2.1.3 ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4592
- RESERVED
+CVE-2011-4592 (The command-line cron implementation in Moodle 2.0.x before
2.0.6 and ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4591
- RESERVED
+CVE-2011-4591 (Cross-site scripting (XSS) vulnerability in the print_object
function ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4590
- RESERVED
+CVE-2011-4590 (The web services implementation in Moodle 2.0.x before 2.0.6
and 2.1.x ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4589
- RESERVED
+CVE-2011-4589 (backup/moodle2/restore_stepslib.php in Moodle 2.0.x before
2.0.6 and ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4588
- RESERVED
+CVE-2011-4588 (The ip_in_range function in mnet/lib.php in MNET in Moodle
1.9.x ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5 (bug #652235)
-CVE-2011-4587
- RESERVED
+CVE-2011-4587 (lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before
2.0.6, ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5 (bug #652235)
-CVE-2011-4586
- RESERVED
+CVE-2011-4586 (CRLF injection vulnerability in calendar/set.php in the
Calendar ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5 (bug #652235)
-CVE-2011-4585
- RESERVED
+CVE-2011-4585 (login/change_password.php in Moodle 1.9.x before 1.9.15 does
not use ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5 (bug #652235)
-CVE-2011-4584
- RESERVED
+CVE-2011-4584 (The MNET authentication functionality in Moodle 1.9.x before
1.9.15, ...)
{DSA-2421-1}
- moodle 1.9.9.dfsg2-5 (bug #652235)
-CVE-2011-4583
- RESERVED
+CVE-2011-4583 (Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web
service ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4582
- RESERVED
+CVE-2011-4582 (Open redirect vulnerability in the Calendar set page in Moodle
2.1.x ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4581
- RESERVED
+CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x
before ...)
- moodle <not-affected> (Only affects 2.x)
CVE-2011-4580
RESERVED
@@ -11869,8 +11700,7 @@
CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values
as EL expressions]
REJECTED
NOT-FOR-US: Apache MyFaces
-CVE-2011-4358
- RESERVED
+CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server
3.0.1 ...)
{DSA-2359-1}
- mojarra 2.0.3-2 (bug #650430)
CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in ...)
@@ -12060,70 +11890,50 @@
- moodle <not-affected> (Only affects 2.x)
CVE-2011-4298 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4297
- RESERVED
+CVE-2011-4297 (comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before
2.1.1 ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4296
- RESERVED
+CVE-2011-4296 (lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before
2.1.1 ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4295
- RESERVED
+CVE-2011-4295 (The moodle_enrol_external:role_assign function in ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4294
- RESERVED
+CVE-2011-4294 (The error-message functionality in Moodle 1.9.x before 1.9.13,
2.0.x ...)
{DSA-2338-1}
- moodle 1.9.9.dfsg2-4
-CVE-2011-4293
- RESERVED
+CVE-2011-4293 (The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x
before ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4292
- RESERVED
+CVE-2011-4292 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to
cause a ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4291
- RESERVED
+CVE-2011-4291 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to
cause a ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4290
- RESERVED
+CVE-2011-4290 (Multiple cross-site scripting (XSS) vulnerabilities in
lib/weblib.php ...)
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
-CVE-2011-4289
- RESERVED
+CVE-2011-4289 (Moodle 2.0.x before 2.0.3 does not recognize the configuration
setting ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4288
- RESERVED
+CVE-2011-4288 (Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not
properly ...)
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
-CVE-2011-4287
- RESERVED
+CVE-2011-4287 (admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not
force ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4286
- RESERVED
+CVE-2011-4286 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
-CVE-2011-4285
- RESERVED
+CVE-2011-4285 (The default configuration of Moodle 2.0.x before 2.0.2 has an
...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4284
- RESERVED
+CVE-2011-4284 (Moodle 2.0.x before 2.0.2 allows remote attackers to obtain
sensitive ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4283
- RESERVED
+CVE-2011-4283 (Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS
...)
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
-CVE-2011-4282
- RESERVED
+CVE-2011-4282 (Multiple cross-site scripting (XSS) vulnerabilities in the
course-tags ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4281
- RESERVED
+CVE-2011-4281 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Moodle ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4280
- RESERVED
+CVE-2011-4280 (Cross-site scripting (XSS) vulnerability in the Spike
PHPCoverage (aka ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4279
- RESERVED
+CVE-2011-4279 (Moodle 2.0.x before 2.0.2 does not use the
forceloginforprofiles ...)
- moodle <not-affected> (Only affects 2.x)
-CVE-2011-4278
- RESERVED
+CVE-2011-4278 (Cross-site scripting (XSS) vulnerability in the tag
autocomplete ...)
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum
ProjectForum ...)
@@ -12600,8 +12410,7 @@
NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4134 (Heap-based buffer overflow in lmadmin in Flexera FlexNet
Publisher ...)
NOT-FOR-US: Flexera FlexNet Publisher
-CVE-2011-4133
- RESERVED
+CVE-2011-4133 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x
before ...)
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block
Device (JBD) ...)
@@ -14495,8 +14304,7 @@
{DSA-2420-1}
- openjdk-6 6b24-1.11.1-1
- openjdk-7 7~u3-2.1-1
-CVE-2011-3562
- RESERVED
+CVE-2011-3562 (Unspecified vulnerability in the Portal component in Oracle
Fusion ...)
TODO: check
CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment
component in ...)
- sun-java6 <removed> (bug #645881)
@@ -14766,8 +14574,8 @@
RESERVED
CVE-2011-3465
RESERVED
-CVE-2011-3464
- RESERVED
+CVE-2011-3464 (Off-by-one error in the png_formatted_warning function in
pngerror.c ...)
+ TODO: check
CVE-2011-3463 (WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not
...)
NOT-FOR-US: Mac OS X
CVE-2011-3462 (Time Machine in Apple Mac OS X before 10.7.3 does not verify
the ...)
@@ -15704,13 +15512,11 @@
CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly
...)
- software-center <not-affected> (ubuntu-specific issue)
NOTE: debian package does not contain the vulnerable purchaseview.py
code, and probably won't ever as that's part of their commercial interface code
-CVE-2011-3149
- RESERVED
+CVE-2011-3149 (The _expand_arg function in the pam_env module ...)
{DSA-2326-1}
- pam 1.1.3-5
[lenny] - pam <not-affected> (user_env parsing not yet available)
-CVE-2011-3148
- RESERVED
+CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in
...)
{DSA-2326-1}
- pam 1.1.3-5
[lenny] - pam <not-affected> (user_env parsing not yet available)
@@ -15960,7 +15766,7 @@
- chromium-browser 17.0.963.83~r127885-1
CVE-2011-3046 (The extension subsystem in Google Chrome before 17.0.963.78
does not ...)
- chromium-browser 17.0.963.78~r125577-1
-CVE-2011-3045 (Integer signedness error in pngrutil.c in libpng before
1.4.10beta01, ...)
+CVE-2011-3045 (Integer signedness error in the png_inflate function in
pngrutil.c in ...)
{DSA-2439-1}
- libpng 1.2.47-2 (bug #665208; high)
CVE-2011-3044 (Use-after-free vulnerability in Google Chrome before
17.0.963.65 ...)
@@ -18554,8 +18360,7 @@
CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP
before ...)
{DSA-2266-1}
- php5 5.3.6-12
-CVE-2011-2199 [tftp-hpa buffer overflow]
- RESERVED
+CVE-2011-2199 (Buffer overflow in tftp-hpa before 5.1 allows remote attackers
to ...)
- tftp-hpa 5.1-1
NOTE:
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
CVE-2011-2198 [vte memory exhaustion]
@@ -20431,7 +20236,7 @@
RESERVED
- perl <unfixed> (unimportant; bug #628836)
NOTE: Only affects Perl builds with enabled assertions, i.e. the
debugperl binary from perl-debug
-CVE-2009-5063 (Memory leak in pngwutil.c in libpng before 1.2.39beta5 allows
...)
+CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c
in ...)
- libpng 1.2.39-1 (unimportant)
CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other
versions ...)
- libpng 1.2.39-1 (unimportant)
@@ -25413,15 +25218,13 @@
[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0
Beta 7 ...)
- xulrunner <not-affected> (Only affects Firefox 4.x)
-CVE-2009-5031
- RESERVED
+CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values
containing ...)
- modsecurity-apache <not-affected> (Fixed before initial upload)
- libapache-mod-security 2.5.12-1
NOTE:
https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366
NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
-CVE-2009-5030
- RESERVED
+CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through
1.5 ...)
- openjpeg 1.3+dfsg-4.1 (medium; bug #672455)
NOTE: Upstream ticket
http://code.google.com/p/openjpeg/issues/detail?id=5
NOTE: CVE request
http://www.openwall.com/lists/oss-security/2012/04/13/1
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
