Author: joeyh Date: 2012-09-28 21:14:23 +0000 (Fri, 28 Sep 2012) New Revision: 20248
Modified: data/CVE/list Log: automatic update Modified: data/CVE/list =================================================================== --- data/CVE/list 2012-09-27 11:45:02 UTC (rev 20247) +++ data/CVE/list 2012-09-28 21:14:23 UTC (rev 20248) @@ -1,3 +1,75 @@ +CVE-2012-5194 + RESERVED +CVE-2012-5193 + RESERVED +CVE-2012-5192 + RESERVED +CVE-2012-5191 + RESERVED +CVE-2012-5190 + RESERVED +CVE-2012-5189 + RESERVED +CVE-2012-5188 + RESERVED +CVE-2012-5187 + RESERVED +CVE-2012-5186 + RESERVED +CVE-2012-5185 + RESERVED +CVE-2012-5184 + RESERVED +CVE-2012-5183 + RESERVED +CVE-2012-5182 + RESERVED +CVE-2012-5181 + RESERVED +CVE-2012-5180 + RESERVED +CVE-2012-5179 + RESERVED +CVE-2012-5178 + RESERVED +CVE-2012-5177 + RESERVED +CVE-2012-5176 + RESERVED +CVE-2012-5175 + RESERVED +CVE-2012-5174 + RESERVED +CVE-2012-5173 + RESERVED +CVE-2012-5172 + RESERVED +CVE-2012-5171 + RESERVED +CVE-2012-5170 + RESERVED +CVE-2012-5169 + RESERVED +CVE-2012-5168 + RESERVED +CVE-2012-5167 + RESERVED +CVE-2012-5166 + RESERVED +CVE-2012-5165 + RESERVED +CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) + TODO: check +CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in ...) + TODO: check +CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in ...) + TODO: check +CVE-2012-5161 + RESERVED +CVE-2012-5160 + RESERVED +CVE-2012-5158 + RESERVED CVE-2012-5157 RESERVED CVE-2012-5156 @@ -102,7 +174,7 @@ RESERVED CVE-2012-5106 RESERVED -CVE-2012-5159 [phpmyadmin cdnetworks-kr-1 backdoored version] +CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror ...) - phpmyadmin <not-affected> CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...) NOT-FOR-US: SQLiteManager @@ -216,10 +288,10 @@ RESERVED CVE-2012-5050 RESERVED -CVE-2012-5049 - RESERVED -CVE-2012-5048 - RESERVED +CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...) + TODO: check +CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...) + TODO: check CVE-2012-5047 RESERVED CVE-2012-5046 @@ -540,8 +612,8 @@ RESERVED CVE-2012-4913 RESERVED -CVE-2012-4912 - RESERVED +CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) + TODO: check CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module ...) NOT-FOR-US: Drupal module CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier ...) @@ -1391,20 +1463,20 @@ RESERVED CVE-2012-4624 RESERVED -CVE-2012-4623 - RESERVED -CVE-2012-4622 - RESERVED -CVE-2012-4621 - RESERVED -CVE-2012-4620 - RESERVED -CVE-2012-4619 - RESERVED -CVE-2012-4618 - RESERVED -CVE-2012-4617 - RESERVED +CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 ...) + TODO: check +CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, ...) + TODO: check +CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote ...) + TODO: check +CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, ...) + TODO: check +CVE-2012-4619 (The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 ...) + TODO: check +CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, ...) + TODO: check +CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...) + TODO: check CVE-2012-4616 RESERVED CVE-2012-4615 @@ -2878,8 +2950,8 @@ NOT-FOR-US: eZOE flash player not in Debian CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before ...) NOT-FOR-US: Jease -CVE-2012-4051 - RESERVED +CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) + TODO: check CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...) @@ -2963,10 +3035,10 @@ RESERVED CVE-2012-4018 RESERVED -CVE-2012-4017 - RESERVED -CVE-2012-4016 - RESERVED +CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...) + TODO: check +CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers ...) + TODO: check CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management screen in ...) NOT-FOR-US: My Little tool / My little admin SQL server 2000 CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly ...) @@ -3180,10 +3252,10 @@ NOT-FOR-US: phplist CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL ...) NOT-FOR-US: Plixer Scrutinizer -CVE-2012-3950 - RESERVED -CVE-2012-3949 - RESERVED +CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 ...) + TODO: check +CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) ...) + TODO: check CVE-2012-3948 RESERVED CVE-2012-3947 @@ -4721,8 +4793,8 @@ RESERVED CVE-2012-3335 RESERVED -CVE-2012-3334 - RESERVED +CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...) + TODO: check CVE-2012-3333 RESERVED CVE-2012-3332 @@ -4741,8 +4813,8 @@ NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x ...) NOT-FOR-US: IBM WebSphere Application Server -CVE-2012-3324 - RESERVED +CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 ...) + TODO: check CVE-2012-3323 RESERVED CVE-2012-3322 @@ -4767,8 +4839,8 @@ NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...) NOT-FOR-US: IBM InfoSphere Guardium -CVE-2012-3311 - RESERVED +CVE-2012-3311 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...) + TODO: check CVE-2012-3310 RESERVED CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the ...) @@ -4777,24 +4849,24 @@ NOT-FOR-US: IBM Sametime CVE-2012-3307 RESERVED -CVE-2012-3306 - RESERVED -CVE-2012-3305 - RESERVED -CVE-2012-3304 - RESERVED +CVE-2012-3306 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...) + TODO: check +CVE-2012-3305 (Directory traversal vulnerability in IBM WebSphere Application Server ...) + TODO: check +CVE-2012-3304 (The Administrative Console in IBM WebSphere Application Server (WAS) ...) + TODO: check CVE-2012-3303 RESERVED CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM ...) NOT-FOR-US: IBM Lotus Domino -CVE-2012-3300 - RESERVED +CVE-2012-3300 (IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions ...) + TODO: check CVE-2012-3299 RESERVED -CVE-2012-3298 - RESERVED +CVE-2012-3298 (Unspecified vulnerability in the REST services framework in IBM ...) + TODO: check CVE-2012-3297 RESERVED CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...) @@ -5401,8 +5473,8 @@ RESERVED CVE-2012-2999 RESERVED -CVE-2012-2998 - RESERVED +CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...) + TODO: check CVE-2012-2997 RESERVED CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...) @@ -5625,77 +5697,53 @@ RESERVED CVE-2012-2898 RESERVED -CVE-2012-2897 - RESERVED +CVE-2012-2897 (The kernel in Microsoft Windows 7, as used by Google Chrome before ...) - chromium-browser <not-affected> (Windows-specific) -CVE-2012-2896 - RESERVED +CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome before ...) - chromium-browser <unfixed> -CVE-2012-2895 - RESERVED +CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser <not-affected> (PDF viewer not included in Chromium) -CVE-2012-2894 - RESERVED +CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle ...) - chromium-browser <unfixed> -CVE-2012-2893 - RESERVED +CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before ...) - chromium-browser <unfixed> -CVE-2012-2892 - RESERVED +CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser <unfixed> -CVE-2012-2891 - RESERVED +CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser <unfixed> -CVE-2012-2890 - RESERVED +CVE-2012-2890 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser <not-affected> (PDF viewer not included in Chromium) -CVE-2012-2889 - RESERVED +CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - chromium-browser <unfixed> -CVE-2012-2888 - RESERVED +CVE-2012-2888 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...) - chromium-browser <unfixed> -CVE-2012-2887 - RESERVED +CVE-2012-2887 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...) - chromium-browser <unfixed> -CVE-2012-2886 - RESERVED +CVE-2012-2886 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - chromium-browser <unfixed> -CVE-2012-2885 - RESERVED +CVE-2012-2885 (Double free vulnerability in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser <unfixed> -CVE-2012-2884 - RESERVED +CVE-2012-2884 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...) - chromium-browser <unfixed> -CVE-2012-2883 - RESERVED +CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...) - chromium-browser <unfixed> -CVE-2012-2882 - RESERVED +CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...) - chromium-browser <unfixed> -CVE-2012-2881 - RESERVED +CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...) - chromium-browser <unfixed> -CVE-2012-2880 - RESERVED +CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...) - chromium-browser <unfixed> -CVE-2012-2879 - RESERVED +CVE-2012-2879 (Google Chrome before 22.0.1229.79 allows remote attackers to cause a ...) - chromium-browser <unfixed> -CVE-2012-2878 - RESERVED +CVE-2012-2878 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...) - chromium-browser <unfixed> -CVE-2012-2877 - RESERVED +CVE-2012-2877 (The extension system in Google Chrome before 22.0.1229.79 does not ...) - chromium-browser <unfixed> -CVE-2012-2876 - RESERVED +CVE-2012-2876 (Buffer overflow in the SSE2 optimization functionality in Google ...) - chromium-browser <unfixed> -CVE-2012-2875 - RESERVED +CVE-2012-2875 (Multiple unspecified vulnerabilities in the PDF functionality in ...) - chromium-browser <not-affected> (PDF viewer not included in Chromium) -CVE-2012-2874 - RESERVED +CVE-2012-2874 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...) - chromium-browser <unfixed> CVE-2012-2873 RESERVED @@ -7456,8 +7504,8 @@ RESERVED CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...) NOT-FOR-US: sendmail configuration in AIX -CVE-2012-2199 - RESERVED +CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...) + TODO: check CVE-2012-2198 RESERVED CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure ...) @@ -7480,8 +7528,8 @@ RESERVED CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, ...) NOT-FOR-US: IBM Power Hardware Management Console -CVE-2012-2187 - RESERVED +CVE-2012-2187 (IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, ...) + TODO: check CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) @@ -8795,8 +8843,7 @@ NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the "stand ...) NOT-FOR-US: Drupal addon module not packaged in Debian -CVE-2012-1646 - RESERVED +CVE-2012-1646 (Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin ...) NOT-FOR-US: Drupal addon module not packaged in Debian @@ -8863,8 +8910,8 @@ CVE-2012-1618 [jdbc pgsql SQL injection] RESERVED - libpgjava <not-affected> (Even the version in oldstable had 8.2) -CVE-2012-1617 - RESERVED +CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...) + TODO: check CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...) - argyll 1.4.0-1 NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the @@ -9564,8 +9611,7 @@ NOT-FOR-US: SAP NetWeaver CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 ...) NOT-FOR-US: SAP NetWeaver -CVE-2012-1293 [F*X XSS via from/to parameters in fup] - RESERVED +CVE-2012-1293 (Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' ...) {DSA-2414-1} - fex 20120215-1 (low; bug #660621) CVE-2012-1288 (The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses ...) @@ -9773,8 +9819,7 @@ - backuppc 3.1.0-9.1 (low; bug #661011) [squeeze] - backuppc 3.1.0-9.1 [lenny] - backuppc <no-dsa> (Minor issue) -CVE-2012-0869 [F*X XSS via id parameter in fup] - RESERVED +CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File ...) {DSA-2414-1} - fex 20120215-1 (low; bug #660621) CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the replication-setup ...) @@ -9787,8 +9832,8 @@ - torcs 1.3.3-1 (low; bug #660555) [squeeze] - torcs <no-dsa> (Minor issue) - speed-dreams <itp> (bug #599884) -CVE-2012-1188 - RESERVED +CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) + TODO: check CVE-2012-1187 RESERVED - bitlbee 3.0.4+bzr855-1 (low) @@ -10018,11 +10063,9 @@ CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in MantisBT ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669924) -CVE-2012-1117 - RESERVED +CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 ...) NOT-FOR-US: Joomla! -CVE-2012-1116 - RESERVED +CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 ...) NOT-FOR-US: Joomla! CVE-2012-1115 RESERVED @@ -10063,8 +10106,7 @@ - moodle <unfixed> (bug #662945) - glpi 0.80.7-2 (unimportant; bug #662944) NOTE: Only supported behind an authenticated HTTP zone -CVE-2012-1103 - RESERVED +CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs ...) {DSA-2416-1} - notmuch 0.11.1-1 CVE-2012-1101 @@ -10379,10 +10421,10 @@ - silverstripe <itp> (bug #528461) CVE-2012-0975 (Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting ...) NOT-FOR-US: Image Hosting Script DPI -CVE-2012-0974 - RESERVED -CVE-2012-0973 - RESERVED +CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the getParam ...) + TODO: check +CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow ...) + TODO: check CVE-2012-0972 RESERVED CVE-2012-0971 @@ -11883,12 +11925,12 @@ NOT-FOR-US: SUSE Audit Log Keeper daemon CVE-2012-0420 RESERVED -CVE-2012-0419 - RESERVED -CVE-2012-0418 - RESERVED -CVE-2012-0417 - RESERVED +CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces in ...) + TODO: check +CVE-2012-0418 (Unspecified vulnerability in the client in Novell GroupWise 8.0 before ...) + TODO: check +CVE-2012-0417 (Integer overflow in GroupWise Internet Agent (GWIA) in Novell ...) + TODO: check CVE-2012-0416 RESERVED CVE-2012-0415 @@ -13051,8 +13093,7 @@ CVE-2012-0210 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before ...) {DSA-2409-1} - devscripts 2.11.4 -CVE-2012-0209 [horde backdoor] - RESERVED +CVE-2012-0209 (Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail ...) - horde3 3.3.12+debian0-2 (bug #660077) [squeeze] - horde3 <not-affected> (Introduced in 3.3.12) [lenny] - horde3 <not-affected> (Introduced in 3.3.12) @@ -14033,8 +14074,7 @@ CVE-2011-4624 RESERVED NOT-FOR-US: WordPress flash-album-gallery -CVE-2011-4623 - RESERVED +CVE-2011-4623 (Integer overflow in the rsCStrExtendBuf function in ...) - rsyslog 5.7.4-1 [squeeze] - rsyslog <no-dsa> (Minor issue) CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits