Author: joeyh
Date: 2012-09-28 21:14:23 +0000 (Fri, 28 Sep 2012)
New Revision: 20248
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-09-27 11:45:02 UTC (rev 20247)
+++ data/CVE/list 2012-09-28 21:14:23 UTC (rev 20248)
@@ -1,3 +1,75 @@
+CVE-2012-5194
+ RESERVED
+CVE-2012-5193
+ RESERVED
+CVE-2012-5192
+ RESERVED
+CVE-2012-5191
+ RESERVED
+CVE-2012-5190
+ RESERVED
+CVE-2012-5189
+ RESERVED
+CVE-2012-5188
+ RESERVED
+CVE-2012-5187
+ RESERVED
+CVE-2012-5186
+ RESERVED
+CVE-2012-5185
+ RESERVED
+CVE-2012-5184
+ RESERVED
+CVE-2012-5183
+ RESERVED
+CVE-2012-5182
+ RESERVED
+CVE-2012-5181
+ RESERVED
+CVE-2012-5180
+ RESERVED
+CVE-2012-5179
+ RESERVED
+CVE-2012-5178
+ RESERVED
+CVE-2012-5177
+ RESERVED
+CVE-2012-5176
+ RESERVED
+CVE-2012-5175
+ RESERVED
+CVE-2012-5174
+ RESERVED
+CVE-2012-5173
+ RESERVED
+CVE-2012-5172
+ RESERVED
+CVE-2012-5171
+ RESERVED
+CVE-2012-5170
+ RESERVED
+CVE-2012-5169
+ RESERVED
+CVE-2012-5168
+ RESERVED
+CVE-2012-5167
+ RESERVED
+CVE-2012-5166
+ RESERVED
+CVE-2012-5165
+ RESERVED
+CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS
before ...)
+ TODO: check
+CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in
oc-admin/ajax/ajax.php in ...)
+ TODO: check
+CVE-2012-5162 (Multiple SQL injection vulnerabilities in
oc-admin/ajax/ajax.php in ...)
+ TODO: check
+CVE-2012-5161
+ RESERVED
+CVE-2012-5160
+ RESERVED
+CVE-2012-5158
+ RESERVED
CVE-2012-5157
RESERVED
CVE-2012-5156
@@ -102,7 +174,7 @@
RESERVED
CVE-2012-5106
RESERVED
-CVE-2012-5159 [phpmyadmin cdnetworks-kr-1 backdoored version]
+CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1
mirror ...)
- phpmyadmin <not-affected>
CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in
SQLiteManager ...)
NOT-FOR-US: SQLiteManager
@@ -216,10 +288,10 @@
RESERVED
CVE-2012-5050
RESERVED
-CVE-2012-5049
- RESERVED
-CVE-2012-5048
- RESERVED
+CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows
remote ...)
+ TODO: check
+CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows
remote ...)
+ TODO: check
CVE-2012-5047
RESERVED
CVE-2012-5046
@@ -540,8 +612,8 @@
RESERVED
CVE-2012-4913
RESERVED
-CVE-2012-4912
- RESERVED
+CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess
component in ...)
+ TODO: check
CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer
module ...)
NOT-FOR-US: Drupal module
CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and
earlier ...)
@@ -1391,20 +1463,20 @@
RESERVED
CVE-2012-4624
RESERVED
-CVE-2012-4623
- RESERVED
-CVE-2012-4622
- RESERVED
-CVE-2012-4621
- RESERVED
-CVE-2012-4620
- RESERVED
-CVE-2012-4619
- RESERVED
-CVE-2012-4618
- RESERVED
-CVE-2012-4617
- RESERVED
+CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0
through 15.2 ...)
+ TODO: check
+CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series
switches, ...)
+ TODO: check
+CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows
remote ...)
+ TODO: check
+CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series
routers, ...)
+ TODO: check
+CVE-2012-4619 (The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0
through 15.2 ...)
+ TODO: check
+CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS
12.2, 12.4, ...)
+ TODO: check
+CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before
3.5.2S, ...)
+ TODO: check
CVE-2012-4616
RESERVED
CVE-2012-4615
@@ -2878,8 +2950,8 @@
NOT-FOR-US: eZOE flash player not in Debian
CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease
before ...)
NOT-FOR-US: Jease
-CVE-2012-4051
- RESERVED
+CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in
libc for ...)
NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c
in ...)
@@ -2963,10 +3035,10 @@
RESERVED
CVE-2012-4018
RESERVED
-CVE-2012-4017
- RESERVED
-CVE-2012-4016
- RESERVED
+CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not
properly ...)
+ TODO: check
+CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote
attackers ...)
+ TODO: check
CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management
screen in ...)
NOT-FOR-US: My Little tool / My little admin SQL server 2000
CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly
...)
@@ -3180,10 +3252,10 @@
NOT-FOR-US: phplist
CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL
...)
NOT-FOR-US: Plixer Scrutinizer
-CVE-2012-3950
- RESERVED
-CVE-2012-3949
- RESERVED
+CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3
...)
+ TODO: check
+CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager
(CUCM) ...)
+ TODO: check
CVE-2012-3948
RESERVED
CVE-2012-3947
@@ -4721,8 +4793,8 @@
RESERVED
CVE-2012-3335
RESERVED
-CVE-2012-3334
- RESERVED
+CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server
(IDS) 11.50 ...)
+ TODO: check
CVE-2012-3333
RESERVED
CVE-2012-3332
@@ -4741,8 +4813,8 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45,
7.0.x ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2012-3324
- RESERVED
+CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM
DB2 ...)
+ TODO: check
CVE-2012-3323
RESERVED
CVE-2012-3322
@@ -4767,8 +4839,8 @@
NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2
and ...)
NOT-FOR-US: IBM InfoSphere Guardium
-CVE-2012-3311
- RESERVED
+CVE-2012-3311 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0
before ...)
+ TODO: check
CVE-2012-3310
RESERVED
CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the ...)
@@ -4777,24 +4849,24 @@
NOT-FOR-US: IBM Sametime
CVE-2012-3307
RESERVED
-CVE-2012-3306
- RESERVED
-CVE-2012-3305
- RESERVED
-CVE-2012-3304
- RESERVED
+CVE-2012-3306 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0
before ...)
+ TODO: check
+CVE-2012-3305 (Directory traversal vulnerability in IBM WebSphere Application
Server ...)
+ TODO: check
+CVE-2012-3304 (The Administrative Console in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
CVE-2012-3303
RESERVED
CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Lotus ...)
NOT-FOR-US: IBM Lotus Domino
CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in
IBM ...)
NOT-FOR-US: IBM Lotus Domino
-CVE-2012-3300
- RESERVED
+CVE-2012-3300 (IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent
sessions ...)
+ TODO: check
CVE-2012-3299
RESERVED
-CVE-2012-3298
- RESERVED
+CVE-2012-3298 (Unspecified vulnerability in the REST services framework in IBM
...)
+ TODO: check
CVE-2012-3297
RESERVED
CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in
the login ...)
@@ -5401,8 +5473,8 @@
RESERVED
CVE-2012-2999
RESERVED
-CVE-2012-2998
- RESERVED
+CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend
Micro ...)
+ TODO: check
CVE-2012-2997
RESERVED
CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...)
@@ -5625,77 +5697,53 @@
RESERVED
CVE-2012-2898
RESERVED
-CVE-2012-2897
- RESERVED
+CVE-2012-2897 (The kernel in Microsoft Windows 7, as used by Google Chrome
before ...)
- chromium-browser <not-affected> (Windows-specific)
-CVE-2012-2896
- RESERVED
+CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome
before ...)
- chromium-browser <unfixed>
-CVE-2012-2895
- RESERVED
+CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79
allows ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
-CVE-2012-2894
- RESERVED
+CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle ...)
- chromium-browser <unfixed>
-CVE-2012-2893
- RESERVED
+CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome
before ...)
- chromium-browser <unfixed>
-CVE-2012-2892
- RESERVED
+CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79
allows ...)
- chromium-browser <unfixed>
-CVE-2012-2891
- RESERVED
+CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79
allows ...)
- chromium-browser <unfixed>
-CVE-2012-2890
- RESERVED
+CVE-2012-2890 (Use-after-free vulnerability in the PDF functionality in Google
Chrome ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
-CVE-2012-2889
- RESERVED
+CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome
before ...)
- chromium-browser <unfixed>
-CVE-2012-2888
- RESERVED
+CVE-2012-2888 (Use-after-free vulnerability in Google Chrome before
22.0.1229.79 ...)
- chromium-browser <unfixed>
-CVE-2012-2887
- RESERVED
+CVE-2012-2887 (Use-after-free vulnerability in Google Chrome before
22.0.1229.79 ...)
- chromium-browser <unfixed>
-CVE-2012-2886
- RESERVED
+CVE-2012-2886 (Cross-site scripting (XSS) vulnerability in Google Chrome
before ...)
- chromium-browser <unfixed>
-CVE-2012-2885
- RESERVED
+CVE-2012-2885 (Double free vulnerability in Google Chrome before 22.0.1229.79
allows ...)
- chromium-browser <unfixed>
-CVE-2012-2884
- RESERVED
+CVE-2012-2884 (Skia, as used in Google Chrome before 22.0.1229.79, allows
remote ...)
- chromium-browser <unfixed>
-CVE-2012-2883
- RESERVED
+CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows
remote ...)
- chromium-browser <unfixed>
-CVE-2012-2882
- RESERVED
+CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not
...)
- chromium-browser <unfixed>
-CVE-2012-2881
- RESERVED
+CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle
plug-ins, ...)
- chromium-browser <unfixed>
-CVE-2012-2880
- RESERVED
+CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows
remote ...)
- chromium-browser <unfixed>
-CVE-2012-2879
- RESERVED
+CVE-2012-2879 (Google Chrome before 22.0.1229.79 allows remote attackers to
cause a ...)
- chromium-browser <unfixed>
-CVE-2012-2878
- RESERVED
+CVE-2012-2878 (Use-after-free vulnerability in Google Chrome before
22.0.1229.79 ...)
- chromium-browser <unfixed>
-CVE-2012-2877
- RESERVED
+CVE-2012-2877 (The extension system in Google Chrome before 22.0.1229.79 does
not ...)
- chromium-browser <unfixed>
-CVE-2012-2876
- RESERVED
+CVE-2012-2876 (Buffer overflow in the SSE2 optimization functionality in
Google ...)
- chromium-browser <unfixed>
-CVE-2012-2875
- RESERVED
+CVE-2012-2875 (Multiple unspecified vulnerabilities in the PDF functionality
in ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
-CVE-2012-2874
- RESERVED
+CVE-2012-2874 (Skia, as used in Google Chrome before 22.0.1229.79, allows
remote ...)
- chromium-browser <unfixed>
CVE-2012-2873
RESERVED
@@ -7456,8 +7504,8 @@
RESERVED
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1,
and VIOS ...)
NOT-FOR-US: sendmail configuration in AIX
-CVE-2012-2199
- RESERVED
+CVE-2012-2199 (The server message channel agent in the queue manager in the
server in ...)
+ TODO: check
CVE-2012-2198
RESERVED
CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure ...)
@@ -7480,8 +7528,8 @@
RESERVED
CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4,
...)
NOT-FOR-US: IBM Power Hardware Management Console
-CVE-2012-2187
- RESERVED
+CVE-2012-2187 (IBM Remote Supervisor Adapter II firmware for System x3650,
x3850 M2, ...)
+ TODO: check
CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in
Asterisk Open ...)
{DSA-2550-1}
- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
@@ -8795,8 +8843,7 @@
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the
"stand ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
-CVE-2012-1646
- RESERVED
+CVE-2012-1646 (Multiple cross-site scripting (XSS) vulnerabilities in the FAQ
module ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in
Origin ...)
NOT-FOR-US: Drupal addon module not packaged in Debian
@@ -8863,8 +8910,8 @@
CVE-2012-1618 [jdbc pgsql SQL injection]
RESERVED
- libpgjava <not-affected> (Even the version in oldstable had 8.2)
-CVE-2012-1617
- RESERVED
+CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass
before ...)
+ TODO: check
CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by
Argyll ...)
- argyll 1.4.0-1
NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to
identify the
@@ -9564,8 +9611,7 @@
NOT-FOR-US: SAP NetWeaver
CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver
7.0 ...)
NOT-FOR-US: SAP NetWeaver
-CVE-2012-1293 [F*X XSS via from/to parameters in fup]
- RESERVED
+CVE-2012-1293 (Multiple cross-site scripting (XSS) vulnerabilities in fup in
Frams' ...)
{DSA-2414-1}
- fex 20120215-1 (low; bug #660621)
CVE-2012-1288 (The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock
device uses ...)
@@ -9773,8 +9819,7 @@
- backuppc 3.1.0-9.1 (low; bug #661011)
[squeeze] - backuppc 3.1.0-9.1
[lenny] - backuppc <no-dsa> (Minor issue)
-CVE-2012-0869 [F*X XSS via id parameter in fup]
- RESERVED
+CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast
File ...)
{DSA-2414-1}
- fex 20120215-1 (low; bug #660621)
CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the
replication-setup ...)
@@ -9787,8 +9832,8 @@
- torcs 1.3.3-1 (low; bug #660555)
[squeeze] - torcs <no-dsa> (Minor issue)
- speed-dreams <itp> (bug #599884)
-CVE-2012-1188
- RESERVED
+CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS
before ...)
+ TODO: check
CVE-2012-1187
RESERVED
- bitlbee 3.0.4+bzr855-1 (low)
@@ -10018,11 +10063,9 @@
CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in
MantisBT ...)
{DSA-2500-1}
- mantis 1.2.10-1 (low; bug #669924)
-CVE-2012-1117
- RESERVED
+CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and
2.5.1 ...)
NOT-FOR-US: Joomla!
-CVE-2012-1116
- RESERVED
+CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before
2.5.2 ...)
NOT-FOR-US: Joomla!
CVE-2012-1115
RESERVED
@@ -10063,8 +10106,7 @@
- moodle <unfixed> (bug #662945)
- glpi 0.80.7-2 (unimportant; bug #662944)
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2012-1103
- RESERVED
+CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the
Emacs ...)
{DSA-2416-1}
- notmuch 0.11.1-1
CVE-2012-1101
@@ -10379,10 +10421,10 @@
- silverstripe <itp> (bug #528461)
CVE-2012-0975 (Cross-site scripting (XSS) vulnerability in misc.php in Image
Hosting ...)
NOT-FOR-US: Image Hosting Script DPI
-CVE-2012-0974
- RESERVED
-CVE-2012-0973
- RESERVED
+CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the
getParam ...)
+ TODO: check
+CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5
allow ...)
+ TODO: check
CVE-2012-0972
RESERVED
CVE-2012-0971
@@ -11883,12 +11925,12 @@
NOT-FOR-US: SUSE Audit Log Keeper daemon
CVE-2012-0420
RESERVED
-CVE-2012-0419
- RESERVED
-CVE-2012-0418
- RESERVED
-CVE-2012-0417
- RESERVED
+CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces
in ...)
+ TODO: check
+CVE-2012-0418 (Unspecified vulnerability in the client in Novell GroupWise 8.0
before ...)
+ TODO: check
+CVE-2012-0417 (Integer overflow in GroupWise Internet Agent (GWIA) in Novell
...)
+ TODO: check
CVE-2012-0416
RESERVED
CVE-2012-0415
@@ -13051,8 +13093,7 @@
CVE-2012-0210 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x
before ...)
{DSA-2409-1}
- devscripts 2.11.4
-CVE-2012-0209 [horde backdoor]
- RESERVED
+CVE-2012-0209 (Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware
Webmail ...)
- horde3 3.3.12+debian0-2 (bug #660077)
[squeeze] - horde3 <not-affected> (Introduced in 3.3.12)
[lenny] - horde3 <not-affected> (Introduced in 3.3.12)
@@ -14033,8 +14074,7 @@
CVE-2011-4624
RESERVED
NOT-FOR-US: WordPress flash-album-gallery
-CVE-2011-4623
- RESERVED
+CVE-2011-4623 (Integer overflow in the rsCStrExtendBuf function in ...)
- rsyslog 5.7.4-1
[squeeze] - rsyslog <no-dsa> (Minor issue)
CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM
83, and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
