[Secure-testing-commits] r19973 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Sun Aug 19 23:03:56 UTC 2012
Author: geissert
Date: 2012-08-19 23:03:55 +0000 (Sun, 19 Aug 2012)
New Revision: 19973
Modified:
data/CVE/list
Log:
issues: rouncube (no CVE), wireshark, gallery3 (itp)
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-19 19:12:10 UTC (rev 19972)
+++ data/CVE/list 2012-08-19 23:03:55 UTC (rev 19973)
@@ -1,3 +1,11 @@
+CVE-2012-XXXX [SA50212: roundcube 0.8 XSS]
+ - roundcube <not-affected> (only affects rc versions of 0.8)
+ NOTE: http://trac.roundcube.net/ticket/1488519
+ TODO: request CVE id
+CVE-2012-XXXX [SA50279: roundcube multiple XSS]
+ - roundcube <unfixed>
+ TODO: report and request CVE id
+ NOTE: http://trac.roundcube.net/ticket/1488613
CVE-2012-XXXX [geshi XSS in contrib/langwiz.php]
- geshi <unfixed> (bug #685323)
[squeeze] - geshi <no-dsa> (shipped as example/.gz)
@@ -25,9 +33,9 @@
CVE-2012-4344 (Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold ...)
NOT-FOR-US: Ipswitch
CVE-2012-4343 (Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow ...)
- TODO: check
+ - gallery3 <itp> (bug #511715)
CVE-2012-4342 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 ...)
- TODO: check
+ - gallery3 <itp> (bug #511715)
CVE-2012-4341 (Multiple stack-based buffer overflows in msg_server.exe in SAP ...)
TODO: check
CVE-2012-4340 (Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 ...)
@@ -116,32 +124,46 @@
CVE-2012-4299
RESERVED
CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
+ - wireshark <unfixed>
TODO: check
CVE-2012-4284
RESERVED
@@ -398,37 +420,37 @@
CVE-2012-4163
RESERVED
CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef ...)
- chef 0.10.10-1
CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef ...)
@@ -2381,7 +2403,7 @@
CVE-2012-3309
RESERVED
CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...)
- TODO: check
+ NOT-FOR-US: IBM Sametime
CVE-2012-3307
RESERVED
CVE-2012-3306
@@ -2497,15 +2519,15 @@
CVE-2012-3252
RESERVED
CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...)
- TODO: check
+ NOT-FOR-US: HP Service Manager
CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and ...)
- TODO: check
+ NOT-FOR-US: HP Service Manager
CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...)
- TODO: check
+ NOT-FOR-US: HP Fortify Software Security Center
CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...)
- TODO: check
+ NOT-FOR-US: HP Fortify Software Security Center
CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c ...)
- TODO: check
+ NOT-FOR-US: HP Integrity Server
CVE-2012-3246
RESERVED
CVE-2012-3245
@@ -2986,7 +3008,7 @@
CVE-2012-3010
RESERVED
CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, ...)
- TODO: check
+ NOT-FOR-US: Siemens COMOS
CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...)
NOT-FOR-US: OSIsoft PI OPC DA Interface
CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...)
@@ -4102,19 +4124,19 @@
CVE-2012-2528
RESERVED
CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2012-2525
RESERVED
CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2520
RESERVED
CVE-2012-2519
@@ -4991,13 +5013,15 @@
CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a ...)
NOT-FOR-US: Sony Bravia
CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
+ - piwigo <unfixed>
TODO: check
CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...)
+ - piwigo <unfixed>
TODO: check
CVE-2012-2207
RESERVED
CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
CVE-2012-2205
RESERVED
CVE-2012-2204
@@ -5422,23 +5446,23 @@
CVE-2012-2052
RESERVED
CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-2048
RESERVED
CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
NOT-FOR-US: Adobe Illustrator
CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ...)
@@ -5818,7 +5842,7 @@
CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...)
NOT-FOR-US: Microsoft XML Core Services
CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Visio
CVE-2012-1887
RESERVED
CVE-2012-1886
@@ -6670,7 +6694,7 @@
CVE-2012-1536
RESERVED
CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2012-1534
RESERVED
CVE-2012-1533
@@ -6688,9 +6712,9 @@
CVE-2012-1527
RESERVED
CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
More information about the Secure-testing-commits
mailing list