[Secure-testing-commits] r19670 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Jul 5 21:14:29 UTC 2012
Author: joeyh
Date: 2012-07-05 21:14:29 +0000 (Thu, 05 Jul 2012)
New Revision: 19670
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-07-05 19:03:00 UTC (rev 19669)
+++ data/CVE/list 2012-07-05 21:14:29 UTC (rev 19670)
@@ -1,3 +1,47 @@
+CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
+ TODO: check
+CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...)
+ TODO: check
+CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote ...)
+ TODO: check
+CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows ...)
+ TODO: check
+CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration page in ...)
+ TODO: check
+CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in ...)
+ TODO: check
+CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local ...)
+ TODO: check
+CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-3839 (Multiple SQL injection vulnerabilities in ...)
+ TODO: check
+CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the installation ...)
+ TODO: check
+CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...)
+ TODO: check
+CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
+ TODO: check
+CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in ...)
+ TODO: check
+CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index page in ...)
+ TODO: check
+CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in ...)
+ TODO: check
+CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
+ TODO: check
+CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
+ TODO: check
+CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...)
+ TODO: check
+CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...)
+ TODO: check
+CVE-2012-3827
+ RESERVED
+CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...)
+ TODO: check
CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
- wireshark 1.6.8-1 (unimportant)
[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
@@ -41,8 +85,8 @@
RESERVED
CVE-2012-3812
RESERVED
-CVE-2012-3811
- RESERVED
+CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
+ TODO: check
CVE-2012-3810
RESERVED
CVE-2012-3809
@@ -937,8 +981,7 @@
RESERVED
CVE-2012-3369
RESERVED
-CVE-2012-3368 [dtach Memory portion disclosure to the client by unclean client disconnect]
- RESERVED
+CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote ...)
- dtach 0.8-2.1 (bug #625302)
NOTE: http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
@@ -946,8 +989,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
CVE-2012-3367
RESERVED
-CVE-2012-3366
- RESERVED
+CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...)
{DSA-2503-1}
- bcfg2 1.2.2-2 (bug #679272)
CVE-2012-3365
@@ -1703,8 +1745,8 @@
RESERVED
CVE-2012-3008
RESERVED
-CVE-2012-3007
- RESERVED
+CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...)
+ TODO: check
CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...)
NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005
@@ -2257,14 +2299,11 @@
{DSA-2496-1}
- mysql-5.1 <unfixed>
- mysql-5.5 5.5.24+dfsg-1
-CVE-2012-2748 [Joomla! Core - Information Disclosure 471-20120602-core-information-disclosure.html]
- RESERVED
+CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...)
- joomla <itp> (bug #571794)
-CVE-2012-2747 [Joomla!: Core - Privilege Escalation 470-20120601-core-privilege-escalation.html]
- RESERVED
+CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...)
- joomla <itp> (bug #571794)
-CVE-2012-2746
- RESERVED
+CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
- 389-ds <not-affected> (Fixed before initial upload)
CVE-2012-2745
RESERVED
@@ -2430,8 +2469,7 @@
CVE-2012-2679
RESERVED
NOT-FOR-US: Red Hat Network configuration client
-CVE-2012-2678
- RESERVED
+CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
- 389-ds <not-affected> (Fixed before initial upload)
CVE-2012-2677
RESERVED
@@ -2709,10 +2747,10 @@
NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...)
NOT-FOR-US: HP Business Service Management
-CVE-2012-2560
- RESERVED
-CVE-2012-2559
- RESERVED
+CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows ...)
+ TODO: check
+CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute ...)
+ TODO: check
CVE-2012-2558
RESERVED
CVE-2012-2557
@@ -2797,10 +2835,10 @@
RESERVED
CVE-2012-2517
RESERVED
-CVE-2012-2516
- RESERVED
-CVE-2012-2515
- RESERVED
+CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...)
+ TODO: check
+CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...)
+ TODO: check
CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and ...)
NOT-FOR-US: SAP NetWeaver
CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and ...)
@@ -3444,8 +3482,7 @@
- connman 1.0-1 (bug #672989)
CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in ...)
- linux-2.6 3.2.17-1 (low)
-CVE-2012-2318 [Improper validation of incoming plaintext messages in MSN protocol plug-in]
- RESERVED
+CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...)
- pidgin 2.10.4-1
CVE-2012-2317 [php5 crypt() empty salt issue]
RESERVED
@@ -3457,8 +3494,7 @@
CVE-2012-2315 [OpenKM Permission Weakness Admin Privilege Escalation]
RESERVED
NOT-FOR-US: OpenKM
-CVE-2012-2314 [anaconda: Weak permissions by writing password configuration ...]
- RESERVED
+CVE-2012-2314 (The bootloader configuration module (pyanaconda/bootloader.py) in ...)
NOT-FOR-US: The anaconda installer
CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the ...)
- linux-2.6 3.2.19-1
@@ -3692,8 +3728,7 @@
[squeeze] - wicd 1.7.0+ds1-5+squeeze2
CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ...)
NOT-FOR-US: Novell ZENworks Configuration Management
-CVE-2012-2214 [XMPP remote crash]
- RESERVED
+CVE-2012-2214 (proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle ...)
- pidgin 2.10.4-1
NOTE: http://www.pidgin.im/news/security/?id=62
CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the ...)
@@ -3766,8 +3801,8 @@
RESERVED
CVE-2012-2182
RESERVED
-CVE-2012-2181
- RESERVED
+CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...)
+ TODO: check
CVE-2012-2180 (The chaining functionality in the Distributed Relational Database ...)
NOT-FOR-US: IBM DB2
CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...)
@@ -3891,8 +3926,7 @@
CVE-2012-2134
RESERVED
NOT-FOR-US: Dynamic LDAP backend plugin for BIND
-CVE-2012-2133
- RESERVED
+CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when ...)
{DSA-2469-1}
- linux-2.6 3.2.19-1
CVE-2012-2132 [libsoup 2.32.2 sets ssl trusted flag despite no verification]
@@ -4018,8 +4052,7 @@
- mysql-5.5 5.5.24+dfsg-1 (low)
CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the ...)
- nova 2012.1-2 (bug #670637)
-CVE-2012-2100
- RESERVED
+CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...)
- linux-2.6 3.2.2-1
NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
NOTE: https://lkml.org/lkml/2012/2/20/422
@@ -4640,12 +4673,12 @@
RESERVED
CVE-2012-1833
RESERVED
-CVE-2012-1832
- RESERVED
-CVE-2012-1831
- RESERVED
-CVE-2012-1830
- RESERVED
+CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
+ TODO: check
+CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
+ TODO: check
+CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
+ TODO: check
CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM ...)
NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1 do not ...)
@@ -6246,12 +6279,10 @@
- libreoffice 1:3.4.5-1
- openoffice.org 1:3.3.0-1
NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
-CVE-2012-1148
- RESERVED
+CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat ...)
- expat 2.1.0~beta3-1 (bug #663579)
NOTE: memory leak
-CVE-2012-1147
- RESERVED
+CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...)
- expat 2.1.0~beta3-1 (low; bug #663579)
NOTE: resource leak
CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in ...)
@@ -6377,8 +6408,7 @@
RESERVED
- taglib 1.7.1-1 (low; bug #662705)
[squeeze] - taglib <no-dsa> (Minor issue)
-CVE-2012-1106
- RESERVED
+CVE-2012-1106 (The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly ...)
NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-1105
RESERVED
@@ -6937,8 +6967,7 @@
NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
CVE-2012-0877
RESERVED
-CVE-2012-0876
- RESERVED
+CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...)
- expat 2.1.0~beta3-1 (bug #663579)
- python2.6 2.6.8-0.1
- python2.7 <unfixed>
@@ -7094,8 +7123,7 @@
NOT-FOR-US: Joomla!
CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
- phpldapadmin 1.2.2-1 (bug #658907)
-CVE-2012-0833
- RESERVED
+CVE-2012-0833 (The acllas__handle_group_entry function in ...)
- 389-ds <not-affected> (Fixed before initial upload)
CVE-2012-0832
RESERVED
@@ -10109,8 +10137,7 @@
- mediawiki 1:1.15.5-6 (low; bug #655694)
[squeeze] - mediawiki 1:1.15.5-2squeeze3
[lenny] - mediawiki <not-affected> (Vulnerable code not present)
-CVE-2012-0045
- RESERVED
+CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM ...)
{DSA-2443-1}
- linux-2.6 3.2.2-1
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -11910,8 +11937,7 @@
- gnutls26 2.12.14-1 (low; bug #648441)
[squeeze] - gnutls26 2.8.6-1+squeeze1
[lenny] - gnutls26 <no-dsa> (Minor issue)
-CVE-2011-4127
- RESERVED
+CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl ...)
{DSA-2443-1 DSA-2389-1}
- libguestfs 1:1.14.8-1
- linux-2.6 <unfixed>
@@ -12050,8 +12076,7 @@
- linux-2.6 3.0.0-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
-CVE-2011-4086
- RESERVED
+CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the ...)
{DSA-2469-1}
- linux-2.6 <unfixed> (low)
CVE-2011-4085
@@ -12201,15 +12226,13 @@
- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and ...)
- plone3 <not-affected> (Only affects Plone 4.x)
-CVE-2011-4029
- RESERVED
+CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 ...)
- xorg-server 2:1.11.1.901-2 (low)
[squeeze] - xorg-server 2:1.7.7-14
[lenny] - xorg-server <no-dsa> (Minor issue)
NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
NOTE: this has a poc now: http://vladz.devzero.fr/Xorg-CVE-2011-4029.txt
-CVE-2011-4028
- RESERVED
+CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 ...)
- xorg-server 2:1.11.1.901-2 (low)
[squeeze] - xorg-server 2:1.7.7-14
[lenny] - xorg-server <no-dsa> (Minor issue)
@@ -16404,8 +16427,7 @@
CVE-2011-2717
RESERVED
NOT-FOR-US: udhcp6c
-CVE-2011-2716
- RESERVED
+CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP ...)
- busybox 1:1.20.0-3 (unimportant; bug #635548)
NOTE: the default action script of busybox is not vulnerable to this attack
NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable.
@@ -17060,8 +17082,7 @@
RESERVED
- nspluginwrapper <unfixed> (bug #671846)
[squeeze] - nspluginwrapper <no-dsa> (Contrib not supported)
-CVE-2011-2485 [excessive memory use due improper checking of certain return values in GIF image loader]
- RESERVED
+CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in ...)
- gdk-pixbuf 2.23.3-3.1 (bug #631524)
[squeeze] - gdk-pixbuf <no-dsa> (Minor issue)
[lenny] - gdk-pixbuf <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list