[Secure-testing-commits] r19558 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Jun 22 21:14:35 UTC 2012
Author: joeyh
Date: 2012-06-22 21:14:34 +0000 (Fri, 22 Jun 2012)
New Revision: 19558
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-06-22 14:39:52 UTC (rev 19557)
+++ data/CVE/list 2012-06-22 21:14:34 UTC (rev 19558)
@@ -1,3 +1,5 @@
+CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content ...)
+ TODO: check
CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...)
TODO: check
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
@@ -2205,12 +2207,12 @@
RESERVED
CVE-2012-2719
RESERVED
-CVE-2012-2718
- RESERVED
+CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows ...)
+ TODO: check
CVE-2012-2717
RESERVED
-CVE-2012-2716
- RESERVED
+CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment ...)
+ TODO: check
CVE-2012-2715
RESERVED
CVE-2012-2714
@@ -2384,8 +2386,7 @@
{DSA-2491-1}
- postgresql-9.1 9.1.4-1
- postgresql-8.4 8.4.12-1
-CVE-2012-2654
- RESERVED
+CVE-2012-2654 (The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom ...)
- nova 2012.1-6 (bug #676465)
CVE-2012-2653
RESERVED
@@ -3078,8 +3079,7 @@
- haproxy <unfixed> (bug #674447)
CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows ...)
- linux-2.6 3.2.19-1 (low)
-CVE-2012-2389
- RESERVED
+CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 ...)
- hostapd <not-affected> (Debian package provides no default config file)
- wpa <not-affected> (Debian package provides no default config file)
CVE-2012-2388
@@ -3642,8 +3642,8 @@
RESERVED
CVE-2012-2180 (The chaining functionality in the Distributed Relational Database ...)
TODO: check
-CVE-2012-2179
- RESERVED
+CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...)
+ TODO: check
CVE-2012-2178
RESERVED
CVE-2012-2177
@@ -3656,10 +3656,10 @@
TODO: check
CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 ...)
TODO: check
-CVE-2012-2172
- RESERVED
-CVE-2012-2171
- RESERVED
+CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...)
+ TODO: check
+CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...)
+ TODO: check
CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...)
TODO: check
CVE-2012-2169
@@ -3708,8 +3708,7 @@
- spip 2.1.13-1 (low; bug #671264)
CVE-2012-2150
RESERVED
-CVE-2012-2149 [libwpd memory overwrite]
- RESERVED
+CVE-2012-2149 (The WPXContentListener::_closeTableRow function in ...)
- libwpd 0.9.4-1
NOTE: http://permalink.gmane.org/gmane.comp.security.full-disclosure/85789
NOTE: http://libwpd.git.sourceforge.net/git/gitweb.cgi?p=libwpd/libwpd;a=blobdiff;f=src/lib/WPXOLEStream.cpp;h=5bb11bd14912bda74c86392b20eb3d07207b7edb;hp=12b9340584855dca85cd429c1d3cf8a8e252e293;hb=7ce74979eef53d575ca433b525b6dff29cac5fd1;hpb=12560d3cb0f5d998b6d73bb6c881ec815a775932
@@ -3790,8 +3789,7 @@
RESERVED
- dokuwiki 0.0.20120125a-1
NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
-CVE-2012-2127
- RESERVED
+CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
- linux-2.6 3.2-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 3.1)
CVE-2012-2126
@@ -5016,8 +5014,7 @@
- libpgjava <not-affected> (Even the version in oldstable had 8.2)
CVE-2012-1617
RESERVED
-CVE-2012-1616
- RESERVED
+CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...)
- argyll <unfixed>
TODO: check
CVE-2012-1615 [sectool dbus priv escalation]
@@ -6099,8 +6096,7 @@
[squeeze] - python2.6 <no-dsa> (unimportant)
[squeeze] - python3.1 <no-dsa> (unimportant)
NOTE: the same hash DoS attack as other languages/bindings
-CVE-2012-1149
- RESERVED
+CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, ...)
{DSA-2487-1 DSA-2473-1}
- libreoffice 1:3.4.5-1
- openoffice.org 1:3.3.0-1
@@ -8316,8 +8312,8 @@
RESERVED
CVE-2012-0305
RESERVED
-CVE-2012-0304
- RESERVED
+CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ...)
+ TODO: check
CVE-2012-0303
RESERVED
CVE-2012-0302
@@ -8825,12 +8821,10 @@
RESERVED
- linux-2.6 <unfixed> (unimportant)
NOTE: Minor info leak, unlikely to be fixed upstream
-CVE-2011-4914
- RESERVED
+CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 ...)
{DSA-2389-1}
- linux-2.6 2.6.38-4
-CVE-2011-4913
- RESERVED
+CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-4912
@@ -9203,8 +9197,7 @@
CVE-2012-0220 (Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin ...)
{DSA-2474-1}
- ikiwiki 3.20120516
-CVE-2012-0219 [socat 'xioscan_readline()' Heap Based Buffer Overflow Vulnerability]
- RESERVED
+CVE-2012-0219 (Heap-based buffer overflow in the xioscan_readline function in ...)
- socat 1.7.1.3-1.3 (bug #672994)
NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
CVE-2012-0218
@@ -9288,18 +9281,18 @@
NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library ...)
NOT-FOR-US: IBM Lotus Symphony
-CVE-2012-0191
- RESERVED
+CVE-2012-0191 (The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 ...)
+ TODO: check
CVE-2012-0190 (Unspecified vulnerability in the Render method in the ExportHTML.ocx ...)
NOT-FOR-US: IBM SPSS Dimensions
CVE-2012-0189 (Multiple unspecified vulnerabilities in the (1) PrintFile and (2) ...)
NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-0188 (Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX ...)
NOT-FOR-US: IBM SPSS Dimensions
-CVE-2012-0187
- RESERVED
-CVE-2012-0186
- RESERVED
+CVE-2012-0187 (Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and ...)
+ TODO: check
+CVE-2012-0186 (Directory traversal vulnerability in the Eclipse Help component in IBM ...)
+ TODO: check
CVE-2011-4837 (Cross-site request forgery (CSRF) vulnerability in /ctrl in the web ...)
NOT-FOR-US: HomeSeer
CVE-2011-4836 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
@@ -10007,8 +10000,7 @@
- xen-qemu-dm-4.0 <removed>
[squeeze] - xen <not-affected> (vulnerable code not present)
- xen <unfixed> (medium)
-CVE-2012-0028
- RESERVED
+CVE-2012-0028 (The robust futex implementation in the Linux kernel before 2.6.28 does ...)
- linux-2.6 2.6.32-1
CVE-2012-0027 (The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle ...)
- openssl 1.0.0f-1
@@ -10316,8 +10308,7 @@
RESERVED
- libvirt 0.9.9-1 (low)
[squeeze] - libvirt <no-dsa> (Minor issue)
-CVE-2011-4599
- RESERVED
+CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in ...)
{DSA-2397-1}
- icu 4.8.1.1-3 (bug #654883)
CVE-2011-4598 (channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 ...)
@@ -11099,8 +11090,7 @@
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4325 (The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain ...)
- linux-2.6 2.6.32-1
-CVE-2011-4324
- RESERVED
+CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux ...)
- linux-2.6 <not-affected> (RHEL5-specific backport error)
CVE-2011-4323
REJECTED
@@ -16254,8 +16244,7 @@
NOT-FOR-US: cgit
CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- joomla <itp> (bug #571794)
-CVE-2011-2709 [GSSAPI_MECH_CONF environment variable not ignored in privileged processes]
- RESERVED
+CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges, ...)
- libgssglue 0.4-1 (low; bug #670256)
[squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze)
NOTE: Our mount.nfs does not link against libgssglue,
@@ -16733,8 +16722,7 @@
- asterisk 1:1.8.4.3-1 (bug #631446)
CVE-2011-2528 (Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x ...)
- plone3 <removed>
-CVE-2011-2527
- RESERVED
+CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and ...)
{DSA-2282-1}
- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
- kvm <not-affected> (Vulnerable code not present)
@@ -16792,8 +16780,7 @@
- openjdk-6 6b21~pre1-1
- icedtea-web <unfixed>
NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
-CVE-2011-2512 [qemu-kvm: OOB memory access caused by negative vq notifies]
- RESERVED
+CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not ...)
{DSA-2270-1}
- qemu-kvm 0.14.1+dfsg-2 (bug #631975)
- kvm <removed>
@@ -17557,8 +17544,7 @@
{DSA-2389-1 DSA-2310-1}
- linux-2.6 2.6.39-3
[squeeze] - linux-2.6 2.6.32-36
-CVE-2011-2212
- RESERVED
+CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier ...)
{DSA-2282-1}
- qemu-kvm 0.14.1+dfsg-3 (bug #632987)
- kvm <removed>
@@ -18925,13 +18911,11 @@
CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
{DSA-2251-1}
- subversion 1.6.17dfsg-1
-CVE-2011-1751
- RESERVED
+CVE-2011-1751 (The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power ...)
{DSA-2241-1}
- qemu-kvm 0.14.1+dfsg-1
- kvm <undetermined>
-CVE-2011-1750 [virtio-blk: heap buffer overflow caused by unaligned requests]
- RESERVED
+CVE-2011-1750 (Multiple heap-based buffer overflows in the virtio-blk driver ...)
{DSA-2230-1}
- qemu-kvm 0.14.1+dfsg-1 (bug #624177)
- kvm <not-affected> (Vulnerable code not present)
@@ -19654,8 +19638,7 @@
CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in ...)
{DSA-2240-1}
- linux-2.6 2.6.38-5 (unimportant)
-CVE-2011-1493
- RESERVED
+CVE-2011-1493 (Array index error in the rose_parse_national function in ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not ...)
@@ -19702,8 +19685,7 @@
NOT-FOR-US: PHP-Nuke
CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration backend ...)
NOT-FOR-US: PHP-Nuke
-CVE-2011-1479
- RESERVED
+CVE-2011-1479 (Double free vulnerability in the inotify subsystem in the Linux kernel ...)
- linux-2.6 2.6.38-4
[lenny] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
[squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
@@ -19711,12 +19693,10 @@
{DSA-2240-1}
- linux-2.6 2.6.38-1
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-1477
- RESERVED
+CVE-2011-1477 (Multiple array index errors in sound/oss/opl3.c in the Linux kernel ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
-CVE-2011-1476
- RESERVED
+CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the ...)
{DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not ...)
@@ -20685,8 +20665,7 @@
REJECTED
- linux-2.6 3.0.0-5 (low)
[squeeze] - linux-2.6 2.6.32-40
-CVE-2011-1160
- RESERVED
+CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in ...)
@@ -21002,16 +20981,13 @@
- openldap 2.4.25-1 (low; bug #617606)
[lenny] - openldap 2.4.11-1+lenny2.1
[squeeze] - openldap 2.4.23-7.1
-CVE-2011-1080
- RESERVED
+CVE-2011-1080 (The do_replace function in net/bridge/netfilter/ebtables.c in the ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1079
- RESERVED
+CVE-2011-1079 (The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1078
- RESERVED
+CVE-2011-1078 (The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva ...)
@@ -21174,16 +21150,14 @@
- openldap 2.4.25-1 (low; bug #617606)
[lenny] - openldap 2.4.11-1+lenny2.1
[squeeze] - openldap 2.4.23-7.1
-CVE-2011-1023
- RESERVED
+CVE-2011-1023 (The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel ...)
- linux-2.6 2.6.38-1
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in ...)
{DSA-2193-1}
- libcgroup 0.37.1-1 (bug #615987)
-CVE-2011-1021
- RESERVED
+CVE-2011-1021 (drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local ...)
- linux-2.6 2.6.37-1
[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.33)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
@@ -22087,8 +22061,7 @@
NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0717 (Session fixation vulnerability in Red Hat Network (RHN) Satellite ...)
NOT-FOR-US: Red Hat Network Satellite/Spacewalk
-CVE-2011-0716
- RESERVED
+CVE-2011-0716 (The br_multicast_add_group function in net/bridge/br_multicast.c in ...)
- linux-2.6 2.6.38-1 (low)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
@@ -23385,15 +23358,13 @@
- patch <unfixed> (unimportant)
NOTE: Applying a patch blindly opens more severe security issues than only directory traversal...
NOTE: openwall ships a fix
-CVE-2010-4650
- RESERVED
+CVE-2010-4650 (Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the ...)
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29)
CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in ...)
{DSA-2153-1}
- linux-2.6 2.6.32-30
-CVE-2010-4648
- RESERVED
+CVE-2010-4648 (The orinoco_ioctl_set_auth function in ...)
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
@@ -24657,8 +24628,7 @@
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
NOT-FOR-US: SPICE Firefox plug-in
-CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication]
- RESERVED
+CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password ...)
{DSA-2230-1}
- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
- kvm <not-affected> (Vulnerable code not present)
@@ -24677,8 +24647,7 @@
{DSA-2147-1}
- pimd 2.1.6-1 (unimportant; bug #609304)
[squeeze] - pimd 2.1.1-1.1 (unimportant; bug #609304)
-CVE-2011-0006
- RESERVED
+CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c ...)
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...)
@@ -25397,8 +25366,7 @@
NOTE: http://www.openssl.org/news/secadv_20101202.txt
CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel ...)
- linux-2.6 2.6.32-22
-CVE-2010-4250 [linux inotify memory leak]
- RESERVED
+CVE-2010-4250 (Memory leak in the inotify_init1 function in ...)
- linux-2.6 2.6.37-1
[squeeze] - linux-2.6 <not-affected> (Introduced after 2.6.32)
[lenny] - linux-2.6 <not-affected> (Introduced after 2.6.32)
More information about the Secure-testing-commits
mailing list